Compliance Risk Self Assessment
Model
Compliance Risk - Definition
 The risk to earnings or capital arising from violations
of, or nonconformance with laws, rules, regulations,
prescribed practices, or ethical standards.
 Compliance risk also arises in situations where the
laws or rules governing certain bank products or
activities of the bank's clients may be ambiguous or
untested.
4/13/2015
2
Compliance Risk Assessment Phases
• Bank should periodically assess Compliance risk impact
• Bank should measure the magnitude of potential loss;
 Reputation
 Regulatory
 Operational
 Legal / Error
• There are three main phases to assess the compliance risk
 Phase 1:
Data Collection
 Phase 2:
Compliance Analysis
 Phase 3:
Communicating Compliance Risk
4/13/2015
3
Phase 1 : Data Collection
Step One: Products and Services
 Make a list of all products and related services that are offered.
Step Two: Systems and Controls
 List all types of Controls related to each product in
questionnaire format
 Interview Department Management to identify controls
4/13/2015
4
Phase 2: Compliance Analysis
• Compliance convert business response to:
 Regulatory Risk
 Reputation Risk
 Operational Risk
 Probability of Error Risk
• Compliance to prepare Inherent & Residual Risks levels
5
4/13/2015
Phase 3 :Communicating Compliance Risk
Step One: Align with Business
 Compliance will call for meeting with Business head
 Compliance will present their analysis and identify Compliance
High Risk issues
 Business to demonstrate probability of risk change over next 12
months
 Document Corrective actions plan
Step Two: Escalation Process
 Compliance will escalate Compliance issues with increasing risk
level.
4/13/2015
6
Outcome
 What are the biggest compliance risk facing your
bank/division/department
 What about the next three years
 Risk definition / description
 Current controls
4/13/2015
7