The days when risk meant credit risk and the chief risk officer was the bank president are long gone. Risk has evolved and grown along with the complexity of institutions. Large global banks as well as small institutions need to understand how risks are interrelated and how a failure in one part of the bank can impact the enterprise. It is the role of the chief risk officer to oversee a risk organisation that takes an integrated approach and an enterprise-wide perspective. Yes, regulators require this approach, but institutions require it, too, because it drives shareholder value.

In building an enterprise risk management framework, the CRO, along with the board and senior management, must develop a risk culture that is communicated and understood throughout the organisation. The CRO leads the effort to develop a risk appetite for the organisation (how much risk are we willing to take?) and make sure that the organisation stays within the bounds of the risk appetite, in good times and bad.

The Risk Management Association, in its Governance and Policies Workbook, defines the role of the CRO as that of a senior executive who reports to the risk committee of the board or to the bank CEO or both.

Oct-Dec 2013 Issue

The Risk Management Association