Senior Supervisors Group (SSG) had carried out a self assessment survey to analyse the 2008 debacle. Isnt it funny that one year period in the past 100 years is all set to dramatically change the way business is being done. Risk management has taken a new meaning and every organisation is taking 2008 debacle as the example to set things straight, including in firms that were once considered to be world class. Anyway, a recent study by SSG titled “ Risk Management Lessons from the Global Banking Crisis of 2008” revealed that the role of a Chief Risk Officer (CRO) needs to be enhanced to incorporate the ever increasing responsibilities and oversight functions that he should possess. The following are some of the points mentioned in the report. Personally, everyone interested in risk management should read this report. It can be downloaded using links below. http://www.newyorkfed.org/newsevents/news/banking/2008/ssg_risk_mgt_doc_final.pdf A supplemental report is also available at the following link. This report consolidates points from various recent study into various risk management categories. http://www.occ.treas.gov/ftp/release/2009-125c.pdf Using the above report, the following are the roles of the CRO. “The Policy Group recommends that risk management and other critical control functions be positioned within all large integrated financial intermediaries in a way that ensures that their actions and decisions are appropriately independent of the income-producing business units and includes joint approval of key products and transactions. This would generally mean having a chief risk officer (CRO) with a direct line of responsibility to the CEO and having the CEO and the board take a highly active role in ensuring that the culture of the organization as a whole recognizes and embraces the independence of its critical control functions. Even without the direct reporting, the CRO should have a clear line of communication to the board”. (Comparable to IIF I.15, I.16.) “While firms retain freedom to determine their internal structures, firms should strongly consider having the CRO report directly to the CEO and assign the CRO a seat on the management committee. The CRO should be engaged directly on a regular basis with a risk committee of the board of directors. Regular reporting to the full board to review risk issues and exposures is generally advisable, as well as more frequent reporting to the risk committee.” “Chief risk officers should have a mandate to bring to the attention of both line and senior management or the board of directors, as appropriate, any situation that is of concern from a risk management perspective or that could materially violate any risk-appetite guidelines.” “The CRO and risk management function should be a key part of analyzing the development and introduction of new products, including the extension of products into new markets. New products with risk exposure, including those for which the bank accepts contingent liquidity or credit exposure, should be explicitly approved by the risk organization.”