Change is continuous, so run the risk of recognition for banks must be a continuous procedure.
By Walt Williams
Risk recognition generally has actually been a routine workout of marking off a list and after that putting it on the rack up until you needed to do it once again. But as banks shift to a risk-based method, it is no longer that basic for bank compliance officers. Risk evaluation requires to be an ever-evolving procedure with involvement from throughout the company, and one that comprehends where your information is originating from and what it is informing you.
“If we only do it as a once-a-year exercise, we wind up adding new products with substantial risk and we haven’t updated the risk assessment around those new products,” states Jim Bedsole, primary compliance and threat officer at BankSouth in Greensboro, Georgia. “We may have gaps that we haven’t appropriately addressed from a risk-control standpoint.”
Timeliness is very important since modification produces threat, and there are 3 locations of continuous modification banks must keep track of, Bedsole states.
The initially is regulative modification, from modification in laws and guidelines to interpretive assistance put out by regulative companies. The 2nd is item modification as banks debut brand-new product or services. The 3rd is procedure modification, which happens whenever an organization changes up IT systems, fine-tunes its internal procedures and makes staffing changes.
“One of the things to recognize is the risk assessment needs to be a regular part of your process … Maybe it’s not an everyday thing, but certainly several times a month going back and revisiting the risk assessment and just looking to see if there anything that needs to change here,” Bedsole states.
Be a group gamer
Compliance officers don’t run in a vacuum, and as their organizations shift to routine threat evaluation, they must not act like they do. Thomas Williams, senior compliance supervisor at United Bank in Griffin, Georgia, states it is important compliance officers look enterprise-wide and incorporate threat recognition into an organization’s service systems.
“It’s no longer compliance setting the pace for what happens with the organization,” he states. “It’s understanding what’s happening throughout the enterprise by talking to the other business unit leaders: What challenges are they facing? Where do they need assistance? And then also pairing into that what is the institution’s risk tolerance level.”
It depends on compliance officers to help with those lines of cross-departmental interaction, according to Williams. They require to comprehend where various service system leaders are originating from and have the ability to provide clear descriptions when they need to shoot down a demand. The compliance workplace can’t simply be among stating “no,” he states.
“It’s interacting with these leaders at meetings, getting in front of them from time to time to understand what’s going on in their world, and offering to help but also creating an inviting environment,” he states.
“It’s: ‘Hey, I’m going to come by and take you to lunch since I wish to learn what’s going on in your department.’
“Those conversations and those meetings build up that rapport that you’re not there to throw sand in the gears of the business units. You’re there to see how we can do things efficiently and achieve the end result because, at the end of the day, we’re all on the same team.”
Know your information
When it concerns determining dangers, any information that compliance officers have access to has worth, Ann Marie Tarantino, primary compliance officer for Esquire Bank in Jericho, New York, stated throughout a session on threat evaluation at the American Bankers Association’s Regulatory Compliance Conference in June. The obstacle comes when there is excessive information that need to be sliced and diced to get significant input, or when there is a percentage of information, which might be extremely accurate however can lead down the incorrect course.
“So you have to make sure you really understand what it is you’re looking at,” she stated. “If you open accounts online, for instance, and you have a rate of acceptance and then you have a rate of abandonment, take a look at the rate of abandonment and take a look at why these applications are being abandoned. Is it because people can’t answer the questions? . . . We launched an online product where one of the questions that was asked—and for some reason it was asked frequently—was, ‘What’s the closest hospital to you?’ And a lot of people scratched their heads: ‘I don’t know what the closest hospital to me is.’”
Compliance officers must constantly be on the hunt for any possible spaces in your information. Complaint databases, for beginners, are a wealth of info about threat, Tarantino states. Complaint information “can be read one way or read another way depending on how you look at it, but it can point to systemic issues—miscalculation of interest, fees posting when they shouldn’t be posting, things like that,” she stated.
Ryan Rasske, SVP for threat and compliance markets at ABA, indicates other information sources that are in some cases ignored: info from the bank’s “change management process” that might determine modifications to existing product or services or present brand-new bank offerings; customer information to determine patterns in behavioral modifications, such as greater use of ATMs or digital items or trending scams losses in a particular item; staff member turnover/open positions in essential threat and compliance locations or core functional locations at the bank; or connections that happen since a boost in one kind of threat triggers a boost in another.
Still, information collection just gets you up until now. One of the very best sources for determining brand-new and emerging dangers is connecting with peers throughout the banking market, Rasske notes. “Establishing a strong network throughout your career (i.e., while attending local banking events, ABA schools and/or conferences) allows you to hear from others who might be experiencing a specific risk that you haven’t seen yet,” he states.
Rasske likewise suggests regularly evaluating publications from regulative companies that supply updates on brand-new or broadening dangers determined throughout the banking market. For example, the OCC releases a Semiannual Risk Perspective that keeps track of the condition of the federal banking system and emerging hazards to the system’s security and stability. “Most agencies such as the Fed and FinCEN publish trending reports and industry alerts which can be a good source for identifying potential new risks,” he states.