ERM Success Rests on the CEO & CRO

An editorial in this month’s US Banker magazine discusses the role of both the Chief Executive Officer (“CEO”) and the Chief Risk Officer (“CRO”) in managing risk. It all starts with the CEO establishing the appropriate risk culture and setting the risk appetite for the organization. When this is fully delegated to the CRO as part of an enterprise risk management program, the CRO is doomed to failure. Here’s why.

The CRO cannot be expected to do what only the CEO can do—which is to take the lead in strategic risk-taking, protecting the franchise and building a strong risk culture. But if the CEO takes on these fundamental risk management responsibilities, the CRO can be an effective and valuable contributor to the bank’s success. The CRO helps the CEO and the board implement a credible, consistent risk management framework to govern the bank’s risk-taking across all businesses; provides expert, unbiased advice on risk issues; and offers constructive ideas that use smarter risk management to unlock new business opportunities.

Handing off full responsibility for the bank’s enterprise risk management is the wrong reason to have a CRO. The result is likely to be an expensive compliance bureaucracy that creates a false sense of security. The CRO becomes merely an actor in a diverting farce that presents the façade of risk management without the reality of risk management. As many banks discovered in the financial crisis, this farce can turn into a tragedy when the music stops.

A solid CEO/CRO partnership is crucial to the long-term success of an enterprise risk management program. Even more crucial is having a CEO who understands and is willing to accept his/her role as the true risk leader in the company.


About Wheelhouse Advisors
Wheelhouse Advisors LLC is the publisher of The ERM Current™, an online publication and blog dedicated to providing the latest updates on current trends in Enterprise Risk Management & Control. Wheelhouse Advisors provides cost-effective Enterprise Risk Management & Control solutions to both large and mid-size corporations. To learn more about Wheelhouse Advisors, please visit our web site at

2 Responses to ERM Success Rests on the CEO & CRO

  1. Dale Klein says:

    John – you are spot on and this message needs to make it to the C-Suite of financial institutions of all sizes. As a Federal Regulator working on this subject matter for nearly 12 years I have seen many ERM implimentation failures and a few successes. Tone at the top is one of the few common elements in the success stories.

  2. John Kelly says:

    I find that most boards believe that the CRO is solely responsible for all things risk-related, and that the CCO is solely responsible for all things compliance-related – which in reality, is virtually impossible. The CRO and CCO are responsible for ensuring that there is an effective risk and compliance process in place to reduce exposure and litigation and the CEO must take responsibility for risk failures.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: