Thread Options
|
Tools
|
#1898534 - 02/20/14 05:58 PM
Cons. Compliance risk assessment
|
Power Poster
Joined: Apr 2005
Posts: 4,013
|
Every bank has its spin on how this document should look. We worked on a version with consultants. Some banks listed the regs and, based on a review of practices, audits, trends, etc, were able to rank the regs high to low and based their testing program on that. Our assessment includes a review of operation of each area of the bank, products, services, delivery channels, importance of certain products in terms of balance sheet totals, etc. etc. We identified where we needed better controls BUT we did not do a drill down of each regulation that impacts each of the areas. Has anyone taken that approach and then make certain assumptions about the regs impacting the areas and then developed the testing program?
|
Return to Top
|
|
|
|
#1898598 - 02/20/14 07:10 PM
Re: Cons. Compliance risk assessment
Trees
|
Diamond Poster
Joined: Sep 2008
Posts: 2,474
Midwest
|
I havea RA I've done that lists each product we offer and what regulations affect that product.
|
Return to Top
|
|
|
|
#1898859 - 02/21/14 04:18 PM
Re: Cons. Compliance risk assessment
ahkcompliance
|
Diamond Poster
Joined: Mar 2006
Posts: 1,323
"...Somewhere in Middle Americ...
|
I'm considering a blended approach this year. I have generally been one of those "list the regs" auditors. I have always divided the regs into sections. You know....I audit our AANs per Reg B more frequently than I audit our appraisal disclosures per Reg B. With the risk assessment results this year, I'm considering auditing Z and X with an audit of open-ended, non-HELOC credit, closed-end/ARMs, etc. Just haven't' gotten my arms around how to do it yet. Need to get myself convinced and a good presentation of it before the next audit committee meeting.
|
Return to Top
|
|
|
|
#1898938 - 02/21/14 06:04 PM
Re: Cons. Compliance risk assessment
Cornfed Turtle
|
Diamond Poster
Joined: Nov 2004
Posts: 2,307
|
_________________________
Opinions expressed are my own and not necessarily those of my employer. They are not legal advice.
|
Return to Top
|
|
|
|
#1898981 - 02/21/14 06:57 PM
Re: Cons. Compliance risk assessment
Reads Regs
|
Diamond Poster
Joined: Mar 2006
Posts: 1,323
"...Somewhere in Middle Americ...
|
Thanks for sharing. I'm going to print and discreetly leave it on my CO's copier!
And I have left my Reg list alone other than the Z's and X's. I have products: Closed-end residential fixed, Closed-end residential ARMs, Constructions, HELOCs, other Consumer, and Credit Cards. Will look at what applies to whom. So I will be addressing APR calculations, for example, six different times, but specifically to a product.
just trying to make it easier on myself as well as a more informative audit report.
|
Return to Top
|
|
|
|
#1899589 - 02/25/14 01:53 PM
Re: Cons. Compliance risk assessment
Trees
|
Power Poster
Joined: Apr 2005
Posts: 4,013
|
Good points. Looks like there is some diversity in defining risk assessment and what it looks like and is used for. The RA is more a high end look at the program and the bank products, services, etc. There is no ranking or of the regs. No high/medium/low. My fear is that we will have our risk assessment criticized because of this. Any experience with the lack of a ranking process?
|
Return to Top
|
|
|
|
#1899592 - 02/25/14 02:01 PM
Re: Cons. Compliance risk assessment
Trees
|
10K Club
Joined: Jul 2004
Posts: 18,989
|
Are you talking about management's risk assessment or audit's risk assessment?
_________________________
With the lights out, it's less dangerous.
|
Return to Top
|
|
|
|
#1899603 - 02/25/14 02:17 PM
Re: Cons. Compliance risk assessment
Trees
|
10K Club
Joined: Oct 2006
Posts: 14,390
Cheeseheadland
|
I was thinking myself that this doesn't sound so much like a regulatory compliance risk assessment, but a general controls or audit risk assessment as well.
_________________________
I don't repeat gossip, so listen closely...
|
Return to Top
|
|
|
|
#1899973 - 02/25/14 09:47 PM
Re: Cons. Compliance risk assessment
Trees
|
Power Poster
Joined: Apr 2005
Posts: 4,013
|
The end product mirrors the one indicated in an FRB 8/20/13 webinar called Conducting Consumer Compliance Risk Assessments - Examiner Insights. I just wanted to make sure that the current risk assessment flavor hasn't taken a turn and now we need to list each regulation, rank it, and that is the basis of our testing and monitoring program.
|
Return to Top
|
|
|
|
#1901579 - 03/03/14 03:44 PM
Re: Cons. Compliance risk assessment
Trees
|
Diamond Poster
Joined: Aug 2006
Posts: 2,407
Midwest
|
To look at this another way, if something isn't in your risk assessment, why would you test it or monitor it? In our experience, with this round of examinations, our regulators are looking to our RA's to contain everything with rankings and a narrative describing why we believe the risk to be high or low, etc. Then they are looking for testing and monitoring commensurate with the RA, which is driving the program. It makes a lot of sense to me to take this approach.
_________________________
"Gratitude makes sense of our past, brings peace for today, and creates a vision for tomorrow." - Melody Beattie
|
Return to Top
|
|
|
|
#1901597 - 03/03/14 04:18 PM
Re: Cons. Compliance risk assessment
Trees
|
10K Club
Joined: Jun 2004
Posts: 19,844
Pulling people out of the ditc...
|
The RA is more a high end look at the program and the bank products, services, etc. There is no ranking or of the regs. No high/medium/low. not sure how you can have a risk assessment without a ranking...after all, by definition alone an assesment is an evaluation or scoring... if you want to PM me with an email address i'll send you a copy of one we've used.
_________________________
Providing alternative truths since the invention of time
|
Return to Top
|
|
|
|
|
|