We are $1.5 billion in assets. Which department is typical to do fingerprinting and ID Theft/ Red Flags?
When obtaining identification from new account holders, sometimes the address is different than the current address they are giving us. How can we validate that the current address is correct, and what documentation should we expect them to have to support the new address?
If a bank relies on an automated ID verification system for both CIP and red flags compliance and there are red flags associated with the name, date of birth, or social security number that go unresolved, are these CIP violations as well as violations of the bank's identity theft program? We only use the system to verify the identity of customer’s who are new to the bank.
Among credit risk, market risk and operational risk, developing a good operational risk management program seems to be the most challenging. Can't our existing compliance processes (e.g., AML, Red Flags, GLBA, etc.) contribute to operational risk management?
What individual risk assessments is a bank expected to perform? How do the individual risk assessments fit together with an "enterprise risk assessment"?