Tailoring examination plans and procedures based on risk – and key principles for gauging that risk – are both addressed in a second update issued by the umbrella group for federal financial institution regulators Tuesday.
The Federal Financial Institutions Examination Council (FFIEC) issued the update as the next step of its exam modernization project. The council (made up of the four federal banking and credit union regulators, and the committee of the exam council representing state supervisory authorities) said in a release that using risk as a guide in tailoring exams is “another area that holds promise” for reducing regulatory burden.
The exam council said that its member regulators have identified and developed “common risk tailoring principles and practices” and that its members are “each committed to issue reinforcing and clarifying examiner guidance to their examination staffs on these risk-focused examination principles if necessary.” The principles include:
- Recognizing there are financial institutions, or areas within institutions, that present low risk, and in those cases, minimum examination procedures are generally sufficient to assess the institution’s condition and risks.
- Allocating more examination resources to higher risk areas and fewer resources to lower risk areas.
- Using data from the quarterly call report filings to monitor changes to the institution’s business model, complexity, and risk profile between examinations.
- Leveraging available information, including analyses and conclusions from ongoing offsite monitoring and previous examinations to determine the financial institution’s risk profile and the scope of the next examination.
- Considering the financial institution’s ability to identify and control risks when risk-focusing examinations.
- Tailoring the pre-examination request list to the institution’s business model, complexity, and risk profile.
- Contacting institutions between examinations or prior to finalizing the scope of the examination to help inform an examiner’s assessment of an institution’s risk profile.
- Following up between examinations on institutions’ actions taken to address areas in need of improvement.
Along those lines, the exam council listed six “community financial institution examination risk-focusing practices” that are (or will be) guiding examiners:
- Consider the unique risk profile, complexity, and business model of the institution when developing an examination plan.
- Analyze existing information such as Call Report data, publicly available information, and confidential supervisory information to help identify areas of higher and lower risk when planning examinations.
- Monitor financial institutions between examinations.
- Tailor the document request list based on the financial institution’s business model, complexity, risk profile and planned scope of review.
- Apply examination procedures in a way that reduces the level of review of low-risk institutions or low-risk areas.
- Discuss financial conditions, risk profiles, new or expanded business lines, and pertinent new supervisory or regulatory information with institution management prior to finalizing the scope of review.
“Examiners will generally discuss the examination plan and its rationale with institution management at the beginning of the examination,” the exam council said.