Brexit: The CRO’s last straw?

In the last ten years, the role and scope of the CRO has evolved almost to the point of being unrecognisable from 20 years ago. The breadth of the role and its visibility – both internally and externally – has meant a new type of CRO has emerged, transforming from Technocrat to Business Executive. We discussed this evolution last time in The Death of the CRO and we have seen further evidence from our Clients, demanding more from our Interim Managers, especially when they are designing, future proofing and transforming their own risk functions.

Brexit however, is a new challenge to top all others. Against the background of an uncertain future, many are asking what skillsets the CRO of tomorrow needs to deal with increasing ambiguity, emerging challenges, and the great ‘unknown’?


The regularity landscape has evolved to a point where, with multiple regulators across multiple jurisdictions, regulation is less aligned and more complex than ever. The sheer weight of new initiatives, proposals, and amendments to existing regulations means a CRO has to rely heavily on a strong team. The CRO also has to understand the key business drivers, and be able to explain the impact of any regulatory challenges/changes at board level. In turn, the board has to understand that the CRO is not a ‘business blocker’, but a fellow Executive who is aiming to ensure commercial success whilst navigating what can be, at times, a regulatory minefield. A number of our clients are utilising our Interim network to make these first important steps on this journey, before handing over to a new permanent CRO.


Technology change is relentless, driving different ways of working, new product offerings, and evolving day to day risks. Be it Fintech start-ups, new methods of payments, the evolution of legacy systems or potential Cybercrime, the CRO needs to have a broad overview ensuring reasonable steps are being taken to protect and future-proof the organisation. Again, a strong, tech-focussed team is essential to keep abreast of potential risks. In addition, new Target Operating Models and risk frameworks may be required. Whilst BAU operations are the ‘here and now’, the CRO of tomorrow will have to spend significant time embracing future technology changes, to be in the best position to understand the ‘Art of the Possible’.


Whist technology is driving significant innovation; repeatedly the challenge comes back to people and culture. The mantra ‘Fail Fast, Fail Quick’ has driven new challenger organisations, and is now being adopted more widely in established/legacy businesses/sectors. This is not necessarily the mind-set of long-standing Risk Advisors; hence, it is a key challenge for them if they are to remain ‘relevant’. Commercial drivers, boards with growth agendas, and new entrants, will all need a flexible, ‘can-do’ attitude from their Risk Advisor. Staying within regulatory guidelines and ensuring good-practice will be more difficult than ever, hence the ability to have strong engagement with Regulators is essential to push boundaries and ensure the CRO is a contributor to the bottom line.


The role of Chief Risk Officer was enhanced following the financial crisis [of 2008] with a new swathe of regulations and promotion to the Executive Board. Indeed that focus continues as the CRO no longer has to manage with CF28, but now has a dedicated SMF4 function. Both internally and externally, the CRO is viewed as the ‘guardian’ of the organisation. The CRO is a best practice advisor to the board, and the one who is ultimately accountable to the regulator. This requires the CRO of today (and tomorrow) to have not only a strong personality, but also very refined engagement skills.

And finally … Brexit

An American client described Brexit as like a bar fight: “You don’t know what is coming at you, from where and how much it will hurt.” It is an interesting analogy: how can you anticipate or mitigate against an unknown set of outcomes? The response depends on whether your organisation trades domestically or internationally, as this will drive commercial risk indicators. CROs we have spoken to who work within domestic focussed organisations have about six to eight workstreams, focussed mainly on potential UK economic scenarios. Those with international remits also have to assess the Target Operating Models going forward. Whatever the outcome, and as unlikely as it sounds, Brexit is perhaps the CRO’s biggest opportunity to make a difference. Ensuring the Risk function is efficient and staffed with the best team possible, utilising technology such as Analytics and Machine Learning, and being open-minded and able to adapt quickly, will enable a business to successfully navigate these uncertain waters.

In summary, the key to success for tomorrow’s Chief Risk Officer will be:

  • Bringing an entrepreneurial view to bear
  • Moving quickly when needed
  • Having the best Risk and Compliance team possible; and
  • Applying a pragmatic, commercial mind-set

If you would like to find out more about how Norman Broadbent’s Interim Management Network can support you, or discuss a specific assignment, please do not hesitate to contact Mike Davies,  Director, on +44 (0) 207 484 0000 or via for an initial confidential discussion.