The CRO’s Critical Role and How It’s Evolving

“Dying of thirst” isn’t just an expression. It’s a classic trope in many films and books where a character is stranded without access to basic needs and their survival is on the line. Yet, sometimes the actual statistics are fudged to create more drama and tension. In reality, a human being can survive for up to three weeks without food but can only live for between three and five days without water. Water comprises roughly 60% of the human body and is critical for sustaining life.As important as water is for a human’s survival, financial institutions (FIs) are discovering that having a chief risk officer (CRO) may be equally important for their own survival. Following the collapse of Silicon Valley Bank in the spring of 2023, one thing that became glaringly evident was that the financial institution had lacked a CRO for nine months prior to its collapse — a reality that has not gone without notice within the banking industry. As financial institutions heighten their risk controls, more attention is being paid to the importance of CROs and the changing nature of the position. The Changing Role of the CROHistorically, CROs focused primarily on financial and market risks, such as liquidity and credit. However, the role expanded in the mid-1990s to address operational risks following significant financial scandals. In 2014, the Office of the Comptroller of the Currency (OCC) further broadened governance and risk management expectations, particularly for large financial institutions. Today, the role has expanded even further, as CROs must address an increasingly complex array of non-financial risks, including cybersecurity, fraud, and regulatory scrutiny.Since then, as the number of factors that can impact a business or bring about its demise has increased, the responsibilities of the CRO have continued to expand as a result of ever-changing risks that emerge within the financial industry. According to ProSight’s Financial Association’s 2025 RMA CRO Outlook Survey, CROs are playing a larger role in their FI’s strategic and capital planning, on top of risk management. The role has expanded so much that 55% of CROs surveyed are involved in non-risk management committees and participate in strategic planning.The increasingly digital nature of the financial landscape is a large driver for why a CRO must widen the scope of their focus. The top risks identified by the CROs surveyed were almost entirely driven by digital, non-financial risks:

CROs must also navigate heightened regulatory scrutiny, risks associated with generative AI, macroeconomic volatility, and geopolitical uncertainties. Regulators are increasing their focus on liquidity risk, credit risk, and capital adequacy, requiring financial institutions to enhance risk reporting and stress testing capabilities.Critical CRO SkillsThere is widespread agreement among industry professionals that the CRO role is critical, especially given what can occur to an organization that lacks one. Given the broad spectrum of skills that a CRO must have, including the ability to adapt to a role that must itself adapt depending on the FI’s needs, many organizations turn to candidates with backgrounds in specialized areas such as law and accounting, or even former regulators. What is equally important is that financial institutions actively work to train candidates from within — individuals who already have a deep knowledge and understanding of a financial institution’s culture. Considering the importance of not being without a CRO for long, financial institutions should be actively grooming a pipeline of potential successors. For organizations that don’t yet have a CRO, or that are considering expanding or altering the role, here are a few key things to think about: 

As the risk landscape continues to evolve, the CRO’s role must adapt to keep pace. Financial institutions that prioritize a strong risk culture and empower their CROs with the right tools and authority will be best positioned for long-term stability and resilience.