In the ever-evolving digital age, the need to manage and monitor risk has become ever more present – with more avenues than ever for it to take.
There has been some discussion within the industry regarding whether the chief risk officer or risk manager role will, or has already become, a fundamental executive position. How is this seen by key industry players?
“On the one hand, there is nothing particularly novel about the CRO position,” said Eugenie Casier, director of governance risk and compliance at Clausematch. “The need for risk management has always existed in the business world. The traditional aim has been to limit the business by establishing boundaries as well as tracking and reporting risk exposure. It used to be a backstage position independent from a business. “
Despite this, Casier believes that compared to the previous decade, a higher variety and volume of risk have emerged – adding that modern firms confront bigger hurdles than ever before as a result of geopolitical, legal, cyber and technical concerns. This, Casier stresses, has permanently altered the CRO’s function.
She remarked, “The responsibility for evaluating and mitigating risks for a company has never been higher. It’s not only hefty fines and reputational damages. The cost of an error can cause huge corporations to cease existence in a matter of several days: we all remember a new round of financial collapses this year,” All of this, she believes, has influenced the significance of this role and its position within organisations.
The Clausematch GRC director said that she believes the risk management industry is witnessing a transformation, with the level of responsibility of a risk manager evolving in front of our eyes.
“We can see that risk management is already taking centre stage in organisations. Chief Risk Officers now sit on the board and influence key decisions for companies, and they will be equally held accountable if an organisation fails as a result of any risks disregarded. In all cases CROs should be empowered to the maximum to be able to address the risks and weaknesses directly, and report concerns directly to senior management in a timely manner,” Casier expressed.
The CRO position, in industries with huge risk exposure such as financial services, healthcare or energy, Casier believes, has been crucial.
“Now recent regulatory interventions in financial services have brought risk management more to the forefront. Regulation around Operational Resilience and Third Party Risk Management force boards and senior leaders to take an active role in risk management exercises. It is not unthinkable that this would result in leadership seeking support when fulfilling those requirements. We can expect this will lead to a growing understanding of the value of the CRO role and a true seat at the table with leadership,” exclaimed Casier.
Casier also believes that not only will the role become more fundamental, it will also require a different level of engagement and skillset with a focus on technology. “Risk management increasingly drives how decisions regarding business models, and products are developed and an organisation develops. Organisations seek more sustainable and robust business that can withstand world events or geopolitical shifts. Sustainability and resilience are key elements of a successful business that can stand the test of time.”
Another key issue raised by Casier is that where a risk management exercise could not so long ago be done almost in a silo, it now requires a much more ‘in-tune’ chief risk officer. “Moreover, effective risk management that truly achieves the outcomes, requires the CRO to be in the know and in the business,” said Caiser.
“A risk-aware culture is becoming more important, which adds to the rise in the prominence of the empowered CRO,” exclaimed the director. “Recent high-profile failings in monitoring and managing risks have led to enormous monetary losses. The second and third-largest failures in US history that happened just recently: SVB and Signature Bank have rattled the markets and created huge uncertainty in the industry.”
Casier concluded, “Overall, organisations wake up to the idea that proactive risk management is essential and a driver of business success that cautions, rather than being a blocker. Outsiders looking in demand that same awareness and agile approach to monitoring, measuring and doing away with adverse effects of a risk eventualising.”
Role of growing importance
As industries understand the growing necessity of facing down digital risks early and efficiently, this will undoubtedly be a driving force of the chief risk officer.
“The Chief Risk Officer is already a fundamental executive position, particularly within regulated institutions, and the role will undoubtedly grow in significance as the plethora of risks that may threaten a financial institution continues to expand,” said Nimesh Christie, head of policy and regulatory affairs at Fenergo.
According to Christie, the financial crisis highlighted serious weaknesses in risk management frameworks across financial institutions, such as the failure of management to identify and measure key risks and mismatches in the incentives and status of risk-takers compared to risk managers.
Driven by a combination of public demand and regulatory pressure, many financial institutions have invested heavily in strengthening risk management and have elevated the role of the CRO, Christie expressed.
He explained succinctly, “The business of banking is fundamentally about understanding, transforming and pricing risk. Therefore, risk management should be at the heart of business decisions.
Christie said that CROs will not only need to consider ‘traditional’ risks such as credit, market, operational and liquidity but also emerging risks such as cyber, reputational, conduct, AI and ESG.
