FINRA’s Risk Management Priorities for 2016

8028239900?profile=originalThe Financial Industry Regulatory Authority (FINRA) releases an annual letter outlining its Regulatory and Examination Priorities for the upcoming year. In line with letters and rules from other regulatory bodies such as the SEC, NAIC, and FFIEC, the 2016 FINRA Priority Letter puts the spotlight on risk and control management. What, specifically, are the FINRA priorities of the year? Among other things, “FINRA will focus on the frameworks that firms use to develop, communicate and evaluate conformance with their culture.”

Before a framework is adopted, however, firms need to be able to evaluate the standings of their current risk cultures. The RIMS Risk Maturity Model, recognized by organizations such as the NAIC and the American Petroleum Institute, has emerged as a leading tool designed to give this type of insight. The RMM is a free online resource that “allows you to score your risk management program and receive an immediately available report.” It helps you benchmark where your risk management capabilities stand, identify where your program is weakest, and provide a roadmap for improvement. This report helps ensure your organization avoids reputational damage and costly fines associated with poor risk management.

Three Priorities to Learn More About

Priority #1: Effectively Managing Conflicts of Interests

Organizations of all sizes and industries face systemic risks that can be traced back to their employees. Financial institutions are no exception. In fact, they may be some of the highest-risk organizations. The large amounts of PII that brokers house, as well as the sensitive information surrounding insider financial information, can create a number of ethics and security concerns.

FINRA emphasizes the need for organizations to assess, mitigate, and monitor risks surrounding 1) incentive structures and 2) potential avenues for information leakage. The Risk Maturity Model (RMM) is a best-practice framework that has helped thousands of organizations measure and improve their risk culture. This year’s FINRA priorities indicate that the financial services industry values and requires quantifiable risk benchmarks like those provided by the RMM.

Priority #2: Risk-Based Cybersecurity & Technology Defenses

Cybersecurity has been highlighted by FINRA, as well as regulators across the board, because of the “persistence of threats and our observations on the continued need for firms to improve their cybersecurity defenses.” FINRA points out that focusing on external threats is simply no longer enough. Organizations must focus on technology management and make sure that their system infrastructure is capable. FINRA specifically highlights the need for strong data quality and governance policies.

Priority #3: Outsourcing

No matter how robust assessments and mitigations are, third-party vendors who manage secure data or provide critical services still need to be risk rated and controlled. In 2016, regulators will continue to focus on the effectiveness and results on due diligence questionnaires and risk assessments. It is integral that organizations “appropriately supervise outsourced activities and that firms conduct adequate initial and ongoing due diligence of outsourced providers.” By utilizing a risk-based process, organizations can identify and prioritize their most important and riskiest vendors.

How can ERM and eGRC software help protect against these serious threats? LogicManager knocks down silos and unlocks the organization’s ability identify and assess risks across the enterprise. With a robust risk taxonomy, you can easily uncover relationships between risks, regulations, physical assets, and third-party services. Best practices and controls can easily be leveraged in other areas of the organization and applied to external vendors. The result is a common risk framework that adds bottom-line value and adheres to FINRA’s risk management and control priorities for 2016.

To begin measuring your risk culture, take the free 20 Minute Risk Maturity Model assessment. The personalized benchmark and maturity report will provide a roadmap to help you improve your risk management processes, starting today.

Votes: 0
E-mail me when people leave their comments –

Steven Minsky, CEO and Founder of LogicManager, is a recognized thought leader in risk management. Steven is well known for his precinct abilities to guide organizations through future risk events. Steven is a frequent speaker in the Energy, Financial Services and Cyber industries. While the first wave of COVID-19 caught many organizations by surprise, Steven predicted the pandemic impacts in January of 2020 and swiftly published action plans to help organizations prepare.

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!

lead