The role of the Chief Risk Officer (CRO) is not new. Indeed, risks are not new to the financial services industry and there have always been functions responsible for identifying, assessing, monitoring, mitigating and reporting these risks.
However, since the financial crisis and more recently with the COVID-19 pandemic, we have observed a fundamental step change in the way that the industry sees the role of the CRO and in the expectations related to the way the risk management function should operate.
This fundamental step change is mainly driven by recent societal changes having a much broader impact than just on the financial services industry:
- The emergence of a number of new challenges, being significantly more complex and different than traditional risks, e.g., COVID-19 pandemic, new technologies, geopolitical, social and environmental changes,
- The accelerating pace of technological change impacting the financial services industry, e.g., artificial intelligence (AI), blockchain, big data, robotic process automation (RPA),
- Significant societal changes including an increased emphasis on social and environmental commitments (e.g., ESG), increased demand for a healthy work-life balance and improving gender equality.
In order for CROs and risk management functions to take up the challenge, a set of actions are required from them.
Understand technology
As the financial industry is becoming increasingly more digital and is using more and more technologies like AI, blockchain, big data, RPA, etc., it is critical for CROs and risk management functions to understand technology and to be able to identify and assess the risks and implications related to these technologies.
Furthermore, as financial services institutions become increasingly complex with additional emphasis on efficiency, risk management functions will need to gradually move towards adopting new technologies in their day-to-day activities. This could include incorporating AI and big data in forecasting and stress testing processes, using RPA to automate repetitive tasks (e.g., reporting), making use of cloud and edge computing concepts and better using already existing risk management tools.
Embed risk into strategy
Risk management has traditionally been focused more on constraining the business by setting limits and monitoring and reporting risk exposure. In modern risk management, financial institutions should ensure that the risk management function focuses less on constraining the business and more on enabling the business to develop and execute a strategy that is aligned to stakeholder expectations with regards to risk and return.
The objective is not to have the CRO and the risk management function running the business, but rather to make sure that risks the business is or could be facing are properly identified and taken into consideration when taking business decisions.
In order to ensure that the risk management function focuses more on supporting the business in the development and execution of its strategy, financial institutions should ensure that CROs have a seat at the “decision making table” (i.e., the Executive Committee or similar) and have easy and quick access to the Board of Directors and/or the Risk Committee of the Board of Directors.
Enhance risk reporting
As the industry deals with emerging challenges, e.g., COVID-19, ESG and geopolitical instability, CROs and their risk management functions will need to significantly enhance their ability to spot future trends in risk exposure. They should incorporate more external data in their reporting and analysis and broaden the scope of data collection to include aspects such as environmental and social impact, geopolitical exposure, risk interconnectedness and public image.
Organisations should also make better use of their own internal data. By employing new technologies such as cloud computing and data processing techniques, financial services institutions should increase the scope of data that they collect and use this to identify trends and future risk exposure.
In a rapidly changing world, it is also fundamentally important for CROs and risk management functions to stay ahead of the curve and understand emerging risks and trends. The use of forward looking risk indicators can help to ensure that institutions have a good understanding of the risks to their business.
Adapt recruitment policy
Contrary to traditional CRO profiles, modern CROs need to have a very broad range of skills, e.g., knowledge of emerging risks and IT concepts, awareness of geopolitical trends, deep understanding of strategy.
In addition to this, CROs will only be effective in implementing the right risk management framework within an organisation if they are supported by a set of resources that have the appropriate technical knowledge and mindset.
To achieve this, financial services institutions and CROs should divert away from the traditional profiles they recruit and include staff with a range of different skills and experiences, e.g., in IT, strategy development, ESG analysis. It is now essential for financial institutions and CROs to recruit resources being more technology focused and having a good understanding of the less traditional but emerging risks, e.g., technology risk, social and environmental risk, geopolitical risks, etc.
Going forward
Ensuring that a business stays relevant in rapidly changing times requires constant evolution in business strategy, but also in the way that it identifies and monitors risk exposure. The CRO is at the front line of this analysis and consequently must continually evolve to meet current and future trends. Through strong coordination across all lines of the business, the actions described above can help to ensure an institution’s continued relevance and fulfilment of its business objectives.
More information about Avantage Reply Luxembourg