Skip to main content

Third-party relationships: Risk management

Written by admin on . Posted in Advice, Consultation, Risk Management.

By: Edward Pugh, CAMS, CAMs-Audit, AAP, CFE

Financial Institutions are increasingly relying on third parties for a broad range of products and services. Utilizing third parties can offer organizations significant benefits, including access to new technologies, delivery channels, products and services and increased operational efficiencies. However, engaging third parties, especially those using new technologies, can expose financial institutions and their customers to increased risks. Operational, compliance, and strategic risks are often impacted by the utilization of third parties. Given the increase in the number and type of third parties engaging with financial institutions, the Office of the Comptroller of the Currency (OCC), the Federal Reserve System and the Federal Deposit Insurance Corporation (FDIC) released Interagency Guidance on Third-Party Relationships: Risk Management in June of 2023.  

Interagency guidance on third-party risk

The aforementioned guidance addresses all business arrangements between a financial institution and another entity. (Whether a formal contract exists or not). Third-party relations can include outsourced services, use of independent consultants, referral arrangements, merchant payment processing services, services provided by affiliates and subsidiaries, and joint ventures. While there are many benefits to using third-party services, their use can reduce an institutions’ direct control over activities. It may introduce new or increasing risks. Thus, it is important for an institution to identify, assess, monitor, and control risks related to third-party relationships.  

A critical element of third-party risk management is to develop and maintain a complete inventory of third-party relationships. This also includes periodically conducting risk assessments for each relationship. This process will allow an institution to determine its risk and whether these risks have changed over time. The overall goal is to be able to update risk management practices as circumstances and risks change. Third parties performing more critical activities, such as those that may impact customers, the institution’s financial conditions or operations, warrant more robust oversight. 

Third-party risk management life cycle  

The Interagency Guidance identifies planning, due diligence and third-party selection, contract negotiation, ongoing monitoring, and termination of the relationship as the stages of the risk management life cycle.  

Key elements of the planning stage include assessing a potential third party’s impact on customers, including access to or use of those customers’ information, third-party interaction with customers, potential for consumer harm, and handling of customer complaints and inquiries. You should also pay attention to the information security implications. This includes access to the institution’s systems and to its confidential information. The planning phase should also determine how the institution will select, assess, and oversee the third-party. This includes monitoring compliance with applicable laws, regulations, and contractual provisions. Requiring remediation of compliance issues is an important element to consider.  

Due diligence includes assessing the third party’s ability to perform the activity as expected, adhere to the institution’s policies related to the activity, comply with all applicable laws and regulations, and conduct the activity in a safe and sound manner. The Guidance notes that, “Relying solely on experience with or prior knowledge of a third party is not an adequate proxy for performing appropriate due diligence, as due diligence should be tailored to the specific activity performed by the third party.” It is critical to identify and document any limitations of its due diligence, understand the risks from such limitations, and consider alternatives in risk mitigation.

Factors to consider in performing due diligence include:

  • Strategies and goals.
  • Legal and regulatory compliance.
  • Financial condition, business experience.
  • Qualifications and backgrounds of key personnel.
  • Risk management.
  • Information security.
  • Management of information systems.
  • Operational resilience.
  • Incident reporting and management processes.
  • Physical security, reliance on subcontractors.
  • Insurance coverage.
  • Contractual arrangements with other parties.

Contract negotiations are also an important element of third-party risk management.  Factors to consider include the nature and scope of the arrangement, performance measures or benchmarks (i.e., a service level agreement), responsibilities for providing, receiving, and retaining information, the right to audit and require remediation, responsibility for compliance with applicable laws and regulations, costs and compensation, ownership and licensing, confidentiality and integrity, operational resilience and business continuity, indemnification and limits on liability, insurance, dispute resolution, customer complaints, subcontracting, foreign-based third parties involved, and default and termination arrangements.  It is important to also stipulate that the performance of the activities are subject to regulatory supervision and examination.  

