SIFIBANK’S RISK GOVERNANCE—THE EARLY YEARS

SifiBank up until the recent hiring of a Chief Risk Officer (CRO) had operated for its entire existence without a formal risk management structure. Many of the components of a risk management organization existed within the company but were scattered around different business lines and functional areas such as the finance and legal departments. The arrival of the new CRO heralded a new beginning for SifiBank, one that recognized the growing sensitivity of SifiBank’s primary regulator to strong risk management practices. In fact, at their last board meeting, the regulators had cited insufficient risk management processes in light of SifiBank’s five-year strategic plan calling for double-digit growth across its business divisions.

In order to address the regulatory concerns regarding risk management practices at the bank, the Chairman and CEO of SifiBank instructed the Chief Financial Officer to recruit and hire a CRO who would report to him directly. Upon arriving, the new CRO set about understanding the structure and organizational dynamics of SifiBank in order to determine what structure the new risk organization should take along with the staffing required to accomplish that objective. Aside from the fact that SifiBank’s size and business composition represented a significant expansion of responsibility over risk management from the prior position the CRO held at another firm, he was also ...