-
Centralizing reporting and response functions can help banks better spot compliance shortcomings. It's also a good way to foster trust with regulators.
December 29 -
More robust risk management frameworks and technology infrastructures are at least as important as higher capital standards in preventing another global financial crisis.
December 11 -
A new report from the Office of the Comptroller of the Currency finds potential industry threats from interest rate volatility, looser underwriting and other areas.
December 17 -
As bank executives continue to debate, hesitate and worry over the security issues related to using applications that connect to the cloud, their employees are using cloud-based apps by the hundreds often without banks' knowledge.
December 15
This article is the
The past year brought
Regulatory deadlines will make for a busy start to 2015. Financial institutions will be keeping pace with a number of regulatory deadlines, including changes to Bank Secrecy Act and anti-money laundering examinations, capital rules and flood insurance policies. They will also be dealing with the Federal Financial Institutions Examination Council's recommendation that banks participate in industry-sponsored cybersecurity sharing forums such as FS-ISAC (Financial Services Information Sharing and Analysis Center). Banks that neglect to allocate appropriate resources to compliance risk will face hefty fines, litigation, and in some cases, jeopardized M&A plans.
Cybersecurity risk will move to the top of banks' agendas. The members of the FFIEC released the results from their cybersecurity examinations of more than 500 community financial institutions in November 2014. The assessments examined banks' inherent risk associated with data points of entry, including VPNs, wireless networks and bring your own device programs. The report found that many firms are insufficiently focused on the interconnectedness of cyber-risk. Banks need to strengthen their first line of defense and reviews of third parties and update and clarify expectations for board members. Banks should expect increased regulatory scrutiny and expectations that extend well beyond the IT and information security departments.
Vendor management will become a top priority. As banks begin to think about their third-party service providers as a risk that must be assessed and managed, they will increasingly focus on third-party audits, paring down the number of contracted vendors they work with and improving contract management. As the cost of vendor oversight increases, expect to see consolidation in the number of vendors contracted by financial institutions.
Banks will shake up their boards. In 2015, banks will look to recruit stronger board directors who keenly understand emerging operational risks, cyber risk, compliance and technology. Regulators will step in to accelerate this review process for financial institutions that are slow to initiate change.
The risk management talent pool will continue to shrink. People who are talented and experienced enough to lead and support the risk management programs of the nation's largest banks are few and far between. In 2015, organizations need to join together to enrich the talent pool and find solutions to this global problem. This could mean looking to recruit people from academic programs, as well as providing promising employees with industry training and professional certification programs. Internal human resources development programs focused on governance, risk management and compliance can also help address this shortage.
Susan Palm is vice president of industry solutions at risk management and compliance software company MetricStream. She previously served as senior vice president of audit and risk at Sterling Savings Bank and as senior vice president of enterprise governance and risk management at Norwest and Wells Fargo.