SlideShare a Scribd company logo

The Role of the Chief Risk Officer Why You are the Most Important Person in Your Financial Institution

WolfPAC - Integrated Risk Management
WolfPAC - Integrated Risk Management

Given the current regulatory environment and the resulting changes going on in the industry today, the chief risk officer has become the most important person in the financial institution. WolfPAC Solutions Group Director Michael Cohn interviewed chief risk officers at financial institutions across the country to find out how they became a CRO, what skills and experience they bring to the role, and what is expected of them now.

Economy & Finance
1 of 7
Download to read offline
You have been in banking for a long time and most likely been at your current institution for many years. From your role, you probably know the financial institution better than anyone else. One day the call came in, the CEO is asking you to take on the role of chief risk officer (CRO). Or, you saw an opportunity and lobbied for the position knowing you had the skills and your financial institution had the need. In any case, the institution needed its first CRO and you are it. Now what? That is exactly the question I asked a number of CROs across the country that I work with and their answers and insights are captured in this piece. Given the current environment and changes in the industry, the CRO has become the most important person in the financial institution today. That is because community-based financial institutions are increasingly becoming more risk-oriented in their strategic and operational focus. In May 2012, the Comptroller of the Currency, Thomas Curry, in a speech said that operational risk now outweighs credit risk as a major concern for financial institutions and regulators. "Operational risks for institutions of all sizes can arise... from flawed risk assessment and risk management systems in the institution,” said Curry. “For community institutions with credit concentrations, a flawed assessment of risk can lead to inadequate controls and insufficient risk management systems.” Curry continues to focus on the areas of risk affecting financial institutions today when he said more recently, “Effective vendor management programs are not only a regulatory expectation; they are necessary components of effective enterprise risk management.” The CRO is the key player who makes the enterprise risk management (ERM) program take root and operate effectively. That is why you, as the CRO, are the most important person in a financial institution today. What is causing you and the position you hold to be needed today more than ever before? There are number forces at play that led to the creation of the CRO role you now
inhabit. There are the internal forces in your institution that come from the CEO and the Board, and then there are the external forces that come in the form of increasing business complexity and changing regulation. There are internal forces at your institution that are calling on the expertise and knowledge of the institution that you’ve gained over years of service perhaps in operations, audit, credit, or IT. These forces are the result of your institution now looking to build and implement an ERM program to be more competitive and financially secure, which has created new needs from the CEO and Board. As the CRO, when you put in place the systems to meet these needs, you are actually fulfilling the three attributes in building an ERM program. Your CEO needs greater insight over all elements of risk and compliance The number and frequency of risk assessment analyses grow every day, mostly spurred on from regulatory expectations. It is obvious that the executives and examiners who review these assessments observe a lack of consistency in the process to complete and report the results, and a lack of integration with the results themselves. Central management and oversight by a risk manager should improve consistency, which will in turn increase efficiency. With more integrated technology systems, greater reliance on third parties, and continued earnings pressures, better information at a lower cost is required today. Your Board Requires a Holistic View of all Risks As the institution takes on more risk with the introduction of new products and services, your Board will demand from you a holistic view of all the risks present in the institution, and the level at which they present a danger. To be fully informed, the Board may also require an analysis on the sufficiency of current spending on risk management. As CRO, you can provide this information by taking stock in the current activities and organizing them along the functional risk areas. One of the CROs I interviewed for this piece said, “My goal as CRO is to help management and the Board see a global view of risk”. The CEO and Board Need a Process to Vet Risks of New Strategies Your CEO and Board will begin to turn to you as CRO to provide the process to vet the risks inherent in new products and business strategies for the institution. You need not be the executive of “no” but rather contribute a process to vet the merit of new business initiatives. The CEO or possibly another executive will likely be the sponsor of the new initiative. As CRO, your obligation is to tease out the key threats that, if they were to occur, would threaten the viability of the franchise.
There are also significant external forces that are causing you to be needed by the institution. These forces are pushing institutions to be more risk-focused than ever before, which in turn, raises the responsibilities on the CRO. Becoming a $1 Billion Institution Many community-based institutions have seen steady growth in deposits and assets over the past few years as customers leave regional and money center banks for the community based banks and credit unions. Many small community banks are approaching $1 billion in assets and therefore facing the increased compliance costs associated with FDICIA compliance. The effort to build this FDICIA program by itself is not so expansive, but, in many cases, it serves as the tipping point for the addition of a risk management position to oversee this and the growing list of new compliance initiatives. Increasing Regulatory Expectation Increasing regulatory pressures on community-based institutions are another force causing the institution to establish and formalize the role of the CRO. With continued growth there is likely an increase in operational complexity. To manage the complexity and maintain an adequate level of safety and soundness, regulatory expectations are growing for the creation of the risk management function and the role of a CRO in the institution. As CRO, you must be able to design sustainable processes to mitigate risk, frame the breadth and depth of control testing, evaluate business operations, and participate in the evaluation of new products and business opportunities. New regulations are also causing institution to rethink their management structure and add a CRO. The newly positioned CRO of an institution with a little more than half a billion in assets said to me, “We had an internal audit and compliance person and that was all. The Dodd-Frank Act was the wake-up call for more structure and resources.” New Lines of Business Whether the objective is to put new deposit balances to work, compensate for lower fee income due to reductions in overdraft and interchange fees, or offer more competitive products, your institution is likely growing the number and types of product offerings. These activities increase and broaden the spectrum of risk taken on by the institution. A majority of institutions believe they are conservative in their business practices. The process of change plus the introduction of new products gives rise to a risk shift. You must be able to articulate the level and impact of change to the institutions risk DNA, and ensure all governance bodies accept the changes.
