The OCC released its “Semiannual Risk Perspective” and, perhaps as anticipated, banks continue to struggle plugging gaps in information technology practices.

Hands-Typing-angled-500x333.jpg?width=300Among the risks highlighted in the study, as reported by Joe Mont at Compliance Week:

  • Evolving cyber-threats and information technology vulnerabilities require heightened awareness and appropriate controls.
  • The high volumes and frequency of changes to information systems to address regulatory requirements, enhance risk monitoring reporting, and update compliance systems.
  • Banks are taking on additional risks by expanding into new, less familiar, or higher-risk products without adequate due diligence or appropriate risk management and controls.
  • The number, nature, and complexity of domestic and foreign third-party relationships continue to expand, increasing complexity, concentration, and risk management challenges.

While these risks are diverse in nature, the OCC identifies a possible solution. They suggest that banks use “Enterprise Risk Management practices to fully align with heightened standards.”

Enterprise Risk Management is an effective tool for compliance management because it evaluates a bank’s obligations in the context of both the regulatory and business environment to properly prioritize resources. Rather than just meeting the letter of the law, ERM provides a mechanism to document the achievement of compliance while improving daily operations and increasing operational efficiency on a daily basis at the same time.

For example, cross functional risks like cybersecurity are only addressable across silos with an Enterprise Risk Management methodology. Cybersecurity is not only an internal concern, but has cascading effects on vendors and service providers. One in three banks don’t require third parties to alert them about information security breaches, indicating an obvious communication failure between the IT and vendor management governance functions. Many businesses conduct an IT assessment on vendors AFTER they select the vendor to validate what mitigation controls are actually in place verses what was promised during the sales cycle. ERM provides a common, risk-based approach to Governance, Risk, & Compliance activities to identify connections between departments, vendors and the impact of risks based on these connections; so that these gaps can be identified and addressed before they make their rounds on social media.


How does LogicManager help organization’s address the cross functional issues posed by cybersecurity? Learn more by downloading our annotated guide on how to implement SEC Cybersecurity Best Practices with ERM.

Votes: 0
E-mail me when people leave their comments –

Steven Minsky, CEO and Founder of LogicManager, is a recognized thought leader in risk management. Steven is well known for his precinct abilities to guide organizations through future risk events. Steven is a frequent speaker in the Energy, Financial Services and Cyber industries. While the first wave of COVID-19 caught many organizations by surprise, Steven predicted the pandemic impacts in January of 2020 and swiftly published action plans to help organizations prepare.

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!