The chief risk officers are coming
31 July 2009
The world’s first chief risk officer was appointed in 1993 when James Lam invented the title for the post he took up at FGIC Capital Markets, a division of GE Capital.
With risk moving sharply up the agenda more financial institutions around the world have followed Lam’s lead and put CROs in place.
In these times of economic uncertainty, with risk management increasingly recognised as a core competency, insiders now expect CROs to start appearing in major industry sectors outside financial services.
When James Lam started his risk management career in the early 1980s, risk specialists could only hope to be the head of a specific risk function, such as chief actuary, chief credit officer, or asset/liability manager.
“Today, a risk manager can aspire to be the CRO who reports to the CEO and sometimes directly to the board,” he says. “More recently, an increasing number of CROs have even made their way into the corner office and the boardroom.”
What’s a CRO for?
The CRO exists to centralise risk management, to take a broad view across the business from the same vantage point as other C-level executives and identify risk relationships.
A CRO’s responsibilities should include providing information to guide decisions, ensuring that the corporate strategic agenda reflects the most important existing and emerging risks.
But how will the rise of the CRO across industries play with risk managers? Will they be left out in the cold as a new breed of ‘super’ risk manager moves into that corner office?
Joe Restoule, president of the US risk manager association the Risk & Insurance Management Society (RIMS), thinks not.
“I think this trend is a golden opportunity for risk managers to demonstrate their skills and to aspire to taking on this role within their corporations,” he told Lloyd’s 360 Risk Insight.
Restoule says risk managers have a great deal of expertise in risk management practice and their role will become more strategic.
“Risk managers already manage and mitigate ‘traditional’ forms of risk to do with natural catastrophes or operational issues. They’re getting better at identifying and mitigating emerging risks such as pandemic diseases, terrorism, climate change and civil unrest,” he says. “They will grow as their role becomes more strategic.”
Skillsets in question
Some insiders have questioned whether risk managers, who traditionally have a background in operational issues, have the necessary financial skills to make the transition however.
Restoule, who is in charge of risk management at NOVA Chemicals Corporation, thinks that those risk managers that have embraced enterprise risk management (ERM) have by necessity become more financially savvy.
“It isn’t widespread yet but I sense that risk managers are certainly aspiring to ascend to the CRO position. Risk managers have to be more financially focused because there is so much emphasis today on liquidity and solvency—in terms of their own business but also in terms of the insurers they must deal with,” he says from his office in Calgary, Canada. “So we’re getting better all the time at using the tools to manage these financial risks.”
A new business animal?
Peter den Dekker, president of FERMA, the association of European risk managers, thinks that CROs are ‘genuinely different types of creature’ and that risk managers will not necessarily metamorphose into CROs.
“The CRO is member of the board and part of the corporate decision-making body. He or she will be taking part in decisions about mergers and acquisitions, contracts, investments, etc,” he says.
“The risk manager or risk and insurance manager is a facilitator," he continues. "His or her job is to embed the company's risk management policy and programme in its business processes, so that the company has the right culture, and there is consistency of approach toward risks across the different functions of the organisation and by line managers.”
Risk managers provide information that informs board decisions, but they do not make the decisions, says den Dekker, who is corporate insurance risk manager with the Dutch multinational company Stork.
“I see the natural progression of a risk or risk and insurance manager toward an enterprise risk management role more than one of a chief risk officer,” he concluded.
Taking a global view
The CRO will take a global view, den Dekker believes. He or she is likely to have a strong academic background, probably in a quantitative discipline.
“Having a CRO may reassure stakeholders, but it does not necessarily mean that risk management is properly embedded in the company. Naturally, it depends on the particular company, but he or she will probably be too far away from the line management to fulfill this role,” he said.
“In fact, all companies have a chief risk officer whether or not they make it a specific job title, because the chief executive effectively fulfils that role in any organisation.”
Degrees of influence
But a survey carried out recently by the talent management firm Whitehead Mann found that only half of risk managers described the risk management function within their organisations as influential.
The firm said three main themes emerged from their survey of 50 risk managers: not all risk managers are sufficiently influential; all organizations should consider having a CRO—but good ones are in short supply; risk managers need to develop the skills to be change managers.
Can risk officers break through the glass ceiling?
Julia Graham, who has the distinction of being CRO of the international law firm DLA Piper as well as being the former chair of the UK’s Association of Insurance and Risk Managers (AIRMIC), is one of a handful of CROs working for a non-financial company. She believes that many risk managers have the right stuff to raise their game:
“Blend core financial and management skills with those of excellent communication and people management, first-rate judgement, an ability to appoint the right people to the right structure and to build relationships, and you have the elements for the CRO and the foundations for breaking through that risk management glass ceiling.”
AIRMIC addressed this question in detail when it unveiled a risk management career model at its annual conference in June. This set out the skills and competencies required at each career step for the risk management professional, and is designed to help guide them through their career path.
Enterprise risk management for dummies
RIMS also provides its members with the tools and resources its members need to make the move.
“We recently published a guide 'ERM For Dummies' and we regularly run courses on the subject. For companies already on the ERM journey we also provide the resources that enable them to test and benchmark the process,” Restoule says.
“We have also put together a ‘professional growth model’ that provides risk managers with a framework to make the transition from the traditional role to a more strategic position.”
Last updated on 04 Jan 2010
