Regulatory News: Risk Management
The bank regulatory agencies have recently announced that examinations will be based on risk analysis. Risk is being discussed primarily in the context of the safety and soundness examination. However, the principles of risk management should be familiar to compliance managers.
Compliance is all about prevention of risk or minimizing risk exposure. The issues and techniques of risk management in compliance are strikingly similar to risk management issues and techniques throughout the bank.
In testimony before the House Committee on Banking and Financial Services, Richard Spillenkothen, Director of the FRB's Division of Banking Supervision and Regulation described four basic elements of sound risk management. Essentially, these four elements describe a compliance program.
- Risk management must involve active oversight by the bank's board of directors and senior management. While it is not necessary that they be experts on technical matters, they should be advised on risk issues in terms that they understand. Directors should set the bank's tolerance for risk and communicate that to management. Directors also have the responsibility of ensuring that their decisions are implemented and enforced.
- The bank must have adequate policies, limits, and procedures. These should be tailored to the bank and should provide specific guidance on the nature and volume of risks the bank will take.
- The bank must have adequate risk measurement, monitoring, and management information systems. The bank should have an ability to identify and measure risk and communicate this to management. Reports to management and the board are essential to this element.
- The bank must have adequate internal controls and audits. There must be a system for monitoring adherence to policies and procedures. This element relies heavily on the skill and independence of those conducting the monitoring and auditing. These procedures must be conducted with sufficient scope and frequency to identify problems and hold risk to the level that the bank can tolerate.
These risk management elements describe a good compliance program. In future issues, we will deal more specifically with how compliance programs should reflect risk management principles and identify specific compliance actions that you can consider for your bank's compliance program.
Copyright © 1996 Compliance Action. Originally appeared in Compliance Action, Vol. 1, No. 6, 4/96