This month’s roundup of recent news and developments in the world of governance, risk, and compliance (GRC) for financial services includes:
Let’s dive in:
According to recent research released by LexisNexis in its annual True Cost of Financial Crime Compliance Report, global financial crime compliance costs for financial institutions total U.S.$206.1 billion.
The survey of more than 1,100 compliance professionals looked at “how financial institutions navigate the expenses and challenges tied to evolving financial crime compliance requirements,” finding that “problems with data quality, data silos, outdated legacy systems and a lack of collaboration internally can create avoidable compliance activity and expenditure.”
At a board meeting on October 3, 2023, the FDIC voted to approve a proposed rulemaking that would establish new standards for corporate governance and risk management at banks with $10 billion or more in total consolidated assets.
ABA Banking Journal summarizes the proposal as follows:
“Among other things, the proposed guidelines state that bank boards should establish risk management programs ‘appropriate for the size, complexity, business model, and risk profile of the covered institution.’ Banks also should have a ‘three-line-of-defense model of risk management’ for monitoring and reporting risks consisting of business units, an independent risk management function led by a chief risk officer, and an institution’s internal audit unit led by a chief audit officer. In addition, banks should ‘effectively communicate’ their risk appetite and policies to encourage compliance by all employees, and identify and report breaches of risk limits, even if the institution does not realize a loss from the breach.”
FDIC Board Chairman Martin J. Gruenberg noted in a statement that poor corporate governance and risk management practices were contributing factors in the string of regional bank failures earlier this year and that the proposed guidelines are designed to “clarify the FDIC’s expectation that corporate governance and risk management frameworks need to evolve along with growth, complexity, and changing business models and risk profiles of larger IDIs [insured depository institutions].”
The Institute of Internal Auditors (IIA) recently released its 2024 Risk in Focus report, a global survey to assess the current and emerging risk areas auditors are concerned about. In North America, chief audit executives and other audit leaders identified their organization’s top 5 areas of highest risk as:
The Office of the Comptroller of the Currency (OCC) released its bank supervision operating plan for fiscal year 2024, highlighting the following areas of heightened focus, among others:
“The list of supervisory priorities shifts from year to year, although many broader priorities have remained more or less the same, such as a focus on banks’ cybersecurity and anti-money laundering strategies,” ABA Banking Journal explains. “One new emphasis in 2024 will be asset and liability management, both of which played a role in the bank failures earlier this year.”
Research from consulting firm CCG Catalyst looks at the future of banking and “the hottest pockets of innovation and technology in financial services” in its New Frontiers in Banking 2023 report. Topics addressed in the survey of C-level bank executives include artificial intelligence (AI), digital currencies, open banking, and cannabis banking, among others.
Commentary on the report from Tearsheet highlights the risk and opportunity in AI, noting that “44% of banking execs think AI represents the biggest risk for their bank in the coming decade. On the one hand, AI promises to personalize financial products and optimize their delivery, but on the other, it’s also a boon for the banking industry’s diametrically opposed foes: fraudsters and bad actors.”