Part I of this paper examined the risk function’s evolution in response to (i) financial disclosures becoming increasingly risk-based, (ii) an increasing need to optimise capital management and business mix to enhance Return on Equity (ROE). The optimisation frameworks to determine the optimal ‘risk strategies’ need to be established by the risk function, which is now at the core of financial disclosure, technology and strategy. Part II examines the necessary competencies for the risk executives, in particular Chief Risk Officers (CROs), to be effective and lead the evolution. These are analytical, digital and strategic competencies. For the leadership roles in well-established finance, accounting, actuarial functions, and in engineering, it is recognised that professional qualifications, advanced content knowledge and experience are required for the leaders to be effective. We observe that this is often not the case for bank risk executives. It is not uncommon to see a leader without specific risk expertise and experience holding senior risk executive, even CRO, roles. CRO roles also have limited upwards mobility and can be the last stop, bridging the executive to retirement. We examine the potential causes, including the historical reasons, insiders’ bias, cognitive biases, pigeon-holed career paths and misuse of power. We make suggestions for improvements and opening the path for the next generation of risk professionals to fill the executive and board roles and lead the necessary evolution.