The Importance of CROs as Primary Risk Managers

Part one of this article explored how the role of the Chief Risk Officer (CRO) has evolved over recent years, and how demand has developed for leaders in this function across the UK, Canada and Belgium. 

Navigating Global Regulatory Landscape

UK

Over the last nearly two decades, we have seen significant regulation in the sector - Financial resilience has been a huge area of focus since 2008, with the largest financial institutions subject to regular stress tests. However in recent years, we have also seen considerable attention on operational risk & resilience, model risk, conduct risk and financial crime risk. Today, a number of these risks are interconnected and can crystalize at pace – something that is front of mind for both regulators and CROs.  

In the UK, the debate around overregulation and shift towards growth continues. That said, there is an acknowledgement when speaking to international risk and compliance leaders that the UK has some of the best and most respected regulatory organizations. Balancing financial stability and growth is no easy task. CROs need to continue to build a transparent two-way dialogue with their key regulators.    

Canada  

Increased enforcement has heightened the focus on regulation and compliance. A collaborative partnership with regulators is crucial, including educating them and co-developing regulations and compliance frameworks. 

Belgium  

The relationship between regulators and banks can be complex. Collaboration may sometimes present challenges due to varying levels of receptiveness among regulatory and supervisory teams, highlighting the importance of managing potential conflicts. Additionally, regulators' structures and requests may overlap and change periodically.  

Maintaining a constructive relationship requires effort and dedication, particularly as experience levels at the ECB might differ, especially for smaller banks. There are occasions when the regulator may not prioritize broader industry topics and critical risks. 

The Influence of Technology  

UK

Technology is more relevant to the role than ever: as new technologies create both opportunities and risks, AI, cyber-security and third-party risk are all topics a CRO needs to be on top of.

This will impact the size and structure of risk and compliance teams going forward.  

Canada  

In a world of evolving technology, there can be a blurred line between the responsibilities of the CRO and the Chief Technology Officer. As a result, there is a need for a strong partnership between these functions on cyber and technology risk. Bringing in external specialists to strengthen the ability to deal with these fast-evolving risks will provide the necessary expertise.   

CROs must have a growth mindset. How they perform their role is going to change - for example with generative AI - and they need to be able to adapt and not be left behind. Control functions have to be agile to where the business wants to go. There is a need to be connected with the business and avoid a rigid "this is how we do it" attitude.    

Belgium  

Technology plays a pivotal role for the CRO. Ongoing investment in data is vital, given its high value. Automated reporting and AI are essential for thorough analysis as well as reporting to supervisory authorities. Technology in data management and sophisticated tools is crucial, and the next waves of technology promise to be even more transformative. Currently, for the CRO, technology focuses primarily on reporting and data management. Efforts are ongoing to digitalize numerous processes and enhance their resilience against cyber threats. 

Effective CROs must work hand in hand with the Chief Technology Officer, Data teams, and Chief Transformation Officer. At the board level, it is essential that the CRO, Chief Technology Officer, and Chief Transformation Officer are aligned and function as best partners. 

What Keeps Risk and Compliance Leaders Awake at Night? 

UK  

Risks are proliferating and are increasingly overlapping and correlated. With strong foundations and the right people in place, these can be managed. The biggest fears we hear from CROs come down to human behavior, organizational complacency and cultural flaws. Having a finger on the cultural pulse of a firm is key. CROs everywhere accept that mistakes will be made and things can go wrong – they will invariably be called upon to support their firm through challenging times at some point.   

Canada  

Keeping pace with the risk environment is essential to support business growth. It requires having the appropriate resources, talent, and capabilities to adapt to a changing landscape and respond effectively.  

Simultaneous occurrences of multiple events, such as a natural disaster coupled with the loss of a data center, illustrate the interconnectedness of risks. For instance, British Columbia has experienced wildfires, flooding, and a cyber-attack concurrently. 

The role of the CRO usually comes to the forefront during a crisis. Typically, no news is good news. Success for a CRO often goes unrecognized as it means business runs smoothly without fines. However, failures are highly visible. A strong CRO's work may be overlooked, but their role is crucial.  

Belgium  

Risk and compliance leaders face significant challenges that keep them awake at night. These challenges span a wide spectrum: from the fear of minor regulatory issues escalating into major reputational risks, to the complexity of cyber threats, and the fast pace of new legislation that can significantly impact business metrics and strategy. Additionally, there is the possibility of multiple, unprecedented events, such as the interconnectedness of risks. For example, a cyberattack can disrupt operations, leading to regulatory scrutiny and reputational damage. 

Consequently, talent management is crucial.

Ensuring the organization has the capabilities to cope with these risks, adapt to a changing landscape, and respond effectively is essential. 

In summary, the role of the CRO is vital in maintaining organizational integrity and resilience in an increasingly complex world. Their ability to manage these diverse risks ensures the organization's stability and growth. 

Odgers Berndtson brings deep experience of supporting executive committees and boards in the UK and internationally to appoint Chief Risk Officers, Chief Compliance Officers, MLROs and senior risk, compliance, financial crime and regulatory executives. Clients span the financial services spectrum: banking, asset and wealth management, insurance, market infrastructure, fintech, professional services and regulation.  

_____________________________________________________ 

Get in touch. Follow the links below to discover more or contact our dedicated leadership experts from your local Odgers Berndtson office here.