Last year Regions Financial considered a deal to provide financing to the consumer lender GreenSky Credit. But a key obstacle was satisfying the concerns of C. Matthew Lusco.

The bank's chief risk officer, Lusco saw an array of risks to consider before he could get comfortable with the partnership. The first, of course, was credit risk. Lusco had to be confident that GreenSky's unsecured home-improvement loans — offered through Home Depot and other retailers — were safe. There was operational risk, since the $122 billion-asset Regions would be counting on GreenSky — not its own loan and credit officers — to solicit and vet customers. Perhaps most important was compliance risk. Lusco needed to be sure GreenSky's loans — which include varying rates, terms and conditions — could pass muster with regulators.

Lusco eventually signed off on the deal, but not before he imposed certain conditions. For example, Regions won't back loans GreenSky marketed as interest-free. He ultimately concluded the partnership was a sensible way for the bank to make good on its stated plan to add more consumer loans. About 60% of Regions' loan portfolio is now made up of commercial loans.

"In a role like mine, it's often easier just to say no," Lusco explained. "But at the end of the day, our industry is about prudent risk taking and understanding the rewards for the risks you are about to accept."

Business decisions like this show how chief risk officers, who focus daily on shielding their banks from new and heightened risks, are also intimately involved with helping institutions play good offense. Just as CROs grapple with unprecedented levels of cyber threats, other operational risks, concerns about potentially loose underwriting and unprecedented regulatory scrutiny, they are also intensely focused on strategic risk.

Before the financial crisis, CROs — if banks had them — may or may not have been invited to the table for discussions about adding new products or entering new business lines or markets. But now boards and regulators fully expect chief risk officers to be part of discussions to assess risks from growth plans and ensure that ideas being considered are in the interest of employees, investors and customers.

"One of the expectations of today's CRO is that we have the proper stature in the company that we have access to all of those decisions," said Lusco, who is one of five members of Regions' executive council. "I am at the table when [Chairman and Chief Executive] Grayson Hall and other leaders are having conversations about strategy, about investments, about [products] we have developed."

Helga Houston, the chief risk officer at the $67.8 billion-asset Huntington Bancshares in Columbus, Ohio, said strategic planning ranks among her top responsibilities as well. Houston chairs the bank's new products risk committee and meets regularly with company leaders to review whether loan, savings and other products fall within the bank's risk appetite and mesh with its philosophy to treat customers fairly. It is her job to keep the board up to date on the bank's strategic initiatives.

"The expectations of board members are very different than they were pre-crisis," she explained. "There's more they need to know and understand. They are relying on the chief risk officer to provide an independent perspective and to challenge and test" ideas.

Of course, strategic risk is only one of the risk categories taking up CROs' time these days.

Houston, for example, leads Huntington's stress-testing process and oversees the entire compliance department. Brad Miller, the chief risk officer at the $8.1 billion-asset United Community Banks in Blairsville, Ga., is spending much of his time preparing for the increased regulatory scrutiny that will come when the bank crosses the $10 billion-asset threshold. (It recently announced an acquisition that will boost its assets to around $9.5 billion.)

And chief risk officers at banks of all sizes are spending considerable time monitoring cyber threats, strengthening anti-money-laundering controls and making sure that underwriting standards remain sound at a time when rates are at historic lows and competition for quality loans is fierce.

Indeed, Houston said that now is "one of the most dangerous times" for lending because other banks are starting to relax loan terms to win business. It's up to her to ensure that Huntington lenders aren't doing the same. "There's a lot of pressure to grow bank earnings, so one of the most important things we can do is review the quality of our loans," she said. "We have to be very disciplined."

Still, banks don't make money if they don't take some measure of risk. As the role of chief risk officer gains more prominence within banks, it's falling on executives like United Community's Miller and Steve Deaton, the enterprise risk officer at the $3.3 billion-asset State Bank Financial Corporation in Atlanta, to determine which risks are worth taking.

"What we don't want to do is reach for more return without understanding what risks are inherent with pursuing different lines of business," Deaton said at an American Bankers Association risk management forum in St. Louis in April. "We're putting resources toward making sure that [risk managers] are aware of and vetting any potential turns that we make from our course of doing business."

"You want people to free-think, consider new ideas and think about new ways of conducting business," added Miller. "It is the risk manager's job to make sure that you temper those risks."

At Regions, Lusco spent more than six months examining the proposed partnership with GreenSky before recommending that the company move forward with it.

GreenSky offers loans for projects like deck, window or roof replacements. Borrowers can generally choose from a range of products to find the one that best fits their budgets. One of its most popular choices is a loan in which borrowers pay no interest if the loan is paid in full within a certain timeframe. But Lusco said he wasn't comfortable with that option. Borrowers often don't realize that rates will kick back in if a loan is still outstanding when the interest-free period expires.

On Lusco's recommendation Regions opted to exclude those interest-free products from the partnership.

"Even though" the potential rate hike is "disclosed, we were concerned about customer misunderstanding and decided we weren't going to fund those loans," Lusco said.

Lusco also felt that GreenSky's own disclosures could be clearer, so at the bank's urging the lender hired a third party to review collateral materials and contracts to help it improve the language.

Regions underwent its own changes as well to complete the deal. Initially the bank had intended only to finance GreenSky loans within Regions' footprint. But since it sometimes makes sense to expand the scope of a specialty product, Lusco signed off on executives' decision for loans covered by the partnership to be made nationwide.

"Going outside of our footprint balances the credit risk by giving us more geographic diversity," Lusco said.

The relationship with GreenSky is still very young, but Lusco said so far it is meeting expectations. Since the start of the year, loan balances in Regions' loan portfolio that includes direct consumer loans and overdrafts have increased by more than $28 million, thanks in large part to the loans originated through GreenSky.

More important, the partnership has helped Regions get comfortable with a business — unsecured consumer lending through a third party — that the bank otherwise might never have considered.

"We still need to evaluate [the relationship], but we can see doing a lot of different things from it, including expanding some of our offerings, broader participation with GreenSky or even trying this on our own," Lusco said.

Subscribe Now

Access to authoritative analysis and perspective and our data-driven report series.

14-Day Free Trial

No credit card required. Complete access to articles, breaking news and industry data.