The autumn of 2008 may well go down as The Great Fall of the financial system, as the broad market indexes and three storied U.S. financial institutions collapsed and the masterminds of previously unfathomable Ponzi schemes-most notably Bernard Madoff-were exposed for lining their own pockets with billions of dollars of other people's money.

Last year issued in a new era, with the financial game reset to zero and all-previous bets off. What worked a year earlier or even ten years prior didn't ring true anymore. Faith in the system was gone and somehow even the safest-seeming things could no longer be trusted. It was time for change. The biggest issue of all for investment managers and investors became, "How do I take my risk off the table?"

Hedge funds, which traditionally were viewed by the consumer press as deep murky pools of risk to begin with, borrowed a page from the corporate culture and began hiring chief risk officers. This begs a number of questions, including what is a chief risk officer at a hedge fund and can he really take risk off the table? What can he do that a portfolio manager or chief investment officer can't? How can advisors be certain that a CRO is mitigating risk and isn't just window dressing?

In the last year, many large hedge funds, including BlueCrest in London, have hired CROs, while recruiters have sought to fill many newly created CRO positions. Many startups are coming out of the gate with a CRO on board. The job descriptions may be different, but the mandate for the chief risk officer generally can be stated in one sentence: Control risk without destroying returns.

"The role of the chief risk officer varies from fund to fund," says Leslie Rahl, founder and managing partner at Capital Markets Risk Advisors, a New York-based consultant. "At its best, a CRO wears both strategic and control hats, but in some funds it is primarily a 'cop' role, while at others it is a marketing role."

Risk is inherent in all investments, Rahl notes, but the job of a CRO is to counter unintended risks-risks that are not understood and that offer no reasonable chance of reward.

"The most effective CROs think strategically about how to allocate the firm's scare risk appetite, as well as ensure that risk is diversified within limits and well understood," he says. "A CRO also worries about what could go wrong and the least likely events and whether the fund could withstand them, leaving the portfolio manager to focus on the more likely outcomes. You need both perspectives."

Susan Mangiero, president and CEO of Investment Governance Inc., in Shelton, Conn., sees risk management as an integral part of a firm's culture and one of the keys to its success. "Instead of looking at risk management as a roadblock, it should be promoted as part of your culture and viewed as the best way to ensure the firm's longevity," Mangiero says.

She says that the role of the CRO can be broadly defined and the role may depend upon the size of the organization, but there are a few key areas of responsibility. An effective CRO must:
Ask tough questions about the risk "cost" of every expected dollar in return, which is required for setting up a risk budget;
Have an appropriate compensation and reporting line structure that rewards calculated risk-taking as opposed to incentives that perversely reward people for a short-term focus on returns but leave the risk costs to others;
Identify problems with pricing models (poor data, questionable assumptions, etc.) and then create a tolerance band for model error. How often can a model veer from expected outcomes-through back-testing or applying the model with "what-if" simulated inputs-before the model is deemed not acceptable for use? Model integrity is crucial because oftentimes hedging and asset allocation decisions are tied to model outputs;
Ensure that back-office, middle-office and front-office professionals are adequately trained and supported with a robust risk-management system;
Recognize that many risks do not exist in isolation. When times are bad, you often have a confluence or compounding of different risks. For example, with structured products, liquidity risk was arguably greater than anticipated because the quality and quantity of supporting collateral was sometimes wanting. For any financial institution that had hedged part of its structured product portfolio, it may have found itself with another risk in the form of counterparty defaults. The risks are often not additive, and a good CRO needs to truly understand the interrelationships among financial, operational and legal risks, to name a few.

The current environment requires a CRO to be particularly attentive to some additional things as well. "A CRO in the current climate must be very aware that market conditions can change so quickly that exiting a position could be difficult or impossible," Mangiero says.