Daniël Smidts

Hi, Daniël Smidts, Managing Director at Corporater. Thank you for taking the time to speak with us ahead of the upcoming Leaders in Finance Risk Event on October 30, just one week away. We are delighted to have the opportunity to talk with you today. To start off, could you briefly introduce yourself and share a bit about your day-to-day work?

Thank you for inviting me. I am currently the Managing Director at Corporater, overseeing the Benelux region. In a previous role at Corporater, I was overseeing the financial services solutions and clients globally. Before that, I held various consulting roles at a Big Four firm, primarily working with financial services institutions. Above all, I’m a proud father of four and manage that together with my lovely wife out of our family headquarters in Driebergen.

The upcoming Risk Event will bring together a wide range of CROs from across the financial sector, as well as their direct reports, professionals specializing not only in financial risk but also in newer and emerging areas of risk. I would love to hear your thoughts on that, but let’s begin with the CRO role itself. In your view, how has the role of the Chief Risk Officer evolved over time?

What I have seen when working with many different CROs over the years is that the role has changed significantly. It has shifted from a back-office compliance and defense function focused on capital preservation to a strategic enterprise partner driving resilience and sustainable growth.

The position has evolved to include a direct connection with forward-looking strategic aspects that go beyond the traditional risk domains of credit or market risk. They are actively managing the balance between protection and profitable risk-taking, and encompasses a much broader set of non-financial risks as well, such as cyber, climate, and geopolitical risks, to name just a few.

That sounds like an enormously challenging job, because everything that can be considered a risk to a financial institution ultimately falls under the CRO’s responsibility. I can imagine focusing on credit and market risks, but as you mentioned, there are now many emerging risks as well. How do you see CROs balancing between those more traditional risks and the newer, emerging ones?

It’s definitely a challenge, and I see a range of different practices in how CROs approach it. The integrated perspective that a CRO needs to develop is a process that takes place before technology comes into play. Of course, our technology supports that process to a large extent, but before implementing and moving into an integrated GRC solution like the one we offer, the progress of the (behavioral) change management process is leading.

I believe much of it depends on the CRO’s vision and how they anticipate the necessary integration of what they need to cover, process integration and the behavioral aspects that drive success. Ultimately, CROs need to approach it from a fully integrated, enterprise-wide perspective supported by the humans-in-the-loop. I see many testing the ground and making some good progress and success.

You mentioned technology, and of course, you work at Corporater as a technology provider. To what extent do you see technology as an enabler for CROs in managing and balancing the different types of risks they face?

It depends on which technology, because there is such a wide range. Ten years ago, we were already discussing the importance of digitalization of financial services, even though there was already a strong reliance on technology. But I think those developments and the degree to which institutions depend on technology have only continued to grow.

Technology enables greater efficiency and timeliness. It allows institutions to take timely actions because they have access to real-time data and can conduct more predictive analyses based on that information. At the same time, however, it increases exposure to cyber risks and model risks such as bias or the lack of explainability of the underlying models. This is a natural consequence of increasing technological dependence.

That is why I believe the topic of resilience is not only relevant but essential. It is crucial to have a clear perspective on how to address and approach resilience. In my view, this remains one of the major responsibilities of the CRO today and tomorrow.

You mentioned the growing reliance on technology. I’m also curious about the human side of that equation, the people working in risk and the role of human oversight. When you think about automation and technological tools versus personal judgment and experience, where do you see the right balance between the two?

I think what is most interesting to look at is where you place your human in the loop. If you include human involvement too late in the process, you increase exposure. But if you bring it in too early, you risk creating an inefficient process that is less effective than it could be at an optimal level.

Automation is key to making a difference and fully leveraging available technologies-whether that is AI or more ‘traditional’ analytical software. Automation is key to making a difference and fully leveraging available technologies, whether that is AI or more ‘traditional’ analytical software. What is critical is to have a clear idea, or at least a plan, of where human interaction is essential. You need that framework in place, but without being too rigid about where potential failures might occur.

If a risk event materializes, what matters most is having an unbiased audit trail of events that does not focus on assigning blame but instead on understanding what went wrong.

Technology can really support that. The challenge is to position human interaction where it is most needed without disrupting the process or compromising the automation goals too much.

You mentioned that the role of the CRO has evolved from being primarily a guardian of risk, often with a back-office focus, to a more proactive and forward-looking actor. I would like to ask you about this anticipatory side of risk management. How do you think AI, or perhaps machine learning technologies more broadly, can be leveraged to anticipate and address emerging risks? Could these tools also play a role in improving decision making?

I think there are different levels of AI and machine learning that can be of real benefit. There are many views on this topic, but let me focus on three main areas where I believe AI can truly add value.

First, AI is valuable in situations where there is weak detection of risk exposures, the use of Natural Language Processing solutions is used to scan unstructured data such as external news sources, social media, or published reports. This helps identify emerging threats and relate them directly to an organisation’s processes and exposures.

Second, AI supports dynamic stress testing. It enables more interconnected simulations that allow organisations to analyze extreme but plausible scenarios in a more sophisticated way.

Third, AI enables possibilities to assess and price risks more accurately and to identify low-risk areas that align with the firm’s overall strategy. In this sense, AI can support value creation rather than impose unnecessary burdens across risk domains that might not even represent real threats. Given the scale of data involved, far beyond what a human could process, AI can provide insights that were previously out of reach.

It was really interesting to learn more about that during the event. I have another, more general question: we’ve already discussed several risks, but what do you see as the major challenges and opportunities for CROs in the coming years?

I think the resilience aspect, which I touched on earlier, is something we’ve only recently been able to truly test and understand in terms of how all its components interact. In essence, resilience requires integrating perspectives across different risk domains while also aligning them with strategic ambitions. That integration is a key challenge.

Having both advised on and implemented integrated risk software in recent years, I’ve seen how difficult it is to achieve that integrated perspective. Yet it’s essential for developing an effective resilience response and for identifying potential vulnerabilities. That’s what makes resilience planning both a major challenge and a key opportunity.

For CROs, I believe the opportunity lies in connecting strategy and strategic objectives with more traditional risk domains such as. From a human perspective, it’s also important to look beyond processes and technical content. The most underestimated factor is often the behaviour within teams. How do we respond when we identify gaps? How do we handle incidents when they occur? There’s much more to be said, but I think this behavioural dimension is a critical area where the CRO needs to take the lead. We’ve been discussing risk culture for many years, and I think it remains as relevant as ever. After all, organisations are still made up of people who make decisions. AI can support and automate a great deal, but it’s still humans who ultimately decide and enable the organisation to function effectively.

At the Risk Event, many leading risk professionals from across the financial sector will be present. You will join the second panel to share your perspective and experience, but I am curious what you are hoping to learn from others, whether from the speakers or the audience.

I’d like to gain more insight into how CROs are practically translating microeconomic risks such as geopolitical or climate risks into concrete short- or medium-term business decisions and frameworks.

How do these risks affect day-to-day elements like pricing strategies or decisions around counterparty selection, rather than being treated as long-term or abstract scenarios that only become relevant once regulation comes into play or their effects are fully realized? I’m especially interested in the technical steps, what can organisations do now to address these challenges in a tangible way?

Thank you, Daniël Smidts, for taking the time to speak with us today. In just a short while, we’ll be heading toward the Leaders in Finance Risk Event on the 30th of October.