This monthâs roundup of recent news and developments in the world of governance, risk, and compliance (GRC) for financial services includes:
Letâs dive in:
On August 14, the Federal Deposit Insurance Corporation (FDIC) released its 2023 Risk Review, summarizing key risks in the banking industry. This yearâs report includes a new section on crypto-asset risks, in addition to highlighting credit, market, operational, and climate-related risk categories.
The specific areas discussed in each risk category are as follows:
In August, the Credit Union National Association (CUNA) and the National Association of Federally-Insured Credit Unions (NAFCU) announced their intention to merge into one organization called Americaâs Credit Unions.
Reactions to the two trade associations merging vary, according to a CUToday survey, with industry leaders recognizing the benefits of a united voice for credit union advocacy, but also expressing concern over a lack of competition and checks and balances.
The merger is subject to approval from CUNA and NAFCU members, and the 60-day voting period opened on August 28.
A 16-person transition board of directors, with CUNA President Jim Nussle as the new associationâs CEO, would helm the merger in the event of a successful vote. The proposed timeline plans for legal formation of the new organization in January 2024, with operations commencing by early 2025.
On August 25, Paul Munter, chief accountant at the Securities and Exchange Commission (SEC), released a statement on the importance of comprehensive risk assessments.
Munter reminded auditors and management teams that ârisk assessment processes are critical to the decisions regarding financial reporting and the effectiveness of internal control over financial reporting (ICFR).â
âAccordingly, we are troubled by instances in which management and auditors appear too narrowly focused on information and risks that directly impact financial reporting, while disregarding broader, entity-level issues that may also impact financial reporting and internal controls.â
“The crux of Munterâs remarks is that one-off incidentsâi.e., a data breachâmight not be part of traditional ICFR assessments but still could pose a significant impact to financial reporting,” Compliance Week reports. “The call for auditors to take on more responsibility in assessing such matters falls in line with increased pressure placed on the profession to serve as gatekeepers holding management accountable, most notably with the Public Company Accounting Oversight Boardâs proposed standard updates to require auditors to enhance scrutiny toward potential instances of company noncompliance, including fraud.”
As regulators increase scrutiny over financial technology companies (fintechs) and bank-fintech partnerships, firms are struggling to keep up with compliance management.
Ninety-three percent (93%) of fintechs said it was challenging to meet regulatory requirements, and more than 60% paid at least $250K in fines for compliance violations in the past year, according to Alloy’s 2023 State of Compliance Benchmark Report.
âWhile a larger, well-established fintech may have a more developed compliance team, its challenges may center more around changes in regulatory requirements, reporting requirements, or managing the tools they use to manage their compliance program,â Tearsheet points out in a review of the report. âWhereas, earlier-stage fintechs that donât yet have a compliance officer on staff or a complete team may struggle in the interpretation of various laws and regulations.â