Chris OBrien considers how the chief risk officer's remit varies and what role actuaries have in risk management

Risk functions and chief risk officer (CRO) roles in financial services firms have grown in importance in recent years. However, research by Anette Mikes*, Harvard Business School professor of risk management, illustrates that risk management comes in various guises and that there is no uniformity to the CRO role. This article highlights some of Mikes's findings and suggests some issues for actuaries to consider.
Mikes's work is based on an analysis of 15 international banks in 2006-07, by which time the CRO's role had already expanded dramatically. One finding was that the compliance champion role was ingrained in the mandate of all risk functions and, in some banks, this was the dominant focus, with the risk function concerned with building the risk framework and delivering compliance with new rules. Senior risk officers would provide assurance to senior management that adequate processes and controls were in place.
In other banks, the risk function was focused on highly sophisticated risk modelling. It was senior risk officers who led the implementation of firm-wide risk models that could give an overall view of financial risks in the business, focusing on the more easily quantified market and credit risks.
CROs in strategic roles
While CROs derived authority from their regulatory role, whether they were influential in the business depended on the quality and credibility of their insights in strategic discussions. Eight of the 15 CROs were 'highly involved' in strategic activities, such as board-level strategic decision-making. However, they could be divided into two groups.
One sub-group was made up of 'strategic controllers', who used the output of sophisticated risk models as their input to strategic issues. Senior risk officers used models to advise top management on the risk-adjusted performance of business units, influencing how capital was committed. In such risk functions, the CROs tended to be 'quantitative enthusiasts'. Mikes commented: "They believe that risk measures are capable of reflecting the underlying economic reality reliably enough to induce requisite economic behaviours." Building, maintaining and improving the robustness and accuracy of the models was a priority.
However, the other sub-group of CROs were 'quantitative sceptics'. Wary of managing risks by numbers, they "regard risk measurements as trend indicators, which they seek to complement, and often overwrite, with senior managerial discretion, experience and judgement". Where involved in strategy at a high level, they were 'strategic advisers'. Models played a role in their judgement, but did not drive it; they drew on their business experience and a knowledge of danger signs to anticipate emerging risks.
Issues for actuaries
Mikes's findings suggest two issues for actuaries' role in risk management. First, it reminds us that the compliance role is an important one for the CRO. When the losses of UBS rogue trader Kweku Adoboli came to light, the Financial Times reported that the CRO Maureen Miskovic was "facing every risk officer's worst nightmare just nine months into the job - she will face tough questions about UBS's controls". Actuaries need to consider how they can obtain the skills for this aspect of the job.
The second issue concerns actuaries in strategic risk roles: controllers or advisers? Developing models to high standards and using them in decision-making will bring benefits under Solvency II; actuaries may be quantitative enthusiasts and well positioned to be strategic controllers.
On the other hand, models have to be challenged - recall FSA chair Lord Turner's remark about banks' misplaced reliance on sophisticated maths - a stance that a quantitative sceptic could take. Some actuaries may be well prepared for this role, using their understanding of the limitations as well as the capabilities of models and, if this is accompanied by using a well-developed awareness of the insurance market, they could play a CRO role as strategic adviser.?
*Mikes, A. (2008). 'Chief risk officers at crunch time: compliance champions or business partners?' Journal of Risk Management in Financial Institutions, Vol 2(1), Dec 2008, 7-25.
