Ncontracts’ Top Risk & Compliance Management Blogs of 2022
It’s the quietest week of the year for those logging into work. Few co-workers and even fewer meetings finally give you time to take a breath, catch up on reading, and get ready for the year ahead. (At least we hope it does.)
In case you missed them, we put together a quick rundown of our most helpful, advice-packed blog posts of 2023. We hope that they give you food for thought and some inspiration to help you tackle the new year with confidence!
Here’s the list. (Continue reading for a summary of each post.)
Economic uncertainty is strong right now as economists try to understand what rising inflation, interest rate hikes, and low unemployment mean for the economy. As financial institutions try to navigate these challenges, it’s important to pay attention to past downturns and learn lessons from the institutions that managed to thrive during those periods. We look at research studies to uncover the trends.
What were they? Spoiler alert — It was the institutions that:
- Focused on risk management and long-term performance
- Invested in technology to optimize operations
- Looked for growth opportunities while recognizing that return on investment (ROI) should be attractive but doesn’t need to be epic
Takeaway: Resilience goes far beyond short-term strategy. It requires big-picture thinking and strategic decision-making that look toward the future. Financial institutions that stick with an informed strategy built on ongoing risk assessments — and that continue to make investments in pursuit of those goals — will have the advantage during economic recovery and growth because they won’t be playing catch up.
They’ll have a head start.
Posts #2 & #3: What Will You Do if Your Compliance Officer Quits Tomorrow? and How to Get a New Risk or Compliance Officer Up to Speed
Despite some layoffs at tech companies, the Great Resignation continues to impact financial institutions. Top talent isn’t easy to find and can be very expensive, especially in areas like risk management, compliance, and IT.
In these two posts, we help you prepare for two situations: losing a compliance officer and hiring new risk or compliance staff. You’ll come away with ideas to help everyone work more efficiently and flexibly while reinforcing continuity of knowledge and on-the-job training and support.
Takeaway: Having a strong risk and compliance management system has value far beyond risk, compliance, and strategic planning. It also helps your institution weather staffing changes.
Post #4: Want to Up Your Compliance Game? Here Are 5 Things You Should Stop Doing Right Now & 5 Things You Should Do Instead
When your to-do list seems like it has no end, it’s important that everything you do is done in the smartest, most efficient way. If your task list includes wishing, struggling, and stressing, you’re not making the most effective use of your time.
Where do a lot of compliance pros miss the mark, and what can they do to improve their performance?
Takeaways: Sometimes the solution to a problem is to reframe it.
Posts #5 & #6: 10 Steps to a Pain-Free Vendor Management Process and 8 Vendor Management Practices Examiners Are Looking For
It’s no secret that vendor management is a hot-button issue for examiners—and an important control to manage the cybersecurity, operational, and reputation risk that third-party vendors, partners, fintechs, and consultants can pose to a financial institution.
Whether you are building out a vendor management program or want to make sure that your organization is prepared for scrutiny of your vendor management program, these two posts have you covered.
Takeaways: Vendor management, like everything else, is simpler when you break it into steps and create an organized process.
A culture of risk and compliance management is a building block of any enterprise risk management or compliance program. Culture is set by the tone from the top, but how can institutions operationalize it?
In this post we offer up tips for promoting a company culture and keeping employees engaged.
Takeaway: Policy learning and awareness helps build a culture of risk management and compliance. It helps align employees with institutional goals and empowers them to recognize and evaluate risk.
Post #8: How Will the New Cyber Incident Notification Rule Affect your FI? 4 Steps to Update Your Institution’s Incident Response Plan
Regulatory change is rarely ever limited to the compliance department. It can impact the entire institution. In the case of the Cyber Incident Notification Rule that went into effect May 1, it requires an update to financial institutions’ information security programs, specifically their incident response program.
This blog post highlights four key areas of your incident response plan to review including:
- Updating timelines
- Addressing vendor agreements
- Reviewing vendors’ incident response plans
- Testing your incident response program
Takeaway: Make sure you have an effective change management program that ensures no aspect of a regulatory change is overlooked.
"Business continuity planning" and "disaster recovery" aren’t interchangeable terms, even though they are sometimes used that way.
What’s the difference between them and which one takes precedence in a disaster? Read on to find out.
Takeaway: A business continuity plan (BCP) is designed to keep critical functions operating. A disaster recovery plan responds to a crisis and is one element of a BCP.
Russia’s invasion of Ukraine was one of the most newsworthy events of 2023. The U.S. government levied sanctions on Russia and financial institutions had to keep up with the changes.
In this post, we dig into the ways Russian sanctions could create risk for financial institutions — even those that don’t have relationships with foreign correspondent banks — including:
- Sanction implementation
- Knowing your customers
- Regulatory scrutiny
- Cyber attacks
- Economic impact & inflation
Takeaway: Don’t be quick to write off a risk as irrelevant to your institution. Consider all the angles.
Want advice on what examiners will be looking for in 2023? Our regulatory compliance team breaks it down in our webinar Regulatory Expectations & Enforcement in 2023.
Topics: Risk & Compliance