When these external and internal forces align with the capabilities of an individual who has the qualities needed in a CRO, smart and forward-looking leaders will realize the imperative to create the role of CRO. Your position was created out of a powerful combination of needs and the skills to fulfill those needs, which makes you the most important person in the institution today. There’s no such thing as a chief risk officer school and the CROs I spoke with say that they are often the first in their peer group to have this role and therefor have not been mentored or taught how to be a CRO. So, what qualifies a person to be a CRO? The answer lies in the experience you already possess. After speaking with the CROs, I heard a number of common traits that they say prepared them for the role. A Long Tenure at the Financial Institution Having a long tenure at the institution is a major asset for being a successful CRO. You know the institution inside and out, top to bottom. You have been instrumental in putting in place or advising on a number of initiatives and business lines. You also know well the people who need to be encouraged to embrace a more risk-based approach to their work. And, you are respected by the staff, C-suite, and Board, which is crucial because they will look to you for answers and guidance. A Holistic View of the Institution Gained from Previous Roles Having a holistic view of the institution is absolutely crucial to being an effective CRO because it is essential in creating and overseeing an enterprise-wide management program. It is extremely hard to walk into an institution and gain this perspective. Instead, it comes from holding positions in the institution in which you must have both an up-close and enterprise-wide view of the business. One of the CROs I spoke with said, “I came from IT security. It’s where risk management was first practiced….I understand the role of the CRO and ERM from my time overseeing IT risk.” This is why CROs who come from positions in credit, operations, audit, IT, or compliance are most effective. Being Seen as Having Good Judgment and Integrity The “c” in CRO means you are now part of the executive team. To be effective and add value at the c-level, a CRO must have excellent judgment and integrity. The other executives, who you may have served in the past, are now turning to you for guidance on business strategy and counting on your sound judgment. In your role as CRO, your reputation for integrity will help you
persuade everyone in the institution, from junior associates to Board members, that they must embrace a risk-focused view of their work and trust you when you tell them that you have the institution’s best interest in mind when proposing changes to their work. Because of the combination of external forces, internal needs, and the qualities you possess, your institution came to an important decision and now you are the CRO. You are now the most important person in your institution because you are in charge of the most crucial management practice: Risk Management. The institution’s financial well-being, its ability to improve delivery of products and services, and its survival in an increasingly competitive and regulated environment depends on how well it manages and mitigates risk. To manage risk effectively and efficiently, you must create, implement, and maintain a robust enterprise risk management program that is adopted by the entire institution. Practicing ERM well help you manage the internal and external forces that led to you becoming a CRO. Your success will be determined by how you create and execute the ERM programs and processes for the institution, which will be made clear in a positive way by your institution’s ability to successfully avoid excessive risk, or in a negative way if your institution experiences losses due to risk. Through discussion with CRO’s of various tenure, it became apparent that the institution will likely adopt one of three operating models for the risk management program. These stages are characterized as Compliance ERM, Integrated ERM, and Top-to-Bottom ERM. It is not necessary for the institution to pass through each stage successively, nor is it necessary to be at the third stage for the institution to receive significant benefit from it efforts and resource commitment. By understanding the strengths and minimum resource commitment at each stage you send the institution can select an operating model that aligns with its business goals. Compliance ERM This stage is characterized by the desire and management practice to organize the various operational risk and compliance programs under a single manager. The manager takes stock in what measures are in place, and begins to oversee the tools being used, which are typically documents and spreadsheets as well as single purpose business software applications. There may not be significant changes to the risk assessment or communications processes beyond easy to implement ideas. The credit, interest rate, and asset-liability management
activities continue largely untouched and remain outside the oversight of the operations/compliance risk manager. The compliance, security, and other corporate service managers that contribute to the risk assessments and risk processes may or may not be organized under the operational risk manager. The business objective here is to initiate the alignment and oversight of existing operational risk requirements and common management activities with a single manager. Integrated ERM This stage is characterized by the desire to create a more integrated, holistic view of risks and threats. Risk assessment processes begin to standardize, the number and variety of tools tends to reduce, and risk management activities, monitoring, and audit programs become more tightly integrated. Risk management silos start to break down and governance structures align into operational risk and credit risk bodies. Although there may be two risk committees (i.e., operations and credit), they likely share a significant number of committee members. The Board will likely create a risk committee or mandate an existing committee take responsibility for risk management. It is unlikely that a sustainable risk management program at this stage can be created without the investment in a CRO. Top-to-Bottom ERM This stage is characterized with the CRO leading both the operational and credit risk activities. Risk assessment, risk monitoring, and risk reporting are centrally managed in this model. Software tools are multipurpose and used in several functional risk areas, and reporting is consolidated to reduce risk silos and illustrate the interdependency of business activities and interrelatedness of threat scenarios. A management risk committee is active and chaired by the CRO. They key to the CRO’s success is engaging the Board with the results of the risk management program. The CRO also serves as the voice of reason to vet significant new business initiatives with management and the Board to identify significant threats to capital, earnings, and reputation. Having a risk management program will not be effective if you as the CRO are the only one who believes in its value and practices it. As part of your duties, you must evangelize ERM and get everyone in the institution – from the chair of the Board to the teller in the farthest branch to embrace it as a practice. Having the title of CRO can help with this according to one CRO I interviewed who said, “When you are promoted to CRO, it’s easier to change the culture of the institution to be more risk aware.”
Daily risk management activities are crucial as well and it is important that you develop the techniques or buy the tools to develop a sustainable process for ERM. With a strong ERM program in place as your foundation, you as the CRO are integral to the future of your institution. When you can use your ERM program to help your institution rise above silos and the degree of threat it poses, it can then be a powerful tool to develop the institution’s business strategy and fulfill its business goals. One of the CROs said to me, “Risk management is not just housekeeping, it’s thinking ahead of the issues”. When a CRO can create a clear and accurate analysis of the current situation in their institution from the strength of their ERM program and look forward strategically, they have truly become the most important person in the institution. Another said, “This will be known as a definitive era in banking with the CRO in place and enterprise risk management being practiced”.

