Managing risk without becoming a CRO
February 18, 2026
Ultimately responsible, the boards of directors of small financial institutions must weigh risks with sufficient understanding to make decisions and exercise control.
In an institution subject to FINMA regulation, risk governance and risk culture are ultimately the responsibility of the board of directors. This responsibility has been strengthened, particularly with regard to risk-taking, anti-money laundering, and other related issues such as resilience. Directors are therefore called upon to make decisions on issues that are increasingly technical and interdependent.
But should we expect every member of the Board to have the same level of expertise as a Chief Risk Officer (CRO)? At this stage, the answer is nuanced. The Board must have a global and strategic vision: asking the right questions, assessing the reliability of reports, and pragmatically judging the relevance of mitigation measures. However, requiring everyone to have skills as specialized as those of a CRO is not necessary at this time.
However, it must be acknowledged that the changing environment does not make the task any easier. Geopolitical risks, conflicts, sanctions, taxes, and other macroeconomic factors have indirect but very real effects on the economy. At the same time, increasing dependence on certain suppliers is making banks more vulnerable. Not to mention advances (...)
