Inherent risk is the risk that exists naturally when there are no safeguards in place to avoid trouble. Inherent risk can be expressed as the potential impact of an event on the institution times the probability of the harmful event occurring.
If an event is unlikely to happen and would not cause much impact, the inherent risk is low. However, if the risk is very likely to happen and also can result in a severe impact, the inherent risk is extremely high. As a financial institution, it is critical to identify inherent risks and put appropriate safeguards in place to mitigate them.
Technology comes with a great deal of inherent risk. A cyber breach would be catastrophic, and it is very likely to happen if there are no firewalls, intrusion detection software, or antivirus software in place to prevent it. Since the inherent risk of conducting transactions online is so high, financial institutions need to carefully assess these risks whenever adding new software, vendors, procedures, or employees.
Employees can be a source of inherent risk. The more people that work in a financial institution, the more risk there is that someone will make an error, commit fraud, or damage the institution’s reputation. To mitigate these inherent risks, institutions must thoroughly vet new employees. They also may limit new employees’ access to only the banking data they need to do their jobs.
Vendors also present inherent risk. Whether it is a software vendor, a vendor the supplies paper products, or a vendor that supplies cleaning services, it is important to assess the inherent risk of giving that vendor access to specific parts of the bank and its processes. Vendor management software can help to mitigate these risks.
Every financial institution must deal with inherent risk. The key to avoiding the harmful impact that would happen if these risks became a reality is to identify and assess the risks and put plans and processes in place to avoid catastrophe.