Regulators expect every single financial institution (i.e. bank, thrift or a credit union) to have in place a risk management process to manage all of the risks involved with being in the business of banking such as credit, compliance, operations and other risks.

One of the key risks faced by a financial institution is compliance risk. It is defined commonly as the risk of legal or regulatory sanctions or adverse impact to earnings, capital or reputation from failing to comply with laws, regulations, rules or code of conduct or other standards.

Recent regulatory enforcement actions, cases and industry surveys indicate that many financial institutions are thinking of compliance narrowly as compliance only with laws or regulations. As such, they are not managing or mitigating compliance risk effectively and are creating exposures to their overall risk management program.

A common example is where many financial institutions are being sued by private plaintiff attorneys for unfair deceptive acts and practices in lending. Even though these institutions have a compliance program and are in technical compliance with lending laws and regulations such as TILA and Regulation Z, certain lending practices and behaviors committed were not within the institution’s code of conduct and ethical standards that are the root cause for the unfair deceptive acts and practices lawsuits.

Financial institutions should make sure they properly define compliance risk and include in their compliance program’s scope compliance not only with all applicable laws and regulations, but also rules, policies, procedures, code of conduct or other standards.

Financial institutions should also make sure to become familiar with the Basel Committee's Compliance Guide and incorporate the 10 compliance risk management principles recommended by the Basel Committee.

Quick links to the other Top 5 Risk Issues

The Basel Committee on Banking Supervision is a committee of banking supervisory authorities which was established by the central bank Governors of the Group of Ten countries. It consists of senior representatives of bank supervisory authorities and central banks from Belgium, Canada, France, Germany, Italy, Japan, Luxembourg, Netherlands, Spain, Sweden, Switzerland, United Kingdom and the United States. It usually meets at the Bank for International Settlements (BIS) in Basel, Switzerland.

While the Basel Committee is more recently known for its work on trying to establish uniform capital requirements for banks, it has conducted extensive research into risk management best practices and published several key guides, which cover topics such as corporate governance and compliance programs.

Compliance Coach's team of attorneys and regulatory experts monitor and analyze Basel Committee's work regularly. We also work with leading financial institutions of all sizes on a variety of consulting engagements to improve risk management. We focus on the root causes of the regulatory issues and identify risk management best practices and integrate the learning and knowledge into our solutions.

Every single financial institution should become familiar with the Basel Committee guides and strive to implement its 10 Compliance Risk Management Principles. Doing so will enhance one's risk management program significantly because the principles reflect tried and tested practices without regard to size, geography or complexity of operations.

Basel Committee 10 Compliance Risk Management Principles:

1. The board of directors is responsible for overseeing the management of the financial institution's compliance risk. The board should approve the compliance policy, including a formal document establishing a permanent and effective compliance function. At least once a year, the board or a committee of the board should assess the extent to which the institution is managing its compliance risk effectively.
2. The financial institution's senior management should be responsible for the effective management of the institution's compliance risk.
3. The financial institution's senior management should be responsible for establishing and communicating a compliance policy, for ensuring that it is observed, and for reporting to the board of directors on the management of the institution's compliance risk.
4. The financial institution's senior management should be responsible for establishing a permanent and effective compliance function within the institution as part of the institution’s compliance policy.
5. The financial institution's compliance function should be independent.
6. The financial institution's compliance function should have the resources to carry out its responsibilities effectively.
7. The responsibilities of the financial institution's compliance function should be to assist senior management in managing effectively the compliance risks faced by the institution. If some of the responsibilities are carried out by staff in different departments, the allocation of responsibilities to each department should be clear.
8. The scope and breadth of the activities of the compliance function should be subject to periodic review by the internal audit function.
9. The financial institution should comply with applicable laws and regulations in all jurisdictions in which it conducts business, and the organization and structure of the compliance function and its responsibilities should be consistent with local legal and regulatory requirements.
10. Compliance should be regarded as a core risk management activity within the financial institution. Specific tasks of the compliance function may be outsourced, but they must remain subject to appropriate oversight by the head of compliance.

Risk Management Best Practices – How do you Rate?
If you answer Yes, that means you are utilizing the best practice. A No answer will indicate a missing best practice at your institution:

1. Do you have a written enterprise-wide Risk Management Program that is approved by the board of directors?
2. Does your risk management program and process cover all of the types of risks faced by your institution?
3. Is your risk management program and process updated regularly to reflect the changing risk profile of your institution?
4. Is your risk management program and process updated prior to rolling out new products or lines of business?
5. Does your risk management program and process assign clear responsibilities and accountabilities and are these people trained on the program, process and their duties?

How can Compliance Coach assist you?

1. Consulting Services – We can provide you with a team of our nationally recognized experts to review your risk assessment system, process and practices. We will provide you with industry best practices and recommendations for improvements.
2. Risk Assessment Software - We can provide you access to our nationally recognized automated risk assessment software solution, Compliance Risk Indicator (CRI). You can use it to perform an enterprise-wide risk assessment to cover not only BSA / AML but also all other applicable laws, regulations and standards. You can identify residual risks by law, regulation, products, lines of business and in aggregate enterprise-wide! You can do "what if" analyses prior to rolling out new products! In other words, you can now perform comprehensive, effective and timely risk assessments and provide dashboard reports to the board of directors! Take your risk management to the next level, impress the examiners and pass your next exam with ease!

Click Image to learn more about Compliance Risk Indicator

For further information on how we can assist you and pricing, please e-mail info@compliancecoach.com