Thought Leadership



Top 5 Risks




Contact Info

Call Us
Email Us

Top 5 Risks

Risk Issue # 3:
Performing ineffective or untimely risk assessments.

Regulators expect every single financial institution (i.e. bank or a credit union) to perform risk assessments periodically to cover applicable laws and regulations. For example, the interagency BSA / AML Examination Manual explicitly ask the examiner to inquire whether the institution has completed a risk assessment or not. If not, the examiner is mandated to complete a risk assessment.

While each financial institution has flexibility to implement a risk assessment that is commensurate with its size, resources and operations, regulators have articulated through various pronouncements certain minimum requirements.

Governor Mark Olson of the Board of Governors of the Federal Reserve perhaps best stated the three minimum expectations of all of the regulatory agencies in a speech titled "What are Examiners Looking for when they examine Banks":

  • "Examiners will determine whether the organization has an effective risk assessment that accurately identifies its risks and whether material risks are communicated to the board..."
  • "Risk assessment is critical not only to ensure that the board and senior management are well informed, but to serve as the foundation for risk-based policies, procedures, and internal controls..."
  • "Examiners will look to understand the organization's risk-assessment process. For example, they will look to see the degree to which the business lines are involved, how frequently the risk assessment is updated, and how it incorporates new products, services, or legal entities..."

Quick links to the other Top 5 Risk Issues

  1. 1. Lack of proper board & senior management oversight
  2. 2. Having an outdated risk management process
  3. 3. Performing ineffective or untimely risk assessments
  4. 4. Not focusing on high risk rules early on in the process
  5. 5. Thinking of compliance narrowly

Recent regulatory enforcement actions and cases indicate that many institutions have ineffective risk assessments or the risk assessments are untimely. The following are excerpts from recent enforcement actions:

Enforcement Action #1
"...The Insured Institution shall ensure that it has conducted an expanded risk assessment..."

Enforcement Action #2
"...Prior to the Bank's involvement in any new products or services, the board of directors shall prepare a…comprehensive assessment of the risks..."

Enforcement Action #3
"...The Bank shall establish written policies, procedures and processes to conduct periodic Risk Assessments and to adjust its stratifications and risk profile as appropriate, but in no event less frequently than once every twelve months..."

Risk Management Best Practices – How do you Rate?
If you answer Yes, that means you are utilizing the best practice. A No answer will indicate a missing best practice at your institution:

  1. Do you perform an enterprise-wide risk assessment to cover not only BSA / AML but all other applicable laws, regulations and standards?
  2. Is the risk assessment performed more than once a year?
  3. Is the risk assessment updated prior to rolling out new products or lines of business?
  4. Does it provide residual risks by law, regulation, products, lines of business and in aggregate enterprise-wide?
  5. Do you review the risk assessment with senior management and the board of directors and provide periodic reporting on it?

How can Compliance Coach assist you?

  1. Consulting Services – We can provide you with a team of our nationally recognized experts to review your risk assessment system, process and practices. We will provide you with industry best practices and recommendations for improvements.
  2. Risk Assessment Software - We can provide you access to our nationally recognized automated risk assessment software solution, Compliance Risk Indicator (CRI). You can use it to perform an enterprise-wide risk assessment to cover not only BSA / AML but also all other applicable laws, regulations and standards. You can identify residual risks by law, regulation, products, lines of business and in aggregate enterprise-wide! You can do "what if" analysis prior to rolling out new products! In other words, you can now perform comprehensive, effective and timely risk assessments and provide dashboard reports to the board of directors! Take your risk management to the next level, impress the examiners and pass your next exam with ease!

Click Image to learn more about Compliance Risk Indicator

CRI Homepage

For further information on how we can assist you and pricing, please e-mail info@compliancecoach.com



Back to top

Customer Say

"We've looked at all of the solutions and Compliance Coach is clearly the best. Examiners are very complimentary of our training program and it is highly effective. We strongly recommend Compliance Coach."

Nanette Hutchison
Sr. Vice President, Compliance
First California Bank

"We trust Compliance Coach's solutions. They are highly effective and the examiners like it. That is why we are a long time customer."

Gary Evans
President & CEO
Bank of Internet




Extra

Medical
CRI FACT Sheet