What could go wrong?
Demystifying risk assessments by evaluating your solutions
New York State examiners recently began requesting Risk Assessments for NYS Department of Banking applications and some renewals. These requirements applied even to single proprietors who, naturally, felt overwhelmed and confused about what the examiners requested. In fact, risk assessments represent a prudent step in the process of building a business. It's simply asking the question: "what could go wrong?"
In that spirit, here is a sample risk assessment policy and procedure.
The CFPB provides a sample risk assessment in its examination guides, which you can access here. In our view, the CFPB assessment addresses many items, but misses some as well. There is the regulator's well-known penchant for diving into minutia in some elements (like corporate governance and certain regulations), then overly broad assessments of others. The best approach remains thinking through your process.
Risk Management Process for Mortgage Bankers and Brokers
Mortgage Companies small and large face the same risks as
any company; physical damage and infrastructure damage from disasters, employee
and workplace safety. But financial institutions also face risks specific to
the business model: compliance, counter party risk, process management issues
and particularly fraud and information security.
Even the smallest company needs to address these issues, and
it can seem like an almost insurmountable task. By structuring our business
with systems that regularly address these risks and then rationalizing these
checks into a standard business flow, the task becomes more manageable and
understandable.
The standard risk management process should look like this:
We have compiled a risk assessment for standard retail
mortgage brokering or lending operations, identified the level of risk, and
shown how, through policies or procedures, these companies mitigate this risk.
Risk Levels
We follow the CFPB’s model for assessing the risk to the
customer.
Quality of Risk Controls
A non-system based Risk Control produces haphazard results.
For instance, if there is simply an individual who is responsible for the execution
of a risk mitigation procedure, it is likely to be missed. By integrating controls
into processes that we already conduct, scheduling regular audits, and using
pre-programmed systems like LOS, Credit Reporting tools such as fraud guards,
web alerts like Google Alerts, we control these risks automatically.
At the heart of all our risk mitigation is the
implementation of a “systems-based” approach that does not rely on an
individual to oversee the process. For instance, checklists, step-by-step
procedures, and automation all contribute to systematic risk management.
Risk Assessment For Mortgage Companies
Customers of MortgageManuals.com can download samples for their own use here:
No comments:
Post a Comment