Conduct & Ethics

Bank Failures and the Need for Better Risk Leadership

To prevent future fiascoes, financial institutions must improve their culture and their risk training. It all starts at the top, where the CRO must be proactive and drive home the right messages about risk ethics and risk awareness.

Friday, April 21, 2023

By John Thackeray


In times of great volatility and uncertainty, there are no excuses for poor risk management. While there are plenty of risk culture and modeling success stories, tales of failure are the ones that grab most of the headlines.

It has been said in business that the fish stinks from the head. The demise of SVB cannot be boiled down to a single factor, but the responsibility can clearly be laid at the door of the top risk executive and the risk management team.

Even if, for example, the CRO post at SVB was vacant for a period of eight months, a bank with more than $200 billion in assets should have had a sizable risk management department, with a leading voice who is heard and respected across the organization.

Simply put, from the perspective of many of their stakeholders, financial institutions seem to have lost their way, with no moral compass. Banks are suffering through a crisis of confidence, with customer expectations, sentiment and engagement all low.

Though the recent failures of mid-level banks have dominated the news cycle over the past six weeks, findings of fraud against larger banks including Wells Fargo and Bank of America have resulted in huge financial penalties while inflicting significant reputational damage.

So, what steps can CROs take to stem the tide?

Transforming Culture: Leadership and Training

The CRO should be viewed as one of the stronger internal candidates to succeed the CEO. He or she must become an exceptional storyteller who can convey proper risk awareness messages, firmwide, about the importance following best risk practices and adhering to risk principles and ethics.

This executive must also be a person of high moral character who has the courage to stand up to management in situations where, say, there is too much concentration risk in a company’s portfolio or where there is a recommendation to change the assumptions of risk models to make the company look more profitable.

What’s more, the CRO must ensure that all risk management personnel have an accredited risk industry qualification and proper training. To enable the risk team to speak a common language while applying consistent standards, the tour of duty of every risk professional should include cross training in the various risk disciplines The resulting synergies will yield smaller teams of agile, multi-discipline staff with a depth and breadth of knowledge in different subject areas, improving internal review and decision-making processes.

john-thackerayJohn Thackeray

The CRO must also take steps to ensure that risk management will be seen as champions of both risk culture and business culture. Building and maintaining these symbiotic cultures will be critical to ensuring the future success of the business and risk functions.

For this approach to take root, a firm will need to monitor and survey, regularly and proactively, the actions of all its internal and external shareholders. The secret recipe is to start with the risk culture first and then evangelize, so that both cultures emphasize strong advocacy of corporate values.

Parting Thoughts

Ineffectual CROs benefit neither their employers nor the risk profession as a whole. To regain the trust of their customers and to better protect against future crises, the top risk executives at banks must take more of a hands-on, proactive role in developing comprehensive cultures of risk awareness.


John Thackeray is a risk and compliance practitioner and writer. His firm, RiskInk, helps businesses control their risks by writing policies and developing procedures to mitigate them. As a former senior risk executive at Citigroup, Deutsche Bank AG and Société Générale, he has had firsthand engagement with U.S. and European regulators.


We are a not-for-profit organization and the leading globally recognized membership association for risk managers.

weChat QR code.
red QR code.

BylawsCode of ConductPrivacy NoticeTerms of Use © 2024 Global Association of Risk Professionals