Attendees of ABA and GCOR alike have similar goals and challenges in the financial industry. So first, what are these goals? Protect your bank by identifying, mitigating, and monitoring risks before they manifest and identify new opportunities and capital efficiency.
What’s the challenge? Today, there’s a lot to protect your bank from – data breaches, reputational damage, non-compliance, a recession, and so much more. So the challenge, in a word, is complexity.
To paint a small picture of this complexity, think about the main regulatory body your bank has to align with and how many different risk categories they define. What I’ve seen time and time again is banks trying to put together different risk assessments to match up with all these different categories – the FFIEC’s 6 risk categories, the OCC’s 9 risk categories, etc.
The problem with this approach is if you take one of these categories, say Reputation Risk, and try to ask someone in IT to fill out a risk assessment on this category, they won’t know where to begin. They can only speak to what they know, and most IT professionals haven’t made the connection between what they know and reputation risk.
A better approach is to attract as many as you can with honey. The honey in this case is cross-functional risk assessments.