Proactive Risk Management Essential for Success
Compliance Monitoring and Testing Challenges
The changing regulatory landscape continues to be a challenge for compliance. Although many of the large changes to regulations have been implemented within the banking industry, banking enforcement actions within industry and other regulator guidance continue to shape and increase expectations for bank compliance. Continuous review of products and services for compliance with regulations as well as for expectations set forth in enforcement actions and regulator guidance is necessary for an effective compliance management program. As a best practice, a bank should incorporate reviews of banking enforcement actions and regulator guidance as a part of their compliance monitoring and testing plan.
"A clear understanding of the role of the first line of defense, the business, and the second line of defense, Compliance, is critical to establishing an effective compliance risk management program"
Understanding Responsibilities for Better Communication
Clear roles and responsibilities as well as robust communication with business lines are essential. The importance of front line risk management within the business, the “first line of defense,” is integral to effective compliance risk management. A clear understanding of the role of the first line of defense, the business, and the second line of defense, Compliance, is critical to establishing an effective compliance risk management program. We often say that compliance is a “village approach,” meaning that each line of defense must play its role to ensure that compliance risks are adequately managed. Once roles and responsibilities are understood, ongoing robust communication between the first and second lines of defense is essential.
Bridging the gap between Compliance and Technology
In order to bridge the gap between Compliance and Technology, it is important that processes are in place for the inclusion of compliance guidance in technology solutions. In a mature compliance risk management model, processes are established for the provision of compliance guidance for significant technology implementations and other projects affecting core business platforms. Ideally, Compliance engagement at a pre-implementation stage would occur to enable compliant technology solutions for the organization at the time of launch.
Advice to fellow CCOs
In order to have a successful compliance management program, the program must be proactive. Often times, banks are struggling to put out fires and are not at a place for proactive compliance risk management. Turning the corner to proactive compliance risk management is essential for success. In my experience, spending the time to develop and implement a robust compliance risk management program assists with proactive compliance management.
When CIO Means Chief Insight Officer
Implementing a Cyber-Security Program - The Journey of True Partnership with IT
Collaborative Comprehensive Information Technology Risk Management
ERM for All
By Debra Jensen, CIO, Charlotte Russe
By Phil Jordan, CIO, Telefonica
By Alberto Ruocco, CIO, American Electric Power
By Sven Gerjets, SVP-IT, DIRECTV
By Adrian Mebane, VP-Global Ethics & Compliance, The Hershey...
By Mike Fitton, Wireless Business Unit Director, Altera
By Jim Kaskade, VP and GM, Big Data & Analytics, CSC
By Graham Welch, Director-Cisco Security, Cisco
By Michael Watkins, Senior Product Director, Global Knowledge
By Nelson C. Vincent, EdD, VP for IT and CIO, University of...
By Sharon Gietl, VP-IT & CIO, The Doe Run Company
By Arnold Leap, CIO, 1-800-Flowers.com
By Gary Barlet, CIO, USPS OIG
By Mike Dieter, CTO, Transplace
By Bill Schimikowski, VP, Customer Experience, Fidelity...
By Kevin Kometer, CIO, CME Group
By John Landwehr, Public Sector CTO, Adobe
By Marc Probst, CIO & VP, Intermountain Healthcare
By Charles Koontz, President & CEO, GE Healthcare IT & Chief...
By Jeff Bauserman, VP-Information Systems & Technology,...