Knowing where you’re vulnerable is 50% of the fix.
You can’t do everything at once.
Risk Assessment help you prioritize.
Assess The Risk to Mitigate It.
Risk assessments are fast becoming a ‘must have’ to get a bank exam-ready. For sure, risk assessments are far more important than in years past. For example, BSA and IT compliance requires a financial institution to perform a periodic, third party, risk assessment. Even if not explicitly required, examination teams often look favorably on institutions who perform risk assessments before undertaking significant projects (new products, loss of key employees, change in CORE processor procedures, etc.).
A Risk Assessment Payoff
Here’s a recent example: in the middle of the process to roll out mobile banking, our client lost the Chief Deposit Operations officer. That area of the bank supervised Online Banking, ACH and Wire Transfers plus Reg E disputes. The key employees in the department were stable. The bank’s question was: can we continue with mobile banking or is the risk associated with the loss of the employee big enough to warrant postponing the program. The answer was a Risk Assessment.
The Assessment documented the risks associated with proceeding while recruiting a replacement were manageable. Which is what the bank decided to do. Guess what? The next audit team asked how that decision was made and did the bank have documentation in hand. (Of course, a more embarrassing question could have been, “Can I see the Risk Assessment you did before you decided to go with mobile banking?” But, we won’t go there.)
Sound good? Here’s how to get the ball rolling:
- Call to discuss your needs and to obtain our Certificate of Non-Disclosure and Privacy Agreement.
- If we’re only spit-balling, than skip Step 3. We don’t charge for conferences or to share our experience.
- Review our Fee Proposal. If it is acceptable, go to next step. NOTE: depending upon the circumstances, not all information request may be necessary. The rule of thumb: if you’re paying us, we want as much information as possible. If we’re just talking, then less information may be forthcoming.
- Provide some information for our discussion session. Some, all or none of the below maybe appropriate.
- Summarize examination comments (positive and negative) along with examiner recommendations and send those to us. Include in your summary both the written comments as well as any oral communication that took place. NOTE: we may not need to see copies of the actual comments; we can always review with a GoToMeeting session.
- Gather up your current policy and procedures along with any documents you use to open accounts or perform the work. You can scan and email to our secure portal or fax them to us.
- Gather your current reports you are using now to manage compliance.
- Summarize your current monitoring efforts; provide copies of reports used.
- We’ll send you a checklist you can use to help us understand the specifics of how you operate this part of the bank and how you are managing the compliance piece.
- We’ll send you the “prelim” policy and procedure in a MS WORD format to review and revise.
- We’ll schedule a follow-up phone conference to review your changes.
- We’ll send the revised Policy and Procedure.
- You provide credit card for our billing. (Payment by ACH and/or check is also acceptable.)
These guys are good. They helped get our program out of the ditch with a workable compliance plan – which they’ve updated for us twice. They managed to get a compliance team spirit going in the bank – even the BDOs are on board. The outside auditor has rated our program at a “9” (out of 10) for the past four years – and the auditor say, “I never give anybody a 10.”BSA/AML Officer