aggregated risk assesment

Do regulators, in my case the OCC, expect all risk assessments to be aggregated. We are just starting to do risk assessments and management doesn't think a total score is important, but all my research on risk assessment indicates that I should. Is it just up to what I think will be sufficient?

We do a weighted risk assessment. Our primary is the FDIC, they like to see the numbers!!

Based on my experience in dealing with the OCC and Fed I would say definitely yes. I am in the corporate compliance group of a very large institution, and am in the process of getting all of our LOB compliance teams on a common risk assessment tool. From my perspective I want to be able to see aggregated information, whether or not the regulators pushed for it -- I believe it is important for our Head of Compliance to be able to view the "state of compliance" across all LOBs and across regs in order to more effectively manage the department, report to the board & senior management, and allocate resources. And it's not really about a "total score." One compliance risk number for the institution doesn't really tell you anything. The importance is being able to "slice and dice" the information across the company to spot trends and weak spots. The bigger and more complex the institution, the more important this is (but also the more difficult it is).

Thanks ComplyGuyMAye