Ongoing monitoring allows a financial institution to confirm the quality and sustainability of the third-party’s controls and the ability to meet contractual obligations, escalate significant issues or concerns, and respond to such issues or concerns when identified.  Depending on the complexity of the activities being performed, ongoing monitoring can include a review of reports regarding the third party’s performance and the effectiveness of its controls, periodic visits and/or meetings to discuss performance and operational issues, regular testing of the financial institution’s controls that manage risks from its third-party relations, especially for more complex relationships.

Some additional factors to consider when performing ongoing monitoring include determining the overall effectiveness of the relationship, changes to the third-party’s business strategy and agreements with other entities, changes in financial conditions, insurance coverage, relevant audits and/or testing results, and the third-party’s ongoing compliance with applicable laws and regulations and its performance as measured against contractual obligations.  Depending on the complexity of the relationship, additional factors may also be considered.   

The final stage, termination, is also an important element of the risk management life cycle.  There are many reasons an institution may wish to terminate a relationship with a third-party.  Some factors to facilitate termination include options for an effective transition of services, costs and fees associated with termination, managing risks associated with data retention and destruction, handling of joint intellectual property, and managing risks to the financial institution, including any impact on customers, if the termination happens as a result of the third-party’s inability to meet expectations.  

Governance in third-party risk management

There are many ways an institution can structure their third-party risk management processes. Business lines or a central unit may hold the accountability structure. Regardless of the structure, you should consider certain practices throughout the risk management lifecycle. These include oversight and accountability, independent reviews, and documentation and reporting.  

Upholding responsibilities in third-party relationships

This summary is not intended to be a comprehensive review of the Agencies’ </span>Interagency Guidance on Third-Party Relationships: Risk Management released on June 6, 2023.  As a reminder, the use of third parties does not diminish or remove financial institutions’ responsibilities to ensure that activities are performed in a safe and sound manner and in compliance with applicable laws and regulations.  The full text of the Guidance may be found here: Interagency Guidance on Third-Party Relationships: Risk Management (occ.gov) 

Optimize your risk strategy with Y&A’s expertise

Discover our customizable Vendor Risk Management Policy, which provides guidance on managing risks from outsourced relationships. This comprehensive policy covers responsibilities, risk assessment, due diligence, contracts, security, confidentiality, controls, business resumption, and monitoring. Learn more here.

Y&A offers insights into vendor due diligence or program refinement. Please reach out to Michael Gerbick at mgerbick@younginc.com or contact us on our website for more information. Strengthen your risk approach with our expertise – connect with us today.

6 key components of effective credit stress testing

Written by admin on . Posted in Risk Management.

When your financial institution is conducting a credit risk stress test, it’s imperative that your test has several key components for effective testing. As your trusted financial guide, at Young & Associates, we’ll walk you through the process. In this blog post, we’ll explore the key components of effective credit stress testing.  

1. Comprehensive scenario design 

This is the single most important component in creating an effective credit stress test. They say that success is 90% planning and 10% perspiration. While the exact percentages may vary, the message still stands. Planning is important! When you’re designing your credit stress scenario, be sure that you have taken into account the following:  

  • Interest rates 
  • Economic growth
  • Industry-specific risks such as collateral value of special use property 

2. High-quality data

The quality of a statistical model is only as good as the data it’s built upon. So, when you’re collecting your data, do your due diligence to ensure that it’s:  

Complete and accurate: Missing data or incorrect data will create skewed outcomes that lead to inaccurate results 

Uniform: When you’re consolidating data from several sources, it’s important to ensure that the format and measurements are uniform over time. Be sure to test at least a few samples of the data for accuracy. 

Timely: When you’re forecasting credit stress, it’s preferable to use data from within the past 3-6 months. The economy is affected by many things, so data that is more current will more accurately reflect the current situation.  

