When it comes to risk tolerance, where does your company draw the line?
More importantly, who draws that line?
Historically, it has been the executive team or board of directors. In recent years, however, it is the Chief Compliance Officer or Chief Risk Officer.
Bill Diaz, president of SunGuard Financial Systems’ insurance business, addressed this shift in the insurance industry during a recent interview with the Wall Street Journal.
“Originally CROs were effectively trying to uphold risk tolerance at the levels set by the board and executive group,” Diaz said. “With heightening compliance, we now tend to see the role elevated so they are involved in business strategy as well as compliance.”
The elevated role of the CRO and, at many companies, the CCO, has brought several unique challenges to the position.
As executive teams hire new talent for these positions—and, as candidates seek new opportunities—here are three key risk tolerance challenges they should keep in mind.
More Transparency for Internal Processes
Using risk management tools to demonstrate current and future solvency have always been best practices, but now they are required by regulators. In the insurance industry, these tools include Solvency II, a revised set of capital requirements and risk management standards required by the European Union, and the Own Risk Solvency Assessment, which allows a company to predict how well it can withstand a number of stressful scenarios.
Increasing Need for Data Management
The analysis many risk officers or compliance officers have historically done has been calculated on spreadsheets, with very little oversight. With more stringent auditing standards, risk management processes can no longer remain internal. They must be stored in a central, secure location where regulators have the ability to easily audit them.
These processes aren’t only important for meeting regulatory requirements, however. As Diaz notes, chief risk officers are increasingly using them to become a better company, “moving beyond just compliance and embedding this into their DNA.”
More Robust Controls
Increasingly complicated threats from third parties, from cyberspace and even from within the company, require more sophisticated programs to manage those risks.
Fortunately, a number of tools have emerged to allow risk management and compliance officers to automate many functions, including the monitoring of regulatory releases, project management, reporting and analytics. But like any other tool, these solutions are only as effective as the processes that manage them. It’s important to have the most up-to-date risk management and compliance software in place, but it’s even more important for your company to have the appropriate structure to support those tools. That includes developing leaders to manage these programs, training employees to use them and reinforcing their importance through constant communication.
One of the most important responsibilities of today’s CCO or CRO is determining what level of risk is acceptable and how to allocate compliance resources so that the company stays below that established risk. Although the CCO and CRO are most often separate roles, they need to align their efforts and work alongside the entire staff to address these challenges. These efforts must also be in step with company executives and the board of directors. The challenge here is that most boards think compliance takes up too much time already, and it’s only going to get more involved.
In a 2011 Deloitte survey, 64 percent of board members surveyed said they wanted to spend less time on compliance and regulatory issues. On the positive side, however, they clearly recognize the need to manage enterprise risks, with 55 percent of respondents saying they wanted to spend more time on risk management. Compliance is a key part of risk management.
Compliance officers and risk officers can no longer afford to crunch numbers and run programs in isolation. They must be business leaders and team players, working together to determine an appropriate level of enterprise risk and then employ a comprehensive approach to managing it.
Finding the right professionals for that task requires a thorough assessment process. For advice on how to evaluate your next compliance hire, download our free guide, “8 Ways to Effectively Assess Legal and Compliance Candidates.”