We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

Manage Tomorrow's Surprises Today

Steven Minsky

FINRA's Risk Management Priorities for 2016

user-pic
Vote 0 Votes

The Financial Industry Regulatory Authority (FINRA) releases an annual letter outlining its Regulatory and Examination Priorities for the upcoming year. In line with letters and rules from other regulatory bodies such as the SEC, NAIC, and FFIEC, the 2016 FINRA Priority Letter puts the spotlight on risk and control management. What, specifically, are the FINRA priorities of the year? Among other things, "FINRA will focus on the frameworks that firms use to develop, communicate and evaluate conformance with their culture."

Thumbnail image for FINRA priorities.jpg

Before a framework is adopted, however, firms need to be able to evaluate the standings of their current risk cultures. The RIMS Risk Maturity Model, recognized by organizations such as the NAIC and the American Petroleum Institute, has emerged as a leading tool designed to give this type of insight. The RMM is a free online resource that "allows you to score your risk management program and receive an immediately available report." It helps you benchmark where your risk management capabilities stand, identify where your program is weakest, and provide a roadmap for improvement. This report helps ensure your organization avoids reputational damage and costly fines associated with poor risk management.


Three Priorities to Learn More About


Priority #1: Effectively Managing Conflicts of Interests

Organizations of all sizes and industries face systemic risks that can be traced back to their employees. Financial institutions are no exception. In fact, they may be some of the highest-risk organizations. The large amounts of PII that brokers house, as well as the sensitive information surrounding insider financial information, can create a number of ethics and security concerns.

FINRA emphasizes the need for organizations to assess, mitigate, and monitor risks surrounding 1) incentive structures and 2) potential avenues for information leakage. The Risk Maturity Model (RMM) is a best-practice framework that has helped thousands of organizations measure and improve their risk culture. This year's FINRA priorities indicate that the financial services industry values and requires quantifiable risk benchmarks like those provided by the RMM.


Priority #2: Risk-Based Cybersecurity & Technology Defenses

Cybersecurity has been highlighted by FINRA, as well as regulators across the board, because of the "persistence of threats and our observations on the continued need for firms to improve their cybersecurity defenses." FINRA points out that focusing on external threats is simply no longer enough. Organizations must focus on technology management and make sure that their system infrastructure is capable. FINRA specifically highlights the need for strong data quality and governance policies.


Priority #3: Outsourcing

No matter how robust assessments and mitigations are, third-party vendors who manage secure data or provide critical services still need to be risk rated and controlled. In 2016, regulators will continue to focus on the effectiveness and results on due diligence questionnaires and risk assessments. It is integral that organizations "appropriately supervise outsourced activities and that firms conduct adequate initial and ongoing due diligence of outsourced providers." By utilizing a risk-based process, organizations can identify and prioritize their most important and riskiest vendors.

How can ERM and eGRC software help protect against these serious threats? LogicManager knocks down silos and unlocks the organization's ability identify and assess risks across the enterprise. With a robust risk taxonomy, you can easily uncover relationships between risks, regulations, physical assets, and third-party services. Best practices and controls can easily be leveraged in other areas of the organization and applied to external vendors. The result is a common risk framework that adds bottom-line value and adheres to FINRA's risk management and control priorities for 2016.

 

To begin measuring your risk culture, take the free 20 Minute Risk Maturity Model assessment. The personalized benchmark and maturity report will provide a roadmap to help you improve your risk management processes, starting today.


Leave a comment

In this blog, risk expert Steven Minsky highlights the differences between traditional risk management and true enterprise risk management, which is about helping things happen rather than preventing them from happening. Manage Tomorrow's Surprises Today is designed to help you think about risk in new ways and learn how to benefit practically from this rapidly evolving field.

Steven Minsky

Steven is the CEO of LogicManager, Inc. the leading provider of ERM software solutions. Steven is the architect of the RIMS Risk Maturity Model for ERM, author of the RIMS State of ERM Report among many other papers, and a RIMS Fellow (RF) instructor on ERM. Steven has conducted ERM and RIMS Risk Maturity Model training for hundreds of organizations around the globe. Steven is a patent author of risk and process management technology and holds MBA and MA degrees from the University of Pennsylvania’s Wharton School of Business and The Joseph H. Lauder Institute of International Management. You can reach Steven at steven.minsky@logicmanager.com.

Recently Commented On

Monthly Archives

Blogs

ADVERTISEMENT