Unique: If you’re combining data sets, it’s all too easy to get duplicates. Be sure to review the data sets to ensure that the data is not replicated elsewhere. Duplicate data can skew the results and lead to inaccurate assumptions. Examples would include property collateralizing multiple loans. It is best to consolidate these loans into one for collateral and NOI purposes. 

Relevance: Is the data that is included in the credit stress test actually relevant to the test? You may be familiar with Karl Pearson’s famous phrase, “correlation does not imply causation.” It’s good to have a working knowledge of economics so that you can draw accurate conclusions from the data and the causes for the outcome. 

3. Robust models and methodologies 

If financial institutions want to test their credit stress with integrity, it’s important that they use robust models and methodologies to measure the risk under various circumstances.  To achieve this, be sure the model you are using bases its testing on consistent data and data that is relevant to current or future economic outcomes.  

4. Adequate portfolio selection 

To obtain an accurate credit risk stress test for a specific loan portfolio (we recommend doing this), then it’s important to include a representative sample size for each segment of your portfolio (bottoms-up approach). However, if the sample size is small, Young & Associates will use call report data to back-fill the rest of the portfolio and use industry standards to stress the portfolio of loans not individually stressed (top-down approach). By including “the rest of the portfolio” Young & Associates can cover the entire portfolio without the financial institution having to gather all that data on smaller loans and accurately reflect the credit risk of your financial institution.  

5. Credit stress scenario and sensitivity 

By now, you are familiar with the preparation for a credit stress test, but another key component is the execution. What are the metrics that you’re measuring to indicate the credit risk of your bank or credit union? Credit stress tests measure several specific metrics, including credit losses, capital requirements and default rates  and the sensitivity to those risks. This highlights the metrics that heavily influence the results and can indicate the robustness of the model.

6. Risk aggregation and reporting 

Like any work, the communication of that data is just as important as the data itself. After the calculations are made, gather the outcomes and associated risks, while adding your insights for how to improve those risks. Young & Associates will go through the stress test report in detail with you and indicate issues in the report including specific borrowers that show greater risk. Young & Associates is also able to present the findings of the report to your board audit committee, and senior management if desired.   

Connect with a consultant 

Credit stress testing can sometimes feel overwhelming. We understand. Financial institutions exist to create stability for others, so when your bank or credit union is required to document the stress on your system, it can feel daunting. That’s where Young & Associates comes in. With unmatched expertise, you can trust us to guide your financial institution even when the future may seem unclear. Contact us today to learn more about our consulting and educational services.  

Assess, plan, and effectively respond to today’s market challenges

Written by admin on . Posted in Risk Management.

By: Jerry Sutherin, President & CEO

In today’s dynamic market, some of the biggest challenges faced by our clients include but are not limited to interest rate risk management, liquidity, capital adequacy, and commercial loan underwriting. These issues are magnified by the ability of our clients to locate, hire, and retain quality human capital to operate effectively and efficiently.

Interest rate risk management

Rising or fluctuating interest rates impact your financial institution’s growth prospects in both the short and long term. Not only do interest rates pose a risk to a financial institution’s balance sheet, but they also impede the ability to effectively produce reliable financial statement forecasts. A financial institution’s Net Interest Margin (NIM) is a key component of each income statement. Being able to adequately forecast interest income as well as internal cost of funds allows an institution to produce a reliable budget. To overcome this, financial institutions must identify, measure, monitor, and control interest rate risks to meet the requirements of the Joint Policy Statement on Interest Rate Risk (IRR) and the IRR regulatory guidance. Effective control of the interest rate risk will require conducting annual independent reviews of the asset liability management (ALM) function and validating your risk measurement systems to ensure their integrity, accuracy, and reasonableness. This will also involve internal controls of loan and deposit pricing. Establishing and maintaining these controls should begin at the board level and flow through management.

