Embracing the CRO’s new mandate
Charged with helping organizations navigate evolving risks and uncertainty, chief risk officers (CROs) and other risk management executives identify, assess and mitigate threats to the business while helping it balance risks in pursuit of new opportunities. As a result, today’s CROs need to be agile, strategic and collaborative. They should balance a growing focus on responsible value creation alongside stronger value protection. How? By bringing strategic business insights to help unlock the potential of transformation initiatives with a tech-driven, people powered approach to risk management.
Policy shifts complicate risk outlook, planning
Risk executives are no strangers to uncertainty, but they’re now in uncharted waters. Nearly 90% say new risks, regulations and talent challenges are barriers to their goals, finds PwC’s October 2024 Pulse Survey. The new administration’s agenda has added more uncertainty, with a surge of new executive orders and tariffs, the pausing or reversal of Biden-era rules, potential immigration restrictions and other policy changes.
Strategy & growth
Align on need for risk-informed strategy
To help the business balance risk effectively, CROs are reaching across the three lines of defense to harmonize and reinforce their messaging to the board, CEO and senior leaders. The most influential risk leaders also participate in early strategic and transformation decisions, when risk insights can mean the difference between success and failure. By aligning on risk factors and using technology and data insights to inform key decisions, you can empower your organization to make bold moves with confidence.
Begin by collaborating with other risk leaders across the three lines on risk standards, terminology and messaging. Define a vision for risk management that supports your organization’s goals. Sharpen communication and other soft skills to collaborate more effectively and demonstrate the business value of risk-informed decision-making.
Technology
Innovate with emerging tech
Artificial intelligence and other emerging technologies are creating a growing appetite for risk and a corresponding imperative to deploy them responsibly to help manage risk. Embracing this challenge, today’s risk executives are reframing risk as a value-creation opportunity for their organizations. They’re innovating with a human-led, tech-powered approach to risk management that helps drive sustainable growth while also improving program quality, performance and efficiency.
To get there, collaborate across the three lines to transform risk and compliance programs with an enterprise-wide approach to rationalizing technology and controls. Integrate advanced analytics, predictive modeling, automation and cloud to replace legacy tools and manual processes. Leverage AI and machine learning for risk insights to inform strategy and drive growth.
Resilience
Build operational resilience
Operational resilience requires your organization to evolve continuously, safeguarded from shocks while maintaining its ability to adapt, create value and stay competitive. However, tension can exist between the diverging goals of resilience versus agility. Balancing these competing demands requires a strategic, enterprise-wide approach to resilience that’s centrally governed and embedded into operations and the corporate culture.
Seek opportunities to collaborate on and shape your enterprise resilience strategy. Identify your critical business services, map their dependencies and integrate your resilience capabilities and reporting around those services. Align your program with your organization’s strategy, values and investment priorities. Leverage advanced technology and mine intelligence from data to help you anticipate, prevent, manage, simulate and learn from risks and disruption.
Reporting
Improve transparency and reporting
Transparent, accurate disclosure is critical to establishing trust and driving shareholder value, but it’s becoming increasingly complex. Effective reporting on regulatory obligations — covering cybersecurity, data protection, privacy, supply chain, sustainability and AI — as well as voluntary disclosure are key to maintaining credibility with investors, regulators, customers and employees. The same goes for internal reporting to the board, especially on risks to strategic priorities like transformation and business model reinvention. Integrating risk with reporting bolsters accuracy and consistency in communications, uniting teams internally and building trust externally.
Consider how automation and tech-enabled data management can build an agile, robust reporting function that seamlessly adapts to evolving disclosure obligations. Coordinate with other teams to make sure that messaging is consistent. Enhance your risk quantification capabilities to drive informed internal decisions and foster greater external transparency.
Regulatory risk
Manage regulatory risk
Regulatory change at the federal, state and global level is accelerating. Compounding the complexity is the uncertainty introduced by the recent election and changing regulations. Savvy risk leaders understand that managing evolving regulatory expectations requires agility, automation, strong data quality and governance, rationalized controls and alignment across the enterprise.
Start by confirming your regulatory change management processes are functioning effectively, enabling you to monitor new developments, assess their business impact and communicate implications to leadership. Update your enterprise risk assessment and resulting risk inventory to account for the impact and interdependencies of regulatory uncertainty on business strategies and enterprise risks. Consider adopting an AI-powered regulatory risk intelligence platform for real-time alerts and data-driven insights.
Source: Leadership Insights, pwc
