The Practices and Procedures for Financial Institution Risk Management manual provides a comprehensive guide to developing a risk management program. Because risk management is inherent in all aspects of financial institution products, services and functions, the regulators continue to include risk management as a top priority in their policies, guidance, and examination requirements. Financial reform places a heavy emphasis on financial institutions' obligations to manage and mitigate risks.
This manual covers the most critical areas on which regulators are focusing examinations, including:
* Setting up a risk management function, organizing for risk management, and appointing a Risk Management Officer (Chapters 1 through 3);
* Evaluating when to purchase insurance to transfer risks (Chapter 4);
* Conducting risk assessments for the entire institution's products, services, and functions consistent with the seven regulatory risk management areas: credit risk, interest rate and market risk, liquidity risk, transaction risk, compliance and legal risk, reputation risk, and strategic risk (Chapter 5); and
* Evaluating preventative measures to help you respond to common risk issues found in examinations that may also impact your institution (Chapters 6 through 11).
As you adopt the practices and programs in this manual, you are likely to uncover risk areas that require additional controls to reduce risks. We suggest that you work closely with your internal and external auditors to determine what controls are the most cost-effective to implement. In addition, for best results, your internal auditor should use a risk based audit approach to audit planning. The risk based audit approach can be coordinated with the risk assessments covered in this manual to optimize the auditor's efforts. You should also coordinate periodic risk assessment updates with the risk based audit planning schedule and the institution's strategic planning sessions to provide for good communications among all institution functions.
The manual also includes more than 100 examples of specific risks, drawn from each of the major risk areas, and includes suggested remedies.
Chapter 1: Organizing for Risk Management
Chapter 1A: Establishing an Internal Control Framework and Guidelines
Chapter 1B: Assessing the Institution's Internal Control Systems
Chapter 1C: Conducting ERM Risk Assessments
Chapter 2: Establishing a Risk Management Program Policy
Chapter 3: Sample Risk Assessment Report
Chapter 4: Assessing Your Insurance Management Program
Chapter 4A: Evaluating Consumer Compliance Risk
Chapter 5: Conducting Overall Risk Assessment Surveys
Chapter 6: Evaluating Your Credit Risk Management Program
Chapter 6A: ACH Risk Management Program
Chapter 7: Evaluating Your Interest Rate Risk Management Program
Chapter 8: Evaluating Your Liquidity Risk Management Program
Chapter 8A: Providing Capital for Market Risk
Chapter 8B: Identifying Capital Management Planning Risk
Chapter 8C: Stress Testing to Manage Credit Risk and Preserve Capital
Chapter 8D: Assessing Safety and Soundness Compliance in the Lending Function
Chapter 9: Evaluating Your Technology and Operations Risk Management Program
Chapter 9A: Risk Management of Remote Deposit Capture
Chapter 10: Evaluating Your Security Risk Management Program
Chapter 10A: Assessing Fraud Risks
Chapter 11: Evaluating Your Accounting Risk Management Program
Chapter 12: Risk Assessment of Sound Practices for Model Risk Management
Gary M. Deutsch, CPA, MBA, CMA, CBA, CIA, has worked extensively with financial institutions in audit, lending, financial, and operational areas. He has served in senior positions for regional banks as VP of Finance, Real Estate Loan Officer, and Senior Audit Manager. Mr. Deutsch served as a consultant to financial institutions in strategic planning, profit improvement, financial management, and merger and acquisition-related studies while working at KPMG. He was the CFO at a start-up bank, where he organized the accounting, finance, and investment functions to manage significant growth.