Credit risk management

Rising interest rates have also had a profound impact on credit quality of commercial lending. (One of the primary drivers of revenue for most financial institutions). The change in credit quality results in the tightening of credit standards throughout the industry and by the regulators. Being able to effectively underwrite loans and mitigate risks within a commercial loan portfolio is a function of having seasoned staff to manage these processes. Lack of quality credit talent exposes financial institutions to otherwise preventable credit risks. The dilemma for most financial institutions is finding, hiring, and maintaining experienced personnel. In some instances, this has resulted in inadequate credit presentations being prepared by unqualified individuals or loan officers underwriting their own credits for approval. The increasing burden of inflation and wages adds another layer of complexity to the mix. Many community-focused institutions are not willing or able to pay top rate for talent. This is understandable given the need and focus to remain competitive among the larger regional and national banks.

Liquidity risk management

Another impact of a higher interest rate environment and inflation is the disintermediation of funds or liquidity from financial institutions to other financial intermediaries. Sound liquidity management is crucial for controlling your organization’s liquidity risk and managing cash flow to meet expected and unexpected cash flow needs without adversely affecting daily operations. Your financial institution should assess the range of possible outcomes of contemplated business strategies, maintain contingency funding plans, position for new opportunities, and ensure regulatory compliance and the adequacy of your risk management practices.

Capital planning

Both interest rate risk management and liquidity management have a direct impact on the capital adequacy of all financial institutions. Capital contingency planning will ensure that your financial institution maintains the required level of capital through any realistic stress event. Periodic review of minimum capital requirements and stress tests can provide valuable insights. They will also maintain your standing with the regulators.

The importance of strategic planning

So far, this article has only discussed the challenges faced by the financial institution industry. These obstacles are not just management issues. They are also issues that boards of directors must navigate as well.

Are there solutions? Absolutely — yes there are. Boards of directors and management must be aligned on all strategic initiatives. These objectives need to be derived and adopted by the board and conveyed to management. The most common approach is through a focused strategic planning session involving the board and management. The outcome of such a retreat will enable the board to identify goals and risks faced by the organization. It also helps decide how to accomplish the goals and mitigate the risks. This could be through the utilization of qualified internal staff or engaging outside experts to assist with each objective. An effective strategic plan will incorporate all these pieces to help navigate the changing industry landscape.

More about Y&A

For 45 years, Young & Associates has partnered with banks and credit unions across the country. We provide consulting, outsourcing, and educational services to minimize their risk and maximize their success. Our services cover areas such as interest rate risk analysis, liquidity planning, assessment of capital adequacy strategic planning, regulatory assistance, internal audit, independent loan review, IT audits and penetration testing, and regulatory compliance assessment, outsourcing and training. Our team of consultants boasts an unmatched level of industry experience and is comprised of former banking executives, compliance regulators, and tenured finance professionals who have personally experienced many of the same issues you face at your organization.

More about Y&A Credit Services

For commercial credit needs, Y&A Credit Services is a full-service provider of outsourced underwriting services and credit analysis. An independent entity, Y&A Credit Services offers the same exceptional service, expertise, and integrity you’ve learned to expect from Young & Associates. Y&A Credit Services provides commercial credit underwriting and credit approval presentations, annual underwriting reviews, financial statement spreading and analysis, and approval and underwriting package reviews. We’ll work to improve the quality, speed, and accuracy of your lending with a focus on minimizing your credit risk. Our team members are experts in credit services and the financial industry. Our team includes former chief credit officers and senior credit analysts from both community and regional banks. We provide full outsourced credit department services to our clients, keeping their costs low. This helps these institutions remain competitive in their markets. Our seasoned credit professionals boast a combined more than 100 years of experience in credit administration. Our experts help mitigate risks while assisting our clients with safe and sound underwriting processes.

Partner with us for success

We look forward to assisting your bank or credit union in meeting these challenges head on. Contact us directly by emailing Jerry Sutherin, President & CEO, at jsutherin@younginc.com or calling him directly at 330.422.3474

The role of loan review in the credit risk management system

Written by admin on . Posted in Risk Management.

