Turning Downtime Into Uptime: Using Regulatory Lulls to Fortify Compliance

The Critical Role of Compliance Management System Risk Assessment

We are all familiar with the emphasis placed on meaningful risk assessments throughout our industry. Among the many risk assessments that should be created for banks, the Compliance Management Systems Risk Assessment (CMSRA) is perhaps the most important. The importance of a thorough Risk Assessment cannot be overstated, especially in this time of regulatory uncertainty. Right now, it appears we may have a reprieve from new regulations for a short time. Now is the time to step back, assess our risks, test our mitigation strategies, and make corrections where needed.

Understanding the CMS Risk Assessment

The CMSRA provides bankers with a thorough and overarching view of the compliance structure of the bank. A complete CMSRA encompasses all aspects of compliance management and, at a high level, incorporates other areas of risk, including Fair Lending, Vendor Management, UDAAP, all areas which should have their own independent and comprehensive risk assessments. A complete CMSRA should identify and measure the risks inherent in various business lines, specific risks for the Bank’s actual products and services, and the Bank’s mitigation strategies.

Measuring Inherent Risk

Inherent Risks are sometimes called the risk of doing business and should be measured by business line. Regulatory risk is the main driver of inherent risks but determining the regulatory risk can be trickier than it appears at first glance. Regulatory risk is driven by a number of factors including regulation maturity, the current regulatory environment and examiner scrutiny, penalties, and various other factors. TCA utilizes an advanced regulatory risk matrix to assist in determining inherent risks across all relevant business units.

Assessing Business Line Risk

Specific Business Line Risk focuses on how the Bank conducts its operations. This section of the risk assessment takes into consideration the Bank’s recent audit/monitoring findings, management tenure, transaction volume, and products and services offered. Each financial institution will have unique risks across its various business lines. While some institutions originate complicated construction/permanent mortgage loans to consumers, others choose to only originate commercial purpose loans with a significantly lower risk. Tailoring the risk assessment to the specific bank leads provides the Board and Management with a more meaningful conclusion regarding the Bank’s unique risks.

Evaluating Risk Mitigation and Controls

The remaining section of the CMSRA is arguably the most important and the section where Compliance shines. The final piece of the risk assessment is reviewing the risk mitigation and internal controls present at the institution. The business lines and compliance work together every day to mitigate the risks associated with our business. When assessing the mitigation strategies and internal controls, we review the policies and procedures, training, audit/monitoring schedules, and other controls designed to minimize risks in alignment with the Board’s risk appetite, while ensuring that the Bank is complying with the applicable regulations. This section of the assessment helps identify which strategies are working and which may need some additional strengthening.

A Strategic Opportunity

Although the current environment may suggest a temporary easing of regulatory pressures, this should not be mistaken for a signal to scale back compliance efforts. Instead, institutions should seize this opportunity to thoroughly evaluate their compliance management systems, address emerging risks, and reinforce internal control frameworks.

Whether you are building your CMSRA from scratch or refining an existing framework, TCA is here to help. Our experienced team brings practical insight and proven tools to help you implement “A Better Way” to manage compliance risk. Contact TCA at 800-934-REGS or [email protected] for more information!

TCA – A Better Way!