The Office of the Comptroller of the Currency (OCC) has begun the process of forcing large banks to conform to its heightened expectations for risk management. Evidence of what these new standards could mean for banks came earlier this year when Bank of
America announced it would realign its compliance function with risk management. The decision came after Bank of America met with the OCC late last year to discuss the new expectations.
Bank of America announced that compliance will report to its Chief Risk Officer (CRO), Geoffrey S. Greener, as part of its broader effort to simplify operations. Previously, compliance had been aligned with legal, as is the case at most banks. It is assumed
the OCC pressed for the change on the basis that the legal division is focused on minimizing the application of rules, conflicting with compliance’s objective of ensuring adherence to the regulations in the jurisdictions in which the bank operates
The strongest impact of this development may be the implications it has on the evolving role of the CRO in post-crises banking. Since the financial crises, the CRO has played an increasingly influential role in decision making. The growing clout of CRO’s
can be demonstrated by several metrics, but perhaps most tellingly, average CRO compensation has increased by 50% from its pre-crises level, to now be on par with the compensation of CFO’s and CLO’s. In another illustration of the emerging importance of the
CRO, Goldman Sachs recently appointed its CRO, Craig Broderick, to their management committee—an unthinkable scenario in pre-crises Wall Street.
The evolving role of the CRO has meant the transition from purely monitoring risk to now having the power to veto strategic decisions. Ventures that pose risk to the firm in excess of the firms risk profile can be rejected regardless of their value prospects.
The greater involvement in strategic discussions will inevitably lead CRO’s searching for more data to better forecast risk. The need for such data, and the commitment of larger budgets, may provide the catalyst for firms to make sizable investments in enterprise
risk management systems (ERMS). Firms have long been hesitant to invest in ERMS due to high-cost and unproven returns.
Sandra Williams, a Managing Principal in Capco’s Capital Markets practice, has experienced the increased focus on risk monitoring first hand. “The current regulatory environment demands accurate and complete understanding of the risks potentially impacting
an organization”, Williams explains, “This has resulted in stronger risk governance and risk management programs, hence the increasing importance of the CRO’s role.”
“We’ve seen financial Institutions substantially increasing their spend to achieve the new push for regulatory excellence or ‘getting to the strong’, which requires institutions to carefully take a closer look at their enterprise risk management programs.
More importantly, this new push for excellence, post the financial crises, requires institutions to build and maintain robust risk management frameworks.” The OCC’s heightened expectations have provided some guidance, however few details exist for banks on
how to build and maintain the robust risk management framework that regulators are now requiring.
Further clarifications of the OCC’s expectations are anticipated, as similar realignments are expected at other OCC monitored depository institutions. The OCC’s implicit endorsement to transition oversight of compliance to risk organizations begins to paint
the picture of the post-crises CRO. The increase in resources will lead to demand for better risk monitoring systems, and thus begin a new chapter in financial institutions never ending quest to understand and manage risk.