Recommended

Company Analysis of Firms in Education Sector
Company Analysis of Firms in Education SectorCompany Analysis of Firms in Education Sector
Company Analysis of Firms in Education SectorNikhil Jha
 
Enterprise Architecture - TOGAF Overview
Enterprise Architecture - TOGAF OverviewEnterprise Architecture - TOGAF Overview
Enterprise Architecture - TOGAF OverviewMohamed Sami El-Tahawy
 
final report on PTC
final report on PTC final report on PTC
final report on PTC bahadar ali
 
Role of a Chief Risk Officer
Role of a Chief Risk OfficerRole of a Chief Risk Officer
Role of a Chief Risk OfficerMichel Rochette
 
Chief risk officer kpi
Chief risk officer kpiChief risk officer kpi
Chief risk officer kpivitrajom
 
Industrial finance in india new
Industrial finance in india newIndustrial finance in india new
Industrial finance in india new8880003684
 
Financial institutions
Financial institutions Financial institutions
Financial institutions Happy.vattathara Surendran
 
Financial Institutions
Financial InstitutionsFinancial Institutions
Financial InstitutionsIsmatullah Butt
 

Recommended

Company Analysis of Firms in Education Sector
Company Analysis of Firms in Education SectorCompany Analysis of Firms in Education Sector
Company Analysis of Firms in Education SectorNikhil Jha
 
Enterprise Architecture - TOGAF Overview
Enterprise Architecture - TOGAF OverviewEnterprise Architecture - TOGAF Overview
Enterprise Architecture - TOGAF OverviewMohamed Sami El-Tahawy
 
final report on PTC
final report on PTC final report on PTC
final report on PTC bahadar ali
 
Role of a Chief Risk Officer
Role of a Chief Risk OfficerRole of a Chief Risk Officer
Role of a Chief Risk OfficerMichel Rochette
 
Chief risk officer kpi
Chief risk officer kpiChief risk officer kpi
Chief risk officer kpivitrajom
 
Industrial finance in india new
Industrial finance in india newIndustrial finance in india new
Industrial finance in india new8880003684
 
Financial institutions
Financial institutions Financial institutions
Financial institutions Happy.vattathara Surendran
 
Financial Institutions
Financial InstitutionsFinancial Institutions
Financial InstitutionsIsmatullah Butt
 
CRO Insight
CRO InsightCRO Insight
CRO InsightMike Wilkinson
 
Artcile for EAIC Conference in Taipei Novermber 2014
Artcile for EAIC Conference in Taipei Novermber 2014Artcile for EAIC Conference in Taipei Novermber 2014
Artcile for EAIC Conference in Taipei Novermber 2014StephenRosling
 
Compliance & data security – the way we work
Compliance & data security – the way we workCompliance & data security – the way we work
Compliance & data security – the way we workPuneet Chopra
 
Risk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateRisk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateAnthony Chiusano
 
AML and OFAC Compliance for the Insurance Industry
AML and OFAC Compliance for the Insurance IndustryAML and OFAC Compliance for the Insurance Industry
AML and OFAC Compliance for the Insurance IndustryRachel Hamilton
 
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...WolfPAC - Integrated Risk Management
 
Aon FI Risk Advisory_product sheet-March 2015
Aon FI Risk Advisory_product sheet-March 2015Aon FI Risk Advisory_product sheet-March 2015
Aon FI Risk Advisory_product sheet-March 2015Evan Sekeris
 
Managing the Complexities of Governance, Risk & Compliance Requires
Managing the Complexities of Governance, Risk & Compliance RequiresManaging the Complexities of Governance, Risk & Compliance Requires
Managing the Complexities of Governance, Risk & Compliance RequiresWNS Global Services
 
How to Hire a Great CRO
How to Hire a Great CROHow to Hire a Great CRO
How to Hire a Great CROThe IRM India
 
Combining Corporate Governance with Internal Leadership
Combining Corporate Governance with Internal LeadershipCombining Corporate Governance with Internal Leadership
Combining Corporate Governance with Internal Leadershipjobdoctors
 
