What could go wrong?
Demystifying risk assessments by evaluating your solutions
New York State examiners recently began requesting Risk Assessments for NYS Department of Banking applications and some renewals. These requirements applied even to single proprietors who, naturally, felt overwhelmed and confused about what the examiners requested. In fact, risk assessments represent a prudent step in the process of building a business. It's simply asking the question: "what could go wrong?"
In that spirit, here is a sample risk assessment policy and procedure.
The CFPB provides a sample risk assessment in its examination guides, which you can access here. In our view, the CFPB assessment addresses many items, but misses some as well. There is the regulator's well-known penchant for diving into minutia in some elements (like corporate governance and certain regulations), then overly broad assessments of others. The best approach remains thinking through your process.
Risk Management Process for Mortgage Bankers and Brokers
Mortgage Companies small and large face the same risks as any company; physical damage and infrastructure damage from disasters, employee and workplace safety. But financial institutions also face risks specific to the business model: compliance, counter party risk, process management issues and particularly fraud and information security.
Even the smallest company needs to address these issues, and it can seem like an almost insurmountable task. By structuring our business with systems that regularly address these risks and then rationalizing these checks into a standard business flow, the task becomes more manageable and understandable.
The standard risk management process should look like this:
We have compiled a risk assessment for standard retail mortgage brokering or lending operations, identified the level of risk, and shown how, through policies or procedures, these companies mitigate this risk.
We follow the CFPB’s model for assessing the risk to the customer.
Quality of Risk Controls
A non-system based Risk Control produces haphazard results. For instance, if there is simply an individual who is responsible for the execution of a risk mitigation procedure, it is likely to be missed. By integrating controls into processes that we already conduct, scheduling regular audits, and using pre-programmed systems like LOS, Credit Reporting tools such as fraud guards, web alerts like Google Alerts, we control these risks automatically.
At the heart of all our risk mitigation is the implementation of a “systems-based” approach that does not rely on an individual to oversee the process. For instance, checklists, step-by-step procedures, and automation all contribute to systematic risk management.
Risk Assessment For Mortgage Companies
Customers of MortgageManuals.com can download samples for their own use here: