Skip to content
BOL Conferences
Thread Options
#2172024 - 04/05/18 01:30 PM Risk Assessments
Crazy in Compliance Offline
Member
Joined: Mar 2016
Posts: 50
Ohio
We have a number of risk assessments that are included as exhibits in our compliance policies that go to the board for annual reviews. Is it a requirement to include the entire risk assessment or is a summary of the assessment rating sufficient? Some of these risk assessments can make a 5-page policy turn into a 62-page policy because the full assessment is included. What are other financial institutions doing?
_________________________
It's better to be absolutely ridiculous than absolutely boring. . . Marilyn Monroe

Return to Top
Risk Management
#2172097 - 04/05/18 04:24 PM Re: Risk Assessments Crazy in Compliance
P*Q Offline

Power Poster
P*Q
Joined: May 2001
Posts: 8,458
Somewhere
The following risk assessments are reviewed annually with my board, BSA, Fair Lending, ID Theft and the Compliance one (which includes all of the various Fed and state regs/laws)but none are particularly lengthy so it's never an issue worrying about condensing them.

Return to Top
#2172135 - 04/05/18 06:43 PM Re: Risk Assessments P*Q
Crazy in Compliance Offline
Member
Joined: Mar 2016
Posts: 50
Ohio
Thank you, P*Q. I send the same ones, as well, but also have an IT assessment. There are three sections within that risk assessment and it is lengthy!
_________________________
It's better to be absolutely ridiculous than absolutely boring. . . Marilyn Monroe

Return to Top
#2172319 - 04/06/18 04:31 PM Re: Risk Assessments Crazy in Compliance
P*Q Offline

Power Poster
P*Q
Joined: May 2001
Posts: 8,458
Somewhere
Ah yes, the beloved IT risk assessment. We have one of those animals too but IT presents it, not me. Thankfully. And we make all of the pages available to them on the portal for those who wish to review it all but at the actual meeting only a summary is provided.

Return to Top
#2179048 - 05/21/18 11:44 PM Re: Risk Assessments Crazy in Compliance
Moman Offline
Platinum Poster
Joined: Jul 2004
Posts: 505
WA
I manage the Compliance Risk assessment; it does not include IT or AML/BSA elements, as our It and BSA Officers handle those. I run the entirety of the RA through the Compliance Committee with only a summary page presented in the Audit/Finance Committee of the Board on an annual basis - the Summary page is an abbreviated format that includes only medium- and high-risk items. We have been through multiple exams now without adverse comment from the FRB.

Return to Top

Moderator:  Andy_Z