By: David Reno, Director of Loan Review & Lending Services

Loans, especially non-consumer loans, typically represent the greatest level of risk on your balance sheet. Therefore, effective commercial loan portfolio management is crucial to control credit risk. It can serve as an early indicator of emerging credit risk related to lending to individual borrowers, aggregate credit exposure to related borrowers, and the overall credit risk associated with a loan portfolio. It serves as an integral part of an institution’s credit risk management system that is a continuum comprised of the following stages:

  • Well-formulated lending policies, procedures, and practices that are consistently applied, well-known to all credit and lending staff, and compliant with regulatory guidance
  • The collection and accurate credit analysis of financial and other underwriting information
  • Assignment of an accurate risk grade
  • Proper and qualified approval authorities and risk-based process
  • Correct and thorough documentation
  • Pre-closing preparation and loan closing
  • Post-closing credit administration
  • Internal annual loan review
  • External/independent loan review
  • Timely problem loan identification and management
  • Proper calculation of the ALLL
  • Collection and loss mitigation

Effective and efficient loan reviews can help an institution better understand its loan portfolio and identify potential risk exposures to contribute to the formulation of a risk-based lending and loan administration strategy.

Regulatory background

The OCC, FRB, FDIC, and NCUA issued the Interagency Guidance on Credit Risk Review Systems in FIL-55-2020 dated May 8, 2020, which aligns with Interagency Guidelines Establishing Standards for Safety and Soundness. This guidance is relevant to all institutions supervised by the agencies and replaces Attachment 1 of the 2006 Interagency Policy Statement on the Allowance for Loan and Lease Losses. The final guidance details the objectives of an effective credit risk review system and discusses such topics as sound management of credit risk, a system of independent, ongoing credit review, and appropriate communication regarding the performance of the institution’s loan portfolio to its management and board of directors.

Credit risk rating (or grading) framework

The foundation for any effective credit risk review system is accurate and timely risk ratings. These risk ratings are used to assess credit quality and identify or confirm problem loans. The system generally places primary reliance on the lending staff to assign accurate, timely risk ratings and identify emerging loan problems. However, the lending personnel’s assignment of risk ratings is typically subject to review by qualified and independent peers, managers, loan committee(s), internal credit review departments, or external credit review consultants that provide a more objective assessment of credit quality.

Elements of an effective credit risk review system

The starting point is a written credit risk review policy that is updated and approved at least annually by the institution’s board of directors or board committee to evidence its support of and commitment to maintaining an effective system. Effective policies include a description of the overall risk rating framework and responsibilities for loan review.

An effective credit risk review policy addresses the following elements:

Qualifications of credit risk review personnel. The level of experience and expertise for credit risk review personnel is expected to be commensurate with the nature of the risk and complexity of the loan portfolio, and they should possess a proper level of education, experience, and credit training, together with knowledge of generally sound lending practices, the institution’s lending guidelines, and relevant laws, regulations, and supervisory guidance.

Independence of credit risk review personnel. Because of their frequent contact with borrowers, loan officers, risk officers, and line staff are primarily responsible for continuous portfolio analysis and prompt identification and reporting of problem loans to proactively identify potential problems. While larger institutions may establish a separate credit review department, smaller institutions may use an independent committee of outside directors or other qualified institution staff. These individuals should not be involved in originating or approving the specific credits being assessed, and their compensation should not be influenced by the assigned risk ratings. Regardless of the approach taken, it is prudent for the credit risk review function to report directly to the institution’s board of directors or a committee thereof. Senior management should be responsible for administrative functions.

The institution’s board of directors may outsource the role to a third-party vendor; however, the board is ultimately responsible for maintaining a sound credit risk review system.

