A CRO on a Mission to Help Build a Resilient Culture

As chief risk officer since 2019, Senthil Kumar has helped guide BNY Mellon – America’s oldest bank and one of the global giants of investment servicing – through post-pandemic workplace changes, market volatility, geopolitical uncertainties, rapid technological advances and other challenges.

It has been his mission to put a “comprehensive” risk management program in place, Kumar tells GARP Risk Intelligence – one with a culture of “intelligent risk-taking” and establishing “the right framework to identify, measure and manage risks for the best outcome.

“Risk management does not mean saying ‘no’ to bold ideas or blocking growth, but helping companies grow responsibly,” Kumar says.

Known for technology leadership in areas ranging from wealth management to real-time payments to digital assets, BNY Mellon in March made Fortune magazine’s inaugural America’s Most Innovative Companies list. The New York-based company, formally Bank of New York Mellon Corp., reported $421 billion in balance sheet assets, $46.9 trillion in assets under custody and/or administration and $1.9 trillion in assets under management as of June 30, 2023.

BNY Mellon’s Senthil Kumar: “I try to challenge the status quo.”

Before he joined BNY Mellon, where he is a senior executive vice president, Kumar had been at Citi since 2004. He was its Institutional Clients Group’s CRO and headed risk management for Financial Institutions and Public Sector and Alternative Assets and Investments. Prior to that, he oversaw market risk management and alternative investments for then Citi-affiliated Samba Financial Group of Saudi Arabia. He is a CFA Charter holder, has a B.S. degree in Mathematics from the University of Madras, India, and is a member of the Institute of Chartered Accountants of India.

In this interview, conducted via email, Kumar elaborates on how BNY Mellon has been building a strategic enterprise-wide risk culture.

What is a risk management takeaway from the pandemic period?

Resilience is essential to who we are. It’s something we view as a commercial attribute. By taking intelligent risks, we continue to achieve our business goals while managing risks created by the pandemic and other uncertain and challenging environments.

What is involved with creating a risk-aware culture?

To integrate a mindset of intelligent risk-taking into our culture, we’ve been on a journey to establish clear risk ownership by the businesses and corporate functions and deliver comprehensive risk oversight by Risk and Compliance. Rather than a one-size-fits-all approach, we are creating customized, tailored communications that are well coordinated. We are embedding the mindset that everyone is a risk manager.

Whether in Operations facilitating client transactions or in Markets financing securities, each of us needs to understand and manage the risks in our work. We all have a responsibility to protect the company’s safety and soundness and must promptly raise our hands and escalate any issues we suspect.

How is this playing out?

Risk and Compliance is enabling innovation by differentiating risk approval processes based on the level of risk and focusing senior leaders on higher-risk approvals and more strategic challenges; establishing a centralized, transparent process for product reviews and approvals so businesses have a clear process to confidently bring products to market in a timely manner with all the proper reviews and controls; and enhancing how control activities and requirements are communicated to the businesses.

How do you determine who owns what risk?

BNY Mellon’s three-lines-of-defense model clarifies roles and responsibilities across the organization. I report jointly to the chief executive officer and the Risk Committee of the board to preserve the independent nature of the Risk and Compliance function, which I lead.

For comprehensive coverage, and to ensure our view of risk is not siloed, we look at risks in multiple ways, including types of risks (for example, technology, credit and operational), businesses that originate the risk, as well as regions or legal entities that risks reside in.

What is the board’s role?

The board of directors sets clear oversight for the bank’s risk appetite and holds management accountable. It also supports the stature and independence of risk management and internal audit, the second and third lines of defense. A few subcommittees focus on important responsibilities such as risk management, audit, and corporate governance. The Risk Committee of the board is one of them, and it oversees the company’s risk management policies and practices and global risk management framework.

What do you look for when building out a risk team?

Well-rounded risk managers. Understanding only credit or market risk doesn’t work well in today’s world. Clients are becoming increasingly sophisticated, and different risk types are converging and interplaying with each other. You must be able to consider the bigger picture.

We look for roll-up-the-sleeves attitudes: running toward tough problems; asking for work outside the existing skillset; pitching solutions without being asked; moving across the globe for new challenges; helping businesses that take risks in pursuit of their goals; lifelong learners that heavily prioritize learning and development; and those that challenge the status quo.

My dad gave me important advice at the start of my career: To succeed in corporate life, manage people effectively and build strong teams, you must focus on people’s strengths and help them work on their weaknesses, as we all have them.

How do you provide that support?

We’ve invested in development programs to drive career growth and foster an inclusive team culture: a Mentoring Program; a Cross Training Program that offers employees opportunities to take challenging assignments outside their comfort zones; and an Executive Development Program to strengthen our bench of diverse senior leaders, which has evolved to become a part of the firm-wide signature senior leadership program.

Why does diverse representation matter for risk management?

Diverse teams manage diverse risks. Teams that have too many people with similar backgrounds and experiences are more likely to fall into groupthink and miss important risks in their own operations or for their clients.

What key challenges are you focused on?

Market volatility continues to be something we are watching very closely. The markets are in a high-inflation, elevated interest-rate environment, and are still seeing impacts from the pandemic recovery and Ukraine crisis. Add to that the current banking environment and elevated concern about smaller banks’ viability. We are monitoring sectors that would be vulnerable to a recession and assessing any impacts on our portfolios.

Operational risk is always a focus for us. Reducing and more tightly controlling manual processes across the company is a top priority and has been for years.

Given the threats of ransomware and the sophistication of new tactics, we have been undertaking various initiatives to manage cyber risk. We continue to assess our control environment to identify improvement opportunities for increasingly sophisticated threats.

What does being a change agent mean to you?

I always try to challenge the status quo and ask questions to understand why things are done the way they are. This approach drives positive change and innovation, benefiting both companies and individuals.

It’s very rewarding to watch talented people excel because of the ways we’ve invested in them. It’s also rewarding to know that our investments in comprehensive risk management are helping the company grow sustainably and reach its goals.

The changes expected in the industry in the next several years are going to be vast and transformational. BNY Mellon has significant potential for growth as the industry landscape and client expectations change around blockchain, data and artificial intelligence. By thinking ahead and taking intelligent risks, we can protect our clients and portfolios and help enable our company’s commercial outcomes and responsible growth, even in uncertain and challenging environments.

L.A. Winokur is a veteran business journalist based in the San Francisco Bay Area.