Compliance isn’t just about following rules. It’s about thoughtfully managing risk.
That’s the theme the FDIC keeps drilling into financial institutions and examiners as it continues to make updates to its Risk Management Manual of Examination Policies (RMS Manual) to ensure that exams focus on the areas of greatest risk.
The FDIC has been emphasizing the concept of risk-based exams for years. Examiners look at an FI’s risk management practices to see beyond the condition of the FI at that date in time and assess how well the FI will respond to changing market conditions considering its particular risk profile.
In short, examiners will invest their time and resources on identifying and examining areas of increased risk. Less attention is dedicated to areas of minimal risk.
The goal is to strengthen compliance by identifying and correcting any weaknesses in an FI’s conditions or practices before they have an impact.
Risk Management Manual of Examination Policies Updates
Last month the FDIC updated the RMS with a new section on Examination Planning that includes detailed instructions related to planning a Risk-Focused, Forward-Looking Safety and Soundness examination.
The section is a spin-off from another recent addition to the manual, Risk-Focused Forward-Looking Safety and Soundness Supervision, added as part of the new Appendix: Examination Processes and Tools, last summer.
The addition discusses the communication and risk-tailoring principles followed during safety and soundness examination activities. It’s not a new rule. It’s simply meant to provide a comprehensive description of the FDIC's long-standing examination philosophy and methods that:
- Improve transparency of the FDIC's examination practices
- Reinforce the expectations placed on FDIC supervisory staff to conduct risk-focused forward-looking supervision through examination activities
- Emphasize the importance of clear and transparent communication and risk tailoring during the examination process
Why Update the Risk Management Manual?
In 2018, the FDIC Office of the Inspector General (OIG) found that while examiners were overall doing a good job by:
- Applying forward-looking supervision concepts during FI exams
- Rating institutions on risk
- Recommending correct actions
There was no comprehensive policy guidance document on Forward-Looking Supervision clarifying guidance on its purpose, goals, roles or responsibilities. That left it up to individual examiners. In a few cases, they failed to notify the board of concentrated risk management concerns.
Updating the manual ensures examinations will align with FFIEC risk-based examination principles, which instruct examiners to:
- Consider the unique risk profile, complexity, and business model of the institution when developing an examination plan.
- Analyze existing information such as Call Report data, publicly available information, and confidential supervisory information to help identify areas of higher and lower risk when planning examinations.
- Monitor financial institutions between examinations.
- Tailor the document request list based on the financial institution’s business model, complexity, risk profile and planned scope of review.
- Apply examination procedures in a way that reduces the level of review of low-risk institutions or low-risk areas.
- Discuss financial conditions, risk profiles, new or expanded business lines, and pertinent new supervisory or regulatory information with institution management prior to finalizing the scope of review.
Documenting Risk Management
The FDIC OIG report and the FDIC’s improved RMS Manual are a reminder that no matter how confident we are that our risk management practice is strong, risk isn’t properly managed without policies, procedures, and documentation.
Even when we have an educated, detail-oriented workforce, we can’t expect consistency without clear instructions and communication.
Risk management and compliance aren’t black and white. They’re about understanding what your FI is doing to manage its risks and determining if they fall within the limits of your FI’s risk appetite. It’s knowing which high-risk areas require the most resources and which low-risk activities require less.
The risk profile, complexity, and business model of every FI is different. That means that risk management is important not only for FIs, but also for their examiners, who must determine where to allocate their limited resources as well.
If your FI can’t identify its most significant risks, it won’t bode well at exam time when examiners need to make the same calculus. They will see that crucial work hasn’t been done and have to dig deeper to make those determinations.
Make sure your FI is keeping pace with risk management and examiner expectations.