Home / Banking Strategies / The compliance risk officer’s urgent agenda

The compliance risk officer’s urgent agenda


Banking organizations have come a long, long way since the financial crisis of 2008. The last decade produced a barrage of banking regulations: Basel III, stress testing regulation and liquidity risk management to name a few. The risk function and roles within the banks have also evolved significantly—with CRO or the chief risk officer changing from a luxury to a critical, strategic necessity.

Indeed, today’s CROs contribute to business strategy as they:

  • focus on emerging risks
  • advise the board and C-Suite
  • play a strategic role in approving new products
  • rationalize and manage the current risk infrastructure to maintain efficiencies

If you’re still wondering how important compliance can be to a bank’s overall strategy, consider this observation. “A compliance mindset produces a wealth of competitive advantages,” says BAI managing director Karl Dahlgren. “Customers are better served; the bank is more operationally efficient; shareholders often enjoy a better return on their investment.”

Yet as banks launch into unpredictable times, the CRO’s role promises to change again, and swiftly. Apart from existing factors such as ongoing regulatory rigor and changing economic climate, another key factor drives this evolution: digital disruption. Digital’s march in the last few years has forever changed how banks do business, manage data and meet compliance goals. Automation has redefined workplace productivity; cognitive solutions help make complex risk decisions; cloud technology compels banks to look at cost-effective virtual solutions. While the disruption doesn’t come without a host of risks—cybersecurity risk, data privacy and third-party risks among them—it gives CROs the chance to leverage such innovations and propel banks ahead in this dynamic digital era. Some key CRO focus areas are listed below.

Regulatory change agenda

Regulatory focus remains a top priority for CROs. For all the new regulations we’ve seen, the agenda looks far from finished. Under the newer regulations and enhancements, regulators mainly focus on:

  • enhancing risk sensitivity
  • comparability between banks
  • robustness of risk models
  • frameworks for model management
  • standardizing regulatory submissions

Many new upcoming regulatory changes and enhancements will be introduced in the next few years, which makes a regulatory change agenda a top priority item for CROs. Some key regulatory changes coming into focus include:

  • Standardized approach for credit risk: Proposed revision to Basel II standardized approach replaces the deriving of risk weighted assets-based external ratings.
  • Pillar 3 disclosures: A part of Basel III, these aim to consider all existing and prospective BCBS disclosure requirements.
  • Stress testing requirements: Focus on meeting changes in stress testing requirements across various geographies. CCAR (comprehensive capital analysis and review) for domestic banks and designated IHCs (intermediate holding companies); FDSF (firm data submission framework) in United Kingdom and European Union.
  • TRIM (targeted review of internal models): This European Central Bank (ECB) effort aims to assess Pillar 1 internal risk models for compliance as used for credit, market and counter-party credit risk.
  • Standardized approach for operational risk: The Basel Committee has indicated plans to revamp the existing three approaches to operational risk and propose a standardized measurement.

Model management

A host of activities fall under the model management preview, from model lifecycle to validation. Model management is another prominent area demanding major CRO focus as it caters to both regulatory and internal risk management requirements. Ongoing regulatory efforts such as TRIM (in Europe) and CCAR (in the U.S.) ensure that banks have required policies and procedures in place for efficient model management.

Dealing with cybersecurity risks

Banks today have accumulated a large amount of private, confidential customer data—which hackers can easily misuse if they steal it. Though some may label this as strictly an IT or data security risk, the impact can lead to financial risk, along with compliance and reputational risk. It’s no surprise many organizations entrust this crucial responsibility to CROs—with the goal of building appropriate strategy, frameworks and policies for cyber risk management.

Rationalization and optimization

In the last decade, banks have invested significantly in risk infrastructure to meet the rising regulations while meeting existing ones. That often translates to sprucing up existing data Infrastructure, model management capabilities, analytical engines and reporting solutions. While most banks globally are in the process of leveraging new technologies, ripe opportunities remain to optimize. As newer regulations constrain banks and reduce available capital, CROs are looking internally to achieve efficiencies via cognitive and automation technologies—which help reduce spend and make for a more effective, efficient risk infrastructure.  

Predicting potential risks

With new access to risk data and intelligence, CROs want to use it to proactively predict potential risks and threats. While most analysis was formerly retrospective in nature, today CROs use (or have started to use) an array of tools to gather futuristic insights with greater speed and accuracy. Capabilities around forecasting, automated data mining and predictive analytics now help CROs to accelerate the decision making process. Hence predictive analytics represents another CRO focus area.

Putting it all together: CROs, compliance and strategy

The CRO agenda breaks down to two areas: regulation and digital disruption. While the regulatory agenda is more or less very prescriptive, disruption gives CROs opportunities and leverage to predict potential risk, drive digital innovation and optimize the risk function within the bank. In this milieu, it will be fascinating to see how CROs use digital forces to improve regulatory compliance as they arrive at strategic decisions for banks. Compliance, once regarded as simply a complicated task, now translates into an incredible chance.

Want more Banking Strategies? Sign up for our free newsletter!

Ajay Katara is a domain consultant with the risk management practice of the banking and financial services (BFS) business unit at Tata Consultancy Services (TCS).

If you enjoyed this artilce, check out BAI’s recent white paper: GDPR: The General Data Protection Regulation.