Risky Business
Regulatory expectations on financial institutions are higher than ever and managing a bank’s risk requires an understanding of how each factor impacts the bank’s overall risk profile. Today it is expected that bank strategies are created based on risk – not only traditional risk like financial, IT, compliance and BSA risk, but regulatory, personnel, systems, reputation, vendors, employees and cybersecurity.
It is just more.
Regulators continue to demand more in the areas of compliance and risk management. Bank audits are no longer a once-a-year obligation. They are process driven, require ongoing examination and perform multiple functions. A true risk-based audit continues to test policy, transactions and compliance, while evaluating and identifying emerging risks. Having a comprehensive risk and vendor management software provider, such as the one BBOK uses from Ncontracts, can help your bank be prepared, protected and positioned for opportunities.
Sharing information and gaining knowledge are important factors in managing risk. Whether your bank has an individual or several risk management employees, communication is key, upstream and downstream, for examiners and external auditors. Training is mandatory, requiring each employee to know the bank’s compliance responsibilities as well as understand the bank’s greatest risk factors and how they can personally minimize risk.
BBOK discusses risk regularly across all departments and hierarchies. Employees train several times a year on various risk related topics such as information security and cybersecurity risks. Phishing tests are routinely performed using the KnowBe4 platform to internally launch tests and track results.
Staying current.
“Compliance isn’t a competitive function when we all have to follow the same rules,” says Peg Baldwin, BBOK’s senior vice president enterprise risk manager. Peg serves as the chair of Heartland Compliance, a non-profit dedicated to providing an educational forum for open discussion and exchange of ideas and information for financial institutions.
Peg frequently sees bank officers spread thin trying to manage compliance, risk and auditing, often while performing a myriad of additional jobs and tasks. Networking with other financial professionals is invaluable, says Peg. “It is nice to have a sounding board of professionals who are doing the same things you are day in and day out. We discuss timely issues and exchange ideas on how to manage various situations.”
Peg encourages all banks to participate in Heartland Compliance. The group meets quarterly and there is no membership fee. Compliance officers, regulators, internal auditors and even some CPAs find the meetings extremely beneficial. The next meeting is Tuesday, August 14 in Wichita. Regulatory experts will discuss hot topics and exam findings and provide insight into the examination environment. To register visit heartlandcompliance.com.
Did You Know?
At BBOK.com your bank can download our compliance statement that includes BBOK’s data security statement, business continuity plan and more. This comprehensive document gives you everything needed for your bank’s vendor due diligence. The reports are updated regularly here.