Today's rapidly changing risk environment places new pressure on companies and their boards to successfully manage the organization's evolving risk profile. Increasingly, the committees are playing a greater role in ensuring the executive team, particularly the Chief Risk Officer (CRO), is a high standard for risk practices and outcomes.
To identify practices essential to CRO and risk excellence, McKinsey has engaged more than 30 former Chief Risk Officers of high-performance current and former global institutions. Below we share excerpts of insights from that study. This can be used to build a resilient organization and to deepen your understanding of what is needed to engaging CROs and CEOs in their organization's risk profiles and programs.
The great CRO is explicit about risk and resilience, purpose and vision, and advocates for a risk-conscious culture.
Given the growing scope of potential risk, employees need Risk North Star more than ever. The most effective CRO mercilessly pursues a risk culture consistent with North Star and continually assesses whether the organization is achieving it. To develop it, risk leaders need to think beyond regulatory compliance and beyond organizational protection. Both remain essential, but they are no longer sufficient. Risk leaders need to reflect on the question: What aspects of risk will help our institution grow?
For some CROs, Northstar is made clear in their mission statement. One risk team came up with 360-degree feedback from C-Suite leaders, business leads and risk teams. One CRO described it as a “cultural journey” in which the principles of risk and resilience slowly permeate every level of the organization.
Great CROS invests, empowers and creates the next generation of risk leaders.
The demand to manage today's risk environment requires CROS to build a bench that fits the moment. They do so by building a diverse team of thinkers, delegating them to them, empowering them, and planning leadership succession from the start.
Many CROs recruit non-traditional risk experts and intentionally shift workers in and out of risk, and between first and second lines of defense, making the appeal of external talent easier.
Talent development also involves exposing risk talent to a more direct executive team and board of directors.
Great Cross leads beyond risk by being deeply involved with risk and boards and achieving risk and business goals.
Today's successful risk leaders don't just notify the board and CEO. They become trusted advisors to the board, build deeper relationships and align risks with the organization's mission. They communicate early and frequently and generate discussion. These interactions go far beyond formal meetings. In fact, CROS might define part of their success as “being called into a room when they don't have to be there.”
The ongoing dialogue between risk and broader leadership reinforces the “no surprise” principle and facilitates difficult discussions. Building relationships requires adapting the language of risk and resilience to the language of the board. A successful CRO looks at the rest of the translators in the risk organization using business rather than technical terms.
A good CRO treats supervisors as partners and is completely transparent.
Just as risk leaders must understand and engage with C-Suite leaders and boards, they need to establish similar successful work relationships with the organization's supervisors. They should find commonalities to understand their perspectives, emphasizing transparency and positivity when discussing each development. The key to building constructive relationships is to internalize the priorities of the supervisor and the problems they are trying to solve. “What's important for us is to take the time to understand what regulators are trying to achieve,” said Shawn Dooley of the National Bank of Australia (NAB). “We need to see them as partners, not as enemies.”
Great CROS integrates risk insights across your organization.
Leaders and boards can be affected by short-term goals and investor pressure. However, CROs are special (if not easy, if not easy) to help organizations find balance. As Sadia Ricke, group CROs at Standard Chartered, CROs need to develop “influence and gravity.” She said, “You may not be the person you like most in the room at times, so you still need to be brave for this.”
