While the guiding principles of sound risk management are the same for compliance as for other types of risk, the management and oversight of compliance risk presents certain challenges. For example, quantitative limits reflecting the board of directors’ risk appetite can be established for market and credit risks, allocated to the various business lines within the organization, and monitored by units independent of the business line. Compliance risk does not lend itself to similar processes for establishing and allocating overall risk tolerance, in part because organizations must comply with applicable rules and standards. Additionally, existing compliance risk metrics are often less meaningful in terms of aggregation and trend analysis as compared with more traditional market and credit risk metrics. These distinguishing characteristics of compliance risk underscore the need for a firmwide approach to compliance risk management and oversight for large, complex organizations. A firmwide compliance function that plays a key role in managing and overseeing compliance risk while promoting a strong culture of compliance across the organization is particularly important for large, complex organizations that have a number of separate business lines and legal entities that must comply with a wide range of applicable rules and standards.
The guidance is very well intended and comprehensive, but not well timed. The subjects of this guidance should have been addressing these risks on an enterprise level well before the current collapse. However, as the saying goes, "better late than never!". Your thoughts? Click here to read the entire supervisory letter from the Federal Reserve.
No comments:
Post a Comment