All Conventional bank licensees must establish an independent Risk Management function and appoint a head of risk management function, referred to as Chief Risk Officer ('CRO') or any equivalent title. The function must be independent of the individual business lines and report directly to the Board of Directors or its Audit or Risk Committees and administratively to the Chief Executive Officer ('CEO'). The role of the CRO must be independent and distinct from other executive functions and business line responsibilities, and there must be no 'dual hatting' (i.e. the chief operating officer, CFO, chief auditor or other senior management personnel must not also serve as the CRO).