The Federal Reserve, FDIC, and OCC have recently released interagency guidance on managing risks associated with third-party relationships. The proposed guidance offers a framework based on sound risk management principles and best practices that financial institutions supervised by the issuing agencies can use to address third-party risks. Regulator Guidelines for Third-Party Risk Management Stressing the importance of adequately evaluating and managing risks associated with third-party relationships, the guidance emphasizes some baseline assumptions and criteria, including: The use of third parties may offer significant advantages and efficiencies but doesn’t preclude the need for sound risk management.…
Compliance risk remains one of the most dynamic landscapes for financial institutions to manage. In the wake of the financial crisis of the 2000s, the regulatory environment continues to change, making effective compliance program management more complex. Penalties for non-compliance have dramatically increased relative to earnings and credit losses, while the scope of regulator focus expands. Compliance risk now extends to nearly every aspect of an institution’s operations and business, including conduct, risk culture,…
Hacking, data breaches, and information security issues are ongoing threats in every industry and organization. The sophistication of cybersecurity risks has grown so quickly that many senior executives feel like they can’t keep up. For many organizations, IT risk management resembles a game of whack-a-mole — every time one risk has been mitigated, another pops up. Reactive or manual management approaches fall short in adequately understanding and addressing the complexity and interconnectedness of risk…
After over a year and a half of living through the new normal of a world shaped by the coronavirus pandemic, building a robust governance program hasn’t gotten easier. Crises test, shape, and reveal resiliency, and organizations with management frameworks that support good governance and ethical practices emerge as the frontrunners. Corporate culture can make or break an organization. Senior management and employees alike contribute to a culture of ethics and integrity, which sets…
Adopting and embedding risk appetite and tolerances is not only essential for financial services organizations to make informed, risk-based decisions, but also supports the long-term health and success of the institution. As a core component of an effective enterprise risk management (ERM) framework, risk appetite is more than a metric, COSO points out in Risk Appetite – Critical to Success. It “can lead an organization to proactive, forward-looking opportunities that tie appetite and strategy…