Introduction to Compliance Risk Assessments


Compliance Risk Assessments are not a regulatory requirement but the absence of, or deficiencies associated with, risk assessments are often identified as the root cause of many findings addressed in examination reports and enforcement actions. Banking examination manuals repeatedly point out that banks are expected to be aware of the most significant compliance risks to the bank and to their customers and consumers. All risk assessments, whether they be for BSA, UDAAP or Compliance Management, share the same principles and methodologies and you will be provided the knowledge to conduct a risk assessment for all key compliance areas at your bank following this program.


Bank examiners provide significant credit to banks who have conducted their own risk assessments since they allow examiners to minimize their transaction testing and risk evaluation by instead validating the bank’s own risk assessment. Your risk assessment process is the first step in determining the scope and testing for the bank's monitoring programs as well as determining the scope and coverage of compliance audit programs.

While there is no one size fits all risk assessment methodology, the key is to arrive at a detailed analysis of the level of inherent compliance risk (before controls are factored in) for each applicable law or regulation, or by business unit or function, including the effectiveness of the compliance risk controls to measure, monitor and mitigate identified risk(s). The resulting residual risk ratings will contain recommended corrective action(s) designed to reduce residual risks to a level that is within the Board’s acceptable risk tolerance.

Covered Topics:

  • Difference between and expectations of internal vs external risk assessments
  • How to identify and measure inherent (environmental) and residual risks
  • How to identify all internal or external processes or functions considered Controls
  • Independence and knowledge level of personnel performing the risk assessment
  • Development of framework for scoping, identifying, assessing, testing, monitoring, and reporting
  • What should be documented and reported versus addressed informally

Who Should Attend?

The program is designed for Risk Officers, Compliance Officers, BSA Officers, Fair Lending Officers, Auditors and supporting staff members.