How to Conduct a Required Bank Risk Assessment: Step-by-Step Guidance

01-28 to 01-29-2025 1:00 PM EST.

A periodic risk assessment is required by federal regulations. Few institutions, however, do them often enough or correctly, thus exposing the institution to potential risk and liability.   The purpose of an assessment is to identify, evaluate, and document the institution's risks and ensure it can operate safely while protecting its stakeholders. A risk assessment can take several forms. Typically, they are enterprise-wide or focused on a specific area such as BSA/AML/OFAC, cybersecurity, regulatory compliance, data security, etc. Risk assessments generally follow a step-by-step process that begins with selecting the focus area and identifying its risks, then analyzing and evaluating those risks, and finally controlling and monitoring them. A report on the findings is sent to both the board of directors and senior management. Bank executives can use risk assessments to make informed decisions about how to mitigate risks effectively before they threaten their institution's viability. Every institution is encouraged to conduct a risk assessment. Risk assessments vary in complexity based on the size of the institution, its focus, and the resources available. Regardless of size, regulators require an effective risk management program. Bobby Winstead, a former bank examiner, will guide you step-by-step through each stage of the risk assessment, highlighting key questions to ask at each stage.

What You'll Learn:

Our expert former bank examiner speaker will cover the following topics in this highly informative webinar:

• An overview of banking risk assessments
• Does the risk assessment need to be enterprise-wide, or can it focus on a specific area?
• Policies and procedures related to governance, organizational structures, and regulatory requirements
• What should you do first? The development of a risk profile as part of a risk assessment
• Who is responsible for what, from directors to staff?
• Controls used to assess risk
• Testing and developing controls are important
• Different types of risk assessments and what to consider when conducting them
• Does a risk assessment require specialized staff?
• Risk assessment steps
• Presenting findings to senior management and the board
  

Webinar Outline
A. Risk Assessment Overview
B. Types of Risk Assessments

• Enterprise
• Cyber
• BSA/AML
• Regulatory compliance
• Data security, etc.
  

C. Risk Assessment Complexity

• Institution Size
• Staffing
• Available Resources
• Internal Staff Versus Outside Consultants
  

D. Examples of Industry Best Practices and Risk Assessment Standards
E. Risk Assessment Stages

• Areas of focus and identifying the associated risks
• Analyzing and evaluating specific risks
• Correcting and monitoring identified risks
• Communicating findings to both senior management and the board of directors
  

F. Risk Assessment Governance and Organization
G. Regulatory Requirements—FDIC, FRB, OCC

• Policies and Procedures
  

H. Determining the Risk Profile and the Importance of Controls
I. Risk Assessment Control Testing and Response
J. Common Risk Assessment Mistakes
K. Risk Assessment Case Study