The Risk Assessment is not optional.
It is required by regulation.
It must be done correctly because the Risk Assessment is a key tool in (a) managing the institution’s risk and (b) guiding the institution’s business process.
The Risk Assessment Is About Data
A robust risk assessment is about data and the way the data is organized and reported.
It is bad idea to jump into writing a Risk Assessment without a strategy and an understanding of what all information is needed. Each institution needs to have a clear goal and objective in mind, as well as a method to monitor and revise the Risk Assessment as necessary.
Risk Assessments need to be consistent from year to year, yet flexible enough to accommodate changing circumstances. In addition, the Risk Assessment needs to be “reloadable and repeatable.” That means you build a format or “tool” for processing and analyzing your risk data. Once the format (an Excel spread sheet or Access database) is produced, it only needs to have updated data injected to produce a current, up-to-date result, which allows “what if” analysis and updating ability.
The Regulatory Expectation
Financial institution examiners expect the Risk Assessment to be deliberate and thorough – in fact, there is increasing pressure to produce a more robust risk assessment, with more detail on the following:
• types of customers (especially business customers),
• geographical location (especially out of market or in HIDTA/HIFCA areas),
• “enhanced features”, like ACH and Remote Deposit, associated with the base account, and
• relevance of the risk assessment (identify and evaluate risks specific to your institution.)
The Risk Assessment is meant to exist in context to events inside and outside the institution. The BSA/AML risk assessment should result in a reasonable institution Risk Profile, often expressed as a score which, in turn, results in a narrative profile of, for example, “moderate”, or “moderate to high”. The regulatory expectation is that
(a) the Risk Profile be dynamic, responsive to changing internal and external conditions and
(b) executed not just periodically as a matter of course, but in response to material events: significant changes in loan or deposit portfolio content, loss of key employees, opening or closing of an office, etc.
The Risk Profile and Risk Assessment are expected to be a management monitoring tool to guide the business process. In other words, before any business decision, one of the key questions would be, “How will this contemplated action affect our Risk Profile?”
We can walk you through Risk Assessment prep.
Ping us and we’ll be in touch quickly.By the way, your information is safe with us. We don’t share. Period.
We’re good. We’re fast. We’re very affordable. Customers love working with us. Here’s why:
Here’s the thing: we not only have talented “on shore” people, we also have fast machines, 1 Gigabyte internet and a whole slew of geek-derived apps that make our turn-times very fast. Because it doesn’t take us long, it doesn’t cost you much money.
Three other things you should know:
- We don’t do up front fees for small projects. You pay us when it’s done.
- We provide you a hard-dollar quote before we start. Unless you change something, you know, up-front, what it will cost.
- We run a tight security ship. We are careful with your data. We have a thorough security policy and procedure (which we are happy to share). We’re comfortable with your NDA or ours.