Compliance isn’t just about following rules. It’s about thoughtfully managing risk.
That’s the theme the FDIC keeps drilling into financial institutions and examiners as it continues to make updates to its Risk Management Manual of Examination Policies (RMS Manual) to ensure that exams focus on the areas of greatest risk.
The FDIC has been emphasizing the concept of risk-based exams for years. Examiners look at an FI’s risk management practices to see beyond the condition of the FI at that date in time and assess how well the FI will respond to changing market conditions considering its particular risk profile.
In short, examiners will invest their time and resources on identifying and examining areas of increased risk. Less attention is dedicated to areas of minimal risk.
The goal is to strengthen compliance by identifying and correcting any weaknesses in an FI’s conditions or practices before they have an impact.
Last month the FDIC updated the RMS with a new section on Examination Planning that includes detailed instructions related to planning a Risk-Focused, Forward-Looking Safety and Soundness examination.
The section is a spin-off from another recent addition to the manual, Risk-Focused Forward-Looking Safety and Soundness Supervision, added as part of the new Appendix: Examination Processes and Tools, last summer.
The addition discusses the communication and risk-tailoring principles followed during safety and soundness examination activities. It’s not a new rule. It’s simply meant to provide a comprehensive description of the FDIC's long-standing examination philosophy and methods that:
In 2018, the FDIC Office of the Inspector General (OIG) found that while examiners were overall doing a good job by:
There was no comprehensive policy guidance document on Forward-Looking Supervision clarifying guidance on its purpose, goals, roles or responsibilities. That left it up to individual examiners. In a few cases, they failed to notify the board of concentrated risk management concerns.
Updating the manual ensures examinations will align with FFIEC risk-based examination principles, which instruct examiners to:
The FDIC OIG report and the FDIC’s improved RMS Manual are a reminder that no matter how confident we are that our risk management practice is strong, risk isn’t properly managed without policies, procedures, and documentation.
Even when we have an educated, detail-oriented workforce, we can’t expect consistency without clear instructions and communication.
Risk management and compliance aren’t black and white. They’re about understanding what your FI is doing to manage its risks and determining if they fall within the limits of your FI’s risk appetite. It’s knowing which high-risk areas require the most resources and which low-risk activities require less.
The risk profile, complexity, and business model of every FI is different. That means that risk management is important not only for FIs, but also for their examiners, who must determine where to allocate their limited resources as well.
If your FI can’t identify its most significant risks, it won’t bode well at exam time when examiners need to make the same calculus. They will see that crucial work hasn’t been done and have to dig deeper to make those determinations.
Make sure your FI is keeping pace with risk management and examiner expectations.