The new faces of the Chief Risk Officer: the Strategistby Adam Ennamli, CRO, General Bank of Canada
Rapid transformation, mounting complexity and unpredictability are now the main characteristics of today’s business world, and the role of the Chief Risk Officer (CRO) has undergone a significant evolution that means to adapt, or calibrate, its usefulness. Historically, CROs were tasked with operational oversight and regulatory compliance, they are now organizational pivots and strategic contributors within organizations. The 2025 IRM risk trends indicates that 47% of organizations have observed enhanced visibility and influence of CROs in strategic decision-making processes. This switch is a revelation: risk management is now about more than avoiding problems, it’s about understanding and catalyzing organizational growth, and more importantly, protecting the competitive advantages.
Over the past 10 years, we’ve seen an array of emergent risks that underscore the necessity to think strategically. We cannot afford to wait for the next buzzword risk category, we got to predict and understand it before it hits. Supply chain disruptions, exemplified by the global logistical standstill during the COVID-19 pandemic, have transitioned from peripheral concerns to critical strategic challenges. Climate-related risks, including extreme weather events and regulatory mandates aimed at carbon reduction, require proactive and forward-thinking strategies. Further, cyber threats are more complex, sophisticated and bold than ever, with ransomware attacks targeting major corporations and strategic infrastructure, which demands a multi-dimensional response where prudence only won’t cut it. These multifaceted risks necessitate that CROs transcend traditional frameworks, engaging deeply with the strategic imperatives of their organizations to deliver actionable insights that shape long-term direction. As outlined in a 2025 PwC report, 90% of risk leaders say managing new risks is an obstacle to achieving their priorities. Without reducing the importance of the affirmation, risk leaders should embrace new risks as additional opportunities to make connections and build trust around their function.
This article explores the necessary transition of CROs from compliance-focused gatekeepers to strategic business thinkers, and doers. Through detailed examples and practical guidance, it illustrates how risk management insights are an essential input to strategy, how it became a science of decision-making, and how doing it well positions any organization to thrive amidst uncertainty.
The Strategic CRO: Core Competencies and Partnership
To fulfill a strategic role, CROs must possess an intimate understanding of their organization’s operational and competitive landscape. This extends beyond maintaining risk registers or mastering regulatory requirements; it involves a comprehensive grasp of the company’s strategic objectives, market dynamics, and competitive pressures, it involves understanding the bread and butter, the organizational DNA[1], and how to make it better. If CROs start thinking about risk management for the business, and not because of the business, they can identify opportunities where calculated risks may yield significant rewards, as well as pinpoint threats that require mitigation or avoidance as early as possible.
Partnership with other executive leaders is equally critical. The most successful CROs know how to communicate risk in terms that resonate with business objectives, translating technical assessments into strategic implications, they also know how to communicate risk in a way that doesn’t trigger disproportionate emotions from the audience. For instance, rather than presenting a cybersecurity vulnerability in abstract terms and an alarmist tone, a CRO might quantify its potential impact on revenue streams or customer trust, directly linking it to the organization’s growth trajectory, all within a calm and firm tone that invites to a serious, decision-oriented discussion. In an ideal state, before considering a new market expansion or penetration, the first stop of the Chief Marketing Officer should be the Strategic CRO. Why? Because they know the “lay of the land” from both a big picture and operational perspective, they can visualize the no-go zones and help the launch team focus on the right areas. The traditional way of doing things had this sequence in reverse, with a lot of inefficiencies resulting from it.
Moreover, CROs play a vital role in embedding risk awareness throughout the organization. This involves developing training programs that equip employees to consider risk in their decision-making processes and fostering a culture that values informed risk-taking. When we reach a state where risk considerations permeate all levels of the organization, strategic initiatives are executed with a balanced understanding of potential rewards and inherent uncertainties, and this, in turn, enhances overall resilience and agility.