Combining Corporate Governance with Internal Leadership
Combining Corporate Governance with Internal LeadershipCombining Corporate Governance with Internal Leadership
Combining Corporate Governance with Internal LeadershipDwayne Jorgensen
 
The Scientific Approach to Mitigating Operational Risk
The Scientific Approach to Mitigating Operational RiskThe Scientific Approach to Mitigating Operational Risk
The Scientific Approach to Mitigating Operational RiskNicolle Nelson
 
CFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersCFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersAzure Group
 
Boca Raton Interview
Boca Raton InterviewBoca Raton Interview
Boca Raton InterviewMichelle Singh
 
3d 3 Todays Internal Auditor
3d 3 Todays Internal Auditor3d 3 Todays Internal Auditor
3d 3 Todays Internal AuditorRajeswaran Muthu Venkatachalam
 
How Audit Committees Can Help with Third-Party Risks
How Audit Committees Can Help with Third-Party RisksHow Audit Committees Can Help with Third-Party Risks
How Audit Committees Can Help with Third-Party RisksMHM (Mayer Hoffman McCann P.C.)
 
[Whitepaper] Shareholder Value Traps: How to Evade Them and Focus on Value Cr...
[Whitepaper] Shareholder Value Traps: How to Evade Them and Focus on Value Cr...[Whitepaper] Shareholder Value Traps: How to Evade Them and Focus on Value Cr...
[Whitepaper] Shareholder Value Traps: How to Evade Them and Focus on Value Cr...Flevy.com Best Practices
 
Research for the reputation of the company in Vietnam: Risk Management
Research for the reputation of the company in Vietnam: Risk ManagementResearch for the reputation of the company in Vietnam: Risk Management
Research for the reputation of the company in Vietnam: Risk ManagementPrénom Nom de famille
 
Good to Great-WSJ
Good to Great-WSJGood to Great-WSJ
Good to Great-WSJKeith Darcy
 
Good to Great-WSJ
Good to Great-WSJGood to Great-WSJ
Good to Great-WSJKeith Darcy
 
TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...
TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...
TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...ssifa0344
 
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service NashikHigh Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 

More Related Content

Similar to The Role of the Chief Risk Officer Why You are the Most Important Person in Your Financial Institution

Artcile for EAIC Conference in Taipei Novermber 2014
Artcile for EAIC Conference in Taipei Novermber 2014Artcile for EAIC Conference in Taipei Novermber 2014
Artcile for EAIC Conference in Taipei Novermber 2014StephenRosling
 
Compliance & data security – the way we work
Compliance & data security – the way we workCompliance & data security – the way we work
Compliance & data security – the way we workPuneet Chopra
 
Risk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateRisk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateAnthony Chiusano
 
AML and OFAC Compliance for the Insurance Industry
AML and OFAC Compliance for the Insurance IndustryAML and OFAC Compliance for the Insurance Industry
AML and OFAC Compliance for the Insurance IndustryRachel Hamilton
 
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...WolfPAC - Integrated Risk Management
 
Aon FI Risk Advisory_product sheet-March 2015
Aon FI Risk Advisory_product sheet-March 2015Aon FI Risk Advisory_product sheet-March 2015
Aon FI Risk Advisory_product sheet-March 2015Evan Sekeris
 
Managing the Complexities of Governance, Risk & Compliance Requires
Managing the Complexities of Governance, Risk & Compliance RequiresManaging the Complexities of Governance, Risk & Compliance Requires
Managing the Complexities of Governance, Risk & Compliance RequiresWNS Global Services
 
How to Hire a Great CRO
How to Hire a Great CROHow to Hire a Great CRO
How to Hire a Great CROThe IRM India
 
Combining Corporate Governance with Internal Leadership
Combining Corporate Governance with Internal LeadershipCombining Corporate Governance with Internal Leadership
Combining Corporate Governance with Internal Leadershipjobdoctors
 
Combining Corporate Governance with Internal Leadership
Combining Corporate Governance with Internal LeadershipCombining Corporate Governance with Internal Leadership
Combining Corporate Governance with Internal LeadershipDwayne Jorgensen
 
The Scientific Approach to Mitigating Operational Risk
The Scientific Approach to Mitigating Operational RiskThe Scientific Approach to Mitigating Operational Risk
The Scientific Approach to Mitigating Operational RiskNicolle Nelson
 
CFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersCFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersAzure Group
 
[Whitepaper] Shareholder Value Traps: How to Evade Them and Focus on Value Cr...
[Whitepaper] Shareholder Value Traps: How to Evade Them and Focus on Value Cr...[Whitepaper] Shareholder Value Traps: How to Evade Them and Focus on Value Cr...
[Whitepaper] Shareholder Value Traps: How to Evade Them and Focus on Value Cr...Flevy.com Best Practices
 
Research for the reputation of the company in Vietnam: Risk Management
Research for the reputation of the company in Vietnam: Risk ManagementResearch for the reputation of the company in Vietnam: Risk Management
Research for the reputation of the company in Vietnam: Risk ManagementPrénom Nom de famille
 
Good to Great-WSJ
Good to Great-WSJGood to Great-WSJ
Good to Great-WSJKeith Darcy
 
Good to Great-WSJ
Good to Great-WSJGood to Great-WSJ
Good to Great-WSJKeith Darcy
 

