1273562, Jyotika Sharma, F1, Q38- Why are banks enhancing process and risk assessments?

1273562, Jyotika Sharma, F1, Q38- Why are banks enhancing process and risk assessments?

Risk Assessment can be defined as the identification, evaluation, and estimation of the levels of risks involved in a situation, their comparison against benchmarks or standards, and determination of an acceptable level of risk.

A risk assessment is simply a careful examination of what, in your work, could cause harm to people, so that you can weigh up whether you have taken enough precautions or should do more to prevent harm. Workers and others have a right to be protected from harm caused by a failure to take reasonable control measures.

Introduction

Banks plays an important role in the national economies of most countries in the world. At the same time, a sound banking system is an important element of financial stability and represents a basis for the maintenance, development and unimpeded functioning of the entire economic system.

Risk taking is an inseparable part of providing bank services, with inadequate awareness and management of risk possible leading to losses, which threatens the financial stability of the system as well as the deposits entrusted by individual to banks. Given the importance of the role played by banks in national economies and the trust placed in these institutions by investors, bank must conduct their business soundly and safely, and must maintain the appropriate level of capital as protection from the possible risks deriving from their operations.

The nature of the banking business brings several types of risk, which differ in substance and scope. Banks cannot avoid them. Relative to their line of business, size, type of organisation, business culture etc. there are many typ of risk such as Credit Risk, Market Risk, Interest Rate Risk, Liquidity Risk, Operational Risk, Strategic Risk, Reputation Risk, Capital Risk, Profitability Risk.

The concept of assessment comprises a qualitative and quantitative part. The qualitative part is a key importance and represents the findings and options of inspectors and analysts on individual risk or control environment element. The findings of inspectors and analysts from the basis for the numerical assessment, which signifies the quantitative end of assessment.

The main purpose of supervising banks is to determine the level of risk encountered by bank and the quality of management these risks. Supervision is performed through monitoring, collecting and checking bank report and notices, performing review of banks operation and through the issuing of supervisory measures. The basic approaches are :

·        Analysis of banking operations through systematic and continuous monitoring of a bank’s operations by means of report and other information at the bank and

·        Reviews of the banks operations (on site).

Discussion

Employers, managers and supervisors should all ensure that workplace practices reflect the risk assessments and safety statement. Behaviour, the way in which everyone works, must reflect the safe working practices laid down in these documents. Supervisory checks and audits should be carried out to determine how well the aims set down are being achieved. Corrective action should be taken when required. Additionally, if a workplace is provided for use by others, the safety statement must also set out the safe work practices that are relevant to them. Comprehensive risk assessment is necessary not only to satisfy the examiners but also to protect the institution in an era of rapid regulatory change. BY CARL PRY Dec 27, 2011 Hence, it is important to carry out a Risk Assessment and prepare a Safety Statement for:

1. Financial reasons: There is considerable evidence, borne out by companies’ practical experiences that effective safety and health management in the workplace contributes to business success. Accidents and ill-health inflict significant costs, often hidden and underestimated.

2. Legal reasons: Carrying out a risk assessment, preparing a safety statement and implementing what you have written down are not only central to any safety and health management system, they are required by law. Health and Safety Authority inspectors visiting workplaces will want to know how employers are managing safety and health. If they investigate an accident, they will scrutinise the risk assessment and safety statement, and the procedures and work practices in use. It should be ensured that these stand up to examination. If the inspector finds that one of these is inadequate, he or she can ask the employer to revise it. Employers can be prosecuted if they do not have a safety statement.

3. Moral and ethical reasons: The process of carrying out a risk assessment, preparing a safety statement and implementing what you have written down will help employers prevent injuries and ill-health at work. Employers are ethically bound to do all they can to ensure that their employees do not suffer illness, a serious accident or death.

Putting together a compliance risk assessment is pretty much standard procedure by now. Although risk assessment methodology in general has been around for quite a while, its prominence in the compliance field is a fairly recent phenomenon. Formulating the Bank Secrecy Act (BSA)/Anti-Money Laundering (AML) risk assessment about five years ago was many a compliance officer’s first experience with putting one together.

