Use Case for Assessing Risk on Consumer Compliance
Why assess the risk? In all banks, the board of directors and management are required to monitor compliance with all applicable consumer protection laws and regulations. The board is responsible for creating a strong compliance culture within the bank that includes management accountability. Management should create a compliance program based on an evaluation of the bank’s organization and structure, size, resources, diversity and complexity of operations and delivery channels for its various products and services, including Internet and electronic banking. The compliance program should cover all consumer laws and regulations and incorporate all areas of the bank that present risk. Risk management processes should be included in the compliance program to ensure that necessary systems and controls are in place.
Who should assess the risks? Compliance Officer, BSA Officer, Chief Operating Officer
How to assess the risk: Rate the KRIs to determine if a threat would successfully exploit a vulnerability and to justify expenditures to implement countermeasures to protect the bank’s assets or reputation. Use the “Focus Risk Assessment” tool for in-depth analysis of risks and mitigation techniques.