Measuring Risk
A key element of measuring risk is determining the amount and priority of risk. With compliance regulations, some risks are very difficult to manage in a way that reduces or eliminates risk. Discrimination can occur even under the best of programs. Moreover, it only takes one instance to wreak a great deal of damage.
Other regulatory requirements can be minimized through effective actions such as clear and detailed policies, good training programs, and appropriate tools and controls. Examples of such program controls include maintaining a list of qualified appraisers, conducting a quality or completeness review before closing a loan, and providing checklists or software.
Some risks are difficult to control because the step can only be performed by a person. Controls cannot be there to see that the person does the right thing. All the training and procedures in the world can't stop someone who wants to sell a product to a customer no matter what.
Some risks can be effectively controlled, but one single slip can have serious consequences. Missing one flood insurance renewal or a renewal for an insufficient amount can result in penalties.
In this issue, we take the primary lending regulations and identify the inherent risks in each regulation. Then we suggest what must or can be put in place to control the risk. Finally, we suggest what the residual is likely to be. This, of course, depends on the quality of controls and the culture of the institution. So do more than take our word for it. Put all these considerations and any others you can think of into the context of your institution.
Risk by Regulation: Inherent and Residual (Chart)
Copyright © 2006 Compliance Action. Originally appeared in Compliance Action, Vol. 10, No. 16, 1/06