Skip to content
 

Performing Risk Assessments

Answered by: 
BOL Guru

Question: 
What individual risk assessments is a bank expected to perform? How do the individual risk assessments fit together with an "enterprise risk assessment"?
Answer: 

Management is expected to prepare risk assessments as a basis for the development of policies and procedures. Additionally, risk assessments are an integral part of the decision making process for new products and services, making investments in new technology, selecting and working with vendors, allocating time and resources for BSA monitoring, audit and compliance, etc. Some of the most common individual risk assessments include:

  • Information Security
  • Business Continuity Planning/Disaster Recovery (i.e., threat assessment, business impact analysis)
  • Information Technology
  • Bank Secrecy Act/Anti-Money Laundering compliance, Office of Foreign Assets Control compliance (OFAC)
  • Physical Security
  • Fair Lending
  • FACTA Red Flags (ID Theft)
  • Audit and Compliance

These individual risk assessments can provide valuable information that is used as part of an overall Enterprise Risk Assessment. This information, along with financial, economic and other data, can be used to develop a "dashboard" of leading and lagging key risk indicators.

First published on BankersOnline.com 11/03/08

First published on 11/03/2008

Filed under: 
Compliance
Lending
Operations
Security
Technology
Filed under compliance as: 
Audit
FACTA
Fair Lending
Investments
Lending
Management
Policies
Red Flags
Security
Technology
Filed under lending as: 
Audit
FACTA
Fair Lending
Policies
Security
Filed under operations as: 
Audit
FACTA
Fair Lending
Information Technology
Investments
Red Flags
Security
Technology
Filed under security as: 
Audit
FACTA
Information Technology
Lending
Management
Policies
Red Flags
Security
Technology
Filed under technology as: 
Audit
Lending
Management
Policies
Security
Technology

Report a problem with this page

Search Topics