Rising Through the Regions: John Turpen's Road to CRO

In 2018, John Turpen completed a nine-year run with U.S. Bancorp. He had risen to chief risk officer of corporate and commercial banking at the Minneapolis-based banking company after previous stints with HSBC and Wells Fargo & Co. - all top-tier financial institutions whose risk management functions had expanded and matured considerably over the course of Turpen's 22‐plus years in the industry.

What next for a proven risk executive on the rise? In September 2018, Turpen became CRO of Texas Capital Bank, which at the time was three months shy of its 20th anniversary. (U.S. Bancorp, by contrast, traces its roots back to 1863.) At yearend the parent holding company, Texas Capital Bancshares (of which Turpen is also CRO), reported $28.3 billion in assets (as compared with U.S. Bancorp's $467 billion), along with returns of 1.19% on assets and 13.14% on equity, and a ratio of tangible common equity to total tangible assets of 8.3%.

Any banking executive would consider that solid footing, a strong platform for growth. For Turpen, who says his career was evenly divided between retail and wholesale banking and risk‐focused from day one, it is also part of a refreshing change of scenery. He reports to a CEO, Keith Cargill, who is one of two founders still on the management team of the business‐oriented bank, which, in contrast to the biggest regional and national players, has grown entirely organically, and not through acquisitions.

Before arriving at Texas Capital Bank's Dallas headquarters, Turpen in his banking career had “never worked for a company with fewer than 75,000 people. Here we have 1,600‐1,700.” About 12% of the employee base works on the risk and compliance teams.

Culture and Subcultures

Turpen describes risk management and compliance as being “in the forefront of everything that we do” - a characteristic he views as common among “progressive organizations,” no less true of TCB's DNA as it is of USB's.

The size differential, at least in raw numbers, does not tell the whole story.

“A lot of the experiences I have had at larger organizations have been with subcultures or smaller teams,” Turpen notes. “So in some respects, some of those experiences have been similar to this, especially those I have enjoyed the most.”

Texas Capital Bank, though, is organizationally nimble and affords clear opportunity for the “influence and teaching” that are part of the CRO's approach.

“We are in a good spot in terms of risk and compliance and placement of the CRO role,” Turpen says. Over TCB's 20 years, “a lot has been accomplished, and there is a long way to go. It is very gratifying to be here.”

Turpen reflected on his experiences, including the move to Texas Capital Bank, and offered observations about risk management and the risk profession, in a recent interview. Here are excerpts.

How long have you been in risk management?

I think of risk management as a holistic discipline. I was in it from the first day, when I was in a finance group evaluating M&A and putting values on credit card portfolios. Risk management really starts early in a banker's career.

How would you say that the risk management discipline has evolved over the years?

Economic cycles and events that have transpired globally have brought on a different focus. But at every organization that I have worked at, there has been a risk management and compliance framework that meets the expectations of auditors and regulators. The frameworks have become more solid and straightforward in setting minimum standards and guidelines. We should always have more stringent and higher expectations of ourselves in the way we look at risk management.

What was the state of risk at Texas Capital Bank when you arrived?

The bank had gone from zero to almost $30 billion in assets in 20 years, and the foundation was solid. I inherited a wonderful team in terms of skill set, a balance of individuals who started with the company and who came from larger institutions. The trajectory was right where I hoped it would be, the talent level was where I hoped it would be, and in some cases it exceeded my expectations.

Have you added to the team?

We added and rounded out skill sets where appropriate, but not in a material way. We have made a substantial investment in risk and compliance functions. Any additions we make will be with a forward view of where we want to be.

How does the top management and board signal its commitment to risk management?

What attracted me to this opportunity started early in the process. I spent a couple of hours with the CEO [Keith Cargill] before speaking with anyone else in the company. Later I met with the chairman of the risk committee of our board [Charles Hyle], who is the retired CRO of KeyCorp. I knew coming in that if I had the sponsorship and support of the CEO and the chairman of the risk committee, then I could feel really strongly about a positive relationship and where it could go. By the time I met with the rest of the leadership team, there was a great connection and level of collaboration with everyone across all disciplines - a really strong relationship from the start.

How have you experienced the CRO-board relationship?

At TCB I have more of a global exposure to the board and its various committees. At U.S. Bank, where I was CRO of the wholesale bank, my exposure to the board was more topical. Having a more holistic relationship with the board was one of the attractions of this opportunity. The feedback from the different committee chairs and from the directors in general couldn't be more supportive.

How do risk and compliance fit together?

Without being specific about numbers of people, we have made an adequate and stable investment, which is growing in line with our industry peers: a 5% to 10% growth in FTE [full-time equivalents] projected for 2019. This is the most collaborative environment that I have been in in terms of how we think about risk and compliance and how it impacts our clients. It is a very client‐centric organization. Everything we do is with the client in mind. The best possible client experience, including how we implement risk and compliance, puts us at a competitive advantage.

Are you facing cost and efficiency challenges?

We look at process efficiencies and technology. We are blessed to have a CEO who is so interested in innovation and technology that he challenges all of us every day. We look at it as streamlining processes so that our business-friendly approach comes across clearly to clients. We want to be known as easy to do business with.

How do technology and innovation play out in a risk management context?

It's not technology by itself - it takes technology, it takes training, and there is some level of human interaction with and augmentation of it. What is interesting at a firm like ours is that a lot of processes are still maturing. Think of artificial intelligence or other technologies along that path. In some respects, you have to have stable processes in order to introduce technologies. We challenge ourselves to get that timing right.

Where do you stand on issues like cloud technology and operational risk?

Managing technology and operational risk is one of the most important things we do. We think about cybersecurity, fraud management, vendor risk management, cloud - and a lot of vendors that we use take advantage of the cloud. These are important items for us to consider in deciding to adopt technologies and then having to manage the risks appropriately. A lot of these technologies are not mature - they haven't been around for 20 or 30 years. We are early adopters of technologies - where it makes sense. Those that help in client prospecting, account management, or getting better at providing solutions to clients are easier to implement.

How closely is risk management connected with business strategy?

Every investment and new initiative have to meet certain return hurdles and our risk appetite. I like to say that we are in the risk management, not risk avoidance, business. If we don't understand that, we won't achieve what we want to for our investors and our clients. We want to be advancing the risk and compliance framework in a way that supports the growth of the business.

How would you rate the progress and status of CROs and the risk profession, especially since the global financial crisis?

I think we've come a long way. The CRO and risk management are on at least an equal footing with other disciplines.

Do you think about the next crisis and the need for resilience?

We do. We don't know what the next event is, how severe, or how long it will last. But we do have a unique business model that we believe is sound and will be through various cycles. The best we can do is be prepared for how scenarios can play out and be as nimble as we can be through those events. The history of TCB included, most recently, an energy downturn, and we came out of it stronger. In risk management and compliance, we have always been very transparent and early to acknowledge any stress in our portfolios.