-
A role many people did not understand less than a decade ago has become integral to how banks navigate a new set of postcrisis hazards.
June 30 -
Cyber threats or fraud may present bigger direct risks to banks, but many chief risk officers spend enormous amounts of time on the more tangible concern of keeping up with ever-growing regulatory expectations and requirements.
July 1 -
On top of dealing with cyber threats and other potential dangers to banks, CROs are deeply involved these days in discussions over investing in new products and business lines.
July 5 -
While hiring a chief risk officer is a given at the big banks, smaller institutions must weigh several factors and options in determining the risk leadership model that works for them.
July 6
The banking industry would scarcely need systemic risk regulation today if it had given the role of the chief risk officer its due in the years before the financial crisis.
As Joe Adler
The CRO position is a relatively new role in the structure of financial institutions, coming into its own in the last two decades with the Basel Accord, supervisory guidance and various regulatory compliance efforts. Looking back, the job description of the CRO varied widely depending on the needs and understanding of the role at the bank.
At some firms, the CRO performed a specialized type of audit function, monitoring the activities of the business for quality of risk controls, processes and risk outcomes. Other companies had the CRO establishing the risk "rules of the road" for the business and then monitoring risk outcomes accordingly. Still others had the CRO more directly involved in strategic business decisions. And in some cases, both corporate and business risk functions existed within an institution.
Over time, as markets began heating up and regulatory authorities adopted a less-is-more strategy of engagement with firms, the CRO position came to an important crossroads. For a number of firms that are now no longer in business, the CRO's stature, reporting line and board engagement were severely limited. In many of these cases (Lehman Brothers and MF Global, for example), the CRO's input was largely ignored if it cut against the grain of senior management preferences.
The meltdown of 2008 changed everything. If, as they say, there are "no atheists in foxholes during war," then during the crisis risk-takers were few and far between. The CRO came out of the shadows and assumed a mantle of responsibility unlike anything experienced by risk managers before. Today, the chief risk officer no longer suffers from an identity crisis.
For one thing, the air cover for risk managers that was lacking for many years from bank regulators is more robust than it was in the precrisis period. Requirements for the largest institutions are much more rigorous in specifying risk governance expectations than ever before (the Office of the Comptroller of the Currency's
While necessity and regulation forced a change in the CRO role at many institutions, it also carried a heavy price. Following the crisis, many CROs were spending more time with regulators than with their business colleagues and while this has abated somewhat, a good portion of a CRO's time remains taken up with regulatory matters. This unfortunately comes at the expense of building the business and draws attention away from efforts to further enhance risk management controls and processes.
The extra regulatory scrutiny of risk-taking is significantly beneficial to banking and risk management by bringing balance to the industry between risk and return. But at times the government has overplayed its hand by forcing risk governance on firms via regulation rather than through financial incentives such as
Banks either have strong risk governance as part of their corporate DNA or they don't. Imposing specific rules on risk governance ensures a minimal structure is in place, but the effectiveness of these requirements is only as good as the board and CEOs want them to be.
Eventually, we'll find out how good that is. The true test of the CRO's new influence will come during the next market expansion. As competition heats up, margins thin and market share is on the line, risk-taking will naturally rise. The age-old tensions will emerge as they always have between achieving business goals and prudently managing risk-taking.
If CROs emerge unscathed in this tug-of-war, it will be a turning point for the position and one that will have lasting benefits for banks and the industry.
Clifford Rossi is a Professor-of-the-Practice and Executive-in-Residence at the Robert H. Smith School of Business, the chief economist at Radian Group and a former CRO at several large financial institutions.