Skip to content
BOL Conferences
Thread Options
#2197974 - 11/09/18 07:40 PM Regulatory Risk Assessment Frequency
MichiganPeach Offline
New Poster
Joined: Mar 2016
Posts: 7
Quick question. For those who conduct an Enterprise-wide Regulatory Risk Assessment, what does your frequency schedule look like for assessments rating on a 3 or 5 pt scale?

I've seen some for 3 pt to look like:
High = 1
Moderate = 2
Low = 3

Or for 5pt.
High = 1
Moderate-High / Moderate = 2
Low-Moderate / Low = 3

Return to Top
Risk Management
#2198021 - 11/11/18 07:15 AM Re: Regulatory Risk Assessment Frequency MichiganPeach
Rocky P Online
Power Poster
Joined: Jun 2003
Posts: 7,650
Florida
5-high
4-moderate/high
3-moderate
2-low/moderate
1-low

Based on converting numerical averages to words.
_________________________
Integrity. With it, nothing else matters. Without it, nothing else matters.

Return to Top
#2198023 - 11/11/18 02:25 PM Re: Regulatory Risk Assessment Frequency MichiganPeach
Rocky P Online
Power Poster
Joined: Jun 2003
Posts: 7,650
Florida
Sorry, doing that from a tablet and got cut off early.

Frequency and risk are something set by the audit/risk management committee based on resources and other controls. For example, underwriting is a moderate high risk which can have compensating controls which lower it. Those could be centralized underwriting, no loan officer discretion, second review, etc. That would lower the fair lending risk to a low/moderate. At that time, you would verify the controls are in effect and effective.

Taking a look at the inherent risk and bank circumstances/controls (or lack of) to come out with a residual risk is probably as important as any other step that needs to be done, and would allow the risk officer the greatest return on the time investment. You did ask about frequency - dependant on how much management wants to spend. Sometimes programs are broken up into technical and substantive sections. You do the technical, and if no, or limited exceptions are found, it's finished. If there are errors then the substantive kicks in with the detailed testing or review. The frequency should be based of the risk and the potential for it to happen.
_________________________
Integrity. With it, nothing else matters. Without it, nothing else matters.

Return to Top

Moderator:  Andy_Z