Chief Risk Officer

From Open Risk Manual


The Chief Risk Officer is a senior management position, typically found in regulated large financial institutions such as banks and insurance companies

Roles and Responsibilities

The CRO has primary responsibility[1] for overseeing the development and implementation of the firms Risk Management function. For regulated banks this function must be sufficiently independent from the rest of the firm.

Detailed responsibilities of the CRO includes:

  • the ongoing strengthening of staff skills
  • enhancements to risk management systems
  • risk management policies
  • risk management processes
  • sponsoring the development of quantitative models
  • setting up Risk Reporting

In addition any other functional requirements necessary to ensure that the firm's risk management capabilities are sufficiently robust and effective to fully support its strategic objectives and all of its risk-taking activities.

The CRO is responsible for supporting the management board in its engagement with and oversight of the development of the firm's Risk Appetite and RAS and for translating the risk appetite into a risk limits structure.

The CRO, together with management, should be actively engaged in monitoring performance relative to risk-taking and risk limit adherence.

The CRO’s responsibilities also include managing and participating in key decision-making processes (eg strategic planning, capital and liquidity planning, new products and services, compensation design and operation).

Reporting Context

  • Various top level risk / executive committees




Regulatory Aspects

See Also

Semantic Data

  • The ESCO Code to which this job best corresponds to (as the most detailed leaf of the tree)


  1. BCBS D328, Corporate governance principles for banks, July 2015

Facts about "Chief Risk Officer"
URI of an entity that is defined via an imported vocabulary. +