Skip to content

Performing Risk Assessments

Answered by: 

Question: 
What individual risk assessments is a bank expected to perform? How do the individual risk assessments fit together with an "enterprise risk assessment"?
Answer: 

Management is expected to prepare risk assessments as a basis for the development of policies and procedures. Additionally, risk assessments are an integral part of the decision making process for new products and services, making investments in new technology, selecting and working with vendors, allocating time and resources for BSA monitoring, audit and compliance, etc. Some of the most common individual risk assessments include:

  • Information Security
  • Business Continuity Planning/Disaster Recovery (i.e., threat assessment, business impact analysis)
  • Information Technology
  • Bank Secrecy Act/Anti-Money Laundering compliance, Office of Foreign Assets Control compliance (OFAC)
  • Physical Security
  • Fair Lending
  • FACTA Red Flags (ID Theft)
  • Audit and Compliance

These individual risk assessments can provide valuable information that is used as part of an overall Enterprise Risk Assessment. This information, along with financial, economic and other data, can be used to develop a "dashboard" of leading and lagging key risk indicators.

First published on BankersOnline.com 11/03/08

First published on 11/03/2008

Banker Store View All

From training, policies, forms, and publications, to office products and occasional gifts, it’s available here:

Banker Store

hot right now

image description

Looking for effective, convenient training on a particular subject?

BOL Learning Connect offers more than 200 courses ON-DEMAND or on CD ROM from AML to Reg Z and every topic in between.

Search Topics