Op-Ed: What is in your risk assessment?

Op-Ed: What is in your risk assessment?
Derek Smith Jr

By Derek Smith Jr

It is without question that last year (2020) drove businesses of all sizes and individuals alike to financial, human, technical and strategic limits. C-suite leaders were stretched to either “Pivot or Perish”. In 2020, strategies were tested, frameworks were challenged and, in many cases, resources strained and depleted. These changes must be considered as supervised financial institutions (SFI) prepare to complete annual risk assessments as prescribed by their regulators.

Deloitte’s Dr Patchin Curtis and Mark Carey, in their presentation entitled “Risk Assessments in Practice”, noted: “Risk assessment is all about measuring and prioritizing risks so that risk levels are managed within defined tolerance thresholds without being overcontrolled or forgoing desirable opportunities.”

I am a proponent of the position that risk assessments are equally important to both SFIs and designated non-financial businesses and professionals (DNFBP). This is not only because the Financial Transactions Reporting Act, 2018, Section 5 requires every financial institution to take appropriate measures to identify, assess and understand its identified risks, carry out a risk assessment and document its findings while keeping the same up-to-date and available for review; it is also because both regulated and non-regulated entities should be acutely aware of their vulnerabilities and dangers while simultaneously advancing their strengths and opportunities.

For the avoidance of doubt — every risk cannot be predicted with complete specificity. Notwithstanding this fact, risk assessments allow businesses to strategically identify, assess and prepare for any danger, hazards and other potential disasters that could derail business goals and objectives. Additionally, risk assessments can be used as a tool by an entity to deeply assess and understand its human capital capacity, shortfalls and needs of their present compliance function.

Brienne Bryson, CAMS, in her white paper published on January 7, 2020, wrote: “Nearly as important as understanding the risk to an institution is understanding the staffing expertise and resources needed to adequately mitigate that risk. A lack of experienced and qualified staff may directly affect an institution’s ability to mitigate and manage the risks identified in risk assessment.”

Do not let your annual enterprise risk assessment remain void of assessing the experience and training for your compliance function — you would be doing a disservice to your business. What is evident is the apparent omission of qualification that is normally used synonymously with the attainment of degrees. Risk and compliance professionals and human resources professionals toggle with the balance and definition of qualifications when evaluating the skills needed for their entity’s compliance function.

According to David Schwartz, president and chief executive officer of the Florida International Bankers Association: “Too few universities have developed curricula that can produce professionals capable of stepping into high-demand compliance roles.”

I agree with Schwartz’s statement and further submit that experience and tailored training are key components of qualifications in our compliance world — experience not only in terms of length of time in the industry, but also the types of experiences and functions executed during that time.

Throughout this series, I will address the key aspects of risk assessments, inclusive of regulatory guidance, risk categories, risk analysis and institutional benefits of deploying a robust risk assessment program. I implore entities to use this crucial time to align their risk policies with business strategies to ensure they are better prepared to deal with the next big disruptor.

Derek Smith Jr is a Top 40 Under 40 leader; the compliance officer at Higgs & Johnson, a leading law firm in The Bahamas; and the former assistant vice president, Compliance & Money Laundering Reporting Officer (MLRO), at an international private bank. He is also a CAMS member of the Association of Certified Anti-Money Laundering Specialists (ACAMS) and an executive member of the Bahamas Association of Compliance Officers.