The Chief Risk Officer is the individual (and leader of the function) that defines the firm’s risk appetite and tolerance, and helps maintain operations within the dimensions of such appetite.
The CRO is talented and experienced of course. But critically, she (read interchangeably with ‘he’) understands that a pro-active approach with a commitment to value-added perspective creates a leadership role for Risk Management in the firm and a ‘seat at the table’. We have to say adieu to the days of Risk being a ‘control’ or a ‘support’ function or a ‘let’s just keep the Regulators happy’ strategy – that can only happen if Risk steps up to the plate.
1. Vital to ensuring the CRO’s inclusion at the governance level is that she
a) Defines and dimensions the firm’s risk appetite and tolerance/s, and creates the mechanisms to articulate and communicate this across the firm.
b) Provides strategic perspective with direct lines of communication to the Board and the CEO on what’s going on in markets, businesses and the legal-regulatory environment (and what is on the horizon) that impacts risk levels and the risk appetite of the firm holistically. Specifically, she relates the growth and business of a firm to the evolution of its risk appetite.
c) Stays on point with the risk function, meaning she does not get bogged down in other board business! She is simply the lead advocate for responsible risk management across the firm.
i. Its risk appetite (contextualized for the legal-regulatory environment)
ii. Products and markets through which risk is taken
iii. Returns for taking such risks
The CRO lays down the principles, policies and practices that benchmark the business-as-usual and the “unusual, unintended, and unacceptable” risk-taking in the firm. She simultaneously implements measurement and management practices that ensure reconciliation with the top.
3. As custodian of risk appetite, the CRO dynamically redeploys the Economic Capital of the firm(it is time we got the CFOs out of this role) among various competing business units process of doing so computes and compares risk-adjusted performances across the firm using RAROC, RORAC, RORC, NIACC or any of such measures as long as consistently applied (anything but
ROE as long as C figures in it, please !!)
Simple? No
Critical for survival? Maybe
At least a key differentiator with some promise of resilience? Yes
Posts
5 comments:
Taking this one step further, how independent can the CRO be if she is going to be evaluated and paid by the CEO ? Shouldn't we think about a Risk Committee of the Board managing the CRO's compensation ?
Objective risk decisions can only be made if the CRO has full respect of and independence from her business line peers. Getting a "seat at the table" and designing a seperate business-line independent compensation structure to reward approval of thoughtful long-tern risk taking will help garner respect and make it easier to say NO.
On the other hand... is it good from a corporate governance perspective to give so much 'power' to an individual? This leads to key man risk. Well functioning ALCO's or strategic committees (board committee's?)should make the decisions based on recommendations and inputs from the risk management environment (CRO) as well as others.
The problem has 2 dimensions (at least):
(a) Risk function is seen still as akin to an audit function..........something which has been thrust/ mandated and hence, a necessary nuisance. Except, in case of something going belly up, in which case, the Busi Lines/ Mgt generally can say, "but it was vetted/ recmd/ appvd" by Risk.". The idea , in practice, seems to have a function that can be used to fob of Business Line/ Mgt accountability.
(b) Individual versus Collective empowerment. (i.e CRO versus Risk Committee empowerment). Individual responsibility and authority is needed; collective decision making is invariably a failure, when it comes to action/ execution (which is what the CRO role has to metamorphise into).
Hope the gist is clear.....Space constaint in expanding/ arguing the ideas.
ss
The role of Chief Compliance Officer can not be understated in order to enable CRO plays her due role. The CRO and the CCO are the custodians to preserve stakeholder's value while living within the ambit of rules and regulations, without any conflict of interest.
Post a Comment