Scope of reviews

Comprehensive and effective reviews cover all segments of the loan portfolio that pose significant credit risk or concentrations. The review process should consider industry standards for credit risk review coverage, which should be consistent with the institution’s size, complexity, loan types, risk profile, and risk management practices. This consideration helps to verify whether the review scope is appropriate.

An effective scope of review is risk-based and typically includes:

  • Loans over a predetermined size along with a sample of smaller loans
  • Loans with higher risk indicators, such as low credit scores or approved as exceptions to policy
  • Segments of loan portfolios, including retail, with similar risk characteristics, such as those related to borrower risk (e.g., credit history), transaction risk (e.g., product and/or collateral type), etc.
  • Segments of the loan portfolio experiencing rapid growth
  • Past due, nonaccrual, renewed, and restructured loans
  • Loans previously criticized or adversely classified
  • Loans to insiders, affiliates, or related parties
  • Loans constituting concentrations of credit risk and other loans affected by common repayment factors

 Review of findings and follow-up

A discussion of credit risk review findings should be held with management, credit, and lending staff and should include noted deficiencies, identified weaknesses, and any existing or planned corrective actions and associated timelines.

Communication and distribution of results

The results of a credit risk review are presented in a summary analysis with detailed supporting information that substantiates the concluded risk ratings assigned to the loans reviewed. The summary analysis is then periodically presented to the board of directors or board committee to maintain accountability and drive results. Comprehensive reporting includes trend analysis regarding the overall quality of the loan portfolio, the adequacy of and adherence to internal policies and procedures, the quality of underwriting and risk identification, compliance with laws and regulations, and management’s response to substantive criticisms or recommendations.

Summary insights

The back-testing that is performed by the loan review process is necessary to ensure that an institution has in place a comprehensive and effective credit risk management system and that an institution acknowledges and practically applies the established framework of its unique but compliant credit culture.

An effective external loan review process is not so much a traditional audit exercise as it is an advisory process that produces meaningful dialogue between the review firm and the institution that seeks to identify and interpret various aspects of credit risk to minimize risk of loss by implementing industry best practices, maintaining regulatory compliance, and supporting the institution’s long-term viability in continuing to serve the needs of its customers and community.

For more information on the role of loan review in the credit risk management system, contact David Reno. Reno is the director of loan review & lending services, at dreno@younginc.com or 330.422.3455.

Vendor due diligence evaluations

Written by admin on . Posted in Risk Management.

By Michael Gerbick; president, Young & Associates

Do you have a due diligence packet?

Can you answer these questions for our due diligence?

Our outsourced vendor relationship manager will be reaching out to you for due diligence information.

As a trusted vendor to many clients, we receive requests/comments like these every day from our customers and it brings to light the large disparity between what is requested and what is understood from the information. We are trusted with personal, identifiable information daily, and it is our responsibility to do our best to protect that information. No one can guarantee foolproof protection as it’s not “if” but “when” security breaches will occur. We can, however, adhere to industry standards that assist in reducing these risks significantly. This is important when looking internally at our own systems and processes as well as our critical vendors.

There are several areas to consider in the due diligence evaluation. I have highlighted a few of these areas below to assist you in choosing a trustworthy vendor.

Vendor purpose

Knowing how a vendor will be leveraged will begin to shape the risk analysis needed for the remaining due diligence areas. Think about if they will need access to your environment, if they will need access to your confidential information, and/or if they will provide a service that you could not otherwise handle without them. How long have they been in business? Have they declared bankruptcy? Your risk profile will start to take shape regarding strategic and reputational risk and will direct the due diligence areas you focus on going forward.

Information access

At a most basic level, how will your vendor access your information? Remotely from anywhere, with unbridled access to your core system? Onsite via paper documents with 24-hour oversight by your staff? Or will the service be executed in a hybrid fashion (onsite and remote)? In addition to access, will you allow the vendor to save the information outside of your environment? Will you send information electronically to the vendor and if so, how will you communicate? Vendors that do not have direct access to your core or large repositories of confidential information may still touch non-public information.

