A financial institution’s risk management program must not only be enterprise-wide, which means its scope must cover all applicable risks, products, lines of business and laws, regulations and standards, but it also must be risk-focused. Why? Because banking is the business of taking risks. The key is to attain optimal risk management, which means attaining the optimal balance between risk and reward and focusing on managing high risk issues. Otherwise scarce resources will be spent on lower risk issues and the institution will be surprised by a high risk issue and will face an adverse impact to earnings, capital or reputation when it could have been avoided by focusing on the issue with a high impact and probability.

Recent regulatory enforcement actions, cases and industry surveys indicate that many financial institutions are not only failing to focus on high risk rules but also those that do, are not focusing early on in the process.

Two recent examples:

• FACT Act Identity Theft Red Flags Rule. Even though the Red Flags Rule was issued in November 2007 and compliance was not mandatory until November 1, 2008 to allow financial institutions and creditors ample time to attain compliance, many waited until just a few months prior to the deadline to initiate compliance. They then realized that they had underestimated the scope of the Rule and had to scramble to attain compliance by the deadline. This created the exposure for an institution’s Identity Theft Prevention Program to be devised without proper analysis and becoming merely a “paper tiger” and not an effective risk mitigation program.
  
  Failing to properly mitigate identity theft risk creates exposure for cease and desist orders, civil money penalties, plaintiff attorney lawsuits alleging federal and state unfair deceptive acts and practices violations.
  
  Fortunately for the industry, Compliance Coach developed CompliancePal, a web-based Red Flags compliance policy and procedure solution to enable a financial institution or a creditor to methodically attain compliance with the Rule and devise an effective and compliant ID Theft Prevention Program. Hundreds of financial institutions of all sizes are using CompliancePal to attain compliance timely and to maintain ongoing compliance.
• TILA / Regulation Z Amendments. The Federal Reserve amended Regulation Z to incorporate significant changes to address abusive mortgage lending practices. The amendments are extremely significant and create new operational and compliance challenges and will take quite a bit of time and resources to implement at a financial institution. The amendments:
  • Require that a financial institution or creditor identify and disclose "higher-priced" mortgage loans.
  • Prevent unfair, deceptive and abusive mortgage lending practices.
  • Prohibit certain servicing practices.
  • Create new and detailed marketing and advertisement requirements.
  • Require accurate and timely mortgage loan disclosures.

Quick links to the other Top 5 Risk Issues

A financial institution must not underestimate the impact, otherwise it will be at risk. Failing to comply timely creates exposure for cease and desist orders, civil money penalties, plaintiff attorney class action lawsuits alleging TILA / Regulation Z and federal and state unfair deceptive acts and practices violations.

Fortunately for the industry, Compliance Coach once again is the first in the nation to develop a training program on the new TILA / Regulation Z amended Rule so that key risk management, operations and compliance personnel can quickly attain competencies on the Rule. Hundreds of financial institutions of all sizes are using Compliance Coach's training program to train their key personnel and attain compliance timely.

Risk Management Best Practices – How do you Rate?
If you answer Yes, that means you are utilizing the best practice. A No answer will indicate a missing best practice at your institution:

1. Have you identified which laws and regulations pose higher risk?
2. Have you made the board and senior management aware of which rules pose higher risk?
3. Do you create a project and a team with accountabilities and due dates to analyze and implement compliance with a new law or regulation at least 30 days prior to deadlines?
4. Do you provide training to your project team and other supporting staff on the new law or regulation to ensure all team members understand the regulatory requirements and impact to operations?
5. Do you do a post-implementation audit within 30 days to assess level of compliance and execution so you can make necessary adjustments prior to actual deadline?

How can Compliance Coach assist you?

1. Consulting Services – We can provide you with a team of our nationally recognized experts to review your risk management system, process and practices. We will provide you with industry best practices and recommendations for improvements.
2. Risk Management Training - We provide the industry's most comprehensive and effective online compliance training solution. It contains a library of over 250 courses covering all risk issues relevant for all team members from the mailroom to the board room. The courses are job-specific, tailored for all lines of business and cover all risk topics. We are always the first in the nation to publish a course on a new law, regulation or high risk issue within 30 days! For example, we published a course on the Red Flags Rule within 4 days of the Rule’s issuance! We also published a course on the TILA / Regulation Z amendments within two weeks of the final regulation’s issuance! The training can be taken anytime from anywhere, plus reporting for the examiners.

Below are two sample pages from the Regulation Z 2008 amendments training module. This course is tailored specifically for compliance officers, auditors, and other management and provides an overview of all the revisions to Reg Z that become effective October 1, 2009.

Below are two sample pages from the UDAP training module that incorporate the latest cases and teach how to prevent unfair or deceptive acts or practices.

Below are two sample pages from the Mortgage Fraud training module. It teaches not only what are the red flags, but also how to detect them to prevent mortgage fraud.

For further information on how we can assist you and pricing, please e-mail info@compliancecoach.com