Chief Risk Scape Goat
There are repeated calls from the bank risk management community for more “AUTHORITY” for Chief Risk Officers. Most recently by the European Bank Supervisors. In their report of “High Level Principles for Risk Management” they actually call for a CRO that is totally independent of the hierarchy of the bank – reporting directly to the board.
This is a perfect solution – but not to the problem that they are addressing. It is a solution to the problem of CEO responsibility for risk and risk management. If a bank follows the EBS suggestion and makes the CRO totally independent of the CEO, then the CEO clearly no longer has any responsibility for risk, risk management or even losses.
So the CEO is responsible for gains and the CRO is responsible for losses.
Seems like a sweet arrangement for the CEO. Not so sweet for the Bank.
There are several possible outcomes, but only one likely one. The likely one is that the CRO will get this position and then will be totally ignored until the time comes to find someone responsible for a bad outcome and then the CRO will be toast. The CEO just bought a free pass for bad results.
The desired outcome is not much better. The desired outcome is that there will be a constant fight between the CEO and the 99% of the organization that works for him/her and the CRO with his/her 200 strong risk department. The CEO will not have to listen to the CRO. The CRO will need to decide how often to take his/her arguments up to the board. The CRO is given “authority”.
But what is really needed is not to have a more powerful cop. What is needed is for the entire organization to have a role in keeping the enterprise in business. That will not be accomplished by making one person solely responsible. Unless that one person is the CEO.