As financial institutions are being disrupted, CROs are facing more responsibilities than ever. But what makes CROs tick in ten years' time? The FutureRiskMinds, today's young risk managers, explore what the role of the Chief Risk Officer could become in 2030. One thing's for sure, it will be a challenge to live up to these expectations.
A CRO in 2030 will need to develop and assemble the requisite skill sets and encourage creative interaction between the risk management specialists, the business units of the organisation, and the acting management team.
In this way essential decisions can be made about what risks to mitigate, transfer and avoid. It is the case that on the behavioural side of decision making subjective/emotional matters play a vital role. From a risk perspective, a more objective way of decision making can be introduced if the right CRO is appointed within the organisation.
Also, a realistic view by the CRO is vital with regard to managing the decision making process in the executive board. In addition to this, the integrated view by the CRO is of crucial importance to place all the risks in the right perspective and to focus on the right high risk issues.
Aside from the technical capabilities, the CRO should be a great communicator and have the soft skills to motivate the employees involved. In this way, the CRO can be a great asset for the organisation.
We asked the CROs at RiskMinds last year, and the results are in!
Read >>
The evolution of the Chief Risk Officer has changed drastically over the past 15 years, from a point of virtual non-existence to a mandatory position. The financial crisis of 2007/2008 showed the frailties of risk management at a time when risk was passively managed. But now, it is at the forefront of every financial institution.
Risk mindedness has transferred from the back to the front of the room, now playing a vital strategic role. The speed at which the market has developed and the technological boom which has fuelled it has made managing risks easier, whilst simultaneously more intrinsically difficult. Risk is no longer tangible.
Gone are the days when risk related primarily to the ability of counterparties to pay or the direction markets moved. It is now working both for and against institutions, aiding and challenging innovation. Such has been the pace of this transformation that arbitrage opportunities have arisen for those who wish to exploit its weaknesses for their own gain.
Maybe the paradigm of a solitary CRO is no longer sufficient in responding to the risks of the future; perhaps what constitutes risk can no longer be allocated to the sole responsibility of one single individual and the functionality of the CRO is already antiquated. The modern CRO has become ill-equipped, especially when it comes to automation.
Algorithmic trading has created systemic shocks that have reverberated throughout the system. Automation of back office functions has led to breaches of customer’s data, resulting in multiple million dollar fines. Is the current CRO model actually equipped with the technical expertise and understanding to reliably predict and manage such events? Or would a specialist CRO for technology be better placed to understand the challenges.
As financial services expand into new technologies, it will be increasingly difficult to anticipate where the next crisis will originate. This concept isn’t necessarily constricted to technology, emerging risks such as climate change will require expertise and specialised knowledge in order to maximise stakeholder wealth. As published by the Bank of England, the transition to a low carbon economy will require ‘the right information, proper risk management and coherent… frameworks’ in order to successfully navigate uncharted territories. The current crop of financiers and executives do not currently have the capability required to successfully hedge such a risk.
That’s why just as the CRO of today is unrecognisable from yesteryear; the CRO of the future will not reflect the CRO of the present. The kaleidoscopic nature of risk will result in the need for specialised CRO’s for different aspects of risk, a CRO for technology, and a CRO for the climate etc.
Banks and institutions will find value in investing in specialised individuals. Rather than a jack of all trades; they will be the master of one rather than the master of none.
A CRO in 2030 will need to understand and be able to articulate the difference between a correlation and an interaction.
In 2008, the most severe economic downturn in living memory devastated global markets. Among the plethora of issues to be put forward as a leading cause was the dependency of financial institutions on credit risk models. Value at risk (VaR) became useless as observed losses entered the tail of the loss distribution and black swans rendered risk metrics obsolete.
Now, over a decade later, the world enters into a new era. An era where statistical models not only predict, but also have the power to shape shopping habits, movie preferences, sporting outcomes and election results.
As financial institutions around the world embrace new tools, big data, machine learning techniques, and artificial intelligence to further inform their view of the risks they face and the strategies they wish to deploy, teams of analysts traditionally known as “quants” will be dispersed further and further across organisations as every department looks to utilise these new capabilities.
I believe that in the not so distant future university degrees of all disciplines will be intertwined with what were more traditionally seen as statistics modules, high school mathematics curricula will be revised to include content more suited to the new age of data and where job specifications once listed “good numeracy skills” as a pre-requisite “data literacy” will become the new phrase of choice.
And in this future world so too will the profile of the Chief Risk Officer be redefined. Eventually the best in class CRO will be masters of statistics, well versed in the concepts of predictive modelling and analytics. They will need these skills to truly appreciate the strategic decision engines in play across the organisation.
They will understand that correlation between two variables means that the value of the first relates in some way to the value of the second, that an interaction between two variables means the effect of the first on a third variable is non-linear with respect to the value of the second and that interactions may occur between two uncorrelated variables.
Find out >>
The CRO of the future needs to be well-versed in a myriad of risks in banking with the dynamism and ability to understand the complexities arising from technological changes that are coming at an exponential rate. One of the biggest emerging risk that banks would need to face as we head in the 4th industrial revolution is that banking is becoming more driven by new technologies and machines. Consequently, there is a need to have risk professionals and executives that are aware and understand the risks and opportunities emanating from this advancement.
Currently risk management, especially in south Africa, is dominated by people who are of the same hue, gender and even upbringing. However, with greater integration of the historically dichotomous (i.e. white and other) economy of South Africa and the fast-growing black middle class, who banks are increasingly targeting this economy for growth, there is a need to employ people that clearly understand the idiosyncrasies of this market. Their attitude to risk and tolerance can help avoid some of the mistakes exposed by high profile bank collapses, like in the case of the African Bank Limited.
The CRO of the future has grown beyond the borders of their domicile as borders are being blurred by technology and the increased focus on growing trade. This is especially true in Africa where intra-Africa trade currently accounts for approximately 15% of total trade. South Africa’s banking sector’s exposure to the rest of Africa have been increasing, however with targets such as having at least 30% of banking assets in Africa (ex. South Africa), the CRO of the future should be able to appreciate the risks that come with doing business for what they are and embrace them to be able to achieve ambitious targets. The future CRO of an Africa based bank is Pan Africanist and a globalist.
The CRO of the future will appreciate the need to factor in sustainability (ESG) in risk appetite and management. The market demand for the incorporation of impact in financing and investment decisions has grown substantially as a result of outcry against capitalism and climate change. The sector is poised for further growth akin to growth of leverage finance in the early 2000s, at least according to Credit Suisse.
On the one hand, the CRO in 2030 will need to deal effectively with risks in complex projects. But on the other hand, they will be responsible for satisfying stakeholders and customers with lower risk tolerance, who spend more time on identifying risks in products and projects, favour some long-term investments, and create diversification without much risk. The discrepancy between the dynamic digital environment and the focus of the bank to its core banking services will be a challenge for risk managers.
The ongoing digital transformation is an area that has received an increased attention from CROs. Technology innovations will continue at the same pace for the next decade. The cloud innovations and the cyber risk associated with them have become an ever-greater concern with breaches increasing both in frequency and impact. This is a natural consequence of a wide spectrum of solutions addressing specific business needs, i.e. solutions covering the entire business area (e.g. CRM where natural language processing in chatbots and virtual assistants help client managers prepare personalised recommendations), as well as components providing specific functionalities (e.g. voice analysis, image analysis, text processing, artificial intelligence, and machine learning).
In addition, CROs need to take proactive steps to promote cyber security awareness and build high-performing teams. This task would be particularly difficult not only due to long complicated digital transformation projects, but also due to increased competition for high-skilled employees in the labour market.
Another area of focus for the CROs which will continue to gain importance is the broad engagement across institutions in stress testing and the increase of scenario narratives (e.g. the impact of climate and geopolitical changes on bank profitability, destruction of business sectors to which banks are exposed, e.g. agriculture, or higher exposure to low-carbon products). Key challenges for a CRO include therefore finding the appropriate resources to run stress testing frameworks, as well as improving the data quality, granularity and systems needed to efficiently aggregate data across the financial institution for use in stress tests.
Last but not least, the CRO has great responsibility in ensuring the image and reputation of a safe and trusted bank. Customers are increasingly prioritising convenience and enhanced security features due to an increased risk awareness. Global demographic trends and the aging of the society, as well as the wealth growth on all continents, mean that both corporate and retail clients will make larger transactions, invest more, and also save more. This of course means good prospects for the financial sector. At the same time, big data security and privacy protection will continue to be especially important for the stakeholders and customers.
To manage all the above, CROs will require agile processes and alert risk information technology systems. These tools will help to respond flexibly to any potential changes and disruptions, as well as the competitive banking environment, and to meet higher client and regulatory expectations. Eventually, based on the right tools, a CRO needs to know how to create real value and draw the right conclusions.
A CRO in 2030 will be nimbler and sharper to deal with the complex risk environment. Technology will be the cornerstone of the organisation's defence mechanisms, crunching big data in real time to allow artificial intelligence to run and provide predictive and decisive defensive action. The business will be guided by intuitive systems integrated into their devices allowing flexible business practices while still working within the pre-defined risk appetite of the business. Automation and integration will mean fewer “operators” of risk with the office being smaller and technologically savvy. The age of no/low code means the risk officer and business can make quicker deployments with their technology teams allowing a responsive and low effort technology landscape while maintaining the control. The risk office will be smaller but stronger due to the power of integrated systems and data and ultimately allowing the business to be more profitable.
In 2030, the core strategic plan will be “supporting and facilitating talent mobility” within the organisation. This should encourage the movement of talent that allows people to broaden, sharpen and deepen their skill sets. This strategy is achievable in a number of ways, such as promotions, lateral moves, job rotations, role expansions and taking on special projects.
After the 2007/2008 financial crisis we are seeing new risk governance and frameworks (i.e. SIMM, SA-CVA, FRTB, BCBS 239, IRRBB, IFRS 9 Accounting standards) being introduced by Basel (Basel III Post-crisis reforms). This increases the need for talent mobility in the financial sector. Talent mobility will also help the organisation with development of processes around other ‘hard to quantify’ risk types, such as model risk. Organisations needs talent mobility to be able to navigate this environment whilst continuing to lift the profile of the risk and credit functions across the financial sector.
There are ways that this would be achieved including, but not limited to, the following:
Successful organisations do not remain static, but rather continuously evolve and adapt to better respond to changing client needs, new opportunities, competitor behaviours, regulations, maturing capabilities and innovation.
"One of the things I worry about is change fatigue" - Terri Duhon, Morgan Stanley International
