The role of the CRO is evolving to include more forward-looking and emerging risks, ranging from cyber to geo-political concerns.
With an ever-expanding remit and in the face of increasingly high expectations from stakeholders, new skills and potentially a new type of candidate is needed to fill the role of the future CRO, according to industry experts.
At the top of the list of skills needed are the ability to understand the wide-reaching, external risks, and the communication skills necessary to convey those risks internally, says Richard Smith-Bingham, director of Marsh & McLennan Companies’ global risk center. The ultimate goal – for the CRO to become a strategic influencer within their organization.
“The new breed of CRO, or the type of person we would like to see adopt this kind of role, needs to be a champion of the risk agenda and the big issues. And sometimes, possibly that will be against more adverse views within the organization too,” the director said.
The CROs of tomorrow need to cultivate excellent relationships with senior management in order to carve out a wider influence within their organizations.
“They need to be bold communicators, but they also need to have that commercial acumen so that they can understand business drivers, what makes the business tick, and where the business is going – rather than just looking at the more operational practices. They need to be innovators,” said Smith-Bingham.
Alessandro Vecci, senior partner & risk and regulatory consulting lead at business consultancy Genpact, echoed those sentiments.
“Having the right communication skills is becoming a priority for CROs to be able to be effective in their role,” Vecci said. “The ability to convey difficult messages in a simple manner, which enables others that are maybe less technically-minded to understand, is super important if you want to be able to perform your job. In the past, this has been slightly overlooked, but it has now moved from a ‘nice to have’ to a priority in terms of skills.”
At the same time, CROs need to have a good grasp of new technologies and the ways in which they can benefit the risk management function as well as the wider business.
“We need people who are more well-versed in some of the new technologies that are changing the risk function and are providing new opportunities to automate risk management processes and
generate new innovative solutions,” said Smith-Bingham. “They need to work out which of the ordinary risk management processes can be automated, thereby freeing up risk managers for a more advisory role.”
Vecci also stressed the importance of CROs being able to create and use the new technologies that are emerging – and the potential benefits of doing so.
“If you are able to understand that, you are then able to open the door to new capabilities and possibilities to support your business and the achievement of its strategies,” he said.
But while the consensus seems to be that the CRO role is in flux, there is a still a way to go yet, says Charles Beresford-Davies, head of Marsh’s risk management practice.
“It’s a role that is pretty well-defined in financial services and institutions… in non-financial services corporates, it is still evolving,” he said. “Risk is often disparately owned. In some areas, that centralization of leadership and management is starting to evolve, but we are still on a journey.”