In your organization, is the CRO bundling the functions of Legal counsel and Chief Compliance Officer ? If yes, what are the pros and cons, and common pitfalls ? 

Not at this time, we use outsourced legal counsel.

Yes. CRO is a board member, Legal and Compliance below aggregated in 1 B-1, below divided into two Teams. The Risk is another B-1.
Pros: Close collaboration
Cons: Never saw conflicts, so no cons.

In my organization, the legal and compliance functions are separate from the CRO function. I represent the CRO function, but we also have it at the regional level. However, we maintain a robust collaboration with the legal and compliance teams, as the risk function would be adversely affected by a lack of information otherwise.

Combining these functions into a single team may offer advantages, but there are additional considerations to take into account. For instance, if you have a compliance officer, what is the scope of the role? Do you have an internal audit department? If so, how do they interact with these teams? What information is shared among them?

To construct an effective risk assessment, inputs from each function are necessary. If they are combined, the information is readily available due to their inclusion in the team. They can operate in a synchronized manner under the same leadership. The risk assessment approach would be consistent with compliance and legal requirements (although this cannot be guaranteed).

However, each function requires specialized knowledge bases. Furthermore, these domains have distinct scopes and objectives. If your organization is extensive, spanning multiple countries, there is a need for both global and local perspectives on laws and regulations. Compliance necessitates a skill set that encompasses the people, processes, and technology aspects of the requirements. The GDPR implementation is a prime example. Some organizations mistakenly viewed it as a purely legal matter and entrusted it to their legal teams. Others believed that the involvement of security controls and IT improvements warranted the IT department's handling. In reality, the solution lies somewhere in between.

In summary, consolidating these functions can facilitate the management of interconnected elements. However, it is essential to clearly define their scope, particularly beyond the realm of cooperation. (Legal counsel should support various activities in addition to compliance and risk.) Each function has its own agenda, which needs to be appropriately managed.