Question: My managers have been asking for a risk management plan for our compliance program. Do you have a model compliance risk management plan?
Answer: Not exactly. In fact, there may not be any such thing. Start with the issue of what is a risk management plan. It's not as simple as it sounds. Your management may want a prototype risk management plan, but what exactly would this be? Risk management is talked about as the "term of the day" but it isn't quite as cut and dried as the term makes it sound.
The idea of a risk management plan is static. It is something that exists and sits somewhere. Management would feel better if the bank had it. But risk management means predicting and avoiding risk. This isn't a static concept. The very idea of risk is something that wasn't predicted.
Risk happens in several ways including complicated tasks to perform and human error. But the biggest factor in causing risk is change. Something changed and that is why "it" happened. A risk management plan is to have some ability to predict the likelihood that "it" may go wrong and how serious the consequences will be. Then we decide how much effort to put into preventing the risk.
So as a practical matter, what we are really talking about is change management. Maybe if we used that term, it wouldn't be so tempting to have a static plan that sat on someone's desk.
BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.
Print Friendly!
Email This Article!
Discuss NOW!