Similar to The Role of the Chief Risk Officer Why You are the Most Important Person in Your Financial Institution (20)

CRO Insight
CRO InsightCRO Insight
CRO Insight
 
Artcile for EAIC Conference in Taipei Novermber 2014
Artcile for EAIC Conference in Taipei Novermber 2014Artcile for EAIC Conference in Taipei Novermber 2014
Artcile for EAIC Conference in Taipei Novermber 2014
 
Compliance & data security – the way we work
Compliance & data security – the way we workCompliance & data security – the way we work
Compliance & data security – the way we work
 
Risk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateRisk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_Articulate
 
AML and OFAC Compliance for the Insurance Industry
AML and OFAC Compliance for the Insurance IndustryAML and OFAC Compliance for the Insurance Industry
AML and OFAC Compliance for the Insurance Industry
 
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
Why Community-based Financial Institutions Should Practice Enterprise Risk Ma...
 
Aon FI Risk Advisory_product sheet-March 2015
Aon FI Risk Advisory_product sheet-March 2015Aon FI Risk Advisory_product sheet-March 2015
Aon FI Risk Advisory_product sheet-March 2015
 
Managing the Complexities of Governance, Risk & Compliance Requires
Managing the Complexities of Governance, Risk & Compliance RequiresManaging the Complexities of Governance, Risk & Compliance Requires
Managing the Complexities of Governance, Risk & Compliance Requires
 
How to Hire a Great CRO
How to Hire a Great CROHow to Hire a Great CRO
How to Hire a Great CRO
 
Combining Corporate Governance with Internal Leadership
Combining Corporate Governance with Internal LeadershipCombining Corporate Governance with Internal Leadership
Combining Corporate Governance with Internal Leadership
 
Combining Corporate Governance with Internal Leadership
Combining Corporate Governance with Internal LeadershipCombining Corporate Governance with Internal Leadership
Combining Corporate Governance with Internal Leadership
 
The Scientific Approach to Mitigating Operational Risk
The Scientific Approach to Mitigating Operational RiskThe Scientific Approach to Mitigating Operational Risk
The Scientific Approach to Mitigating Operational Risk
 
CFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey ChristophersCFO Risk Intelligence - Harvey Christophers
CFO Risk Intelligence - Harvey Christophers
 
Boca Raton Interview
Boca Raton InterviewBoca Raton Interview
Boca Raton Interview
 
3d 3 Todays Internal Auditor
3d 3 Todays Internal Auditor3d 3 Todays Internal Auditor
3d 3 Todays Internal Auditor
 
How Audit Committees Can Help with Third-Party Risks
How Audit Committees Can Help with Third-Party RisksHow Audit Committees Can Help with Third-Party Risks
How Audit Committees Can Help with Third-Party Risks
 
[Whitepaper] Shareholder Value Traps: How to Evade Them and Focus on Value Cr...
[Whitepaper] Shareholder Value Traps: How to Evade Them and Focus on Value Cr...[Whitepaper] Shareholder Value Traps: How to Evade Them and Focus on Value Cr...
[Whitepaper] Shareholder Value Traps: How to Evade Them and Focus on Value Cr...
 
Research for the reputation of the company in Vietnam: Risk Management
Research for the reputation of the company in Vietnam: Risk ManagementResearch for the reputation of the company in Vietnam: Risk Management
Research for the reputation of the company in Vietnam: Risk Management
 
Good to Great-WSJ
Good to Great-WSJGood to Great-WSJ
Good to Great-WSJ
 
Good to Great-WSJ
Good to Great-WSJGood to Great-WSJ
Good to Great-WSJ
 

Recently uploaded

TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...
TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...
TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...ssifa0344
 
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service NashikHigh Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
The Economic History of the U.S. Lecture 21.pdf
The Economic History of the U.S. Lecture 21.pdfThe Economic History of the U.S. Lecture 21.pdf
The Economic History of the U.S. Lecture 21.pdfGale Pooley
 
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...Call Girls in Nagpur High Profile
 
Indore Real Estate Market Trends Report.pdf
Indore Real Estate Market Trends Report.pdfIndore Real Estate Market Trends Report.pdf
Indore Real Estate Market Trends Report.pdfSaviRakhecha1
 
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
The Economic History of the U.S. Lecture 26.pdf
The Economic History of the U.S. Lecture 26.pdfThe Economic History of the U.S. Lecture 26.pdf
The Economic History of the U.S. Lecture 26.pdfGale Pooley
 
The Economic History of the U.S. Lecture 18.pdf
The Economic History of the U.S. Lecture 18.pdfThe Economic History of the U.S. Lecture 18.pdf
The Economic History of the U.S. Lecture 18.pdfGale Pooley
 
Basic concepts related to Financial modelling
Basic concepts related to Financial modellingBasic concepts related to Financial modelling
Basic concepts related to Financial modellingbaijup5
 
Call US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure service
Call US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure serviceCall US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure service
Call US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure servicePooja Nehwal
 
00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptx00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptxFinTech Belgium
 
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...Pooja Nehwal
 
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdfFinTech Belgium
 
The Economic History of the U.S. Lecture 22.pdf
The Economic History of the U.S. Lecture 22.pdfThe Economic History of the U.S. Lecture 22.pdf
The Economic History of the U.S. Lecture 22.pdfGale Pooley
 
