The era of the wild west of tech is slowly coming to an end. There is increased pressure on Congress to pass a national data privacy law, and many states have independently been passing their own laws to protect consumer privacy—the largest of which is the California Consumer Privacy Act (CCPA). California’s attorney general recently released some enforcement case examples as part of an update on the first year of enforcement measures. Additionally, a…
Financial institutions are starting to review the implications of environmental, social, and governance (ESG) practices and how they can work to shape a better future. While regulatory focus is currently targeting large institutions, smaller firms should also be considering what they can do at a localized level and how ESG intersects with building best-in-class risk management practices. When regulators begin to prioritize a policy area such as ESG compliance, risk professionals need to start…
Over the past few decades, a broad range of governance, risk, and compliance (GRC) management solutions have entered the market. Research firm GRC 20/20 has mapped over 800 different GRC technology solutions, and the space continues to grow. This abundance of options complicates organizations’ ability to effectively evaluate, select, and implement the right GRC platform. Some organizations are looking for a niche tool to help them address regulatory burden or a specific risk area…
The Federal Reserve, FDIC, and OCC have recently released interagency guidance on managing risks associated with third-party relationships. The proposed guidance offers a framework based on sound risk management principles and best practices that financial institutions supervised by the issuing agencies can use to address third-party risks. Regulator Guidelines for Third-Party Risk Management Stressing the importance of adequately evaluating and managing risks associated with third-party relationships, the guidance emphasizes some baseline assumptions and criteria, including: The use of third parties may offer significant advantages and efficiencies but doesn’t preclude the need for sound risk management.…
Compliance risk remains one of the most dynamic landscapes for financial institutions to manage. In the wake of the financial crisis of the 2000s, the regulatory environment continues to change, making effective compliance program management more complex. Penalties for non-compliance have dramatically increased relative to earnings and credit losses, while the scope of regulator focus expands. Compliance risk now extends to nearly every aspect of an institution’s operations and business, including conduct, risk culture,…