Page 24 - The Insurance Times January 2022
P. 24

oversight of performance including performance   Committee while in some others there is an exclusive
             appraisals and, if necessary, dismissal of the CRO. The  Committee dealing with Risk Management.
             CRO, together with RMCB, shall be actively engaged in
             monitoring performance relative to risk-taking and risk  According to the Basel III framework, financial firms should
             limit adherence                                  have an independent senior executive with distinct
                                                              responsibility for the Risk Management function and the
         4. The CRO shall be a senior official in hierarchy with
             equivalence no less than those at one level below the  institution's comprehensive risk management framework.
             WTDs/CEO. The CRO shall have the necessary and   This executive is commonly referred to as the Chief Risk
             adequate professional qualification /experience in the  Officer (CRO). Whatever the title, the role of the CRO should
             areas of risk management so as to interpret as well as  be distinct from other executive functions and business line
             articulate risk in an understandable manner. The CRO  responsibilities, and there generally should be no "dual
             shall have the ability to effectively engage the Board,  hatting" (COO, CFO, Chief auditor or other senior
                                                              management should not also serve as CRO).
             RMCB and management in constructive dialogue on key
             risk issues. The CRO will function as a secretary to the
                                                              Where the ERM (Enterprise Risk Management) Function
             RMCB.
                                                              reports is often a contentious issue. In some organizations,
         5. The risk management functionaries shall have direct
                                                              the CRO, or equivalent, reports to the CFO. But there is a
             access to the RMCB.”
                                                              distinct disadvantage to this set-up. The CRO is expected to
                                                              challenge the CFO on financing or securitization choices. In
         Though the document is still a draft, this has stirred a serious  this set up, he or she may fail to challenge effectively due
         debate on the issue of reporting structure of Risk   to his subordinate position.
         Management team (particularly CRO). And this makes it a
         perfect background for any meaningful thought sharing on  Some organizations have responded to this challenge with
         this issue.                                          a second option, in which the CRO reports directly to the
                                                              CEO. This structure may help ease potential conflicts
         Introduction:                                        between the CRO and CFO. However, this structure may also

         Wikipedia points out that the term, ‘Tone at the Top’,  be an imperfect solution. Given the CEO’s many other
         originated in the field of accounting and referred to the  concerns and responsibilities, he may not have the ability
         transparency and integrity of the financial statements and  to adequately address risk issues when other strategic issues
         other reporting to shareholders. The term has been used  require time and focus. Besides, there is always a pressure
         much more widely recently and primarily refers to the tone  on CEO to show Quarter wise performance, forcing him to
         set by the Board of an organization, but it can also refer to  take a myopic view of the things.
         the tone set by the Audit and/or Risk committee, other
         Board committees as well as by the CEO and Senior    Another alternative is that the CRO reports to the Board of
         Executives.                                          Directors, either directly or via a Board-level Committee. If
                                                              the reporting line includes a Committee, the structure
         Risk oversight is a primary Board responsibility, and in the  typically works best when ERM is incubated under a
         evolving business and risk landscape, Directors need to  separate Risk Committee and not under the existing Audit
         develop and continuously improve practices to establish a
         well-defined and effective oversight function.

         The Board sets the tone of the organization in the way it
         executes its responsibilities. Establishing the right tone at the
         top is much more than a compliance exercise. “Tone at the
         top” demands that leaders—and especially the CEO—find ways
         to connect with people inside and outside the organization.
         Once tone at the top is established, the CEO, Board and the
         CRO continually work to reinforce and strengthen it.

         Within the board, where does responsibility for risk oversight
         lie? In many companies, it rests with the Board’s Audit

          24  The Insurance Times, January 2022
   19   20   21   22   23   24   25   26   27   28   29