Compliance Risk - Definition

The risk to earnings or capital arising from violations of, or nonconformance with laws, rules, regulations, prescribed practices, or ethical standards.

Compliance risk also arises in situations where the laws or rules governing certain bank products or activities of the bank's clients may be ambiguous or untested.

204/19/23

Compliance Risk Assessment Phases• Bank should periodically assess Compliance risk

impact• Bank should measure the magnitude of potential loss;

ReputationRegulatoryOperationalLegal / Error

• There are three main phases to assess the compliance riskPhase 1: Data CollectionPhase 2: Compliance AnalysisPhase 3: Communicating Compliance Risk

304/19/23

Phase 1 : Data Collection

Step One: Products and Services

Make a list of all products and related services that are offered.

Step Two: Systems and Controls List all types of Controls related to each product in

questionnaire format Interview Department Management to identify

controls

404/19/23

Phase 2: Compliance Analysis

• Compliance convert business response to:

Regulatory Risk

Reputation Risk

Operational Risk

Probability of Error Risk

• Compliance to prepare Inherent & Residual Risks levels

5

04/19/23

Phase 3 :Communicating Compliance Risk

Step One: Align with Business Compliance will call for meeting with Business head Compliance will present their analysis and identify

Compliance High Risk issues Business to demonstrate probability of risk change

over next 12 months Document Corrective actions planStep Two: Escalation Process Compliance will escalate Compliance issues with

increasing risk level.

604/19/23

Outcome

What are the biggest compliance risk facing your bank/division/department

What about the next three years

Risk definition / description

Current controls

704/19/23