Click here to Visit the RBI’s new website

Index To RBI Circulars

PDF document (280 kb)
Risk Management Systems – Role of the Chief Risk Officer (CRO)


April 27, 2017

The Chairman and Managing Director/Chief Executive Officer
All Scheduled Commercial Banks
(Excluding Local Area Banks and Regional Rural Banks)
Small Finance Banks

Madam/Dear Sir,

Risk Management Systems – Role of the Chief Risk Officer (CRO)

Please refer to the guidelines on Risk Management Systems issued vide our circular DBOD.No.BP.(SC).BC.98/21.04.103/99 dated October 7, 1999 and the Guidance Notes on Management of Credit Risk and Market Risk issued in terms of our circular DBOD. No. BP. 520/21.04.103/2002-03 dated October 12, 2002.

2. As part of effective risk management, banks are required, inter-alia, to have a system of separation of credit risk management function from the credit sanction process. However, it is observed that the banks follow diverse practices in this regard. In order to bring uniformity in approach followed by banks, as also, to align the risk management system with the best practices, banks are advised as under:

  1. They shall lay down a Board-approved policy clearly defining the role and responsibilities of the CRO.

  2. Appointment of the CRO shall be for a fixed tenure with the approval of the Board of Directors of the banks. The CRO may be transferred/removed from his post before completion of the tenure only with the approval of the Board and such premature transfer/removal shall be reported to the Department of Banking Supervision, Reserve Bank of India, Mumbai. In case of listed banks, any change in incumbency of CRO shall be reported to the stock exchanges also.

  3. CRO shall be a senior official in the banks’ hierarchy and shall have the necessary and adequate professional qualification/experience in the areas of risk management.

  4. The CRO shall have direct reporting lines to the MD & CEO / Risk Management Committee (RMC) of the Board. In case the CRO reports to the MD & CEO, the RMC shall meet the CRO on one-to-one basis, without the presence of the MD & CEO, at least on a quarterly basis.

  5. The CRO shall not have any reporting relationship with the business verticals of the bank and shall not be given any business targets.

  6. In case the CRO is associated with the credit sanction process, it shall be clearly enunciated whether the CRO’s role would be that of an adviser or a decision maker. The policy shall include the necessary safeguards to ensure the independence of the CRO.

  7. In banks that follow committee approach in credit sanction process for high value proposals, if the CRO is one of the decision makers in the credit sanction process, he shall have voting power and all members who are part of the credit sanction process, shall individually and severally be liable for all the aspects, including risk perspective related to the credit proposal. If the CRO is not a part of the credit sanction process, his role will be limited to that of an adviser.

  8. In banks which do not follow committee approach for sanction of high value credits, the CRO can only be an adviser in the sanction process and shall not have any sanctioning power.

  9. The CRO in his role as an adviser shall be an invitee to the credit sanction/approval committee without any voting rights in the proceedings of the committee.

  10. There shall not be any ‘dual hatting’ i.e. the CRO shall not be given the responsibility of Chief Executive Officer, Chief Operating Officer, Chief Financial Officer, Chief of the internal audit function or any other function.

Yours faithfully,

(S. S. Barik)
Chief General Manager-in-Charge