Thread Options
#2253683 - 05/07/21 10:33 PM Risk Management Practices
Incognito1 Offline
New Poster
Joined: Mar 2005
Posts: 21
Hello - Looking for some information on risk management in regards to organization structure. The information I'm looking for includes:

• What is your banks asset size?
• Do you have a Risk Division and/or Chief Risk Officer? If yes, what departments are under that division or the CRO (e.g. compliance, internal audit, vendor management, BCP, information security)?
• Do you have a Financial Crimes or AML division? If so, is that part of your compliance department or where is it in your structure?
• Do you have a separate fraud division or division that does preventative fraud work (e.g. fraud training, fraud interviews, freezing/shutting down accounts, etc.) or is that part of the AML/Financial Crimes division?
• Where does credit card fraud alerts and Reg. E/ACH disputes live in your organization?
• Where does physical security (e.g. alarm checks, robbery training, cameras, building access, etc.) live in your organization?
• Do you have Strategist or Officer who is in charge of ERM? If yes, can you please describe if they are more strategic (e.g. set policies, participates in strategic decisions, sets metrics, etc.) or more administrative/advisory (e.g. sets risk framework, works with management on completing their risk assessments, etc.)? Who does this person report to?
• Do you have a centralized or decentralized quality control division? If it is centralized who does it report it? If it is decentralized does each operating channel have a designated person or is it other duties as assigned?
• Does your compliance division perform compliance risk assessments and regular compliance assessments or is that the responsibility of each division or first line area?

Thank you to anyone that can provide some information on this!

Return to Top
Risk Management
#2255093 - 06/09/21 08:22 PM Re: Risk Management Practices Incognito1
ACBbank Offline
Power Poster
ACBbank
Joined: Jul 2006
Posts: 3,997
New York City
This is going to vary from bank to bank. Most of the regional banks I've worked at have had CRO and a Head of Financial Crimes (AML, sanctions, fraud, etc.). I was under the CRO when I was at a previous employer but I've seen it structured differently at different institutions.

I can go into more but it would probably be better via PMs.
_________________________
"100 victories in 100 battles isnt the most skillful. Subduing the other's military w/o battle is the most skillful." Sun-Tzu

Return to Top
#2256301 - 07/06/21 12:48 PM Re: Risk Management Practices Incognito1
HappyGilmore Offline
10K Club
Joined: Jun 2004
Posts: 19,336
Pulling people out of the ditc...
answers imbedded

Originally Posted by Incognito1
• What is your banks asset size? $34B
• Do you have a Risk Division and/or Chief Risk Officer? If yes, what departments are under that division or the CRO (e.g. compliance, internal audit, vendor management, BCP, information security)? yes and yes. compliance, risk, and corporate insurance report to CRO
• Do you have a Financial Crimes or AML division? If so, is that part of your compliance department or where is it in your structure? yes, part of BSA
• Do you have a separate fraud division or division that does preventative fraud work (e.g. fraud training, fraud interviews, freezing/shutting down accounts, etc.) or is that part of the AML/Financial Crimes division? Yes (enterprise fraud management, EFM), and with recent changes now reports up through BSA
• Where does credit card fraud alerts and Reg. E/ACH disputes live in your organization? EFM
• Where does physical security (e.g. alarm checks, robbery training, cameras, building access, etc.) live in your organization? Separate division for corporate/physical security
• Do you have Strategist or Officer who is in charge of ERM? If yes, can you please describe if they are more strategic (e.g. set policies, participates in strategic decisions, sets metrics, etc.) or more administrative/advisory (e.g. sets risk framework, works with management on completing their risk assessments, etc.)? Who does this person report to? reports to CRO
• Do you have a centralized or decentralized quality control division? If it is centralized who does it report it? If it is decentralized does each operating channel have a designated person or is it other duties as assigned? unclear what you mean by quality control, to broad
• Does your compliance division perform compliance risk assessments and regular compliance assessments or is that the responsibility of each division or first line area? formal review by compliance division

Thank you to anyone that can provide some information on this!
_________________________
Providing alternative truths since the invention of time

Return to Top
#2256307 - 07/06/21 02:46 PM Re: Risk Management Practices Incognito1
InFairness, CRCM Offline
Platinum Poster
InFairness, CRCM
Joined: Nov 2010
Posts: 579
USA
Answers embedded.

