Recently we have witnessed the Colonial Pipeline cyberattack, a significant Microsoft Exchange Server hack, and the infamous SolarWinds breach severely impact U.S. companies and the country more broadly. Each of these attacks has been a highly sophisticated breach of the United States’ cyberinfrastructure. Each has also served as a serious and sobering reminder of the digital age and dangerous world we live in. Over the years, there has been a consistent stream of headlines on…
Your organization is always changing, and with it, your methods for governance, risk, and compliance (GRC) management need to grow and mature. Inefficient GRC strategies can result in costly and time-consuming management practices. Previously, it was common to manage disciplines that fall under the GRC umbrella—such as business continuity, regulatory compliance, and vendor risk—separately, but GRC technology has given businesses the means to address interconnected risks and streamline their efforts into an effective program.…
Uncertainty and resiliency have been major themes of the past year. Risk management strategies in financial services have undergone a significant change over the years. While many of those changes resulted from new financial regulations that were designed to prevent an additional crisis, technological advancements have also raised customers’ expectations and created new risks. Now with the pandemic, banks have had to alter operations to coincide with CDC guidelines. As a result of these…
When considering the chaos of modern business, it’s important to rightsize your governance, risk, and compliance (GRC) processes to your immediate needs, but also forecast for future growth and maturity. Organizations need to make decisions today that prevent the business from becoming over-burdened by a future state of departmentalized thinking, emerging risks, and compliance requirements. An inefficient, siloed GRC program doesn’t set the tone for operational success. To develop a roadmap that considers your…
U.S. federal regulators recently issued an interagency statement on the use of model risk management guidance (MRMG), intended to give clarity to banks in complying with Bank Secrecy Act/anti-money laundering (BSA/AML) and Office of Foreign Assets Control (OFAC) regulations and requirements. As management techniques for BSA/AML compliance shift toward the use of technology, automation, AI, and machine learning, these models become more difficult to evaluate through MRMG. Fortunately, the AML Act of 2020 requires…