We're sorry but your browser is not supported by Marsh.com

For the best experience, please upgrade to a supported browser:


Risk in Context

Long Live the New and Improved CRO

Posted by Alex deLaricheliere October 10, 2018

The financial crisis of 2008 has gone down in the record books as the worst since the Great Depression, leading to an economic recession and major bailouts to save the US economy. Although a decade has gone by and the economy has since rebounded, fears of a repeat have been enough to push the financial industry to take remedial action.

In the aftermath of the financial crisis, regulators took steps to help prevent a repeat of this disaster, most notably with the signing of the Dodd-Frank Wall Street Reform and Consumer Protection Act. And financial institutions themselves have not been idle, instead implementing measures to protect themselves from the next wave of turbulence.

Not Just a Regulatory Requirement

Among the most notable moves has been the bolstering of the role of the Chief Risk Officer, which was still in its infancy during the financial crisis. Initially created to carry out supervisory guidance and make sure that financial institutions complied with regulations, this role has evolved over time. In fact, some organizations have positioned their topmost risk officer as a pivotal figure, charged with setting the organization’s risk strategy and making sure it’s adhered to. Today’s CRO has influence, reporting straight to the CEO with a direct line to the board. This means that leaders within the highest echelons of financial companies are aware of current and upcoming risks, and can take remedial action before they can do real damage.

Moreover, today this pivotal role now goes beyond traditional financial risk, such as credit and market risks. Instead, given potential risk correlation across the respective risk disciplines, many financial institutions have recognized the need to consolidate their previously unique risk verticals into an integrated framework overseen by the CRO. As a result, institutions are better enabled to make agile decisions and respond to emerging risks affecting any part of the organization. Such nimbleness can have a positive impact on the company’s bottom line. And many organizations that have invested in a robust risk management strategy now recognize that the CRO is not merely a regulatory necessity, but a strong ally to revenue-producing divisions.

Planning for the Next Crisis

Back in 2008, companies with risk strategies entrenched throughout their organizations weathered the storm best. Financial institutions that have not yet bolstered their CRO role should consider reviewing their current risk infrastructure, ensuring that it is responding to all their business activities, and taking action to improve it as risks emerge and evolve. This requires one officer, or team, to have vertical and horizontal sightlines across the organization.

Companies should also set up a risk framework that has fully developed, and separate, lines of defense — for example, operations at the divisional level, risk at the corporate level, and corporate audit. These functions should collaborate and challenge each other to identify, quantify, and mitigate risks. This transformation is only achievable under the guidance of the new and improved CRO, who could be instrumental in helping companies weather the next crisis.

Alex deLaricheliere

US Financial Institutions and Professional Services Practice Leader