Use Case for Assessing Risk on Compliance Management
Why assess the risk? A compliance management system is the method by which the bank manages the entire consumer compliance process. It includes the compliance program and the compliance audit function, sometimes referred to as compliance review or self-assessment (fair lending). The compliance program consists of the policies and procedures which guide employees’ adherence to laws and regulations. The compliance audit function is independent testing of an institution’s transactions to determine its level of compliance with consumer protection laws, as well as the effectiveness of, and adherence with, policies and procedures. Non-compliance with law and regulation weakens the bank and exposes it to dollar losses, regulatory censure (including civil money penalties levied against directors), customer complaints, inaccurate reporting and potential lawsuits.
Who should assess the risks? Compliance Officer, BSA Officer, Chief Operating Officer
How to assess the risk: Rate the KRIs to determine if a threat would successfully exploit a vulnerability and to justify expenditures to implement countermeasures to protect the bank’s assets or reputation. Use the “Focus Risk Assessment” tool for in-depth analysis of risks and mitigation techniques.