Risk Factors and Risk Ratings

Jonathan Foxx, Ph.D., MBA Chairman & Managing Director

June 2, 2022 Question I am our company’s Compliance Manager. We enjoy reading your weekly FAQs. In fact, we use them in our weekly sales and compliance meetings. Over the years, we have kept them together in a companywide folder for everyone to read.  This is the first time we’ve written to you. Our problem is that we need guidance in determining risk ratings for our risk assessments. We conduct internal risk assessments but are unsure how to arrange a risk rating. Each regulation is broken down into its major requirements in our risk assessment procedures. Each of these requirements is then assessed for its risk by determining if it is affected by any risk factors that present increased compliance risk.  The matrix we use is not broken down to the level of detail contained in the checklists, so we may need to refine our risk ratings further when they are entered into the checklists. For example, under Regulation Z, the matrix includes one item for section 1026.18, the content of disclosures. However, not all items in 1026.18 will carry the same risk level; the requirement that the disclosure contains the name of the creditor will carry a lower risk than the requirement that the annual percentage rate and finance charge be accurate.   What are the primary risk factors that we can use in our matrix? Also, how should we provide the risk ratings? Answer I reviewed the documents you sent me as specimens of your assessment matrix. There are many types of risk assessments and many areas of risk in a financial institution. A risk assessment should be designed to evaluate consistently the extent of risk to consumers arising from the activities of a particular entity and to identify the sources of that risk.  One way to conceptualize risk is to view it through the backdrop of risk to consumers; specifically, the potential for consumers to suffer economic loss or other legally-cognizable injuries due to a violation of Federal or state consumer financial law. To determine the risk to consumers, the risk assessment should consider the interaction of two broad sets of factors: (1) inherent risks in a particular line of business or the entity as a whole and (2) the quality of controls implemented by the entity to manage and mitigate those risks.  The most affordable and quickest means to check the viability of your Compliance Management System is our CMS Tune-up, a mini-audit that reviews the CMS, provides recommendations, and issues a risk rating. I note that your company is already on our list to conduct a CMS Tune-up in August. I think this is a prudent decision. If others want more information about the CMS Tune-up, contact us HERE.  In my view, there are six factors to include in a risk assessment.

Jonathan Foxx, Ph.D., MBA Chairman & Managing Director Visit our Website Pioneering Mini-Audits What is a Compliance Tune-up?  Compliance Solutions Speak to an Expert Contact Us Send an Email Ask a Question Careers

CONTINUOUS COMPLIANCE™

The most comprehensive mortgage compliance solutions in the United States!

Member of National Organizations ABA | MBA | NAMB | AARMR | MISMO | ARMCP | ALTA | IIA | ACAMS | MERSCORP