Originally Posted by Incognito1
Hello - Looking for some information on risk management in regards to organization structure. The information I'm looking for includes:

• What is your banks asset size? About $200 billion
• Do you have a Risk Division and/or Chief Risk Officer? If yes, what departments are under that division or the CRO (e.g. compliance, internal audit, vendor management, BCP, information security)? Yes, we have a CRO. Credit, operational, compliance, ethics, financial crimes, trading, CRA
• Do you have a Financial Crimes or AML division? If so, is that part of your compliance department or where is it in your structure? Not in compliance, but also reports to CRO.
• Do you have a separate fraud division or division that does preventative fraud work (e.g. fraud training, fraud interviews, freezing/shutting down accounts, etc.) or is that part of the AML/Financial Crimes division? Fraud sits in first line of defense with oversight in Financial Crimes.
• Where does credit card fraud alerts and Reg. E/ACH disputes live in your organization? First line
• Where does physical security (e.g. alarm checks, robbery training, cameras, building access, etc.) live in your organization? Physical and information security report to COO.
• Do you have Strategist or Officer who is in charge of ERM? If yes, can you please describe if they are more strategic (e.g. set policies, participates in strategic decisions, sets metrics, etc.) or more administrative/advisory (e.g. sets risk framework, works with management on completing their risk assessments, etc.)? Who does this person report to? CRO is responsible for ERM. Policies, metrics, standards, risk appetite, effective challenge, oversight report to CRO. RCSA is in first line.
• Do you have a centralized or decentralized quality control division? If it is centralized who does it report it? If it is decentralized does each operating channel have a designated person or is it other duties as assigned? Each business unit is responsible for its QA/QC processes.
• Does your compliance division perform compliance risk assessments and regular compliance assessments or is that the responsibility of each division or first line area? RCSA is in first line. Effective challenge is in second line. Second line also performs its own monitoring and testing as part of oversight.

Thank you to anyone that can provide some information on this!
_________________________
Opinions are strictly my own, and have nothing to do with my employer.

Return to Top
#2256430 - 07/08/21 04:50 PM Re: Risk Management Practices Incognito1
McFly Offline
Member
Joined: Nov 2016
Posts: 73
Hello - Looking for some information on risk management in regards to organization structure. The information I'm looking for includes:

• What is your banks asset size? 18 Billion

• Do you have a Risk Division and/or Chief Risk Officer? If yes, what departments are under that division or the CRO (e.g. compliance, internal audit, vendor management, BCP, information security)? Financial Crimes ( BSA/AML and Fraud), Loan Review, Enterprise Risk Management, Compliance

• Do you have a Financial Crimes or AML division? If so, is that part of your compliance department or where is it in your structure? See above, reports to CRO

• Do you have a separate fraud division or division that does preventative fraud work (e.g. fraud training, fraud interviews, freezing/shutting down accounts, etc.) or is that part of the AML/Financial Crimes division? Part of Financial Crimes

• Where does credit card fraud alerts and Reg. E/ACH disputes live in your organization? Credit Card alerts in Financial Crimes. Reg E and ACH report to Operations with oversight from Financial Crimes

• Where does physical security (e.g. alarm checks, robbery training, cameras, building access, etc.) live in your organization? Operations

• Do you have Strategist or Officer who is in charge of ERM? If yes, can you please describe if they are more strategic (e.g. set policies, participates in strategic decisions, sets metrics, etc.) or more administrative/advisory (e.g. sets risk framework, works with management on completing their risk assessments, etc.)? Who does this person report to? yes. The Director of ERM, along with CRO, is more strategic, while there is some staff that advises Business Lines.

• Do you have a centralized or decentralized quality control division? If it is centralized who does it report it? If it is decentralized does each operating channel have a designated person or is it other duties as assigned? Decentralized. Functional areas might have QC depending on need due to risk (ex., higher risk regulations such as HMDA or BSA/AML)

• Does your compliance division perform compliance risk assessments and regular compliance assessments or is that the responsibility of each division or first line area? 2nd Line Compliance
_________________________
CRCM, CAMS

Return to Top

Moderator:  Andy_Z