Risk Management - Control risks with ABS automated systems

Keeping the Regulators at Bay

Given the focus on risk management, banks should become proactive at the highest organizational levels in addressing compliance risk management. While compliance in actual transactions ("micro-compliance") remains important, bank boards and senior officers must think more on a "macro" level - the focus now must be on overall compliance from a systematic/process viewpoint. Spend the time here (documenting your compliance management efforts) and you'll see less regulator scrutiny of individual loan/deposit files.

Note: ABS' CompliancePro^® software is particularly well-suited for use in the new world of compliance risk management.

Compliance - it's all about Risk Management

by James W. Bruce, III, General Counsel

Two events mark a shift in how banks are now expected to manage their compliance responsibilities.

The First Event.

On June 20, 2003, the FDIC revised its compliance examination process to focus increased attention on an institution's compliance management system. See FIL-52-2003.

FDIC compliance examination methodology now blends both risk-focused and process-oriented approaches. "Risk-focusing" involves using information gathered about a financial institution to direct FDIC examiner resources to those operational areas that present the greatest compliance risks. By concentrating on the institution's internal control infrastructure and methods, or the "process" used to ensure compliance with federal consumer protection laws and regulations, the FDIC is acknowledging that the ultimate responsibility for compliance rests with the institution.

Risk-focusing involves:

1. developing a compliance risk profile for an institution using various sources of information about its business lines, organizational structure, operations, and past supervisory performance;
2. assessing the quality of an institution's compliance management system in light of the risks associated with the level and complexity of its business operations and product and service offerings; and
3. testing selected transactions based on risk, such as when an operational area is determined to be high risk and the institution's compliance management efforts appear weak.

Compliance examinations will start with a top-down, process-oriented, comprehensive review and analysis of an institution's compliance management system. The examination will consider:

1. the knowledge level and attitude of management and personnel;
2. management's responsiveness to emerging issues and past or self-identified compliance deficiencies;
3. compliance organizational structure, such as reporting relationships and recent experiences with staff turnover;
4. management information systems;
5. policies and procedures;
6. training;
7. monitoring and audit programs.

The Second Event.

In July of 2003, the OCC issued its Community Bank Supervision handbook, which states that the OCC supervision of community banks will focus on the bank's ability to properly manage risk.

According to the handbook, the OCC's community bank supervision is designed to:

1. Determine the condition of the bank, as well as the levels and trends of the risks associated with current and planned activities.
2. Evaluate the overall integrity and effectiveness of risk management systems by conducting periodic validation.
3. Determine compliance with banking laws and regulations.
4. Communicate findings, recommendations, and requirements to bank management and directors in a clear and timely manner, and obtain informal or formal commitments to correct significant deficiencies.
5. Verify the effectiveness of corrective actions or, if actions have not been undertaken or accomplished, pursue resolution through appropriate supervisory or enforcement actions.