Sometimes I get a headache when I think about risk. Why? It’s EVERYWHERE! When I get up in the morning there is a risk I’ll trip over my cat and fall down the stairs. Because I have no warning labels on the cup of coffee I make at home like I get when I go to McDonald’s, there is a risk I’ll burn my tongue. There is a risk I might even wear brown shoes with black pants if a light bulb burns out! It’s overwhelming!

So, it’s no surprise that we might feel that same level of angst when we think about compliance risk at our credit union. As in life, compliance risk is everywhere! How can you even stop to think about where it is, whether it can be mitigated and whether you are willing to accept certain residual risks?

I used to think the answer to everything was to find that one perfect risk assessment spreadsheet or tool that I could use to identify, log, monitor and measure every compliance risk every imagined. It became my Holy Grail. I searched everywhere, but never found exactly the thing that I was looking for.

As my frustration grew, I began to realize that this was because you can’t put all risk into the same bucket. The way you identify, evaluate, and monitor risk can be very different depending upon the area you are looking at. An ACH risk assessment may look very different than an information security risk assessment. Your BSA risk assessment will probably be very distinct from a Red Flags risk assessment.

continue reading »