Over the past year, several hot topics have emerged that warrant your attention as you continue evaluating the evolving risk landscape. Staying informed on these key areas is essential to ensuring your audit coverage remains proactive and relevant.
Vendor Management
With the rise of Fintech partnerships and emerging AI tools, financial institutions are managing more third-party relationships than ever before. Effective vendor oversight is critical to mitigating regulatory, operational, and reputational risk.
Key areas of focus:
- Risk Assessment – Assign and maintain risk ratings for each vendor; conduct initial due diligence and ongoing monitoring.
- Vendor Stability – Evaluate financial health, reputation, regulatory history, and operational capabilities.
- Cybersecurity – Review data protection and information security controls.
- Contracts – Ensure clear agreements outlining responsibilities, use of subcontractors, and compliance expectations.
- Regulatory Compliance – Confirm vendors meet applicable laws and regulations (e.g., UDAAP, GLBA, ECOA).
- Business Continuity – Verify vendors have tested continuity and disaster recovery plans.
- Governance – Maintain strong board and management oversight for critical vendor relationships.
Liquidity Risk Management
Following recent bank failures and the updated July 2023 interagency liquidity guidance, federal and state examiners continue to focus heavily on contingency funding and liquidity risk management.
Key areas of focus:
- Stress Testing – Regularly evaluate assumptions and scenarios—especially those impacting commercial and indirect lending portfolios—to ensure testing remains relevant and robust.
- Contingency Funding Plans – Maintain a flexible, well-tested plan that includes diverse funding sources, access to the discount window, and adequate collateral.
- Plan Updates – Reassess and revise contingency funding strategies frequently to reflect market changes and account for the potential loss of key funding sources.
Model Risk Management
With rapid advances in technology, the average financial institution now maintains a model inventory of approximately 100 models—significantly increasing exposure to model-related risk. Although the OCC released its Model Risk Management Handbook in 2021, this guidance has recently gained renewed attention during regulatory examinations. Institutions are expected to demonstrate robust oversight and governance of their models, making this an area of heightened scrutiny.
Key areas of focus:
- Strong Governance – Establish oversight by senior management and the board, with clear roles and responsibilities
- Robust Development and Use – Ensure models are built on sound assumptions, reliable data, and are used appropriately with proper controls.
- Independent Validation – Validate models regularly based on their risk and complexity—covering design, data, and performance.
- Ongoing Monitoring and Documentation – Continuously monitor model performance, maintain clear documentation, and update as needed.
While there are many factors to weigh when assessing audit coverage, these particular areas have often been overlooked or considered low risk. As the risk landscape continues to evolve, it’s essential to incorporate these emerging and historically under-reviewed topics into your internal audit planning to ensure a more forward-looking and risk-responsive approach.
If you need further guidance or have any questions, we are here to help. Please do not hesitate to reach out to discuss your specific situation.
This material has been prepared for general, informational purposes only and is not intended to provide, and should not be relied on for, tax, legal or accounting advice. Should you require any such advice, please contact us directly. The information contained herein does not create, and your review or use of the information does not constitute, an accountant-client relationship.
