Having placed many senior risk management professionals globally—and from regular conversations with market leaders in the field—we have a three-part thesis on the way in which the risk function needs to develop at scaled organizations.
One of the greatest challenges facing risk management is the emergence of factors for which historical models are insufficient. As companies faced a global pandemic, new sources of data and insight needed to be identified to better predict risk and inform responses, sources that have not previously been a core part of risk modelling.
A commercially-astute risk function is able to consider the business holistically. The chief risk officer who develops a collaborative partnership with the the business’s commercial leaders, working with them from the start of an issue, provides stronger lateral thinking around the use of these data and insights, better preparing the business to deal with emerging risk factors.
In response to this, we see more risk officers than ever being sourced from outside risk functions, creating the versatile and well-rounded business experience that is critical to their success.
In particular, we see the role of risk as increasingly aligned to general management functions, with more and more overlap between the functions of risk and the commercial interests of the wider business.
COVID-19 has accelerated the need to ensure that risk functions are flexible, agile and adaptable—but this trend was well under way before the crisis began, and will outlast it. Digital and data analytics are fundamental in allowing organizations to react to more stringent regulatory requirements without incurring excessive personnel spending—and chief risk officers need to be sufficiently “digitally fluent” to understand the options available to them.
CROs should, for example, be able to:
- Move artificial intelligence and machine learning (AI/ML) to the core of everyday processes such as AML and Know Your Customer (KYC) requirements—reducing the overwhelming headcount burden that these processes can pose to organizations.
- Fully leverage the cloud in risk infrastructure to reduce costs and increase flexibility—allowing new systems and technologies to be much more readily adopted in the future.
- Deploy advanced analytics techniques to analyze risk across the organization—providing the executive team and board with full, data-driven risk models, scenario planning and predictive modelling that will enable better decisions on allocation of resources.
- Bring modern data management practices to risk—allowing a much more regulator-friendly central source of data on risk factors.
As the risk function continues its rise to the top of the house, and increasingly becomes a critical voice at the leadership table, companies need to sustain this momentum by building out their risk talent bench—taking a long-term view in order to future-proof the risk function.
Organizations looking to create a robust risk function for the future should:
- Aggressively hire in the middle ranks of risk functions to develop a forward-looking risk culture, looking beyond typical risk backgrounds to include those with experience in functions including commercial, general management, technology, compliance, audit, finance, etc.
- Proactively develop risk succession planning processes, embedding next-gen risk competencies into the organization’s succession management framework and succession planning.
- Reward top performers and high-potential leaders.
- Continuously develop next-gen talent by providing them crucial experiences and making emerging competencies and attributes (e.g., data fluency, commercial acumen, etc.) a core focus of their leadership development plan; cross-train rising risk leaders to help them develop the broader skill set needed to succeed.
Now that risk has a seat at the “top table”, it is crucial that the function ensures continued growth through developing a pipeline of next-gen leaders.
- Does your chief risk officer have credibility and depth of risk experience across multiple economic cycles?
- Does your risk function have a deep commercial understanding, in order to genuinely partner with the business in an environment that is uncertain, ambiguous and turbulent?
- Is the risk function respected by the business and positioned to be proactive, involved in decisions early and seen as an enabler?
- How effective is the risk culture across the organization? Does the business see risk as a business enabler or a policing function?
- How much front-line business experience do you have within your broader risk team?
- How well do you see your risk team “bridging the gap” between risk management and commercial business units?
- Is the chief risk officer able to balance the needs of the role, while transforming for the future? Or are they distracted by continuous regulatory changes and ongoing reporting requirements?
- Has your risk function transformed from a traditional business unit to one that leverages technology, data and analytics to inform decision making?
- Is your risk function “digitally/analytically fluent”—does it understand the role of digital and data in building a streamlined, effective risk function?
- Are your other technology functions—particularly data management—sufficiently aligned with risk to create a holistic risk management data strategy?
- How much time does the risk team spend with the technology executives and the chief data officer?
- Does the risk function understand how to leverage data in a sophisticated way? How sophisticated is the use of advanced technologies, e.g., artificial intelligence and machine learning?
- Do you have a robust team of middle management of risk leaders—reporting to the chief risk officer —that could be potential succession candidates?
- Do you have a succession plan in place to ensure a smooth transition process?
- How diverse is your risk function? Can it balance traditional risk expertise with the innovation/digital literacy that genuinely transforms the function?
- How innovative are your risk leaders? Do they continuously stay well-informed of technology trends in the risk and compliance functions?
- Is there a leadership development plan in place that will continuously train your next generation of talent, providing them with the skill set needed to succeed in the evolving role?