20240429 Calibre April 2024 Investor Presentation.pdf
20240429 Calibre April 2024 Investor Presentation.pdf20240429 Calibre April 2024 Investor Presentation.pdf
20240429 Calibre April 2024 Investor Presentation.pdfAdnet Communications
 
Vip Call US 📞 7738631006 ✅Call Girls In Sakinaka ( Mumbai )
Vip Call US 📞 7738631006 ✅Call Girls In Sakinaka ( Mumbai )Vip Call US 📞 7738631006 ✅Call Girls In Sakinaka ( Mumbai )
Vip Call US 📞 7738631006 ✅Call Girls In Sakinaka ( Mumbai )Pooja Nehwal
 
The Economic History of the U.S. Lecture 17.pdf
The Economic History of the U.S. Lecture 17.pdfThe Economic History of the U.S. Lecture 17.pdf
The Economic History of the U.S. Lecture 17.pdfGale Pooley
 

Recently uploaded (20)

TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...
TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...
TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...
 
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service NashikHigh Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
 
The Economic History of the U.S. Lecture 21.pdf
The Economic History of the U.S. Lecture 21.pdfThe Economic History of the U.S. Lecture 21.pdf
The Economic History of the U.S. Lecture 21.pdf
 
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
 
Indore Real Estate Market Trends Report.pdf
Indore Real Estate Market Trends Report.pdfIndore Real Estate Market Trends Report.pdf
Indore Real Estate Market Trends Report.pdf
 
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
 
The Economic History of the U.S. Lecture 26.pdf
The Economic History of the U.S. Lecture 26.pdfThe Economic History of the U.S. Lecture 26.pdf
The Economic History of the U.S. Lecture 26.pdf
 
The Economic History of the U.S. Lecture 18.pdf
The Economic History of the U.S. Lecture 18.pdfThe Economic History of the U.S. Lecture 18.pdf
The Economic History of the U.S. Lecture 18.pdf
 
Basic concepts related to Financial modelling
Basic concepts related to Financial modellingBasic concepts related to Financial modelling
Basic concepts related to Financial modelling
 
Call US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure service
Call US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure serviceCall US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure service
Call US 📞 9892124323 ✅ Kurla Call Girls In Kurla ( Mumbai ) secure service
 
00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptx00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptx
 
VIP Call Girl in Mira Road 💧 9920725232 ( Call Me ) Get A New Crush Everyday ...
VIP Call Girl in Mira Road 💧 9920725232 ( Call Me ) Get A New Crush Everyday ...VIP Call Girl in Mira Road 💧 9920725232 ( Call Me ) Get A New Crush Everyday ...
VIP Call Girl in Mira Road 💧 9920725232 ( Call Me ) Get A New Crush Everyday ...
 
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
 
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
 
The Economic History of the U.S. Lecture 22.pdf
The Economic History of the U.S. Lecture 22.pdfThe Economic History of the U.S. Lecture 22.pdf
The Economic History of the U.S. Lecture 22.pdf
 
20240429 Calibre April 2024 Investor Presentation.pdf
20240429 Calibre April 2024 Investor Presentation.pdf20240429 Calibre April 2024 Investor Presentation.pdf
20240429 Calibre April 2024 Investor Presentation.pdf
 
VIP Independent Call Girls in Andheri 🌹 9920725232 ( Call Me ) Mumbai Escorts...
VIP Independent Call Girls in Andheri 🌹 9920725232 ( Call Me ) Mumbai Escorts...VIP Independent Call Girls in Andheri 🌹 9920725232 ( Call Me ) Mumbai Escorts...
VIP Independent Call Girls in Andheri 🌹 9920725232 ( Call Me ) Mumbai Escorts...
 
Vip Call US 📞 7738631006 ✅Call Girls In Sakinaka ( Mumbai )
Vip Call US 📞 7738631006 ✅Call Girls In Sakinaka ( Mumbai )Vip Call US 📞 7738631006 ✅Call Girls In Sakinaka ( Mumbai )
Vip Call US 📞 7738631006 ✅Call Girls In Sakinaka ( Mumbai )
 
The Economic History of the U.S. Lecture 17.pdf
The Economic History of the U.S. Lecture 17.pdfThe Economic History of the U.S. Lecture 17.pdf
The Economic History of the U.S. Lecture 17.pdf
 

The Role of the Chief Risk Officer Why You are the Most Important Person in Your Financial Institution

  • 1. You have been in banking for a long time and most likely been at your current institution for many years. From your role, you probably know the financial institution better than anyone else. One day the call came in, the CEO is asking you to take on the role of chief risk officer (CRO). Or, you saw an opportunity and lobbied for the position knowing you had the skills and your financial institution had the need. In any case, the institution needed its first CRO and you are it. Now what? That is exactly the question I asked a number of CROs across the country that I work with and their answers and insights are captured in this piece. Given the current environment and changes in the industry, the CRO has become the most important person in the financial institution today. That is because community-based financial institutions are increasingly becoming more risk-oriented in their strategic and operational focus. In May 2012, the Comptroller of the Currency, Thomas Curry, in a speech said that operational risk now outweighs credit risk as a major concern for financial institutions and regulators. "Operational risks for institutions of all sizes can arise... from flawed risk assessment and risk management systems in the institution,” said Curry. “For community institutions with credit concentrations, a flawed assessment of risk can lead to inadequate controls and insufficient risk management systems.” Curry continues to focus on the areas of risk affecting financial institutions today when he said more recently, “Effective vendor management programs are not only a regulatory expectation; they are necessary components of effective enterprise risk management.” The CRO is the key player who makes the enterprise risk management (ERM) program take root and operate effectively. That is why you, as the CRO, are the most important person in a financial institution today. What is causing you and the position you hold to be needed today more than ever before? There are number forces at play that led to the creation of the CRO role you now
  • 2. inhabit. There are the internal forces in your institution that come from the CEO and the Board, and then there are the external forces that come in the form of increasing business complexity and changing regulation. There are internal forces at your institution that are calling on the expertise and knowledge of the institution that you’ve gained over years of service perhaps in operations, audit, credit, or IT. These forces are the result of your institution now looking to build and implement an ERM program to be more competitive and financially secure, which has created new needs from the CEO and Board. As the CRO, when you put in place the systems to meet these needs, you are actually fulfilling the three attributes in building an ERM program. Your CEO needs greater insight over all elements of risk and compliance The number and frequency of risk assessment analyses grow every day, mostly spurred on from regulatory expectations. It is obvious that the executives and examiners who review these assessments observe a lack of consistency in the process to complete and report the results, and a lack of integration with the results themselves. Central management and oversight by a risk manager should improve consistency, which will in turn increase efficiency. With more integrated technology systems, greater reliance on third parties, and continued earnings pressures, better information at a lower cost is required today. Your Board Requires a Holistic View of all Risks As the institution takes on more risk with the introduction of new products and services, your Board will demand from you a holistic view of all the risks present in the institution, and the level at which they present a danger. To be fully informed, the Board may also require an analysis on the sufficiency of current spending on risk management. As CRO, you can provide this information by taking stock in the current activities and organizing them along the functional risk areas. One of the CROs I interviewed for this piece said, “My goal as CRO is to help management and the Board see a global view of risk”. The CEO and Board Need a Process to Vet Risks of New Strategies Your CEO and Board will begin to turn to you as CRO to provide the process to vet the risks inherent in new products and business strategies for the institution. You need not be the executive of “no” but rather contribute a process to vet the merit of new business initiatives. The CEO or possibly another executive will likely be the sponsor of the new initiative. As CRO, your obligation is to tease out the key threats that, if they were to occur, would threaten the viability of the franchise.
  • 3. There are also significant external forces that are causing you to be needed by the institution. These forces are pushing institutions to be more risk-focused than ever before, which in turn, raises the responsibilities on the CRO. Becoming a $1 Billion Institution Many community-based institutions have seen steady growth in deposits and assets over the past few years as customers leave regional and money center banks for the community based banks and credit unions. Many small community banks are approaching $1 billion in assets and therefore facing the increased compliance costs associated with FDICIA compliance. The effort to build this FDICIA program by itself is not so expansive, but, in many cases, it serves as the tipping point for the addition of a risk management position to oversee this and the growing list of new compliance initiatives. Increasing Regulatory Expectation Increasing regulatory pressures on community-based institutions are another force causing the institution to establish and formalize the role of the CRO. With continued growth there is likely an increase in operational complexity. To manage the complexity and maintain an adequate level of safety and soundness, regulatory expectations are growing for the creation of the risk management function and the role of a CRO in the institution. As CRO, you must be able to design sustainable processes to mitigate risk, frame the breadth and depth of control testing, evaluate business operations, and participate in the evaluation of new products and business opportunities. New regulations are also causing institution to rethink their management structure and add a CRO. The newly positioned CRO of an institution with a little more than half a billion in assets said to me, “We had an internal audit and compliance person and that was all. The Dodd-Frank Act was the wake-up call for more structure and resources.” New Lines of Business Whether the objective is to put new deposit balances to work, compensate for lower fee income due to reductions in overdraft and interchange fees, or offer more competitive products, your institution is likely growing the number and types of product offerings. These activities increase and broaden the spectrum of risk taken on by the institution. A majority of institutions believe they are conservative in their business practices. The process of change plus the introduction of new products gives rise to a risk shift. You must be able to articulate the level and impact of change to the institutions risk DNA, and ensure all governance bodies accept the changes.
