Episode 12: The Importance of Compliance Risk Assessments

Episode 12: The Importance of Compliance Risk Assessments

July 24, 2023

In the latest episode of our Risk Intel podcast, host Ed Vincent was joined by Mike Jones, Chief Compliance Officer at Strategic Risk Associates (SRA). With his extensive experience advising bank CEOs and serving as a Chief Compliance Officer in the FinTech industry, Mike shared invaluable insights into the realm of compliance risk assessments.

Understanding Compliance Risk Assessments

Mike highlighted the fundamental risk assessments that every institution should have: a compliance risk assessment and the Bank Secrecy Act Anti-Money Laundering (BSA/AML) and Office of Foreign Assets Control (OFAC) risk assessment. These assessments allow organizations to evaluate compliance risks based on federal and state laws, regulations, and agency guidelines.

A well-designed compliance risk assessment program should consider the applicability of laws and regulations to the institution's specific products and services. It requires assessing both the quantity of risk, which is inherent in the environment, and the quality of risk management, including the effectiveness of control programs.

The Process of Completing a Compliance Risk Assessment

Completing a compliance risk assessment involves mapping applicable laws and regulations to business areas and products, assessing the quantity and quality of risk, and assigning an overall risk score. Each institution's risk assessment is unique, considering factors such as recent enforcement actions, audit findings, and compliance management system effectiveness.

Compliance risk assessments require meticulous examination of external sources such as statutes, industry guidance, and enforcement actions. Internal materials like policies, procedures, training, and complaint history also contribute to the assessment. The goal is to create a comprehensive risk assessment tailored to the institution's risk appetite and product set.

The Benefits of External Expertise

Engaging a third-party specialist in risk assessments can provide regulators with assurance that an organization is prioritizing compliance. Having an off-the-shelf risk assessment tool with embedded expertise allows organizations to efficiently administer, update, and maintain their risk assessments.

The Outcomes of a Well-Constructed Risk Assessment

A robust compliance risk assessment empowers organizations to determine their overall compliance risk and identify top risk areas. It helps them understand key compliance risk drivers and implement risk mitigations and controls. By creating a heat map, institutions can strategically focus their monitoring, testing, and compliance management activities on critical areas.

"Its really that top 20-30% of the key risks that probably represent 80% of your vulnerability - allowing you to strategically focus your monitoring and compliance management activities on the things that really matter" - Mike Jones, Chief Compliance Officer


Compliance risk assessments are vital tools for organizations to proactively manage their compliance risks. With a tailored approach, a comprehensive understanding of applicable laws and regulations, and a focus on risk improvement activities, institutions can ensure compliance and navigate regulatory examinations with confidence.

Don't miss out on Mike Jones' insightful discussion. Tune in to the full Risk Intel podcast episode now or watch below to gain valuable knowledge on compliance risk assessments and strengthen your organization's overall compliance practices.

RMA RIsk Maturity Framework

Powered by SRA Watchtower

Take the self-assessment today to
measure your institutions risk maturity.


Book an


discovery session

Three ways to tap into the people, technology and insights of SRA.
We're focused exclusively on the serving the financial & Insurance industries.


Schedule a 30 minute consult with an SRA Risk Management Practitioner to understand your challenges, opportunities and potential paths to success.


Look inside the SRA Watchtower platform and understand how it helps executives navigate risk and drive growth.


Learn how SRA practitioners and their clients are tackling the most important and pressing issues facing the BFSI industry today.


SRA Newsroom

RMA RIsk Maturity Framework

Powered by SRA Watchtower

Take the self-assessment today to
measure your institutions risk maturity.