Looking for Banker’s Toolbox? You are in the Right Place!

Banker’s Toolbox is now Abrigo, giving you a single source for all your enterprise risk management needs. Use the login button here, or the link in the top navigation, to log in to Banker’s Toolbox Community Online.

Make yourself at home!

Looking for MainStreet Technologies? You are in the Right Place!

MainStreet Technologies is now Abrigo, giving you a single source for all your enterprise risk management needs. Use the contact us button here, or the link in the top navigation, to reach product support for your MST products.

Make yourself at home!

Looking for Sageworks? You are in the Right Place!

Sageworks is now Abrigo, giving you a single source for all your enterprise risk management needs. Use the login button here, or the link in the top navigation, to log in to your Sageworks products.

Make yourself at home!

Is your bank prepared to comply? The evolving role of the Chief Risk Officer

By: Sageworks

Compliance is often a loaded word for bankers. While regulations within the banking industry are, of course, a necessity, the ongoing conversation about striking a balance between mitigating risk and overregulation continues in government, media and financial institutions themselves.

By nature, a bank is set up to withstand some risk. Some auto loans will go belly-up when a customer loses his or her job. The local economy could shift when a business leaves town. Some degree of ebb and flow is normal for financial institutions, and many bank CEOs or credit unions presidents don’t fret the “win some, lose some” nature of the business.

Yet one bank executive is still likely to lose sleep: the Chief Risk Officer (CRO).

Most closely tied to regulatory issues, the CRO is the boots on the ground, where “win some, lose some” isn’t an option. A recent article from American Banker’s The C-Suite Series explored this executive role and just how little wiggle room there can be when it comes to compliance. The article explains that “a 100% success rate is now viewed by many as the only way to victory in compliance. Even if an error does not indicate a bank-wide compliance problem, banks don’t want to deal with the regulatory headaches such slip-ups could create in today’s charged environment: big fines, embarrassing headlines, costly administrative hassles.”

The article goes on to point out that while a major issue like fraud or a cyberattack could be catastrophic to an institution, those risks aren’t usually on the top of a CRO’s to-do list. Regulatory implementation is often a CRO’s top concern. Chief Risk Officer at U.S. Bankcorp commented that the amount of time spent on regulatory implementation “can happen to the detriment of actual risk management.”

Regulatory compliance and risk management are very much linked, particularly for the biggest banks in the nation, as the CRO role is now required for institutions with more than $50 billion in assets. However, many banks have noted that the role is critical and would have adopted it regardless of the requirement. Regulators, American Banker notes, are the CROs biggest fans, and are in near constant communication.

During exam time, regulators not only want to see compliance, they want to see good compliance – an important distinction. Good compliance often aligns with the old math class adage of “show your work.” Regulators want to know how a bank is complying. Particularly for large banks, the article notes, “the magnitude of compliance risk stems not just from the number of rules, but from the large potential for error resulting from so many people in large organizations working in business lines that are all governed by the new set of federal requirements.”

It’s no doubt that CROs face a difficult balancing act attempting to manage regulatory risk. In order to better align an institution’s compliance program with its overall risk management efforts, some banks have updated their reporting structure with a chief compliance officer under a CRO. The American Bankers Association noted in the article that while a growing number of banks have adopted this model, it’s still too early to tell if it is a preferred structure. No matter which structure a bank adopts, compliance will continue to be at the front of institution’s interests. State organizations or peer banks in non-competitive geographies could be good sounding boards to explore how exactly one might structure a bullet-proof risk and compliance team.

For additional resources on addressing regulatory concerns, listen to this recorded webinar on the topic, or register now for the 2015 Risk Management Summit presented by Sageworks.

About the Author


Raleigh, N.C.-based Sageworks, a leading provider of lending, credit risk, and portfolio risk software that enables banks and credit unions to efficiently grow and improve the borrower experience, was founded in 1998. Using its platform, Sageworks analyzed over 11.5 million loans, aggregated the corresponding loan data, and created the largest real-time database of private-company financial information in the United States. The company was acquired in 2018 and is now part of Abrigo.

Full Bio

About Abrigo

Abrigo is a leading technology provider of compliance, credit risk, and lending solutions that community financial institutions use to manage risk and drive growth. Our software automates key processes — from anti-money laundering to fraud detection to lending solutions — empowering our customers by addressing their Enterprise Risk Management needs.

Make Big Things Happen.