So many blogs, articles and studies on financial crisis lessons have been published since 2008 that one would think we covered them all. A "tsunami" of new rules was one of the effects, but one obvious lesson never made it to the legislative floor: the banks' group risks. Being part of a (large, international, complex) group or network comes with risks that add up to the usual menu of sector-specific risks that a Chief Risk Officer tackles. Or rather, uncertainties add up, for the complexity of international giants and cross-border networks isn't easy to measure, monitor, let alone control. Still, there are tools, also included in legislation, to control these "group risks", and they've existed since 2002. The seven group risks are seven C's: Capital, Concentration, Contagion, Complexity, Conflicts of Interest, Culture, and Cyber. In this paper I'll explain what the seven group risks are about, give examples of how they can be addressed, and examples of regulatory tools that have been available for supervisors in the European Union to enforce the management of group risks. I'll conclude with an idea of how to include these tools in the rules for complex banking groups.