Click to return to BOL home page
Banker Store BOL Vendor Connect BOL Career Connect BOL Learning Connect Bankers Information Network
Home Compliance Lending Operations Security Marketing Technology/eBanking
Top Stories Bankers' Threads Background Check CrimeDex Em@il Education ID Verification Record Retention
 


MAIN CONTENT 
Compliance

    Agency Road Maps

    Alphabet Soup

    Compliance Tools

    FACTA/FCRA

    OFAC

Lending

    Article 9

    FACTA/FCRA

    HMDA Heaven

    Lending Tools

    SCRA

Marketing

Operations

    Check 21

    Disaster Updates

    Disaster Recovery

    HR Corner

    IRA Season

    Money Matters

    Operations Tools

    SARResearchGuide

Security

    AML/BSA

    Bank Robbery

    Counterfeits

    ID Fraud/Phishing

    Security Tools

Technology/eBanking

    Disaster Updates

    Disaster Recovery

    Info Security


SPECIAL AREAS 
BOL Archives

BOL Blogs

Briefing Archive

Calendar

Court Watch

Disaster Issuances

Em@il Education

Examiner's Corner

Executive Briefing

Infovault

Launch Pad

Lessons Learned

Monthly Roundup

Risk Management

Site Map

Site Orientation

Top Stories


~ ~ ~
SERVICES 
Background Check
BOL Conferencing

CrimeDex

Em@il Education

ID Verification

Record Retention


~ ~ ~
SHOP 

Banker Store
Bankers Info Ntwk
Books
Vendor Connect

CONNECT 

Career Connect

Learning Connect

Vendor Connect

Guru Central

INTERACT 

Ask a Guru
Bankers Threads

Contact Us

Give Us Feedback


TOOLS 

60 Second Solutions

Alphabet Soup

Banker Tools

BOL Forms

FUN 

Banker Humor

Banker Memories

BOL Recipes

eCard Exchange

LEARN MORE 

About Advertising
About Our Sponsors
About Us

Print Friendly! Email This Article! Discuss NOW!

The Risk Focused Examination

In times past, examiners used checklists to conduct examinations. Each regulation had a checklist and the examiner worked through the checklist. The policy experts in Washington made sure that the checklists were thorough and up-to-date. Examiners could, without a great deal of creative thought, work their way through the checklist and complete the exam. The hard work involved plowing through loan files, checking numbers, and recalculating APRs.

Under the checklist regime, we all knew where we stood. There was certainty. Examiners knew when they were done and we all knew what they found. Add up the red marks and you knew your compliance score.

Things are different now. Now we use a risk-based approach, whatever that is. And therein lies the question. No one, not even the carefully trained examiner, is quite sure how to evaluate risk. And even if we were certain about how to evaluate risk, there would remain the question of what to do if risk management was found to be inadequate.

But the procedures look so much better. There aren't all those checklists and APR formulas. The instructions look reasonable and logical. Evaluate the process. Evaluate the thinking. See whether the management system works.

The real question is whether risk-based examinations are actually getting at risk, or are simply a cosmetic change for the old checklist approach. Consider what is actually happening.

Examiners walk in asking to see your policies and procedures. This is nothing new. They have always loved those three-ring binders. With a quiet corner, a cup of coffee, and a three ring notebook your examiner is underway. When they need a break from policies and procedures, they'll ask to see your training files - yet another three-ring binder if not several.

So far, nothing actually different is going on. Or is it? In the old days, examiners reviewed policies, procedures and training materials to make sure everything was covered. Then they swung into the checklists and dug into the "real" part of the exam.

Now they review policies and procedures very differently. Not only must they be reviewed, they must be evaluated. The examiner has to come to a conclusion about whether the procedures are accurate, adequate, and properly targeted at the risk the institution faces. They must do all this without a checklist. It's a bit like "look Ma, no hands!"

And then, after examiners have come to a conclusion about the institution's approach to risk as measured by policies and procedures, the examiner must decide how and whether the approach works. And they have no checklists to help with this step. Now what? What happens is that examiners start looking at the audits. This is part of the exam procedure. The examiner should look at the audits, internal or independent, and determine that the audits are adequate and appropriate. The audits must cover the requirements and assess the risk management of the institution.

Something funny starts to happen. Not many examiners are confident about the institution's risk assessment after reading those three-ring binders. They knew where they were when they had those checklists. But for examiners comfortable with checklists, only relying on those words in the three-ring binders is like standing in quicksand.

So, seeking some form of quantifiable certainty, examiners examine the audit. There, in the audit, they hope to find those checklists, the guideposts of certainty. And if they don't find them in the audits, what do they do? They write up the auditors.

The real question is: does this risk based approach really work? Have examiners actually caught on, or are they substituting one check list for another?

Copyright © 2005 Compliance Action. Originally appeared in Compliance Action, Vol. 10, No. 15, 12/05



Print Friendly! Email This Article! Discuss NOW!


Privacy Policy    Disclaimer   Recommend This Site !   Contact Us


BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.