The financial crisis sweeping through Wall Street is shining a big spotlight on a category of executive: the chief risk officer.
Top leaders are being sought to allay directors' concerns about how to protect their company from the credit crunch, as well as to identify and mitigate threats.
Financial organizations are in protective mode, of course. But there is considerable evidence that they are realizing risk management is important not only from a defensive standpoint, but also from a strategic viewpoint. The role is not just about eliminating risk, but rather about choosing which risk to embrace.
Because the chief risk officer is becoming a critical player in the executive suite, the role demands top leadership skills. It requires a balance of practical, technical, and financial skills, along with soft skills such as strategic thinking, persuasion, and independence.
From an organizational perspective, the job has occupied a variety of places. In the past it might have been part of the office of security, run by the chief information officer, who would oversee assets and identify protection goals consistent with the strategic plan. More often it was housed under the chief financial or chief operating officer. And more confusingly, it was sometimes mistaken for the office that ensures regulatory compliance.
But now we are seeing more instances where the chief risk officer reports directly to the chief executive, and sometimes to the board of directors. In fact, before the financial storm hit them, Lehman Brothers, Morgan Stanley, and Wachovia appointed risk chiefs who reported directly to the CEO.
In my experience, there are four necessary leadership qualities for an executive in this position.
Strategic thinking. The chief risk officer must understand and communicate to senior managers the relationships between various types of quantifiable and qualitative risk. A risk management framework must be created to help the organization mitigate and manage risk and use that understanding to allocate capital, build shareholder value, and meet business goals and objectives.
Credibility. Financial institutions are finding the hard way that this is neither a bean counter nor a line management job. And even though the risk chief is independent of the CEO, he or she needs to have the CEO's ear and weigh in on the investing and governing process.
In addition, the chief risk officer needs authority not only to make independent decisions, but also to go directly to the board when required — even when this means going over the CEO's head.
Broad financial expertise. The position requires knowledge of financial and economic fundamentals, as well as some skills in statistics and statistical modeling. Being able to look at problems logically and conduct qualitative analysis is important. The chief risk officer must understand different types of enterprisewide risk — credit, market, operational, and liquidity — as well as corporate finance and insurance.
Beyond technical expertise, the risk management leader must be able to assimilate information from a variety of sources within the enterprise, have thorough knowledge of all aspects of the business, build strong partnerships with business unit and corporate staffs, and develop reliable sources of information.
Outstanding communication skills. The importance of communicating complex information in a clear, objective way cannot be overstated. The risk chief must be able to present his or her views internally and externally in a forceful and instructive manner, including both the upside and the downside. Chief risk officers must be adept at communicating complex concepts to others who may not have a strong risk management background.
At present there is a shortage of top players who can step into the voids created by some high-profile defections during the credit crisis. Now institutions must carefully cast a wide net when searching for these senior officers. Their standards must be higher than ever.