Risk Management Choosing the Right Risk Management Framework for Your Financial Institution What’s the difference between Enterprise Risk Management (ERM); Integrated Risk Management (IRM); and Governance, Risk and Compliance (GRC)? Does it really matter if financial institutions use one of these risk management frameworks? As it turns out, it does. Selecting the right risk management framework empowers financial institutions to meet
Risk Management Do You Need to Manage Fourth-Party Risk? You’re a pro at managing third-party risk, but how do you deal with fourth-party risk? Your vendors are likely farming out critical activities to other vendors. It’s all a part of ordinary business operations. Just as you want to maximize efficiencies, so do your vendors. However, your vendors’
Risk Management How to Respond to 4 Common Technology Objections from Your Board Your board of directors is responsible for safety and soundness, growth, and increasing the profitability of your institution — all while serving the needs of your customers, employees, and community. Meeting these goals requires that the board of directors makes wise investments in capital projects, including adding or upgrading technology. In
Risk Management How will the New Cyber Incident Notification Rule Affect your FI? 4 Steps to Update Your Institution’s Incident Response Plan Federal regulators have been encouraging financial institutions to share information about known cyber incidents for years. Now banks and their third-party service providers have until May 1, 2022, to comply with the new rule requiring prompt regulator notification in the event of a cyber incident. How to Respond When a
Risk Management The Good Enough Myth: How the “Swiss Army Knife” of Business Tools Can Fail You Today I’d like to share a story from The Financial Times [https://www.ft.com/] that’s very near and dear to my heart: The Tyranny of Spreadsheets: How One of Our Most Powerful Tools Became One of the Most Misused. If you’ve been using spreadsheets to manage
Risk Management Ransomware: 7 Tips for Managing A Growing Risk Ten years ago, few people could have imagined that one of the greatest operational and data security threats to financial institutions would be extortionists holding data hostage. Yet that’s exactly what’s happening today with ransomware. The banking industry has become a massive ransomware target—and the threat is
Risk Management Artificial Intelligence Won’t Replace You—But It Will Make You Smarter Does the phrase “AI in risk and compliance management" conjure up images of robots taking over the world—or worse yet, replacing you at work? From the Terminator to Hal in 2001: A Space Odyssey (and a spate of other films like Blade Runner and The Matrix), countless films
Risk Management Ask a Risk Manager: How Can Risk Management & Compliance Work Together How can risk management and compliance work together as partners at a financial institution? There’s no one better to ask than someone who has worn both of those hats. Enter Denise Guira, senior vice president of integrated risk at $5.2 billion MIDFLORIDA Credit Union in Lakeland, Florida. Denise
Risk Management The Cost of Compliance in 2021 Compliance isn’t cheap—but how much is it really costing the financial services industry and financial institutions like yours? Nearly one-third (31.4%) of community banks expect to spend 5 percent or more on compliance than they did in 2020, according to the 2021 Community Bank CEO Outlook survey
Risk Management How to Lighten Your Compliance Management Workload Compliance management is a never-ending job. As soon as one regulation is implemented or training or testing is completed, another one immediately takes its place. It can be overwhelming, but there are ways to lighten your compliance management workload while still staying compliant and on task. Here are four tips.
Risk Management Building Up the Three Lines of Defense in Your CMS When it comes to compliance, there is a good reason for three lines of defense. They ensure that a bank’s lending compliance management system (CMS) is effectively guarding the bank against unnecessary risk. The First Line of Defense: Employees The first line of defense is the business. From the
Risk Management What Happens When the Three Lines of Defense Fail: Inside JPMorgan’s $250 Million Fine JPMorgan Chase Bank is on the hook for a $250 million civil money penalty after the Office of the Comptroller of the Currency (OCC) found the bank failed to maintain [https://www.occ.gov/news-issuances/news-releases/2020/nr-occ-2020-159.html] adequate internal controls and internal audit over its fiduciary business—an
Risk Management Inside a Big Bank’s $60 Million Fine for Vendor Mismanagement Earlier this year the Office of the Comptroller of the Currency hit Morgan Stanley with a $60 million civil money penalty for faulty vendor management practices that potentially exposed sensitive customer data. The bank also faces seven class-action lawsuits accusing it of negligence. What went wrong and how do you
Risk Management 6 Lessons Learned from a Bank’s $400 Million Mistake What does it take to get a $400 million civil money penalty for data governance, risk management, and internal controls resulting in unsafe or unsound practices? That’s what everyone is asking since the Office of the Comptroller of the Currency hit Citibank with a $400 million civil money penalty
Risk Management Does Your BCP Have a BCP? And other disaster recovery concerns If there has ever been a year for contingency plans, 2020 is it. Many financial institutions have activated their business continuity plans (BCP) due to the COVID-19 pandemic. Now as hurricanes, wildfires, and other natural disasters disrupt business further, FIs are finding themselves activating a second BCP on top of
Risk Management Did Your Vendor Need PPP Funds? Did one of your third-party vendors need Paycheck Protection Program (PPP) funds? This is the question everyone is asking since the Small Business Administration (SBA) released the list of businesses that took PPP loans. (The Washington Post’s PPP searchable database includes companies that borrowed more than $150,000.) As
Risk Management Third-Party Vendors & Compliance Risk: 10 High-Risk Compliance Situations & the Due Diligence Documentation Mistakes That Make Them Hard to Discover The only thing worse than getting in trouble for making a mistake is getting in trouble when somebody else makes a mistake. That’s the situation financial institutions face when a third-party vendor acting on behalf of the bank doesn’t comply with laws and regulations. Your bank may think