Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society.

 

Justin interviews James Lam about the evolving role of the CRO since the pandemic, vital competencies for today’s CROs, risk appetite frameworks, and a case study of E*Trade and how they succeeded with a strong risk appetite framework. They continue the discussion with an examination of James’s upcoming six-module virtual course, the RIMS-CRO Certificate in Advanced Enterprise Risk Management. James concludes with his vision of the future of ERM using AI as an enabling tool.

Listen to learn more about successful strategies CROs can apply to their ERM programs.

 

Key Takeaways:

[:01] About RIMS and RIMScast.

[:17] About this episode of RIMScast. Our guest is one of the great thought leaders in risk management, James Lam. He returns to RIMScast today to talk about ERM and a new bi-weekly virtual course he’ll be teaching for RIMS that begins in July.

[:48] RIMS-CRMP Workshops! Register by July 1st for the next RIMS-CRMP Virtual Workshop, which will be co-led by Parima. That course will be held on July 8th and 9th.

[1:04 ] The next RIMS-CRMP-FED virtual workshop will be led by Joseph Mayo on July 17th and 18th. Register by July 16th. Links to these courses can be found on the Certification Page of RIMS.org and through this episode’s show notes.

[1:23 ] RIMS Webinars! The next RIMS Webinar will be held on June 17th. It will be presented by Origami Risk. It’s titled “Strategic Risk Financing in an Unstable Economy: Leveraging Technology for Efficiency and Cost Reduction”. Register today through RIMS.org/Webinars

[1:43 ] RIMS Virtual Workshops! On June 12th, Pat Saporito will host “Managing Data for ERM”, and she will return on June 26th to present the very popular new course, “Generative AI for Risk Management”.

[2:00 ] A link to the full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode’s show notes.

[2:12 ] Mark your calendars for November 17th and 18th for the RIMS ERM Conference 2025 in Seattle, Washington. The agenda is being built. Soon, we will distribute a Call for Nominations for the ERM Award of Distinction. I’ll update this episode’s show notes when that link is ready.

[2:35 ] Think about your organization’s ERM program or one that you know of, and how it has generated value. We will have more on that in the coming weeks.

[2:43 ] On with the show! Our guest today is a risk management trailblazer who is widely considered the world’s first Chief Risk Officer. I’m talking about James Lam.

[2:54 ] Starting on July 16th, James will host a six-module course for RIMS, The RIMS-CRO Certificate in Advanced Enterprise Risk Management. It’s a bi-weekly course that will run through Wednesday, September 24th. Registration closes on July 9th.

[3:14 ] James is here to discuss and share his ERM philosophies, how the practice has changed in the past five years since he was last on the show, and to give us a preview of what the upcoming course will be like and how it could boost your risk career.

[3:31 ] Interview! James Lam, welcome back to RIMScast!

[3:37 ] James was a guest on RIMScast in the Fall of 2020. We’ve gone through a lot in the last five years! We’ve lived through a pandemic, and companies realized the importance of operational resilience and strategic risk management.

[4:14 ] James says today we are facing unprecedented geopolitical risk. We are also facing AI risks and opportunities. Some Chief Risk Officers have stayed relevant and elevated their careers and skills, while others have failed in their organization’s ERM programs.

[5:01 ] James tells what may cause a CRO to fail. Applying a “check the box” approach or a compliance approach, without staying relevant with the evolving risk landscape.

[5:29 ] Speaking of successful CROs, James said one CRO he worked with went from being a treasurer reporting to the CFO, to becoming the CRO, then the CFO, and eventually the CEO, all within eight years.

[5:58 ] He and other successful CROs had learned how to add strategic value and be relevant to key decision-makers at the board level and the executive level.

[6:15 ] A key competence is applying risk analytics to quantify and minimize unexpected earnings, helping companies maintain sustainable, predictable profitability.

[6:40 ] Then, evolving that to understanding capital management to optimize capital allocation, dividend policies, and risk transfer strategies, ultimately, applying the same risk analytics to support corporate and business decisions.

[7:05 ] Being able to add strategic value is the most important competence for a Chief Risk Officer today.

[7:26 ] Management and corporate directors are concerned about the unexpected. As CROs, how do we connect our work with things that are the most meaningful to the decision-makers and key internal stakeholders? All boards, CEOs, and CFOs are concerned about earnings.

[7:53 ] Unexpected earnings variance and guidance are things that they are concerned about. CROs can help them with predictable profitability, long-term capital management, and value creation.

[8:10 ] How does a CRO support the leaders’ decision-making at the corporate level, where there’s M&A or new products, and at the business level, in terms of risk-based pricing and risk transfer decisions?

[8:43 ] James thinks the risk appetite framework is one of the most important processes and capabilities for advanced enterprise risk management.

[9:01 ] Frameworks that don’t do well tend to be mostly or entirely qualitative. They tend to be static, maybe updated once a year, with very little change.

[9:15 ] The frameworks that are more strategic and add more value to companies tend to be a combination of quantitative and qualitative.

[9:42 ] Successful risk appetite frameworks also consider risk capacity in terms of capital resources, earnings, and liquidity, relative to our risk management capability and track record.

[10:01 ] Successful risk appetite frameworks look at opportunities. What is the opportunity for profitability, growth, and innovation, relative to risk? If the opportunity is high, then we should be willing to take on more risk.

[10:19 ] Successful risk appetite frameworks tend to be more dynamic in a way that allows the company to reduce risk when it is appropriate but also to take more risk when it is appropriate.

[10:31 ] James says a good risk appetite framework would guide organizations to take more risk, on a selective basis.

[10:57 ] James uses E*Trade as a case study. James was on the board of E*Trade and chaired its risk committee. This case study is in the RIMS CRO Certificate Program in Advanced Enterprise Risk Management.

[11:28 ] James will invite E*Trade’s CRO, the head of ERM, and one of the regulators, to provide first-hand experiences and lessons learned.

[11:41 ] James gives examples of how ERM improved E*Trade’s business outcomes and profitability. Based on a robust risk appetite framework, E*Trade thought it needed to take more risk in new product innovation and shorten the time to market dramatically.

[12:21 ] Because of that, E*Trade was the first company to offer retail investors the capability to trade stocks and mutual funds on their Apple Watch. It was a very important business opportunity as the Apple Watch was hugely popular.

[12:49 ] This tied into E*Trade’s founding as the first internet company to allow retail investors to trade on the internet. It was a proud moment for E*Trade. It shows how a robust ERM program and risk appetite framework can support innovation and business growth.

[13:16 ] In the eight years James was on E*Trade’s board until it was sold, its stock went from $8 to $59 a share. It went from B to BBB, from losing money to making money, and from a weak capital position to buying back over $1 billion in stock and offering its first-ever dividend.

[13:52 ] In addition to the E*Trade case study, the course will look into other case studies, good and bad. We will learn from organizations that didn’t manage risks effectively and what we could learn from them to prevent that for our organizations.

[14:13 ] We will learn from best-practice companies in the energy and healthcare space.

[14:30 ] Plug Time! The very first RIMS Tex