You may consider a business email compromise for your vendor and its impact to your organization as a scenario when you approach sharing non-public information through either email or a secure file transfer. Thinking about how the information will be accessed, transferred, and used will help in your due diligence process and help ensure that you’ve done your best to get the valuable service from your vendor with a method of accessing confidential information you are most comfortable with.

Information and system controls

This is more than just passwords. It’s about if the vendor’s systems are updated frequently with the latest patching, data center security (SOC 1 and 2 reports), the encryption on devices, the MFA (Multifactor Authentication) in place at the account and device level, the antivirus, antimalware, protection from ransomware and MDR (Managed Detection and Response), where your information is accessed and that all the system controls are monitored. Every week, there are news reports of another ‘hack’ and ransom of individuals’ sensitive information. The only constant here is that this is reality, and the protections and attacks are ever-changing and evolving.

There is a lot to unpack here, and you can ask thousands of questions of your provider. Ultimately, you need to decide if the information you share with them is held in an environment that meets your expectations of safety and security. An informed and trusted IT leader on your team can help make sense of this space for your organization and identify those areas that apply to you. At a minimum a complete set of robust questions or list of requests will help you immediately highlight those vendors that can help you from those that may just introduce risk to your organization.

Business continuity, incident response plan, and disaster recovery

An event will happen. Plans in place that are reviewed and tested regularly will minimize the negative impact. Ask your vendor if they have these plans and discuss with them to understand how robust they are. Gain a comfort level that the vendor cares about managing the inevitable event as much as you do. If they are a critical vendor and something happens, you should expect them to have a plan to mitigate risk.

Confidential information

In addition to specific language in your vendor contract and the methods of accessing confidential or non-public information, ask about cybersecurity-specific insurance coverage in case of an incident. If their staff is touching your information, ask about their hiring practices. Also ask about the expertise of their personnel, confidentiality agreements and background checks.

Conclusion

There are many talented vendors out there to assist your organization. A consistent approach with a defined leader on your team will elevate the quality of the vendors your organization chooses to do business with. The few areas discussed above help manage risk when something goes wrong. The more prepared your vendor and you are for those inevitabilities, the less impact it will have.

If you want to find out more about vendor due diligence or need help improving or starting your vendor due diligence program, please contact Michael Gerbick at mgerbick@younginc.com or 330.422.3482. Young & Associates can help you every step of the way.

IRR and Liquidity Risk Review – Model Back-Testing / Validation of Measurements

Written by admin on . Posted in Lending & Loan Review, Management & Planning, Risk Management.

Effective risk control requires conducting periodic independent reviews of the risk management process and validation of the risk measurement systems. This helps to ensure their integrity, accuracy, and reasonableness. To meet the requirements of the Joint Policy Statement on Interest Rate Risk (IRR), as well as the Interagency Guidance on Funding and Liquidity Risk Management and the subsequent regulatory guidance, Young & Associates, Inc. can assist you in assessing the following:

  • The adequacy of the bank’s internal control system
  • Personnel’s compliance with the bank’s internal control system
  • The appropriateness of the bank’s risk measurement system
  • The accuracy and completeness of the data inputs
  • The reasonableness and validity of scenarios used in the risk measurement system
  • The reasonableness and validity of assumptions
  • The validity of the risk measurement calculations within the risk measurement system, including back-testing of the actual results versus forecasted results and an analysis of various variance sources

Our detailed interest rate risk review reports and liquidity risk review reports assess each of the above, describe the findings, provide suggestions for any corrective actions, and include recommendations for improving the quality of the bank’s risk management systems, and their compliance with the regulatory guidance. We are happy to customize the review scope to your bank’s specific needs.

For more information, contact Martina Dowidchuk at mdowidchuk@younginc.com or 330-422-3449.

Connect with a Consultant

Contact us to learn more about our consulting services and how we can add value to your financial institution

Ask a Question