Regulatory examiners assess risk using the following approach:
- Quantity of Risk is the level or volume of risk that the bank faces and is characterized as low, moderate or high.
- Quality of Risk Management is how well risks are identified, measured, controlled and monitored and may be characterized as strong, satisfactory or weak.
- Aggregate Risk is a summary judgment about the level of supervisory concern. It incorporates judgments about the quantity of risk and the quality of risk management. Examiners weigh the relative importance of each and characterize aggregate risk as low, moderate or high.
- Direction of Risk is a prospective assessment of the probable movement in aggregate risk over the next 12 months and is characterized as decreasing, stable or increasing. The direction of risk often influences the supervisory strategy, including how much validation is needed. If risk is decreasing, the examiner expects, based on current information, aggregate risk to decline over the next 12 months. If risk is stable, the examiner expects aggregate risk to remain unchanged. If risk is increasing, the examiner expects aggregate risk to be higher in 12 months.