Be sure to JOIN US for “Compliance for Senior Management & Board”.
Your risk assessments should be the driving force behind everything you do. They should drive your policies, procedures, monitoring, audits, training etc. Your Board needs to review your risk assessments because they are tasked with determining how much risk is acceptable for your institution. They need to know if the mitigation efforts put forth are too much, too little or just right to meet their risk appetite.
Listen to David explain more
One Ticket Gets Your Whole Team In!
Find out more about the Banker’s Compliance Consulting Team Here.
Does your board approve your risk assessments?
Does your board approve your risk assessments? Do they even review it? Hi, Dave Dickinson with Banker’s Compliance Consulting. Let’s talk about compliance management systems. You can see on your screen the house of compliance. You’ll notice that the oversight there is senior management, the board of directors, the roof of the house. The far left pillar has the risk assessment, and we have the other components of a compliance management system, policies, procedures, and monitoring and audits and training, et cetera.
Let’s talk about this risk assessment. Your board should be reviewing your risk assessments. What? They need to be able to articulate to you what their risk appetite, what their risk tolerance is. They need to make that crystal clear to you. That’s something that we see that is not effectively communicated in most cases. Why? Because they’re setting the policy, they’re responsible and they’re saying, “This is what we’ll accept.”
Now, you conduct a risk assessment. It is what it is. They don’t approve that. You bring them the risk assessment. It drives everything else. What you see up on your screen right now are these gears that you’ll see. The big gear in the middle there is risk assessment and then the monitoring and the policy, procedures, the audits, all those things are driven off of that. What the board and senior management need to know and what the board needs to know is are your management systems, your procedures, and all those, are those risk mitigators, are they reducing the risk down to an acceptable level that meets their risk appetite and their tolerance?
So we’ve got this inherent risk. That’s what the risk assessment says. It is what it is. They don’t approve that. They review that. And then they look at all the things that you’re doing and they say, “Yes,” or, “No, we want more controls in place. That’s too much risk.” Or, “We’re willing to take some more risk. That’s too much money and time being spent. So let it loose a little bit.” We’re left with then this residual risk.
Now, the board should be reviewing that. They don’t approve procedures. They don’t really approve training and things like that, but they do need to say, “Is this taken care of to a level that we can feel like we can stomach that.” That’s the point. So have these discussions with your board and say, “Is this an acceptable amount of risk?” And the results of that would be from your audits probably, and let them know yes. Or other types of penalties or examinations, civil cases, things like that. That’s where they need to be able to tell you, “Yes, you’re doing this is right.” Or, “We want more, we want less.”
I hope this is helpful. If you need more information on this, don’t hesitate to contact us or have your directors … We love to talk to them about this scenario that is not well understood or usually carried out. I hope this helps you. Thanks for watching.
David’s banking career began as a field examiner for the FDIC in 1990. He later became a Compliance Officer and Loan Officer for a small bank. In 1993, he established Banker’s Compliance Consulting. Along with his amazingly talented Team, he has written numerous compliance articles for prestigious banking publications and has developed compliance seminars that Banker’s Compliance Consulting produces.
He is an expert in compliance regulations. He is also a motivational speaker and innovative educator. His quick wit and sense of humor transforms the usually tiring topic of compliance into an enjoyable educational experience. David is on the faculty of the American Bankers Association National Compliance Schools and has served on the faculty of the Center for Financial Training for many years. He also is a frequent speaker at the ABA’s Regulatory Compliance Conference. He is also a trainer for hundreds of webinars, is a Certified Regulatory Compliance Manager (CRCM) and has been a BankersOnline Guru for many years. The American Bankers Association honored David with their Distinguished Service Award in 2016.
David and his wife Karen have three adult children, four grandchildren (none of whom live at home!) and two cats (of which Dave is allergic … the cats, not the children!). They recently moved to an acreage outside of Lincoln, Nebraska where he gets to play with his tractor. When possible David can be found fishing, making sawdust in his shop, or playing the guitar and piano. He also enjoys leading worship at his church.