Ebbe Negenman

Ebbe Negenman, thank you for taking the time to speak with us ahead of the upcoming Leaders in Finance Risk Event on 30 October. You’ll be one of the speakers there. Could you start by introducing yourself and telling us a bit about your current role and what you’re working on?

I have been in the financial sector for almost twenty-five years, mainly in risk management. I began my career focusing on market risk, asset and liability management, and the more quantitative aspects of the field, including a lot of modelling. My background is in mathematics, and I hold a PhD in this subject.

I started out at MeesPierson, then moved to ING, where I also worked in the Asia-Pacific region. After that, I joined ABN AMRO, and later Knab, a fintech bank. Over time, I transitioned from working with traditional banks to more modern and technology-driven ones, which was a deliberate choice. This journey allowed me to see risk from many different perspectives. I moved from market risk into broader areas such as compliance, cyber, and IT risk, and later became involved in impact investing, which also introduced me to ESG-related risks. Along the way, I have held several CRO and CFO positions. I think financial services are the glue that holds modern commerce together. Consequently, I recently joined bol, a tech platform that has built trust and convenience in e-commerce for more than 26 years. I oversee the risk management framework, ensuring we stay compliant and agile as legislation evolves, and enable secure, seamless transactions for bol’s customers and partners.

You have extensive experience across very different types of organisations in the financial sector, which must have given you a wide range of insights. The CRO role will be a key theme at this year’s Risk Event. You were previously CFRO at Polestar Capital and, before that, CRO at Knab. Now you are at Bol. Having been in risk leadership roles for several years, how do you see the CRO role today?

It’s evolving all the time, and it’s becoming more and more interesting. I have to say, it was already interesting twenty-five years ago. But if you look back, the CRO role used to be more an audit or controlling function — a bit of an ex post ivory tower. After something happened, you would analyse it, report on it, and try to learn from it afterwards.

These days, it’s much more about steering and being proactive. You ask: what risks might occur? Can we anticipate them? Can we manage them before they materialise? It’s more like being a captain on a ship, navigating together with the rest of the board through all the risks that lie ahead. And there are more and more of them, which makes the role even more exciting. Experience really helps, especially when you’ve lived through crises. I learned the most during those times. I was Risk Director at ING Real Estate — one of the biggest real estate investors in the world — during the 2007 crisis. We made plenty of mistakes, but that period became a real intense learning cycle for me. Those obstacles paved the way for my later career.

When you compare the more traditional, established banks with the newer fintechs, do you also see differences in the CRO role between those types of organisations?

Yes, definitely. In the big banks, you could hide more, because they were large. You would be in meetings with many people, and responsibility was something that was more shared. When something went wrong, it was too easy to point to mistakes or spread accountability across the team.

In a fintech, it’s very different. The companies are smaller, so you have the responsibility and are much more operationally involved in the day-to-day work. You really do things yourself, you can’t hide anymore. Because of the size of the organisation, you have to be hands-on and take ownership.

At large banks, you might only be responsible for one area, like market risk, while others handled credit risk or operational risk. In fintechs, you often cover everything. When I started at Knab, compliance was also part of my remit, and I was responsible for that as well. Coming from a risk management background, it’s important to surround yourself with people who are real experts so that you can take responsibility effectively.

It’s a different kind of job, broader, more dynamic, and in many ways more fun,but it also comes with greater responsibility and, of course, more personal risk.

The scope of responsibility for a CRO is very broad, and there are so many different types of risks to manage, as you mentioned. When we look at that balance, how do you see CROs navigating between the more traditional risks, such as credit and market risk, and the newer, emerging ones like cyber, climate, or geopolitical risk?

That’s an important question. I would say that market and credit risks have been around for a very long time, so we have a lot of knowledge and experience in those areas. We also have many models that can work quite well. So while those risks are still present, managing and controlling them has become more familiar. We understand them, and that allows for a bit more confidence.

The newer types of risks, however, require much more attention before you can feel truly comfortable. There are many unexpected elements that are not yet reflected in models because the data simply isn’t there. And even when you do have data, the question is whether historical data is actually a good predictor for what’s ahead. Those are the kinds of challenges we’re facing now.

Another important aspect, and something I’ve learned over the years, is the psychological side of risk. You can have models and predictions, but at the end of the day, we are all human. When trust disappears, when panic or uncertainty sets in, how do people react? These human factors were also key triggers in the 2007 crisis.

