Select Page

Follow me for updates

Follow me to get a notification when I publish valuable articles and posts like this.

I share Thought Leadership on Enterprise Risk Management, Digital Transformation and my own Entrepreneurial journey.

Show your support with a like, comment and SHARE!

When you share, please tag me in the description so I can send you a thank you!


There is much discussion as to what Chief Executive Officers should focus on when transforming the business in response to disruptive challenges.

What are the key considerations for Chief Risk Officers (CROs) when transitioning to a ‘next-generation’ risk operating model that delivers tangible business outcomes?

There are many articles that discuss in detail what ‘new CEOs’ should consider when leading their business through enterprise-wide transformation programs. In response to dynamic and continuous change in the external environment, many shareholders and boards have replaced CEOs unconvinced these leaders completey understand the massive disruptions facing their firms.

CROs are under increasing pressure to focus on more strategic and high-value decisions, as routine work is automated away. This article explores if the same evidence-based approach to successful transformation applies to CROs when implementing a ‘next-generation’ risk operating model.

Transformations are complex affairs, with many falling short of delivering the expected value. The key point to understand about any transformation, whether it be risk-related or otherwise, is the intended outcome is a fundamental reboot. This is not incrementalism based on established knowledge and existing organisational capabilities.

What then should the CRO consider, when setting out to transform the risk operating model to ensure firms become the disrupter and not the disrupted?

CROs must develop a clear purpose for the change effort

In the current era of ‘always-on-strategy’ and a relentless flow of regulatory initiatives, constant change can be exhausting for both the Risk Function and the 1st Line of Defence.

Without an explicit ‘why’ incremental improvements in the risk operating model are unlikely to engender the sense of urgency required to deliver the required reboot. Far too often the why is anchored back to a regulatory initiative, with little serious attempt to align with Key Success Factors (for example revenue growth, enhanced product and service offerings, customer pain points) that create value.

? Understand the status-quo = listen to key stakeholders

? Articulate the vision/purpose = engender a sense of urgency

? Develop a structured program = identify practical ‘small wins’

? Build a coalition = invite engagement in the development of the plan

? Maintain focus = on high-priority strategic and business-driven issues

CROs must assemble a diverse leadership team

There needs to be a balance of ‘new and old’ team skills & capabilities. There will be many members of the team who have valuable experience of the ‘way things are done around here‘, but these insights need to be balanced with a disruptive mindset that is proficient in risk and comfortable with emerging technologies. Without this mindset, the best which can be hoped for are incremental improvements.

? Prepare the groundwork for breakthrough ideas = set aside resources to support the innovation effort

? Define the challenge = why does it happen? What are the possibilities for change?

? Research the challenge = desk research, interviews, observation, data, best practice, industry experts?

? Interpret collected insights = what general ‘themes’ are emerging? Why?

? Generate lots of ideas = brainstorming, look for connections, opportunities to create novel solutions or re(combine) existing solutions in a new order

? Agree success measures = what is the output (prototypes, a pilot, a pitch document to secure further investment, a business plan?)

? Launch a prototype/Minium Viable Product = test, learn and adapt. Reflect and iterate. Test, learn adapt…

CROs must adopt agile and digital methods to drive change

There are many opportunities for CROs to leverage emerging technologies and incorporate new ways of working. Many risk processes and workflow controlled by the Risk Function can be simplified and automated, whilst new ways of working can be created.

? Create agile ways of working = cross-functional/self-managed teams that ideate and co-create together

? Make rapid, high-quality decisions = adopt a high-touch engagement approach that permits the rapid iteration of ideas

? Action practical small wins – eliminate low-value work that is a strain on resources

? Risk-digitisation – identify FinTech’s that can help to digitise the Risk Function. What areas are they focused on – managing ALM liquidity, stress testing, identifying emerging risks?

? Identify opportunities to capture a broader set of data – including ‘non-traditional’ data sources, public and proprietary data sets

? Incorporate advanced analytics – to address biases and improve the stability and accuracy of risk models

CROs must develop leadership capabilities

The CRO must go beyond setting the vision and help prioritise actions, develop compelling plans, reallocate resources and develop skills and capabilities that deliver rapid results. Risk leaders must overcome an inherent risk adverse mindset and embrace innovation as an opportunity to create value for their firms.

? Build, lead and retain forward-looking and commercial teams = talent that is both proficient in risk management and comfortable with analytics and digital skills (data scientists, modelling experts)

? Real-time automated risk-advice when considering alternative business decisions = helping Executives navigate through complex risk/reward trade-offs

? An agile mindset = that values innovation and experimentation

? Targeting of high-impact areas to generate ROI = a Risk Function with a far greater share of digital and business-savvy leaders, capable of developing business cases that capture early ROI as a basis for future investment

Reciproco provides knowledge integration across risk, solvency and strategy, including digital transformation, leading complex and unique projects in regulated sectors. Helping senior executives and management teams focus on strategic challenges to create a competitive advantage.

Darren Munday is the founder and Managing Director of Reciproco. An experienced executive with over 20 years’ global experience with multinational companies, including Chief Risk Officer reporting to the Board.

Darren is an Honorary Visiting Fellow of the Digital Leadership Research Centre, Cass Business School where he also holds an Executive MBA.  Darren is a Certified Fellow of the Institute of Risk Management (CFIRM) and Chartered Insurance Risk Manager (ACII) of the Chartered Insurance Institute.

All rights reserved. Unauthorised use and/or duplication of this material without express written authorisation from Darren Munday is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Darren Munday with appropriate and specific direction to the original author and content.