 Fair lending soon followed (initially just for the largest banks; by now, nearly everyone) but now we are at the point where risk assessments are critical to the compliance function overall. Examiners expect banks to know where their compliance risks are and to devote resources to those areas that present the greatest risk to the institution. There is even a growing expectation that banks perform an enterprise-wide compliance risk assessment – that is, evaluate any and all compliance risks across the institution, rate them, then prioritize accordingly.

That is a daunting task to be sure, especially since many compliance officers weren’t “raised” that way. We’re used to putting out fires when they crop up, preparing for new regulatory requirements, and generally providing advice; however this new approach is the way of the future. This isn’t just a compliance concern – increasingly banks are being charged with understanding their operational, credit, market, and reputation risk profiles as well. Some see compliance risk as a subpart of operational risk, but this is a chicken-or-the-egg question: does compliance risk result because of the way banks conduct operations, or are operations conducted the way they are because of legal and regulatory requirements? In the end it doesn’t matter; we have to evaluate compliance risk regardless.

So how best to do it? There is no one “right” way, but there are some best practices that have developed over many trial and error efforts, and that’s what we’ll discuss here. The end game is to effectively evaluate the bank’s risk of violating laws or regulations and to then adequately mitigate that risk through well-designed and executed controls.

To start with, compliance risk belongs to the business units. They own it since the business processes involving the bank’s products and services and interaction with customers are performed in those units, not in the compliance department or anywhere else. The compliance department exists to assist business units in identifying and developing controls to mitigate the risks but those controls should be performed within the lines. Business units must take ownership of the process.

Whatever can be done to achieve that buy-in within the business (and “because the regulators say so” usually won’t do it) will make the process easier and ultimately more effective. An approach that aspires to make everyone’s lives easier, by focusing time and effort on processes that present greater risk, is a much easier sell.

 Rate-Inherent Risk: This is often the most difficult concept to explain to those in the business units. Inherent risk is the risk of violations if there were absolutely no controls in place. No compliance department, no monitoring, no testing, nothing. It can be a difficult concept simply because inherent risk isn’t always explained very well.

Evaluate Controls: Controls are processes to mitigate, or address and reduce, inherent risks that have been identified. They can be automated or manual, but ideally they should be prescriptive, meaning they should perform their function to prevent a violation from taking place. Detective controls, such as identification of past instances of noncompliance, while certainly useful to identify what may continue in the future, only count problems that have already occurred; they don’t control the problem from happening in the first place. Many argue these aren’t controls at all; they are quality control or testing mechanisms instead.

Rate-Residual Risk: Sometimes called controlled risk or something similar, this is the ultimate evaluation of where the institution stands after inherent risk is measured and controls applied. It answers the question “where do we stand right now?” This is also the critical rating from the examiners’ perspective, since it shows where the bank’s gaps are and where resources should be dedicated to further reduce the risk. It should be measured in the same fashion as inherent risk, using the same scale (whatever that might be depending on the bank). A key point here is to ensure that the ultimate rating is supported by documentation, so examiners, auditors, management, or other interested parties can see the assumptions, methodology, and process behind the rating.

As long as banks have a well thought out plan of attack for their compliance risk assessments, adequately document their methodology, assumptions, and conclusions, they’ll be okay as far as the examiners are concerned. But this isn’t solely an exercise for the examiners’ sake; assessing risk is an important task to determine where the hot spots are in the bank and to avoid trouble in the future. In this age of rapid regulatory change, it’s absolutely essential.

Conclusion

The law requires that a business should carry out and record risk assessments if it has more than 5 employees. Businesses are encouraged to carry out the assessments themselves if they have the competency in-house, however it would be wise for a smaller business to take expert advice and support when doing so. A company such as CRL Risk Adviser, for example, offers small businesses a wealth of health and safety information in an easy to understand format. For a low cost – just £47 including VAT in the first year – a business can also access a library of downloadable document templates and support directly from the CRL experts. Services like these are an enormous help to the small business owner who doesn’t have the time to filter the huge amount of information out there and work out what is relevant to his or her business.

Over all, completing risk assessments and effectively managing health and safety in the workplace is good for your business. It not only keeps your employees safer but can have a beneficial impact on business insurance costs – both on premiums and claims. It will also reduce lost production time through employee absence or machinery downtime and improves workers’ motivation and productivity.