The chief risk officer is likely becoming a hot commodity in the wake of the coronavirus pandemic as many businesses face a wide range of threats to their operations and their workforces.
The many facets of the Covid-19 fallout are putting CROs on the front lines, working with executives and boards of directors to respond to these challenges. Companies are expected to lean more heavily on their risk officers for the foreseeable future to account for new and heightened dangers.
The pandemic has increased financial risk for a large swath of corporate America, increasing CROs’ existing work. But it’s also introduced issues that traditionally fell outside the purview of risk officers, who generally have focused on company finances.
Covid-19 has served as a “springboard to thinking more about operative risks,” said Morgan Davies, managing director for financial solutions at Alliance Risk Group, a consultancy for energy and financial companies. “Historically the focus has been on market and credit risks, but now you’ve got all of these safety issues to consider.”
New considerations include cybersecurity risks stemming from increased and prolonged telework. CROs also may need to address safety issues resulting from workers’ return to offices and their use of transit systems.
CROs are “an important ingredient in navigating through the new normal,” Davies said. “They’re going to play a more prominent role, and that role is going to be continuously evolving.”
Currently, there are about 2,000 CROs in the U.S., data from LinkedIn show, and that number could rise if the virus pushes more companies to add risk-focused positions. Their ranks already have grown by 5% since last year, according to LinkedIn.
Expertise in business continuity also is among the fastest-growing skills sought for the role.
About half of U.S. companies have a CRO, according to a 2019 Deloitte survey of executives. The officers typically have years of industry experience and report to the chief financial officer, another C-suite member, or the board of directors.
“A CEO told me once I helped him sleep better,” said David Koenig, a former corporate risk management executive. “A good CRO goes beyond that,” said Koenig, who now runs a membership organization for board members, CROs, and other executives charged with risk management.
CROs should identify key risks, assess a company’s ability to take risks, and plan for recovery and resilience, he said.
The role can take many forms and is often intertwined with corporate compliance functions at smaller organizations with limited resources. Greater coordination between CROs and companies’ compliance and legal teams is expected in the wake of the virus, Davies said.
CROs have tended to emerge at companies grappling with industry-specific crises. The energy sector saw an uptick in the number of risk officers following Enron Corp.’s collapse in the early 2000s over accounting fraud.
“It was very important for energy companies to demonstrate that they had a handle on the risks facing their businesses,” said Bob Anderson, executive director of the Committee of Chief Risk Officers, a nonprofit formed to rebuild rating agency and investor confidence in energy firms post-Enron. Its members include risk officers from Chevron Corp., Exelon Corp., and Hess Corp.
CROs also gained popularity among banks and financial institutions after the 2008 mortgage meltdown. Post-crisis regulations also required many financial companies’ boards to adopt risk committees.
In the past, some companies have shifted the CRO out of the C-suite and into a less prominent role once the direct impact of a major crisis fizzles out, Anderson said. This time could be different, as the global scale of the pandemic presents issues that could linger for years.
“This crisis is particularly unusual because it’s so slow to go away,” Anderson said. “People are still in the middle of figuring out what this means for business, and companies are still in survival mode.”
Corporate boards are also responding to the new risk management landscape, which for them could mean a new board committee or greater emphasis on crisis experience in director recruitment.
More boards are expected to carve out a committee—temporary or otherwise—for risk oversight as the virus leaves directors scrambling to deal with its effects. The function was tasked to its own committee at 12% of S&P 500 boards in 2019, up from 9% in 2014, according to data from executive recruiter Spencer Stuart.
“We may see an increase in that trend,” said Robert Biskup, managing director at Deloitte’s risk and financial advisory group and former chief compliance officer at Ford Motor Co.
Risk oversight is often assigned to the board’s audit committee. But those committees have taken on a “heavy workload” as their focus on financial reporting has expanded to include other areas like cybersecurity, Biskup said.
Past experience with managing a crisis—from the terrorist attacks of Sept. 11, 2001, to major hurricanes—is also becoming a sought-after trait for new directors.
“Situations like Covid will be one of the main criteria for future board members,” said Jim King, who leads the board services practice at search firm WittKieffer.
“I never thought when I interviewed potential board members I would focus on experience with catastrophes,” he said.