The chief risk officer (CRO) or chief risk management officer (CRMO) of a corporation is the executive accountable for enabling the efficient and effective governance of significant risks, and related opportunities, to a business and its various segments. Risks are commonly categorized as strategic, reputational, operational, financial, or compliance-related. CROs are accountable to the Executive Committee and The Board for enabling the business to balance risk and reward. In more complex organizations, they are generally responsible for coordinating the organization's Enterprise Risk Management (ERM) approach.
James Lam, a noted risk professional, is credited as the first person to coin the term. Lam is the first person to hold that position at GE Capital in 1993. The position became more common after the Basel Accord, the Sarbanes-Oxley Act, the Turnbull Report.
A main priority for the CRO is to ensure that the organization is in full compliance with applicable regulations and to analyze all risk related issues. They may also be required to work alongside other senior executives such as with a chief compliance officer. They may deal with topics regarding insurance, internal auditing, corporate investigations, fraud, and information security. The responsibilities and requirements to become a chief risk officer vary depending on the size of the organization and the industry, however most CRO's typically have a masters-degree level of education and 10 to 20 years of business-related experience, with actuarial, accounting, economics, and legal backgrounds common. There are many different pathways to become a CRO but most organizations prefer to promote their own employees to the position internally.
The Rise of the CRO in Executive Middle East Magazine, https://web.archive.org/web/20111114213418/http://www.executive-magazine.com:80/getarticle.php?article=14802