Article | Journal of Risk Management in Financial Institutions | November – December 2008

Chief Risk Officers at Crunch Time: Compliance Champions or Business Partners?

by Anette Mikes


Risk management departments in financial institutions have been undergoing major transformations. New regulatory requirements have raised the bar on compliance, and expanded the remit of risk management significantly. The compliance imperative requires banks to implement a firm-wide risk management framework complete with analytical models for the measurement and control of quantifiable risks. In addition, recent corporate governance guidelines advocate the "business partner" role of risk management. The COSO Enterprise Risk Management framework (2003) explicitly defines risk management as a high level, strategic activity, contributing to board level decision making, planning and performance management. This role requires that senior risk officers possess an understanding of key strategic uncertainties, and that they communicate these to senior management and the business lines.

But how do senior risk officers strike a balance between the twin roles of "compliance champion" and "business partner?" Too much reliance on the regulatory crutch may erode the credibility of the risk function as a business partner, while too much emphasis on the business advisory function might weaken its policing capability. In this paper I assess the roles that risk functions and, in particular, senior risk officers play in fifteen international banks. The research was carried out between June 2006 and June 2007, thus it offers a rare snapshot of the "calm before the storm"—the state of risk management at fifteen large players before the liquidity and credit crunch became apparent in the second half of 2007.

The findings suggest that the role of chief risk officers (CROs) had expanded dramatically, with more than half of them frequently involved in firm-level strategic decisions. However, various compliance and risk modeling initiatives were still work-in-progress in the majority of these large international banks at the onset of the market turmoil. CROs voiced divergent views on the uses, benefits and limitations of risk models, suggesting that they promoted different "calculative cultures" ("quantitative enthusiasm" versus "quantitative skepticism"). Fostering alternative calculative cultures, strategically involved CROs interpreted the "business partner" role of their function in different ways. Some risk functions aspired for an influential expert voice in key business decisions (the risk function as "Strategic Advisor"), while others strived for the formal integration of risk management with performance management (the risk function as "Strategic Controller"). The achievement of the Strategic Advisor role in some banks and the Strategic Controller role in others, calls for a clarification of stakeholder expectations on risk management. This would reduce the danger of an expectations gap opening around particular risk management approaches that are adequate for certain banks but remain ill-suited for others.

Keywords: Banks and Banking; Corporate Governance; Governance Compliance; Governing Rules, Regulations, and Reforms; Managerial Roles; Risk Management; Partners and Partnerships;


Mikes, Anette. "Chief Risk Officers at Crunch Time: Compliance Champions or Business Partners?" Journal of Risk Management in Financial Institutions 2, no. 1 (November–December 2008).