Round Table Discussion of CROs and CCOs on Challenges - to meet Stakeholder Expectations!

Got an opportunity to lead the discussion of Chief Risk Officers (CROs) and Chief Compliance Officers (CCO) on the management of meeting stakeholder’s expectation on 24th of October 2018 at Hotel Oberoi New Delhi. The event was organized by RSA. 

The key stakeholders for CROs and CCOs are Management, Board, Government, Regulator, External sources etc. The key business objectives are Top line /Expense Management, Sustainable growth, profitability, Proactive decision making, Value creation for shareholders etc. The role of CROs is to highlight risks and its mitigation action that comes in a way for meeting the business objectives while CCOs role is to keep the game within the defined regulatory playing field.

Though the objectives for everyone in the business are same as meeting the business objectives; however, each of the three lines of defence functions have their own targets:

a.      1st LoD Sales, Marketing, HR, Finance are focuses on  the growth, (LoD= Line of Defence)

b.     2nd LoD is to highlight the road blocks and ask for clearance of road

c.      3rd LoD provide assurance

These three lines of defence create conflict of interest in achieving the same business objective. The first line of defence do not like to point out questions in their development plan as they have their own challenges whereas Compliance comes into the picture for adhering rules. Risk Team advice the 1 LoD on the risks, which 1 LoD think as impediment to their work.

The key discussion surrounded around these areas; though there was an agreement that the application of risk management in the business has started increasing but this is a function of size and maturity of the organization. Risk is more for compliance purpose. 

The ownership of the risk by the first line is very challenging; Risk Function is considered as impediment to the business. Though there have been efforts towards increasing the awareness of risk management through risk workshop/events; it was felt that long distance to be covered. 

On the another point of changing scenario, with heavy investment on digitization, emergence of cyber threat, regulators pushing for more security, data breaches, emergence of CISO role etc. How these emerging trends are impacting the CROs and CCOs in their work and also in relation to stakeholder’s management. 

It was observed that these investments is to improve the customer experience and expedite the business, there is a greater need to focus on risk identification and its mitigation before investment in the digital world, as the impact could be manifold higher. The digital world is an untested tool on the time scale and those managing this risk better in future will survive longer.