Fundamentally, risk oversight is a responsibility of the board. One big takeaway from yesterday’s Bank Audit and Risk Committees conference (#BDAudit14 via @bankdirector): the regulatory framework has changed considerably over the past 12 to 18 months — with less focus being placed on things like asset quality and more on operational risks and new product offerings. To this end, I get the sense officers and directors cannot always wait for the Federal Reserve or other agencies to release guidance to get a sense of the potential impact on their institution.
Overall, the issues I took note of were, in no particular order: (a) when it comes to formulating a risk appetite, no one size fits all; (b) a bank’s CEO and/or Chairman should establish a formal, ongoing training program for independent directors that provides training on complex products, services, lines of business and risks that have a significant impact on the institution; (c) bank examiners are increasingly asking more probing questions regarding new products and services & third-party vendor risk; (d) the DOJ’s “Operation Chokepoint” use of the banking system to identify fraud and criminal activity in certain areas perceived as high risk was mentioned in three different general sessions; and (e) cyber security is the hot topic.
A Two and a Half Minute Recap
To comment on this piece, click on the green circle with the white plus (+) sign on the bottom right. More from the Palmer House in Chicago, IL later today on twitter (@aldominick) and again tomorrow on this site.