Key elements to the Chair of the Risk Committee and the Chief Risk Officer working together effectively.

Like so much of board effectiveness, relationships and culture are key to enabling strong, impactful governance. The Risk Committee is no different, and the connection between the non-executive and executive leaders involved is vital.

The discussion focused on three vital components to this relationship, which the panel had experience of being sat on both sides.

Firstly, it is appreciating each other’s stage on respective professional journeys.

Are they new to role? If so, it may be a relationship of support and coaching. This can just as easily be an experienced CRO supporting a new Committee Chair, as vice versa.

Or perhaps they are new to the organisation, in which case a focus on comparison with their previous experience and culture may be useful. It was highlighted that, as Chair, it is vital you have confidence that the CRO is operating and driving the optimal risk culture for that firm.

In many cases both parties can be seasoned professionals in their roles, so more work to deeply understand each others’ background and expectations may be required. It is better to identify and bridge any misalignments in perspective or preferences in a relationship building context, rather than have them arise in crisis or operationally.

The group reflected that having communications beyond the Board Risk Committee is important, and these should include regular formal touch points as well as more informal interactions which help further the relationship.

Secondly, building a shared view on the strategic priorities.

Clearly ensuring that risk management supports delivery of the firm’s strategy is key. A Chief Risk Officer’s role is not to remove all risk, but to ensure negatives are balanced and risks, incidents and issues are understood. There are often ‘silver linings’ to be found when managing risk and undertaking activity to manage or resolve issues. An appropriately balanced Risk-Reward culture is vital, and in some cases the Board Risk Committee chair will witness & need to support the CRO  when they push for weight to be placed on ‘Reward’, rather than risk avoidance.

Another key priority is developing the quality and detail of the Management Information shared at committee level. The panel believes this often involves robust discussions with the Executive – ones that can and should be conducted in a healthy, constructive manner. A CRO needs to recognise that management information must be designed to focus on the need of the population and the use of the information. There are always capacity constraints around production of management information and reporting. More broadly resource requirements in the 2^nd line are often driven by a request for more. However, a realistic and pragmatic approach is needed and the ‘art of the possible’ comes into play to use resources and ask for further resources in a careful and considered way (with an eye to what can delivered). The panel stressed the need for the Risk team to have  specialists  and knowledge in the Risk team reflecting the nature and size of the business activities of the firm.

Finally, communication, communication and communication.  

This is crucially important between these two key parties, whose relationship should be one of support. The Board Risk Committee Chair should be a sounding board, and issues should be raised early. A question was raised about the wider relationship with the CEO and wider C-level team and their involvement in risk management. It is important the CRO and Committee Chair have a shared perspective on what is the most beneficial level of involvement and deliver that message separately and jointly. It was noted that as a CRO or Head of Risk on secondment to a firm, it is often easier to deliver tough messages to C-level colleagues and the business due to the nature of a secondment.

Communication with the regulator is also vital. The discussion reflected that when engaging with Regulators,  over-reporting by firms can be  as problematic as under-reporting. It is important communication is decided on collectively and strategically – and that any formal or informal notifications are balanced with the action a firm is taking as a result. Further, it was highlighted that a firm must reflect on the actions it intends to take when reporting points to the regulator, as the management team is responsible for managing the business.

Ultimately, it is important to reflect and proactively build a positive relationship between the Board Risk Committee Chair and Chief Risk Officer, but also the wider C-level group and board.

These are the connections that will help to shape and positively evolve the risk culture within a firm.

The role of the Board Risk Committee Chair, CRO along with the wider C-level group and board members is to deliver a viable company delivering on its strategic objectives by managing the risk – and reward – balance which operating a business inevitably entails.

For further discussion

Should you wish to discuss any of the issues raised further with experts from BDO, please don’t hesitate to reach out to :