Christie said, “With the burgeoning emphasis on ESG globally, CROs and their teams will be crucial in getting a handle on how to quantify such risks and set appropriate risk tolerances, with the associated complexities of obtaining suitable data sources to verify such decisions. In addition, there are “event-driven” risks such as the pandemic, the invasion of Russia and the recent US banking collapses – caused in part by rising interest rates.”
All such events like this, he states, were unforeseeable, which he said shows how difficult the CROs job can be. However, the CRO will benefit from their own experience, a well-organised team and a breadth of inputs to ensure effective and comprehensive horizon scanning of the relevant risks.
“CROs need the right blend of technical risk skills, the ability to effectively challenge the risk assessments of others, communication skills and commercial insight and must also ensure that the front line is appropriately incentivised to make risk-conscious decisions rather than be driven by pure profit motives,” Christie said.
He went on, “The advance of technology places a strain on legacy systems and the business models of traditional financial institutions. The future will be characterised by a highly automated and data-reliant industry combined with a materially reduced cost base through enablers such as cloud software and shared market utilities.
“This will mean an increased number of access points for fraud, cybercrime and data theft, which can result in serious reputational damage, particularly in an era where there is an instantaneous spread of information through social media, and the reputational risk could potentially trigger the collapse of an institution. The CRO’s role therefore remains vital,” he concluded.
The crucial role
A key development in the UK financial industry is the introduction of Consumer Duty legislation, which is set to come into practice at the end of July this year. This, Aveni CEO Joseph Twigg explains, has a key link with the importance of CROs and risk officers.
He said, “Consumer Duty brings it all back to the customer, and their outcome will be the key metric on which all financial services businesses will be measured. The FCA even goes so far as to say it will not hesitate to push for fines or, in severe cases, jail time for firms not sticking to the rules.
“The accountability of Senior Executives and Board members to ensure good consumer outcomes ultimately demands a crucial role for CROs or Risk and Compliance Managers to meet the demands being placed on them.”
He stated, “CROs and risk managers must be allowed to lead and implement data-driven strategies within their organisations that will not only enable the Board and other Executive committees to get closer to customers, their needs and outcomes, but also to go a step further: to have what their customers say drive tangible improvements across the organisation.
It will allow greater product and service development and enhanced customer experience to agent performance by enabling effective identification and handling of customers in vulnerable situations.
Twigg concluded, “As Consumer Duty gathers pace, the necessity to comply and evidence this will put a substantial spotlight on the CRO and risk manager role and its mitigation capabilities. Technology will be fundamental to deliver this and greater budgetary control and strategic input will be required.
“Those holding senior risk positions must be involved at Board level discussions as soon as possible, if they are not already, to ensure that the best outcomes for the customer, regulator, organisation and shareholder can be recognised. The CRO is in the ascendancy, or certainly should be very soon.”
Increasing responsibility
In the opinion of ViClarity’s European CEO Ogie Sheehy, in this era of ever-growing regulatory scrutiny, risk management is becoming an ever-more pivotal role to help firms and organisations be more aware of the current and emerging risks in their business.
He exclaimed, “Companies are now putting more emphasis on risk management and the roles that drive those processes within businesses. On that basis, the role of the risk officer has become increasingly important in all businesses, not only financial institutions, but any companies or sectors who operate at scale internationally.
“The responsibilities of the risk officer are critical to the successful operation of most businesses with them needing to have a constant perspective on the risk profile of the business while also monitoring new and emerging risks. The role of the risk officer is that of oversight while holding the individual departments and risk owners accountable for their own risk identification, rating and monitoring.”
Sheehy remarked that to successfully deliver on such responsibilities, the risk officers role needs to carry the appropriate level of authority and independence. “Therefore, I feel that the CRO/Risk officer role needs to be at executive level and have a voice not only at the executive table, but in some cases also at board level,” he said.
Flagright growth manager Joseph Ibitola added, “The role of CRO or Risk Manager is likely to become a fundamental executive position. As risk becomes a greater challenge in the modern world, organizations need dedicated professionals to identify and mitigate risks effectively.
“The CRO’s expertise is crucial in developing risk management strategies, ensuring compliance, and protecting the organization’s assets. Stakeholders are also emphasizing the importance of risk management. However, the adoption of this position may vary across industries and organizations. Overall, having a CRO is essential for businesses to navigate complex risks and make informed decisions.”
Keep up with all the latest FinTech news here
Copyright © 2023 FinTech Global
Copyright © 2018 RegTech Analyst