Chief risk officers are faced with the challenge of significant adaptation to meet the changing demands on their expertise. This requires CROs to broaden their role and responsibilities, says Vivek Syal, group chief risk officer, Tokio Marine Kiln

 

ERM provides chief risk officers (CROs) with an extremely useful framework at a time when businesses of all varieties are facing disruption from forces ranging from technology to cultural evolution. It encapsulates many of the areas to which CROs need to pay close attention. From the top down, these include obvious subjects like risk appetite, and more unlikely areas such as corporate strategy. From the bottom up, ERM asks us to consider areas such as reputation management, compensation for executives and employees, and the culture of our businesses.

In practice, this means that CROs are faced with the challenge of significant adaptation to meet the changing demands on their expertise. This requires the CRO’s role and experience to be broadened to not only consider risk and capital, but to look beyond at the ways in which it drives and controls, and thus helps delineate and determine overall corporate strategy and culture.

In the insurance sector, CROs have seen and experienced opportunities and challenges such as the advent of the Solvency II risk and capital regulations. Similar requirements in other sectors had fostered the rise of the purely technical chief risk officer but now, as disruption challenges everyone, a different kind of analytical CRO is in demand. In the current environment, the CRO who can think more widely, who is comfortable considering, for example, where the corporation operates and why, is in great demand. Their skillset is essential to corporate success, but it isn’t necessarily a skill set that is in abundance of supply.

The rest of the c-suite must also be comfortable with the CRO’s involvement at this newly-elevated level and should encourage it unequivocally. If the acquisition of a company in Brazil is on the table, for example, would the CRO participate in the discussion and the deal-making? Would he or she be seen as a restrictor or an enabler? Some organisations incorporate the involvement of CROs into such decision-making extremely effectively. Others lag behind.

In another example, a company may consider the acquisition of a disruptive technology firm. CROs, alongside their colleagues in the executive suite, ought to be considering how to bring that target company into the existing risk environment, and how it should report the risks and the new controls it faces. In addition, however, the CRO should, within the ERM framework, consider how/whether the target would fit into the overall corporate strategy, and the prospective impact on its revenues/profits and additional business prospects, perhaps from the three-, five-, and even longer term perspectives, where possible.

Such variables may stretch the CRO, but it falls to that office to bring the target into a holistic ERM framework, and further, into the operating model with the support, guidance, and challenge of the executive. The CRO (against the prevailing grain, perhaps) should be involved from the due diligence stage. Any later may be too late.

This evolving, expanding role of the CRO reflects the evolution of the function of ERM within firms, as it increasingly becomes part of the fabric of a holistic organisation, and beds down as a natural system within strategic as well as day-to-day operations. At the strategic level, that process has often begun when regulators have asked (as they routinely do) how risk and the company’s risk appetite align with their specific corporate strategy.

That question should be posed for the benefit of the firm and its stakeholders, and not just to please the regulator. To manage this area, CROs must be aware of the ways in which corporate risk appetite responds to and changes corporate strategy. When this awareness, championed by the CRO, has permeated the executive committees and the board of directors, the understanding of risk appetite and its flexibility will shift the responsibility of the CRO in this area from meeting external, imposed regulatory requirements to one of adding genuine value and setting the parameters within which the organisation operates.

That change is not always easy and may not feel natural, but CROs are having to adapt to this creative challenge. It is likely to mean that in three to five years the ERM regime which the CRO directs is seen as a vital system within which the company governs, supporting and assisting in the structure of decisions about areas ranging from strategy to remuneration.

Disruption is just another challenge which provides a significant opportunity and significant risk. It demands consideration, from a risk perspective, of how the organisational system operates – from governance to data management to controls – and therefore requires dramatic changes in the function and capabilities of the CRO, but promises to yield equally dramatic rewards. A well drilled ERM capability always adds to shareholder value. Of that there is no doubt.

This article is sponsored by Tokio Marine Kiln

Topics