My bank seems 'risk assessment' happy to me. We have a big list of them and also IMO they communicate pretty much nothing useful. Does a list exist of required risk assessments and does anyone else do a website risk assessment?
My take - a risk assessment is more than a piece of paper.
Many years ago, examiners would have a surprise exam, classify loans and tell the bank what their condition was (yes, I was an examiner and was responsible for closing a bank). Later, they started giving the bank notice of the exams so the files could be ready. Even later, they shared their guidelines with the banks and asked the banks to create credit risk guidelines.
More recently they asked the banks to risk rate loans and then compared the bank's risk rating to the regulators. As part of the process, they started asking for risk assessments. WHY?? If a bank is going to be in business, they have to understand what their risks are and manage to the risks. If there are risks, is management aware, and are there adequate controls? Unless management understands the risks, and has the appropriate controls, profit and loss will occur by happenchance rather than by planning.
Example (fair lending) everyone should be evaluated the same. If there is centralized underwriting, the chance of consistancy is greater than if each loan officer makes their own decision in a decentralized environment (taking into consideration that LO's have different experiences and authorities.) In a decentralized environment, there might be a greater need for a 2nd review by a more experienced underwriter to ensure that similarly situated applicants are treated the same. A risk assessment should identify and tell you that.
Some self-assessments may be there to satisfy examiners, most SHOULD be in place to identify inherant weaknesses and identify compensating controls to reduce the risks.