Proactive Risk Management Essential for Success
Compliance Monitoring and Testing Challenges
The changing regulatory landscape continues to be a challenge for compliance. Although many of the large changes to regulations have been implemented within the banking industry, banking enforcement actions within industry and other regulator guidance continue to shape and increase expectations for bank compliance. Continuous review of products and services for compliance with regulations as well as for expectations set forth in enforcement actions and regulator guidance is necessary for an effective compliance management program. As a best practice, a bank should incorporate reviews of banking enforcement actions and regulator guidance as a part of their compliance monitoring and testing plan.
"A clear understanding of the role of the first line of defense, the business, and the second line of defense, Compliance, is critical to establishing an effective compliance risk management program"
Understanding Responsibilities for Better Communication
Clear roles and responsibilities as well as robust communication with business lines are essential. The importance of front line risk management within the business, the “first line of defense,” is integral to effective compliance risk management. A clear understanding of the role of the first line of defense, the business, and the second line of defense, Compliance, is critical to establishing an effective compliance risk management program. We often say that compliance is a “village approach,” meaning that each line of defense must play its role to ensure that compliance risks are adequately managed. Once roles and responsibilities are understood, ongoing robust communication between the first and second lines of defense is essential.
Bridging the gap between Compliance and Technology
In order to bridge the gap between Compliance and Technology, it is important that processes are in place for the inclusion of compliance guidance in technology solutions. In a mature compliance risk management model, processes are established for the provision of compliance guidance for significant technology implementations and other projects affecting core business platforms. Ideally, Compliance engagement at a pre-implementation stage would occur to enable compliant technology solutions for the organization at the time of launch.
Advice to fellow CCOs
In order to have a successful compliance management program, the program must be proactive. Often times, banks are struggling to put out fires and are not at a place for proactive compliance risk management. Turning the corner to proactive compliance risk management is essential for success. In my experience, spending the time to develop and implement a robust compliance risk management program assists with proactive compliance management.
When CIO Means Chief Insight Officer
Implementing a Cyber-Security Program - The Journey of True Partnership with IT
Collaborative Comprehensive Information Technology Risk Management
ERM for All
By Chris Tjotjos, VP, Cisco Solutions Practice, Black Box...
By Laura Jackson, Sr. Manager-Risk Management, ABS Consulting
By Jason Cradit, VP of Information Systems, Willbros Group
By Steve Garske, Ph.D., Senior Vice President & Chief...
By Roman Trakhtenberg, CEO, Luxoft
By Renee P Wynn, CIO, NASA
By Mike Morris, CIO, Legends
By Louis Carr, Jr., CIO, Clark County
By Andrew Macaulay, CTO, Topgolf Entertainment Group
By Dominic Casserley, President and Deputy CEO, Willis...
By Dave Nelson, SVP-Portfolio Lead, Avanade, Inc.
By Michael Cross, SVP & CIO, CommScope Holding Company Inc.
By Pauly Comtois, VP DevOps, Hearst Business Media
By Dan Adam, CIO, Extreme Networks
By Matt Schlabig, CIO, Worthington Industries
By David Tamayo, CIO, DCS Corporation
By Scott Cardenas, CIO, City and County of Denver
By Marc Kermisch, VP & CIO, Red Wing Shoe Co.
By Brian Drozdowicz, VP, Digital Services, Siemens...
By Les Ottolenghi, EVP and CIO, Caesars Entertainment