Our goal is to document the causal impact of having a board-level risk committee (RC) and a management-level executive designated as chief risk officer (CRO) on bank risk. The Dodd Frank Act requires bank holding companies with over $10 billion of assets to have an RC, while those with over $50 billion of assets are additionally required to have a CRO to oversee risk management. The innovation that allows us to document a causal impact is our research design. First, we use the passage of the Dodd Frank Act as a natural experiment that forced noncompliant firms to adopt an RC and appoint a CRO. We adopt the difference-in-difference approach to estimate the change in risk following RC and CRO adoption. Second, we use the regression discontinuity approach centered on the $10 billion and $50 billion thresholds whereby firms that were just below the threshold were not required by the law to install an RC and to recruit a CRO, while those just above the thresholds had to comply with the regulation. Our contribution is to document that neither the RC nor the CRO have a causal impact on risk near these thresholds. However, we do find strong evidence of risk reduction following the passage of the law.