Chief Risk Scape Goat

There are repeated calls from the bank risk management community for more “AUTHORITY” for Chief Risk Officers.  Most recently by the European Bank Supervisors.  In their report of “High Level Principles for Risk Management” they actually call for a CRO that is totally independent of the hierarchy of the bank – reporting directly to the board.

This is a perfect solution – but not to the problem that they are addressing.  It is a solution to the problem of CEO responsibility for risk and risk management.  If a bank follows the EBS suggestion and makes the CRO totally independent of the CEO, then the CEO clearly no longer has any responsibility for risk, risk management or even losses.

So the CEO is responsible for gains and the CRO is responsible for losses.

Seems like a sweet arrangement for the CEO.  Not so sweet for the Bank.

There are several possible outcomes, but only one likely one.  The likely one is that the CRO will get this position and then will be totally ignored until the time comes to find someone responsible for a bad outcome and then the CRO will be toast.  The CEO just bought a free pass for bad results.

The desired outcome is not much better.  The desired outcome is that there will be a constant fight between the CEO and the 99% of the organization that works for him/her and the CRO with his/her 200 strong risk department.  The CEO will not have to listen to the CRO.  The CRO will need to decide how often to take his/her arguments up to the board.  The CRO is given “authority”.

But what is really needed is not to have a more powerful cop.  What is needed is for the entire organization to have a role in keeping the enterprise in business.  That will not be accomplished by making one person solely responsible.  Unless that one person is the CEO.

Explore posts in the same categories: Risk Culture


You can comment below, or link to this permanent URL from your own site.

3 Comments on “Chief Risk Scape Goat”

  1. riskczar Says:

    In one of my favourite books, Heads Up by Kenneth McGee, he describes the role of the Chief Monitoring Officer (CMO) – which is not unlike a CRO.

    Beginning on page 181 (New Functions Are Distinct from Existing Responsibilities) he writes:

    “The CEO’s role in setting corporate strategy will not be usurped in the least by the existence of a CMO who takes on the long-distance lookout function. In no way should the lookout function be interpreted as setting strategic direction; rather, the lookout function ensures that the CEO is aware of all internal and external factors that may affect the success of the strategies the CEO contemplates. Clearly, there is a need for CEOs to receive better intelligence on emerging opportunities and threats than they receive today.”

    “Just as the national security advisor does not dictate foreign policy to the president, a chief monitoring officer would not dictate responses to threats or opportunities to the CEO… however, the executive will reject the opinions of the advisor at their peril.”

  2. riskviews Says:

    They were trying to follow up on direction from the G-20 summit where the leaders agreed that risk management needed to be more powerful. They seem to have taken that direction literally.

    The CEBS says that “The CRO (or equivalent) should have sufficient independence and seniority to enable him or her to challenge (and potentially veto) the decision-making process of the institution.”

  3. It’s interesting that the Bank Supervisors want to bypass the CEO completely in the risk management accountability chain. What does that say about their perception of the CEO? Is (s)he considered an obstacle to be avoided? Or maybe (s)he is just too busy to be bothered with risk management?

    There is so much written about establishing ‘risk management culture’, but the recommendation is to cut out the individual responsible for corporate culture – the CEO. Strange.

    Thanks for the post!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: