Resilience is quickly moving to the top of corporate agendas, giving rise to a new C-suite role: chief resilience officer. Saqib Alam, a crisis management partner at Morrison Foerster, outlines eight core attributes a CRO might have.
A volatile, uncertain, complex and ambiguous world is the new normal. The current geopolitical landscape has put crisis management and organizational resilience firmly on the boardroom agenda. Companies are increasingly looking for a quarterback to execute their resilience objectives and this has given rise to an emerging C-Suite role — the chief resilience officer.
A chief resilience officer (CRO) operates at the intersection of crisis preparedness and value creation. CROs help organizations address evolving risks and crises, including creeping crises (that develop gradually and imperceptibly), converging crises (two or more crises coming together in a perfect storm) and compounding crises (where one crisis leads to another). Unlike chief risk officers, who typically operate as a vertical function and have defined day-to-day regulatory and financial risk management and compliance reporting responsibilities, CROs operate horizontally across business units and have a broad and constantly changing focus with one goal: to make the organization stronger.
The primary role of a CRO is to work hand-in-glove with all the company’s major business units (product and service lines) and business functions (HR, legal, compliance, finance). CROs help organizations see around corners and strengthen their adaptability to adverse changes. A CRO might be a generalist, with experience in government, military or multinational corporations and far-reaching interests that include strong communication and coordination skills, and someone who is prepared to regularly be taken outside their comfort zone and ask questions about the unknown. The CRO can be a fantastic role for individuals driven by curiosity, a deep desire to solve problems and inspire others to make their organization stronger.
Be a champion collaborator
A chief resilience officer operates horizontally across the business, not vertically. CROs either work independently or within a very small team of no more than one to two direct reports. This is because the main goal of the CRO should be to empower the people in the organization and build a resilience mindset.
Accordingly, CROs should work closely with — and rely on resources from — other business units and functions within the organization. Organizational resilience needs to come from within, and empowering business units and functions will help achieve this. A small and strategically minimally resourced CRO office also means the role remains nimble, and not bogged down by its own processes but instead works with others.
The chief resilience officer is also a C-suite executive role who reports to the CEO. A direct reporting line to the CEO will provide a CRO access to fast decision-making, allowing decisive action to be taken in times of crisis.
Check in on trends
CROs need to find out what is trending in their organization. This is probably the main differentiator between a chief resilience officer and chief risk officer. Chief risk officers typically use formal processes like audits and risk registers to assess and manage risk, with a focus on particular business units or defined risk areas within the organization at any given time.
Chief resilience officers, on the other hand, study data points from across businesses by way of check-ins and informational meetings, without the formality (and ensuing fear among employees) of risk audits. These informal check‑ins apply both to business units that are underperforming and those that are doing well.
A CRO will use the information gleaned from their reviews to identify areas where risks and opportunities lie for the organization. These include preparing detailed reports, actionable plans and updates to the CEO. Driven by curiosity and a deep desire to make the organization stronger, a CRO offers an avenue for value creation.
Curiosity counts
In order to do their job, a chief resilience officer needs an immense sense of curiosity about the organization and the world. CROs should engage in horizon scanning daily to ascertain geopolitical risks that may impact the organization. A CRO’s curiosity should apply to all internal aspects of the business, too, including its people and culture.
Through effective collaboration and walking the floors, CROs find out what exciting opportunities employees are pursuing and what really makes the organization tick. In the event of a crisis, the CRO will need to rely on these very relationships to coordinate crisis response.
Curiosity will foster a more intimate understanding of the business to find answers to questions like: What proportion of our revenue/employees/suppliers are associated with jurisdictions that have high bribery risk? What percentage of our sales are carried out in markets that border sanctioned countries? What is the average age of employees managing certain client relationships and how does this impact succession planning? Chief resilience officers need curiosity to grasp the nuances of the business they’re ultimately responsible for protecting and strengthening.
So … Are They Sanctioned or Not? How to Interpret Nuanced Sanctions Findings
Doing business with a sanctioned entity or individual is an excellent way to risk fines and reputation damage. But figuring out whether a potential third party or customer is sanctioned is easier said than done.
Read moreDetailsDigest data
We live in a data-driven world. CROs should test data and identify trends. A chief resilience officer needs to be comfortable studying and analyzing data to ascertain emerging areas of risk and opportunity. Every organization has hundreds of data points for the CRO to study. These include plain-view and hidden data points. The latter are routinely overlooked, which provide clues to a creeping crisis.
By looking at nontraditional data points and extrapolating them into trends, the chief resilience officer will not only be able to spot imperceptible crises but also look for opportunities to make the organization more resilient. What can be measured, can be managed. The chief resilience officer should also explore how metrics that are not currently measured at all can be tracked (within the bounds of data privacy laws, of course).
Effective communication
Alongside curiosity, CROs need excellent communication skills. Chief resilience officers need to communicate their projects and intentions clearly and transparently in order to empower others to build a resilience mindset. Effective communication also builds trust. In times of crisis, communication is critical. Communicating also does not solely mean talking and publishing reports, it means listening and engaging in dialogue. CROs need to listen, learn, interpret and take action on feedback provided by the business.
Coordinator-in-chief
The organization should see its CRO as an enabler and a facilitator. The chief resilience officer also needs to be a coordinator-in-chief, quickly assembling teams in times of crisis. This coordination extends both internally and externally, and CROs will need to familiarize themselves with existing external advisers (lawyers, public relations and government affairs advisers and consultants) and have this support on speed dial. You should never exchange business cards during a crisis.
Further, with the increased prospect of litigation and leaks in times of crisis, a chief resilience officer should also be conversant in legal areas, such as legal privilege and whistleblower engagement.
Be practical and make actionable recommendations
It is not possible to prepare for or prevent every crisis, and it is not economical to keep resources on standby all the time. CROs therefore need to exercise judgment in determining what is best for the organization, while striking a balance between preparedness and value creation. Value creation can come in the form of organizational robustness or the identification and pursuit of new profitable opportunities. Without practical solutions and value creation, a CRO’s role becomes a vanity project and a bottomless cost center. The CROs recommendations need to be actionable, and the CRO should work with the relevant business units and business functions to implement them.
Build transparency and trust
Lastly and most importantly, CROs need to build trust. Through regular engagements within the organization, CROs should aim to build trust with its people, which is crucial during times of adversity. Transparency is an essential element of building trust, and CROs always need to be candid in what they are doing and sharing opportunities and risk areas with business unit leaders. Through empowerment and engagement, CROs can inspire an organization and its people to develop a resilience mindset.
Saqib Alam is a partner in the London office of Morrison Foerster. He advises global companies, boards and high-net-worth individuals facing business-critical issues and helps them resolve such matters from a legal and reputational standpoint. 
