Financial Crime World

Risk Identification and Assessment Processes: Emerging Best Practices

A recent study by McKinsey highlights the importance of effective risk identification and assessment processes in financial institutions. The study emphasizes the need for a multifaceted transformation of the compliance function to ensure efficient and effective risk management.

Good-Faith-Estimate Disclosures in Mortgage Lending

The study examines best practices in delivering good-faith-estimate (GFE) disclosures in mortgage lending. The GFE process involves seven controls, including:

  • Application form requirements
  • Automated disclosure letter generation
  • Periodic review by marketing directors

Quantitative Key Risk Indicators

To measure the effectiveness of these controls, quantitative key risk indicators (KRIs) can be used to monitor residual risk. These KRIs include metrics such as:

  • Percentage of initial GFEs not issued timely or accurately

Integrated Compliance Function

The study emphasizes the importance of integrating compliance functions with other risk management activities. This includes:

  • Defining clear roles and responsibilities between risk and control functions
  • Developing joint training programs
  • Establishing governance processes

Measuring Progress: Outcomes that Matter

To measure progress in implementing these best practices, a ten-point scorecard can be used to evaluate outcomes such as:

  1. Demonstrated focus on the role of compliance within the organization
  2. Integrated view of market risks with operational risk
  3. Clear tone from the top and strong risk culture
  4. Risk ownership and independent challenge by compliance
  5. Compliance operating model with shared horizontal coverage

Banks that successfully implement these best practices can enjoy a distinctive source of competitive advantage, including better service delivery, reduced structural costs, and significantly de-risked operations.

Common Archetypes for Compliance Organizations

The study identifies three common archetypes for compliance organizations:

  1. Legal-led organization: Compliance as part of legal
  2. Risk-led organization: Compliance as part of risk
  3. Stand-alone compliance function

Each archetype has its own strengths and weaknesses, and the choice of which one to adopt depends on a bank’s specific circumstances.

Conclusion

Effective risk identification and assessment processes are critical for financial institutions seeking to ensure efficient and effective regulatory compliance. By implementing best practices such as integrated compliance functions, quantitative key risk indicators, and outcome-based measurement, banks can reduce their risk exposure and improve their competitive position in the market.