In the latest episode of our Risk Intel podcast, host Ed Vincent was joined by Mike Jones, Chief Compliance Officer at Strategic Risk Associates (SRA). With his extensive experience advising bank CEOs and serving as a Chief Compliance Officer in the FinTech industry, Mike shared invaluable insights into the realm of compliance risk assessments.
Mike highlighted the fundamental risk assessments that every institution should have: a compliance risk assessment and the Bank Secrecy Act Anti-Money Laundering (BSA/AML) and Office of Foreign Assets Control (OFAC) risk assessment. These assessments allow organizations to evaluate compliance risks based on federal and state laws, regulations, and agency guidelines.
A well-designed compliance risk assessment program should consider the applicability of laws and regulations to the institution's specific products and services. It requires assessing both the quantity of risk, which is inherent in the environment, and the quality of risk management, including the effectiveness of control programs.
Completing a compliance risk assessment involves mapping applicable laws and regulations to business areas and products, assessing the quantity and quality of risk, and assigning an overall risk score. Each institution's risk assessment is unique, considering factors such as recent enforcement actions, audit findings, and compliance management system effectiveness.
Compliance risk assessments require meticulous examination of external sources such as statutes, industry guidance, and enforcement actions. Internal materials like policies, procedures, training, and complaint history also contribute to the assessment. The goal is to create a comprehensive risk assessment tailored to the institution's risk appetite and product set.
Engaging a third-party specialist in risk assessments can provide regulators with assurance that an organization is prioritizing compliance. Having an off-the-shelf risk assessment tool with embedded expertise allows organizations to efficiently administer, update, and maintain their risk assessments.
A robust compliance risk assessment empowers organizations to determine their overall compliance risk and identify top risk areas. It helps them understand key compliance risk drivers and implement risk mitigations and controls. By creating a heat map, institutions can strategically focus their monitoring, testing, and compliance management activities on critical areas.
"Its really that top 20-30% of the key risks that probably represent 80% of your vulnerability - allowing you to strategically focus your monitoring and compliance management activities on the things that really matter" - Mike Jones, Chief Compliance Officer
Compliance risk assessments are vital tools for organizations to proactively manage their compliance risks. With a tailored approach, a comprehensive understanding of applicable laws and regulations, and a focus on risk improvement activities, institutions can ensure compliance and navigate regulatory examinations with confidence.
Don't miss out on Mike Jones' insightful discussion. Tune in to the full Risk Intel podcast episode now or watch below to gain valuable knowledge on compliance risk assessments and strengthen your organization's overall compliance practices.