Risks attack from two directions, there is the QUANTITY of risk and the QUALITY of risk. Generally, the best way to uncover potential risks is by using a matrix.
Quantity of Compliance Risk Indicators
Use the following indicators when assessing the quantity of compliance risk.
Violations or noncompliance issues are insignificant, as known by their number or seriousness.
The frequency or severity of violations or non-compliance is reasonable.
Violations or noncompliance expose the company to significant impairment of reputation, value, earnings, or business opportunity.
Quality of Compliance Risk Management Indicators
The following indicators should be used when assessing the quality of compliance risk management:
Management fully understands all aspects of compliance risk and exhibits a clear commitment to compliance. The commitment is communicated throughout the institution.
Authority and accountability for compliance are clearly defined and enforced.
Appropriate controls and systems are implemented to identify compliance problems and assess performance.
Training programs are effective, and the necessary resources have been provided to ensure compliance
Management reasonably understands the key aspects of complianVCce risk. One communicates their commitment to compliance. Moreover, it should be reasonable and satisfactorily.
The bank defines authority and accountability , although some refinements may be needed.
Management adequately responds to changes of a market, technological, or regulatory nature.
No shortcomings of significance are evident in controls or systems. The probability of serious future violations or noncompliance is within acceptable tolerance.
Compliance management process and information systems are adequate to avoid significant or frequent violations or noncompliance.
Bank privacy policies adequately consider legal and litigation concerns.
Management does not understand, or has chosen to ignore, key aspects of compliance risk. Also, there is no emphasis or communication on importance of compliance throughout the organization.
Management does not establish or enforce accountability for compliance performance.
Management does not anticipate or take timely or appropriate actions in response to changes of a market, technological, or regulatory nature.
One cannot detect internal errors. Thus, corrective action is often ineffective, or Management is unresponsive.
Management does not provide adequate resources or training.
Compliance management processes and information systems are deficient.
Bank privacy policies are nonexistent or do not consider legal and litigation concerns.
Given the major changes in the compliance and regulatory landscape and the resulting long-term impact on banks, incremental adjustments will simply not be enough. Thus, the banks should take a look at six innovative approaches to drive change:
Integrate relevant aspects of operational and compliance risk management :
Simplify products and channels
Standardize compliance testing
Adopt lean principles