Due Diligence and Ongoing Monitoring

 View Only
  • 1.  Compliance Risk

    This message was posted by a user wishing to remain anonymous
    Posted 03-31-2020 10:27 AM
    This message was posted by a user wishing to remain anonymous

    How does everyone handle Compliance Risk?

    Our program is designed to identify and assess general Compliance Risk associated with new and existing Third Party engagements.  We want to review Third Party policies, procedures, monitoring of controls, and training materials related to engagements where Compliance Risk may exist for all risk domains except for HIPAA, Red Flags and Privacy. We have a centralized coordinator who works with the LOB and 1LOD (reviewers).  1LOD is responsible for determining if in scope and for completing the review.  The main challenges we face are the number of regulations across primarily retail banking (UDAAP, Reg E, etc.), and the number of 1LOD reviewers involved. 

    Thank you.