The Evolving Role of the Chief Risk Officer
April 10, 2023 – In the aftermath of the NPA (non-performing asset) blowout, the stress across key financial institutions both in the public and private sector and the potential of a contagion eﬀect, the burning need for stringent risk management practices emerged as a top priority for financial institutions including NBFCs (non-banking financial companies).
Therefore, it came as no surprise when the Reserve Bank of India (RBI) intervened to define a set of guidelines to give definition to the role of a chief risk oﬃcer in NBFCs. Earlier, in 2017, RBI had prescribed rules for CROs in the banking ecosystem. As per the recent announcement, RBI has mandated NBFCs with asset size of more than INR 5,000 crores to appoint a CRO who will function independently to ensure the highest standards of risk management. While this is a welcome move, says a new report from EMA Partners International, the natural question that follows is, How does an organization safeguard the independence of the function?
The RBI addressed this very matter by resting this responsibility on the board of the company. The RBI directed that the board put in place policies to safeguard the independence of the CRO. In this regard, the CRO shall have direct reporting lines to the managing director and CEO/risk management committee (RMC) of the board. In case the CRO reports to the MD and CEO, the RMC/ board shall meet the CRO without the presence of the MD and CEO, at least on a quarterly basis.
“In our experience of driving senior leadership searches in the risk management domain, one of the first enquiries that an accomplished CRO makes is to understand how the risk function is positioned within the organization,” said the EMA Partners International report’s authors Anusha Ramaswamy and Reet Bhambhani. “It was not uncommon to see raised eyebrows at the mention of the function reporting into the business head (retail or wholesale).”
By clarifying that the CRO shall not have any reporting relationship with the business verticals of the NBFC and that he shall not be given any business targets, the RBI has addressed a very important concern which is at the core of sound risk management practices, said the report.
“We are already witnessing similar changes in large, legacy banks and financial institutions which have learnt their lessons and are bringing in the necessary structural changes to risk and internal control functions to ensure that the organization adopts prudent risk management practices that help prevent any inherent conflict of interest and help maintain better asset quality trend across cycles,” said EMA Partners International.
Role of the CRO
As stated by the RBI, the primary role of the chief risk oﬃcer will be the identification, measurement and mitigation of risks. All credit products (retail or wholesale) shall be vetted by the CRO from the angle of inherent and control risks. According to the RBI, the CRO’s role in deciding credit proposals shall be limited to being an adviser. Further, there shall not be any “dual hatting” i.e. the CRO shall not be given any other responsibility.
In a traditional NBFC, the retail risk organization is typically comprised of the following functions: policy, fraud risk, collections, analytics, credit operations, and underwriting. Especially in microfinance and housing finance entities, setting up a strong collection of frameworks and developing systems and processes aimed at bringing in more collection eﬃciencies become crucial.
“Although the CRO is tasked with maintaining the overall health of the portfolio, we believe the risk culture of an organization takes shape when the business also drives prudent decisions enabling the CRO to be an eﬀective leader and a force to reckon with,” said the EMA Partners International report. “The CRO will need to continue as a business partner sharing the ownership for stable growth as much as the other CXO stakeholders in the system.”
The Way Forward
Conversations about risk management are not in isolation anymore; stake-holders across the board keep reviewing if their risk management infrastructure can withstand the current stress of the market while also being future-proof, said the report. “It will be interesting to see how NBFCs respond to the RBI directive and if it will be similar to the ripples that we see in the banking industry at the moment,” said EMA Partners International. “The larger question being – Is the requisite talent available in the market?”
“Our clients in the retail lending space have increasingly veered towards bringing in CROs who are in tune with the disruption in business models backed by new-age technology that can identify the best practices to combat future risks,” said the search firm.
Successful CROs of the future should have the ability to foresee and address new challenges, according to the study. They should have the aﬃnity to work with huge data sets and must have a solid understanding of risk and collections analytics. They must also simultaneously be able to harmonize cross-functional teams. These qualities will diﬀerentiate a modern-day CRO from a traditional one. “The new-age CRO is expected to leverage digital technologies (AI, data analytics, and ML) to transform underwriting and decision in order to help build a robust risk management organization for the company,” said EMA Partners International.
The Indian lending ecosystem has seen the emergence of CROs who come from unconventional backgrounds to be a part of a growing market like India. The industrial trend is also indicating an increased appetite for hiring diverse talent among traditional organizations. “Our clients have hired risk oﬃcers from companies (global banks, fintech, or NBFCs) that have demonstrated agility in areas around portfolio management, analytics, enterprise risk management, stress testing, and financial modelling,” said the report.
A Different Turn
“With the changing definition of a CRO’s role, searches have taken a diﬀerent turn. There is greater integration of operational risk into credit risk management and more emphasis on bringing in a strategic CRO versus a transactional one,” said EMA Partners International. “As boards evaluate CROs, it is important to not lose sight of their track records.”
“Going forward, institutions will have to be more proactive in their approach as only remedial measures may not enough to tide through diﬃcult business cycles,” said the report. “As regulatory requirements, consumer behavior and spending patterns are rapidly evolving, companies with a robust credit risk department will stand the test of time.”
EMA Partners International founded in 1988, partners with multinational corporations, governments and not-for-profit organizations across a variety of industry sectors and functional areas. It has more than 40 offices on six continents, and the firm continues to expand globally.
Related: Preng & Associates Recruits Chief Risk Officer for PJM Interconnection
Contributed by Scott A. Scanlon, Editor-in-Chief; Dale M. Zupsansky, Managing Editor; and Stephen Sawicki, Managing Editor – Hunt Scanlon Media