That’s why I believe it’s essential to think through these behavioural and scenario-driven dimensions carefully. Just the other day, I was talking to someone who mentioned the retention risk of risk managers leaving an organisation, and with them, the loss of corporate memory. That’s a real risk, and one that needs to be managed. So beyond the traditional categories, these more psychological and less quantifiable risks are increasingly important. They require just as much time and attention, maybe even more.

To what extent do you see technology as an enabler versus a threat? And as a follow-up, since you mentioned the CRO’s role becoming more proactive and predictive, how do you see technology contributing to that shift?

I am a big fan of technology, and you can see that throughout my career. Moving into the fintech space was a conscious choice because I truly believe in the potential of technology and artificial intelligence to make banking and financial services better. For me, it is definitely an enabler. It is something we should embrace because technology is a natural part of banking. It is a service industry, and technology helps us improve that service.

Of course, as with anything you do, new risks come with it. Information technology and cyber risk are clear examples. Over the past ten to fifteen years, I have worked a lot in this area, and I am still amazed by the possibilities, both the positive ones and the new types of criminal business models that appear. Managing those risks takes a lot of effort.

So it is both an opportunity and a challenge. But overall, I am a strong believer in using technology, just in a controlled and responsible way. That is always the first step. And then, of course, we have to stay aware of the risks and manage them carefully.

Looking ahead, what do you see as the main challenges and opportunities for CROs over the next five to ten years?

That is always difficult to predict. What I do see, and what makes me very glad, is that the attitude of risk managers is evolving. In the past, they were often seen as the accounting people, only focused on figures. Now I see them increasingly incorporating new areas such as climate risk, IT risk, and even psychological risk. When I talk to my peers, I notice how the CRO role has developed from what used to be a rather dull accounting function into one that is actively involved in steering the company.

I also see innovation playing an important role. When I worked at Polestar Capital, we provided loans to innovative companies. That experience showed me how climate innovation, for example, can make banking genuinely creating impact and forward-looking. I believe this is where we should continue to evolve as a sector.

That evolution also means being willing to take risks, because these new and innovative ventures often do not fit into traditional financial models. As a banker, you have to be open to financing new ideas and new industries. It is about moving from simply avoiding or mitigating risk toward managing it consciously and using it to enable something new.

That, I believe, is where the CRO role should continue to develop. It is challenging, and it is not something you can do alone. You need to work closely with the CEO and CFO to make it succeed.

That is an interesting perspective, taking more risks to mitigate risks. I have two more questions. You mentioned the importance of the team around you, but let us focus on the CRO for now. What qualities do you think will be essential for an effective Chief Risk Officer in the future?

You need to understand risk and have deep knowledge of risk management. That is still the foundation and often the more introverted side of the risk manager’s profile. But to really move a bank or financial institution forward, you also need strong social skills.

A CRO should be a leader. It is not just about control or oversight; it is about setting the right risk culture and getting people across the organisation to work in line with that culture. Everyone knows this in theory, but putting it into practice takes real effort. You have to make sure people follow you, not only in the second line of defence, but also in the first and third lines, and that they share the same vision. That is something we really need from CROs today. It used to be a skill more associated with the CEO, but it should now be an integral part of the CRO role as well. The CRO is really part of the team leading the institution. That is important, because banking is ultimately about doing business, and doing business always involves taking risks. To help the business grow, you have to manage those risks effectively. Everyone in the organisation is a risk manager. Some of us simply have the title written on our foreheads.

For my last question, the Leaders in Finance Risk Event is coming up on the 30th of October, and many CROs from across the financial sector will be there, from organisations such as ING, Mollie, NIBC, ABN AMRO, ASN, and N26, just to name a few. What are you most curious to learn from them?

There are many things I am curious about. In the end, we are all doing more or less the same kind of work, but we each bring different experiences. It is always valuable to learn from those experiences, especially from the mistakes we have made along our way. I know some of the people who will be there, and I think it will be great to share not only successes but also the obstacles we have faced. That is where the real learning happens. We come from different sectors and backgrounds, we can combine our knowledge and help improve the overall risk landscape and the role of the CRO. It is a perfect setting to learn from one another and to make all of us better at what we do.

That is really interesting. Thank you, Ebbe, for taking the time to speak with us today in the lead-up to the Leaders in Finance Risk Event on the 30th of October. We are very much looking forward to it.