1. Compliance Risk Self Assessment Model

2. Compliance Risk - Definition  The risk to earnings or capital arising from violations of, or nonconformance with laws, rules, regulations, prescribed practices, or ethical standards.  Compliance risk also arises in situations where the laws or rules governing certain bank products or activities of the bank's clients may be ambiguous or untested. 28/14/2015

3. Compliance Risk Assessment Phases Bank should periodically assess Compliance risk impact Bank should measure the magnitude of potential loss;  Reputation  Regulatory  Operational  Legal / Error There are three main phases to assess the compliance risk  Phase 1:Data Collection  Phase 2:Compliance Analysis  Phase 3:Communicating Compliance Risk 38/14/2015

4. Phase 1 : Data Collection Step One: Products and Services Make a list of all products and related services that are offered. Step Two: Systems and Controls List all types of Controls related to each product in questionnaire format Interview Department Management to identify controls 48/14/2015

5. Phase 2: Compliance Analysis Compliance convert business response to:  Regulatory Risk  Reputation Risk  Operational Risk  Probability of Error Risk Compliance to prepare Inherent & Residual Risks levels 5 8/14/2015

6. Phase 3 :Communicating Compliance Risk Step One: Align with Business Compliance will call for meeting with Business head Compliance will present their analysis and identify Compliance High Risk issues Business to demonstrate probability of risk change over next 12 months Document Corrective actions plan Step Two: Escalation Process Compliance will escalate Compliance issues with increasing risk level. 68/14/2015

7. Outcome  What are the biggest compliance risk facing your bank/division/department  What about the next three years  Risk definition / description  Current controls 78/14/2015