Role of Chief Risk Officer in curbing banking irregularities-II

Chief Risk Officer (CRO) has been accorded a very important position in a bank with direct access to the CEO and the board, specially the Audit Committee and the Risk Committee. So this is a very high-profile position entrusted with the highest professional responsibility. However, the job of risk management is not the function of any particular person; rather this is the job of all departmental heads and employees. If all employees and heads of departments apply their professional standard and due diligence in their respective roles, the associated risks with a bank's operation are automatically mitigated. So this is a team work and CRO's responsibility is to oversee and ensure that a good team spirit is in place. In spite of this fact, one person in each department must have exclusive responsibility of ensuring that risk control of that department is appropriately established and any weakness, if identified, must be brought to the notice of the departmental head and CRO as well. Both CRO and RO have important roles to play in ensuring a bank's overall risk management standard.   
REPORTING LINE OF RO AND CRO:  Definition of CRO and his/her role as recommended by BIS and BASEL-III states that CRO will report to the CEO and will have direct access to the Board of Directors (BoD), particularly the Audit Committee and Risk Committee. This may ostensibly seem to have duel reporting which may create some sort of confusion and conflicting stance of this role. At the same time, CRO should perform under the direct supervision of the CEO who is ultimately responsible for any failure in the bank. On the other hand, bank's audit committee and risk committee are responsible for establishing compliance procedure and risk control which are implemented through CRO. The job is very difficult but can be accomplished if all teams i.e. BoD, CEO and CRO work in the same line with the common objective of keeping risks at its all-time low. The reporting line for CRO can be established with direct reporting to the CEO and with direct access to Audit Committee and Risk Committee of the bank's BoD.
CRO'S SPECIFIC RESPONSIBILITY: The CRO holds the most important position in a bank and his/her role is the much-discussed issue in the banking industry. However, conspicuous job description and function of this department have not been spelt out yet. As a result, every bank has designed this role on trial-and-error basis and still is continuing it through change and updating process. Besides, every bank has developed the functions of CRO based on its nature, scope and periphery of business. The key roles of CRO, among others, may include the following specific job responsibility:
* Identifying risk area, assessing risk appetite, determining risk parameter and establishing risk controls towards mitigating risks associated with a bank's business.  
* Ensuring that corporate governance, risk, compliance and control mechanism of the bank are functioning effectively.
* Ensuring that the risk control mechanism is established and kept up-to-date as approved by the board of the bank.
* Making risk control mechanism well operative and remain within the bank's risk appetite.
* Identifying, compiling, assessing and reporting risk-related information to the MD and the board.
* Continuously reviewing, monitoring, evaluating and identifying weaknesses in a bank's risk control and recommending measures to improve weaknesses.
* Ensuring that banking operation is in compliance with rules and regulations.
* Developing, managing and redefining qualitative and quantitative risk reporting as per the board's requirement and supporting effective decision-making.
* Acting independently with close consultation with MD, the board's Audit Committee and Risk Committee.
* Developing and formulating bank's coherent risk parameters and establishing facilities including operation tools and financial system / software and recruiting strategy as well.
* Continuously monitoring, developing, enhancing and embedding the risk mechanism for mitigating various risks of the bank and ensuring that processes are appropriate and adequate for meeting the standards.  
* Establishing, maintaining, reviewing, evaluating and updating corporate governance practice and committee functionality in key areas of banking business.
* Taking extensive measures through continuous training to prepare all levels of employees and executives well about bank's risk policy, risk appetite, mitigating tools and creating awareness about consequences of risk failure.
* Continuously communicating, liaising and remaining in close touch with all relevant parties including regulatory bodies.  
* Periodically suggesting and recommending measures and control mechanism considering the present situation and forthcoming changes in the policy and market condition.
* Always keeping up-to-date the recent development in risk factors in domestic and international markets and accordingly inform the MD and the board with probable solutions / changes as deemed to be necessary.
* Participating in meetings of bank's various committees including credit committee, ALM committee, compliance committee, audit committee and addressing any risk factors, if and when evolved.
* Ensuring that any change in the relevant rules and regulations and issuance of any new circular are disseminated in a timely manner so that all concerned officers and executives are fully aware of changes / circulars.

* Establishing whistle blower, receiving feedback overtly and covertly from the responsible dealing officers / executives and concerned persons so that any weakness and loopholes can be identified and sealed off.
* Periodically meeting Risk Officer of each and every department of the bank, exchanging ideas to ensure that responsible ROs are performing sincerely and efficiently.  
* Establishing a system where the responsible officer and Risk Officer can update their log / comment about risk-related issues whenever these are come across and these compiled information will subsequently be analysed and reviewed for further action.   
These are designed based on our experience and professional knowledge. These are not, however, limited and as such may be considered as general guidelines only. The bank which is interested will have to formulate job description and functions of its CRO where the aforementioned description may play an indicative role only.
CONVERSANT ABOUT RULES & REGULATIONS: CRO's position offers a completely professional responsibility and the person holding this position must be well conversant with all applicable rules and regulations and relevant laws. Even CRO must have adequate knowledge about some international rules and regulations particularly those which are applicable in bank's cross-border trade and foreign exchange dealing as well. It is said that a banker should know more than 15 laws in order to efficiently and professionally perform in the bank. Among these laws, contract law, negotiable instrument act, tort act, stamp act, Anti-Money Laundering Act,  Foreign Exchange Regulation, land registration act, income tax act, ICC (International Chamber of Commerce) rules viz. UCPDC (Uniform Customs and Practice of Documentary Credit), URR (Uniform Rules for Reimbursement), URDG (Uniform Rules for Demand Guarantee), ISBP (International Standard Banking Practice) and ISP (International Standby Practice). Besides, all manuals / handbooks including credit manual, foreign exchange manual, operation manual and various circulars issued by Bangladesh Bank and other regulatory authorities must be thoroughly learnt by CRO. The position of CRO is given utmost importance in the bank's overall management and therefore, his/her dignity must be upheld all the time. Bank's reputation and financial gains are correlated to successful role of its CRO.   
The writer is a banker based in Toronto, Canada
nironjankumar_roy@yahoo.com