Strengthening Financial Services Risk Management Through Collaboration-Based Solutions
On the heels of several history-making bank collapses in the first quarter of 2023, financial institutions must fortify their internal controls programs to respond to greater scrutiny from federal regulators. With new regulations and stricter oversight on the horizon, financial institutions must balance these incoming responsibilities with existing compliance concerns, such as environmental, social, and governance (ESG) requirements, crypto assets, and new forms of technology-driven financial fraud.
AuditBoard’s latest ebook, Synchronizing Collaboration to Strengthen Internal Controls: A Guide for Financial Services, explores this intensifying risk and compliance landscape, and why now, more than ever, financial institutions must develop a strong, forward-looking internal controls program to stay ahead of potential risk. In particular, strategic collaboration across the three lines is essential for an effective internal controls environment in the face of increasingly complex requirements. Download the full ebook here, and continue reading to learn how financial institutions can optimize collaboration between the three lines to break through silos and improve overall risk mitigation.
2023: A Compliance Pressure Cooker
As the Department of Justice, Securities and Exchange Commission, and Fed conduct independent reviews, legal and financial experts predict small and midsize banks will likely bear much of the increased scrutiny and oversight that will emerge from their reports and recommendations this year. Areas where banks are expected to face stricter rules and supervision include:
- Stress test models and contingency planning.
- Interest rate management.
- Asset liability management.
- Bank liquidity requirements.
- Market capital requirements on midsize banks.
- Industries with concentrated, high-value customer bases.
- Regional banks focused on lending to commercial real estate.
To prepare for these challenges in the months ahead, management, risk, compliance, and internal audit must not only be open to, but strive to discover more efficient ways to collaborate on internal controls management activities. “As with all new or heighted regulations, we will see an influx of new issues and findings, to which organizations will need to quickly remediate and respond,” says Jill Agudelo, a partner at CrossCountry Consulting. “A common challenge is the organization’s ability to quickly identify the responsible parties and employ the necessary project and change management to quickly address the concerns. The key to success is to be proactive and strengthen your existing risk management programs in preparation for what is to come rather than to put a band-aid on the problem after it arises.”
Activating Collaboration Through Shared Resource Creation
There are different routes audit, governance, risk, and compliance functions can take to begin addressing existing collaboration challenges. The first step in creating a successful alliance begins with these teams agreeing to invest in improving cross-collaboration methods. All stakeholders involved should agree and understand that optimizing collaboration is a business imperative to ultimately add more value to the organization.Translating this collective desire into tangible outputs can help activate the process of enhancing collaboration. Of course, being able to quantify the impact to the overall cost of compliance will always help in fostering additional buy-in.
The act of working together to create shared resources — such as a universal risk library and risk methodology — engages siloed audit, governance, risk, and compliance teams into discussing and ultimately aligning on shared risk definitions and risk ranking criteria. This extends to creating a common controls library; the end result is a universal controls library that simplifies the environment, reduces duplication and overlap in compliance efforts, and will help the organization manage risk more effectively. Activities that can jump-start collaboration across risk, compliance, and audit teams include:
- Creating an assurance map to highlight gaps and overlaps in assurance activities.
- Developing a single assurance strategy to streamline risk management processes across the three lines.
- Defining a common risk taxonomy, definitions, and risk ranking criteria.
- Establishing a universal risk and controls catalog to standardize information, reduce confusion, and eliminate redundant data.
- Establishing a universal issue and risk assessment methodology for streamlined reporting and analysis.
- Migrating risks, controls, and issues data from siloed systems and legacy tools to a centralized system of record, most notably an integrated mechanism for tracking open issues across the organization.
These shared resources ultimately form the foundation for improved collaboration as compliance stakeholders move forward and take on emerging risks. Another way to improve collaboration across the three lines is by clarifying roles and responsibilities. New risks and controls present an opportunity for compliance stakeholders to clarify, remodel, or redefine roles and responsibilities — as well as test out new collaboration methods. To learn more about how the three lines can clarify their roles and responsibilities to better manage risks, download the full ebook, Synchronizing Collaboration to Strengthen Internal Controls: A Guide for Financial Services.
Aaron Lancaster is a Manager of Partner Solutions at AuditBoard, where he serves as a product and industry expert to support AuditBoard’s alliance members. Aaron has more than 15 years of experience in internal audit, risk management, organizational controls, compliance, and business process improvement with primary focus on financial services. Connect with Aaron on LinkedIn.
Kim Pham, CIA, is a Market Advisor, SOX & Compliance at AuditBoard, with 10 years of experience in external and internal audit. She started her career in at Deloitte & Touche LLP., and continued to grow her experience in internal audit focusing on SOX compliance and operational audits at Quiksilver, the California State University Chancellor’s Office, and CKE Restaurants.