Role of a CRO

Senior Supervisors Group (SSG) had carried out a self assessment survey to analyse the 2008 debacle. Isnt it funny that one year period in the past 100 years is all set to dramatically change the way business is being done. Risk management has taken a new meaning and every organisation is taking 2008 debacle as the example to set things straight, including in firms that were once considered to be world class.

Anyway, a recent study by SSG titled “ Risk Management Lessons from the Global Banking Crisis of 2008” revealed that the role of a Chief Risk Officer (CRO) needs to be enhanced to incorporate the ever increasing responsibilities and oversight functions that he should possess. The following are some of the points mentioned in the report. Personally, everyone interested in risk management should read this report. It can be downloaded using links below.

http://www.newyorkfed.org/newsevents/news/banking/2008/ssg_risk_mgt_doc_...

A supplemental report is also available at the following link. This report consolidates points from various recent study into various risk management categories.

http://www.occ.treas.gov/ftp/release/2009-125c.pdf

Using the above report, the following are the roles of the CRO.

“The Policy Group recommends that risk management and other critical control functions be positioned within all large integrated financial intermediaries in a way that ensures that their actions and decisions are appropriately independent of the income-producing business units and includes joint approval of key products and transactions. This would generally mean having a chief risk officer (CRO) with a direct line of responsibility to the CEO and having the CEO and the board take a highly active role in ensuring that the culture of the organization as a whole recognizes and embraces the independence of its critical control functions. Even without the direct reporting, the CRO should have a clear line of communication to the board”. (Comparable to IIF I.15, I.16.)

“While firms retain freedom to determine their internal structures, firms should strongly consider having the CRO report directly to the CEO and assign the CRO a seat on the management committee. The CRO should be engaged directly on a regular basis with a risk committee of the board of directors. Regular reporting to the full board to review risk issues and exposures is generally advisable, as well as more frequent reporting to the risk committee.”

“Chief risk officers should have a mandate to bring to the attention of both line and senior management or the board of directors, as appropriate, any situation that is of concern from a risk management perspective or that could materially violate any risk-appetite guidelines.”

“The CRO and risk management function should be a key part of analyzing the development and introduction of new products, including the extension of products into new markets. New products with risk exposure, including those for which the bank accepts contingent liquidity or credit exposure, should be explicitly approved by the risk organization.”

Other Services of Interest

  • Corporate Training Ideas - Risk Management and Compliance

    The following training options are appropriate for Banks, NBFC and small banks. • Basic fundamentals of Risk Management (half day) o Including Fraud, Reputational Risk issues also apart from...
  • Third Party Risk Management (TPRM) - Webinar

    EVENT OVERVIEW: TPRM or Third Party Risk Management is not a new concept, but something that needs to be addressed today. With Cybersecurity, Privacy issues emerging every day, often we find that...
  • Global Compliances - Free Webinar on key Global Regulations

    EVENT OVERVIEW: Riskpro India is conducting a free webinar on how to be future ready with respect to Global Compliances. Alleviate risk and strengthen your control on global compliance with this...
  • Sarbanes Oxley (SOX) Compliance - Free Webinar

    EVENT OVERVIEW: Riskpro India is conducting a free webinar on SOX (Sarbanes Oxley) Compliance which will take you through the applicability and requirements of the SOX 404 and 302 Act. The...
  • Auditing EUC - Free Webinar

    EVENT OVERVIEW Uncontrolled and untested spreadsheet models pose significant business risks. These risks include: lost revenue and profits; mis-pricing and poor decision making due to prevalent but...
  • India: Data Protection Services

    The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years. Now India has its own version of Data protection regulation that will change...
  • Fire Safety Assessments and Training

    Some of our features of Fire Safety Assessments and Training • Fire Science • The common causes of fire • Identify fire hazards • Types of fires and extinguishers • Fire...
  • Data Protection Officer (DPO) Services

    Why a DPO The General Data Protection Regulation (GDPR) makes it compulsory for certain companies to appoint a DPO. this is a mandatory position that is expected to carry out certain defined tasks....
  • Go to top