Why Apac CROs are turning risk into strategic advantage

The role of the Asia-Pacific (Apac) chief risk officer (CRO) is evolving rapidly, with resilience, agility and artificial intelligence-driven analysis becoming as important as traditional risk oversight

Risk leaders in the Apac region are used to dealing with complexity. But, as geopolitical tensions, technological disruption and economic uncertainty reshape the operating environment – from shifting trade relationships across Asia and heightened regional security concerns, to the rapid adoption of generative AI (GenAI) across financial services – CROs are finding that traditional approaches built around periodic reviews and regulatory compliance are no longer sufficient.

That was a central theme of discussion during a lead panel session at Risk Live Japan, where senior risk leaders explored how the CRO role is evolving in response to a more complex and interconnected risk landscape. While the discussion focused on the Japanese financial sector, many of the challenges raised are shared by institutions across the wider Apac region.

A more complex risk picture demands greater agility

For many years, financial institutions were able to categorise risks into fairly well-defined buckets – across market, credit, liquidity and operational risk – but CROs acknowledged that those boundaries are becoming increasingly blurred.

Recent geopolitical developments have highlighted how quickly risks can converge. Uncertainty around global tariff policies, disruptions to major shipping routes serving Asian supply chains and growing concerns over the resilience of critical digital infrastructure have all demonstrated how geopolitical events can simultaneously affect market volatility, liquidity conditions and operational resilience.

As a result, CROs are increasingly focused on second-order and spillover effects – attempting to understand how shocks ripple through portfolios, counterparties, supply chains and the broader economy. In Japan, for example, a sustained appreciation of the yen may help reduce imported inflation while simultaneously putting pressure on export-driven manufacturers and their supply chains, creating knock-on effects for small to medium-sized enterprises’ credit quality and regional lending portfolios.

This sort of complexity means greater value is being placed on stress-testing, with firms increasingly treating it as a strategic tool for assessing emerging risks and supporting management decisions.

The goal is not to predict a specific event, but to be prepared. When firms can test portfolios on demand against a broad spectrum of scenarios ... they can separate noise from genuine threats and act with confidence as events unfold

Mayank Nanda, Numerix

The emphasis is moving away from producing a single, highly refined annual scenario to generating multiple scenarios, updating assumptions frequently and responding quickly as events unfold. Narrative-based stress-testing is becoming just as important as quantitative modelling, the CROs explained, particularly for geopolitical and non-financial risks where historical precedents are limited.

This shift is echoed by Mayank Nanda, head of market risk and credit risk analytics at Numerix, who argues the answer lies in pairing robust modelling with frequently scheduled scenario analysis – running stress tests daily, or even intraday in particularly volatile markets, rather than waiting on a quarterly or annual cycle.

“The goal is not to predict a specific event, but to be prepared,” says Nanda. “When firms can test portfolios on demand against a broad spectrum of scenarios – from macro shocks to liquidity dislocations – they can separate noise from genuine threats and act with confidence as events unfold.”

AI can enhance risk management, but humans remain essential

In a bid to understand more complex multi-risk environments and events, many firms are looking to AI to improve efficiency and enhance analytical capabilities.

Panel participants described a range of emerging use cases, including generating stress-testing scenarios, summarising research and external reports, processing and querying large datasets, and identifying transmission channels between different risks.

But the CROs stressed that AI should remain a supporting tool rather than a substitute for human judgement. Decision-making, accountability and interpretation must remain firmly within an executive remit.

Transparency and explainability were seen as the main barriers to broader adoption. Risk leaders need confidence in how outputs are generated before those outputs can be incorporated into critical decision-making processes. These concerns are increasingly reflected in supervisory expectations across the region, with regulators in key markets such as Singapore, Japan and Hong Kong making a plea for robust AI governance, accountability and human oversight.

Participants acknowledged that governance frameworks are still evolving, with institutions continuing to experiment with how AI should be supervised and how responsibilities are allocated between the first and second lines of defence.

Another worry is potential over-reliance on AI. While automation can improve efficiency, excessive dependence on AI-generated outputs could weaken critical thinking and diminish the ability of risk professionals to challenge assumptions independently.

The CROs suggested the most effective model is likely to be one in which AI enhances human capabilities rather than replaces them. Human-in-the-loop approaches remain essential to maintaining accountability, ensuring transparency and preserving sound judgement.

Nanda sees the greatest value today in AI’s analytical reach, citing machine learning that surfaces shifting correlations and emerging vulnerabilities hidden in large datasets, and GenAI also helping teams construct scenario narratives. But its most intuitive contribution, he suggests, is as a natural language interface to risk itself.

“When risk managers can query results conversationally – asking where exposures are concentrated or what is driving a move in a metric – deeper insight becomes accessible in seconds rather than in report cycles,” says Nanda. “That makes AI an amplifier of human judgement, not a substitute for it.”

From risk control to strategic resilience

As risk evolves, so too does the role of the CRO – assuming greater prominence within the executive function.

Historically, risk management has often been viewed primarily as a control function focused on preventing losses and ensuring regulatory compliance. Increasingly, however, CROs are being asked to contribute more directly to strategic decision-making.

Risk leaders must help boards understand not only what risks should be avoided, but also where risks can be taken intelligently in pursuit of growth. This means closer integration between risk management, business strategy and capital allocation decisions.

Underlying this shift is a broader focus on resilience – a concept that is becoming a defining objective of modern risk management in the Apac region.

Attempting to predict every possible disruption is a nigh-on impossible task. So, in line with regulatory guidance, firms are concentrating on building organisations capable of absorbing shocks, adapting quickly and continuing to operate effectively under stress. 

This perspective has implications for governance, technology investment and organisational design. It also changes how success is measured, the CROs said.

One suggested that the future CRO may increasingly resemble a ‘chief resilience officer’ – a leader responsible not only for risk oversight but for strengthening the organisation’s overall ability to withstand uncertainty and support long-term growth.

Nanda agrees that resilience has become an important organising principle precisely because it links risk management to growth. An institution that can absorb shocks and adapt quickly, he says, is one that can keep taking intelligent risks when competitors pull back.

“Integrated risk analytics give management a consistent, firm-wide view of exposures so capital can be deployed on risk-adjusted terms,” says Nanda. “Risk management then stops being a defensive checkpoint and becomes a genuine source of strategic advantage.”

Sponsored content