Skip to content

Who Has to Do an Enterprise Risk Assessment?

Answered by: 

Is an Enterprise Risk Assessment required for banks of a certain asset size, or by a certain regulatory agency?

All of the regulators say that bank processes and controls should be risk-based and most discuss enterprise risk management in their guidance and exam procedures.

Banks introducing new products or lines of business are generally expected to implement processes and controls commensurate with the risk. If you did not do a risk assessment, how can you say you have adequately assessed the risk? The regulators conduct a risk assessment of your bank during their regular examinations. Why not conduct your own and provide them with accurate information on the bank's products, procedures and controls so that they do not make inaccurate assumptions based upon partial information? Why wait for the regulators to spot issues? Conducting a risk assessment gives the bank more control of its own destiny - it is better to spot your own weaknesses and implement processes to correct or improve the situation rather than wait for auditors or regulators to spot them. Risk assessments are good management.

Archive of Risk Management Questions

First published on 12/24/08

First published on 12/24/2008

Filed under: 
Filed under operations as: 
Filed under security as: 

Banker Store View All

From training, policies, forms, and publications, to office products and occasional gifts, it’s available here:

Banker Store

hot right now

image description

Looking for effective, convenient training on a particular subject?

BOL Learning Connect offers more than 200 courses ON-DEMAND or on CD ROM from AML to Reg Z and every topic in between.

Search Topics