TraceRiskCustomer Relationships

Customer Relationships

Risk Inventory

Risk Inventory is a “fourth” dimension of risk that provides insight into embedded elements of risk that are not specifically covered by a Key Risk Indicator. Subtle risks are inventoried in this way so that they can be studied orthographically. What does that mean? Orthographic representations of risk are from made from the front view (Subjects), the top view (Silos), the end view (COSO), and, from the inside out ( which is ‘Risk Inventory’). Examples of risk inventory are Product Development Risk, Customer Relations Risk, Training & Backup Risk and Denial of Service Risk.


Deposit Accounts

Use Case for Assessing Risk on Deposit Accounts

Why assess the risk? Deposits are funds that customers place with the bank and that the bank is obligated to repay on demand or after a specific period of time or after the expiration of some required notice period (e.g. certificate of deposit). Deposits are the primary funding source for most banks and, as a result, have a significant effect on the bank’s liquidity. Errors and omissions and fraudulent alteration of the amount or account number to which funds are to be deposited could result in a loss to the bank. Additionally, uncollected overdrafts, returned items, kiting and other check schemes and frauds can result in losses on deposit accounts.

Who should assess the risks? Chief Operating Officer, Chief Financial Officer, BSA Officer, Compliance Officer

How to assess the risk: Rate the KRIs to determine if a threat would successfully exploit a vulnerability and to justify expenditures to implement countermeasures to protect the bank’s assets or reputation. Use the “Focus Risk Assessment” tool for in-depth analysis of risks and mitigation techniques.

 

TraceRisk Demo Button

Debit Cards

Use Case for Assessing Risk on Debit Cards

Why assess the risk?   Online debit cards use a PIN for customer authentication and online access to account balance information. At present, financial institutions authenticate customers by matching the PIN with the account number directly through a merchant’s terminal. Banks engaged in retail payment systems should establish an appropriate risk management process that identifies, measures, monitors, and limits risks. Management and the board should manage and mitigate the identified risks through effective internal and external audit, physical and logical information security, business continuity planning, vendor management, operational controls, and legal measures. Risk management strategies should reflect the nature and complexity of the institution’s participation in retail payment systems, including any support they offer to clearing and settlement systems. Management should develop risk management processes that capture not only operational risks, but also credit, liquidity, strategic, reputational, legal, and compliance risks, particularly as they engage in new retail payment products and systems.  Management should also develop an enterprise wide view of retail payment activities due to cross-channel risk. These risk management processes should consider the risks posed by third-party service providers.
Who should assess the risks? Electronic Banking Officer, Operations Administrator, Cash Management/ACH Officer, Chief Financial Officer, Information Technology Officer, Data Security Officer

How to assess the risk: Rate the KRIs to determine if a threat would successfully exploit a vulnerability and to justify expenditures to implement countermeasures to protect the bank’s assets or reputation. Use the “Focus Risk Assessment” tool for in-depth analysis of risks and mitigation techniques.

 

TraceRisk Demo Button

Consumer Compliance

Use Case for Assessing Risk on Consumer Compliance

Why assess the risk?  In all banks, the board of directors and management are required to monitor compliance with all applicable consumer protection laws and regulations. The board is responsible for creating a strong compliance culture within the bank that includes management accountability. Management should create a compliance program based on an evaluation of the bank’s organization and structure, size, resources, diversity and complexity of operations and delivery channels for its various products and services, including Internet and electronic banking. The compliance program should cover all consumer laws and regulations and incorporate all areas of the bank that present risk. Risk management processes should be included in the compliance program to ensure that necessary systems and controls are in place.

Who should assess the risks? Compliance Officer, BSA Officer, Chief Operating Officer

How to assess the risk: Rate the KRIs to determine if a threat would successfully exploit a vulnerability and to justify expenditures to implement countermeasures to protect the bank’s assets or reputation. Use the “Focus Risk Assessment” tool for in-depth analysis of risks and mitigation techniques.

TraceRisk Demo Button