The Chief Risk Officer in a post COVID-19 World
The failed Victorian quarantine hotel system, the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, Westpac’s breaches of the Anti-Money Laundering / Counter Terrorism Financing Act and the collapse of the Fundao tailings dam in Brazil (BHP’s joint venture with Samarco) are prime examples of why organisations need an unconflicted Chief Risk Officer at the executive table.
With the exception of financial institutions, which require the appointment of a Chief Risk Officer for APRA regulated entities (under CPS 220 Risk Management), many ASX 200 companies have no dedicated Chief Risk Officer or equivalent at the executive level. What does this say about Australian business culture? Does it show a ‘she’ll be right’ attitude? Time after time, we have seen that this is not a desirable approach to managing a business.
People grounded in a strong risk management background will provide the executive and Board with diverse thinking. Chief Risk Officers provide a forensic examination of root causes for risks that might eventuate. They also provide solutions to overcome obstacles that will impede an organisation’s ability to achieve its strategic objectives. Chief Risk Officers will partner with the executive to act as business enablers, while also resolving concerns expressed by a range of stakeholders.
The Chief Risk Officer is also a person that can build relationships across the organisation to remove silos and improve efficiency. They will work with their executive peers to understand the business ‘top-down’, while working with the team out in the field to develop a ‘bottom-up’ understanding of the organisation and its risks. In the meantime, they connect the dots across the organisation, making sure that the left hand is speaking to the right hand, all the while, smashing silos so that the organisation is operating as efficiently as possible.
As the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry and subsequent reports from the Australian Securities & Investments Commission showed, the flow of information to relevant governance bodies is critical. A Chief Risk Officer will not only be monitoring the flow of information, but they can also be the eyes and ears for the Board in a transparent and open way. The Chief Risk Officer should have the courage to respectfully call out the issues but more importantly support the executive in resolving those issues. In my experience, there is no better way to build a rapport with the Board and earn their trust. It also demonstrates an appreciation of the challenges faced by the executive and the road map to address those concerns.
If we revisit those events called out at the start of this article, I wonder whether the Chief Risk Officer had a voice at the table. If they did, how loud was that voice or was the voice conflicted with dual responsibilities? In a post Covid-19 world, the risk universe will be more dynamic and complex. Can the Chief Risk Officer be the new 'mid-fielder' - go back to defend the goals, while supporting the team while it is on the offensive? Importantly, many directors and Chief Executive Officers will need to ask, can they afford not to have a Chief Risk Officer at the executive table in a post COVID-19 world?
is a highly regarded governance, risk and compliance professional with extensive experience having previously worked at Ernst & Young as an Executive Director in the financial services risk management team and as a Chief Risk Officer at an Australian insurer. is currently Managing Director of his own advisory firm ASCENTIUM Consulting which provides governance, risk and compliance advice to a range of entities including financial institutions, public sector bodies and not-for-profit organisations.