  • 4. When these external and internal forces align with the capabilities of an individual who has the qualities needed in a CRO, smart and forward-looking leaders will realize the imperative to create the role of CRO. Your position was created out of a powerful combination of needs and the skills to fulfill those needs, which makes you the most important person in the institution today. There’s no such thing as a chief risk officer school and the CROs I spoke with say that they are often the first in their peer group to have this role and therefor have not been mentored or taught how to be a CRO. So, what qualifies a person to be a CRO? The answer lies in the experience you already possess. After speaking with the CROs, I heard a number of common traits that they say prepared them for the role. A Long Tenure at the Financial Institution Having a long tenure at the institution is a major asset for being a successful CRO. You know the institution inside and out, top to bottom. You have been instrumental in putting in place or advising on a number of initiatives and business lines. You also know well the people who need to be encouraged to embrace a more risk-based approach to their work. And, you are respected by the staff, C-suite, and Board, which is crucial because they will look to you for answers and guidance. A Holistic View of the Institution Gained from Previous Roles Having a holistic view of the institution is absolutely crucial to being an effective CRO because it is essential in creating and overseeing an enterprise-wide management program. It is extremely hard to walk into an institution and gain this perspective. Instead, it comes from holding positions in the institution in which you must have both an up-close and enterprise-wide view of the business. One of the CROs I spoke with said, “I came from IT security. It’s where risk management was first practiced….I understand the role of the CRO and ERM from my time overseeing IT risk.” This is why CROs who come from positions in credit, operations, audit, IT, or compliance are most effective. Being Seen as Having Good Judgment and Integrity The “c” in CRO means you are now part of the executive team. To be effective and add value at the c-level, a CRO must have excellent judgment and integrity. The other executives, who you may have served in the past, are now turning to you for guidance on business strategy and counting on your sound judgment. In your role as CRO, your reputation for integrity will help you
  • 5. persuade everyone in the institution, from junior associates to Board members, that they must embrace a risk-focused view of their work and trust you when you tell them that you have the institution’s best interest in mind when proposing changes to their work. Because of the combination of external forces, internal needs, and the qualities you possess, your institution came to an important decision and now you are the CRO. You are now the most important person in your institution because you are in charge of the most crucial management practice: Risk Management. The institution’s financial well-being, its ability to improve delivery of products and services, and its survival in an increasingly competitive and regulated environment depends on how well it manages and mitigates risk. To manage risk effectively and efficiently, you must create, implement, and maintain a robust enterprise risk management program that is adopted by the entire institution. Practicing ERM well help you manage the internal and external forces that led to you becoming a CRO. Your success will be determined by how you create and execute the ERM programs and processes for the institution, which will be made clear in a positive way by your institution’s ability to successfully avoid excessive risk, or in a negative way if your institution experiences losses due to risk. Through discussion with CRO’s of various tenure, it became apparent that the institution will likely adopt one of three operating models for the risk management program. These stages are characterized as Compliance ERM, Integrated ERM, and Top-to-Bottom ERM. It is not necessary for the institution to pass through each stage successively, nor is it necessary to be at the third stage for the institution to receive significant benefit from it efforts and resource commitment. By understanding the strengths and minimum resource commitment at each stage you send the institution can select an operating model that aligns with its business goals. Compliance ERM This stage is characterized by the desire and management practice to organize the various operational risk and compliance programs under a single manager. The manager takes stock in what measures are in place, and begins to oversee the tools being used, which are typically documents and spreadsheets as well as single purpose business software applications. There may not be significant changes to the risk assessment or communications processes beyond easy to implement ideas. The credit, interest rate, and asset-liability management
  • 6. activities continue largely untouched and remain outside the oversight of the operations/compliance risk manager. The compliance, security, and other corporate service managers that contribute to the risk assessments and risk processes may or may not be organized under the operational risk manager. The business objective here is to initiate the alignment and oversight of existing operational risk requirements and common management activities with a single manager. Integrated ERM This stage is characterized by the desire to create a more integrated, holistic view of risks and threats. Risk assessment processes begin to standardize, the number and variety of tools tends to reduce, and risk management activities, monitoring, and audit programs become more tightly integrated. Risk management silos start to break down and governance structures align into operational risk and credit risk bodies. Although there may be two risk committees (i.e., operations and credit), they likely share a significant number of committee members. The Board will likely create a risk committee or mandate an existing committee take responsibility for risk management. It is unlikely that a sustainable risk management program at this stage can be created without the investment in a CRO. Top-to-Bottom ERM This stage is characterized with the CRO leading both the operational and credit risk activities. Risk assessment, risk monitoring, and risk reporting are centrally managed in this model. Software tools are multipurpose and used in several functional risk areas, and reporting is consolidated to reduce risk silos and illustrate the interdependency of business activities and interrelatedness of threat scenarios. A management risk committee is active and chaired by the CRO. They key to the CRO’s success is engaging the Board with the results of the risk management program. The CRO also serves as the voice of reason to vet significant new business initiatives with management and the Board to identify significant threats to capital, earnings, and reputation. Having a risk management program will not be effective if you as the CRO are the only one who believes in its value and practices it. As part of your duties, you must evangelize ERM and get everyone in the institution – from the chair of the Board to the teller in the farthest branch to embrace it as a practice. Having the title of CRO can help with this according to one CRO I interviewed who said, “When you are promoted to CRO, it’s easier to change the culture of the institution to be more risk aware.”
  • 7. Daily risk management activities are crucial as well and it is important that you develop the techniques or buy the tools to develop a sustainable process for ERM. With a strong ERM program in place as your foundation, you as the CRO are integral to the future of your institution. When you can use your ERM program to help your institution rise above silos and the degree of threat it poses, it can then be a powerful tool to develop the institution’s business strategy and fulfill its business goals. One of the CROs said to me, “Risk management is not just housekeeping, it’s thinking ahead of the issues”. When a CRO can create a clear and accurate analysis of the current situation in their institution from the strength of their ERM program and look forward strategically, they have truly become the most important person in the institution. Another said, “This will be known as a definitive era in banking with the CRO in place and enterprise risk management being practiced”.