Episode 20: Program Risk Assessments: Regulatory Requirements & Their Strategic Value

Episode 20: Program Risk Assessments: Regulatory Requirements & Their Strategic Value

September 19, 2023

In the latest episode of the SRA Risk Intel podcast, host Ed Vincent was joined by Beth Nilles, Director of Watchtower Implementations and Mike Jones, Chief Compliance Officer to shed light on the vital topic of program risk assessments in the banking sector. With decades of combined experience in the industry, their insights provide a comprehensive understanding of this crucial component of risk management. Let's dive into the key takeaways from this informative discussion.

Understanding Program Risk Assessments

Beth Nilles introduces the concept of Program Risk Assessments, highlighting their distinction from traditional risk and control self-assessments (RCSA), which focus on individual risks and associated controls. However, Program Risk Assessments take a holistic approach and offer a bird's-eye view of how well a bank is managing risks across various areas, including IT, information security, and compliance.

Regulatory Significance and Exams

Mike Jones shared his views and expertise of the current regulatory landscape and why Program Risk Assessments matter to regulators. When regulators conduct examinations, they often request the Program Risk Assessments from the bank to see how they are managing risk strategically. These assessments serve as a litmus tests of a bank's understanding of its operations and risk management practices. Failure to provide thorough assessments can result in regulatory findings and even enforcement actions.

Both Mike and Beth underscore the consequences of failing to meet regulatory obligations of performing the required annual Program Risk Assessments. This includes making a poor impression with regulators, facing regulatory findings, and having to develop remediation plans. In the worst-case scenario, unidentified systematic risks could lead to lawsuits, monetary losses, enforcement actions, and penalties.

Strategic Value

Beyond regulatory compliance, Beth and Mike stress the strategic value of Program Risk Assessments. These types of assessments help banks identify potential weaknesses and allocate resources strategically to address critical risks across the bank. In an environment of limited resources, having a clear understanding of where risks lie is essential for effective risk management. That said, the maturity of a bank's risk assessment program can vary based on the size of a financial institution. Larger banks are expected to have a more strategic and comprehensive approach to risk assessment, while smaller institutions may focus more on regulatory compliance.

The Importance of Follow-through

Identifying risks is only the first step; banks must take action to address them. Program Risk Assessments should be part of an ongoing risk management process, with identified risks actively managed and mitigated.

A Strategic Imperative

In conclusion, this podcast episode emphasizes that Program Risk Assessments are not just a regulatory requirement, but also a valuable tools for proactive risk management and resource allocation. Banks, regardless of their size, should take a proactive approach to these assessments to enhance their risk management practices, avoid regulatory issues, and make informed decisions.

For a more in-depth understanding of Program Risk Assessments and their significance, we encourage you to listen to the full podcast episode on the SRA Risk Intel Podcast. Stay tuned for Part 2 of this conversation, where the hosts will delve into best practices of how banks address Program Risk Assessments and their future outlook in the industry.

RMA RIsk Maturity Framework

Powered by SRA Watchtower

Take the self-assessment today to
measure your institutions risk maturity.


Book an


discovery session

Three ways to tap into the people, technology and insights of SRA.
We're focused exclusively on the serving the financial & Insurance industries.


Schedule a 30 minute consult with an SRA Risk Management Practitioner to understand your challenges, opportunities and potential paths to success.


Look inside the SRA Watchtower platform and understand how it helps executives navigate risk and drive growth.


Learn how SRA practitioners and their clients are tackling the most important and pressing issues facing the BFSI industry today.


SRA Newsroom

RMA RIsk Maturity Framework

Powered by SRA Watchtower

Take the self-assessment today to
measure your institutions risk maturity.