Benefits of a Strategic CRO
The transition to a strategic role yields substantial benefits for both the organization and the CRO. At the organizational level, a strategic CRO enhances the quality of decision-making by integrating risk insights from many dimensions into planning processes that could be rigid. Going back to our CRO-CMO collaboration example, the “lay of the land” includes political stability, economic conditions, regulatory frameworks. All dimensions that the risk function has been evaluating and modeling for decades, and that could be translated into useful, decision-oriented business lingo thanks to a strategic CRO. In one anonymized instance, a CRO’s detailed evaluation of a region’s unique regulatory requirements and legal precedents prompted adjustments to the location of a product’s production, avoiding certain Intellectual Property (IP) theft while still securing a foothold ahead of competitors in terms of cost. Tools like country scores do just that, they assess all dimensions of doing business in a certain region and return a score that drives your decision to proceed or not.
Relying on the CRO for strategic planning also improves overall returns by addressing vulnerabilities early in the process, avoiding later losses that can be sizeable[2]. For example, a CRO could recommend a diversified supplier base, and therefore reduce the likelihood of production halts, allowing their company to avoid millions in losses during a regional crisis, they just need to see that concentration risk, and instead of keeping it on a heatmap, translate it into clear scenarios that show business losses should the event materialize. Such foresight needs to happen when nobody is worried or even aware, through predictive analysis, preventive decision making and supply chain design. It effectively transforms risk management into a real value-creating function rather than a cost center.
For CROs themselves, building strategic acumen and adopting a business-first mindset elevates their influence and will certainly have a positive effect on their career trajectory[3]. By demonstrating their capacity to contribute to organizational success beyond traditional risk mitigation, they transition from administrative roles to integral architects of the company’s future, gaining recognition and authority at the executive level.
Challenges of a Strategic CRO
Despite its advantages, the shift to a strategic role presents challenges. In many organizations, risk management as a function, is siloed, disconnected from operational and strategic functions with separate and unique talent profiles that will err on the side of introversion. CROs can address this by actively participating in strategy discussions and fostering cross-functional partnership, the secret is to speak the business’s mainstream language during these interactions, not alarmist risk jargon, as doing so creates a barrier. According to PwC, 89% of risk executives are prioritizing expanding their function’s influence across the entire C-suite[4]. Influence in itself should not be the end goal, but a means to achieve a cultural shift in the way the workforce thinks about risk.
Access and familiarity with reliable, quality data is another material obstacle. Effective risk management relies on high-quality, actionable information, yet many organizations lack the necessary analytical infrastructure, or if they have it, won’t have the immediate reflex to grant access to the CRO team. CROs require diverse data sources, such as real-time market intelligence to anticipate economic shifts, predictive analytics to model supply chain disruptions, and social media sentiment analysis to detect reputational risks early, but before all of that, they need data and technology literacy. To overcome this, CROs can champion investments in data capabilities and technology education, starting with pilot projects that demonstrate value. For instance, implementing an integrated risk dashboard for a single business unit, using it to make critical decisions then leverage the results to justify broader adoption across the organization could be a way to build trust and credibility without significant upfront costs. The risk dashboard would tell a story, a business one, and be part of the strategic update package, making risk a seamless step in product strategy and performance discussions.
Resistance from traditionalists who view CROs solely as compliance enforcers is also common. To counter this, CROs can secure credibility through tangible successes. One project at a time, by being open, jargon-free and emotionally self-regulated, a CRO can become the new superstar of any company
Future Perspectives
The evolution of the CRO from an operational to a strategic function is not a transient trend, but rather a necessity as everyone has now access to the sophistications of the smartest models. AI is now offering opportunities for more advanced risk modeling and real-time decision support[5], enhancing predictive capabilities, but accessible for everyone. CROs no longer have the exclusivity of the models, but they can become hyper-translators that scale adoption and connect opportunities. Additionally, there is a growing emphasis on social and climate factors that require CROs to harmonize these considerations into their frameworks beyond footnotes, aligning risk management with stakeholder expectations and greater good considerations. .
[1] How the role of chief risk officer at banks is evolving | Banking Dive
[2] The mentor: The risk skills that Sequoia CRO Kristen Peed is determined to pass on to the next generation | Interviews | Strategic Risk Global
[3] EY/IIF Global Bank Risk Management Survey | EY – UK
[4] What’s important to the chief risk officer in 2025: PwC
[5] Five ways banking CROs are increasing agility | EY – Global
This website uses cookies to ensure you get the best experience on our website.
Read our Privacy Statement & Cookie Policy
