LO 39.2: Describe best practices for a firms Chief Risk Officer (CRO), Chief

LO 39.2: Describe best practices for a firms Chief Risk Officer (CRO), Chief Executive Officer (CEO), and its board of directors in the development and implementation of an effective RAE
Chief Risk Officer (CRO) Best Practices
Board members involved with risk issues should be able to directly contact the CRO and engage in frequent communication about on-going key risk issues. A best practice could be to create a board risk committee that is directly involved in performance review and compensation decisions regarding the CRO. A strong alliance between the CRO (risk management function) and the CFO (budgetary considerations) is key to spreading the use of the RAF throughout the organization. Specifically, a best practice would be for the CRO and CFO to report to the board at every meeting by commenting on the firms risk profile in comparison to the RAF. The CRO discussion could be broad and strategic in nature, and the CFO discussion could discuss financial impacts.
Chief Executive Officer (CEO) Best Practices
The CEO should strongly support the RAF and refer/use it to support challenging risk and strategic decisions. The willingness of the CEO to give the CRO the final word on many risk decisions is a best practice since it strengthens the importance of the risk management function. Where any instances of non-compliance with the RAF exist, a best practice would be for the CRO and/or the CEO to advise the board of directors on the corrective measures that will be undertaken.
Board of Directors (Board) Best Practices
The board needs to spend a considerable amount of time conveying the firms risk appetite statement throughout the firm to ensure it is properly implemented. In challenging management to operate the firm in a way that is congruent with the RAF, the board must focus on strategic and forward-looking issues rather than dwelling on past actions. A best practice would be for the board to state its expectations to management in advance so that management can establish appropriate strategic plans.
When a board challenges management and requires a thorough vetting of the RAF, the end product is more complete and relevant. A best practice is to have the active involvement of the board with senior management in continually revising the RAF until everyone
Page 26
2018 Kaplan, Inc.
Topic 39 Cross Reference to GARP Assigned Reading – Senior Supervisors Group
is satisfied. Additionally, another best practice is the development of a concrete way of assessing when the RAF needs to be amended to reflect a changing environment.
With regard to technical knowledge of members, there should be a sufficient balance in board composition to ensure all members have a reasonable and congruent understanding of the firms risks and to avoid situations where there are marked divisions between experts and non-experts. A best practice is to provide detailed technical training to board members on relevant concepts. Additionally, requiring cross-membership amongst the major committees helps ensure that those functions have members with a strong technical base. The training and cross-membership practices should serve as supplements to existing expertise.
Boards must be proactive in stating the nature and frequency of the information they need. As a best practice, reporting to the board should be thorough and broad in scope and not overly simplified. Additionally, communication from management should include a business aspect and not be focused on just technical aspects. Finally, as another best practice, the board should be willing to push back to management if they feel the information provided is not sufficient for their needs.
Reputation risk needs to have a significant amount of the boards attention. As a best practice, the board should set up a reputational risk committee to analyze marketplace changes and approve transactions on the basis of geography or product line. Attempting qualitative measures of reputation risk should also be done via monitoring industry headlines and reporting trends to the board as well as hiring external parties to conduct relevant surveys.
U s i n g RAF t o M a n a g e B u s i n e s s L i n e s