ABA Banking Journal
No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
SUBSCRIBE
ABA Banking Journal
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
No Result
View All Result
No Result
View All Result
ADVERTISEMENT
Home Compliance and Risk

Conducting Pandemic Risk Assessments: What Banks Need to Know

April 30, 2020
Reading Time: 10 mins read
Conducting Pandemic Risk Assessments: What Banks Need to Know

By Neal Doherty 

Everyone who works in compliance understands the need for flexibility and adaptability. More often than not, new laws are enacted by state legislatures at the stroke of midnight or beyond. These new requirements are often effective immediately, with no lead time and scant guidance on implementation. It is the job of the legal and compliance professionals to figure it out so businesses can operationalize the requirements.

Given the COVID-19 pandemic, the current state of affairs makes that environment look like a regulatory paradise. Hopefully the COVID-19 outbreak will be under better control soon and future pandemics will not be a regular occurrence. Let us hope the “new normal” is not normal, and that we get back to business as usual. 

The current pandemic has caused a complete change in how we work with financial services clients—and what they view as top priorities. Compliance officers and other stakeholders are being pulled in myriad directions, with priorities changing on a near daily basis.

For example, regulatory compliance projects in the works have been deferred as banks ramped up their ability to respond to a deluge of requests from small business owners seeking loans under the Paycheck Protection Program. We have also had to nimbly adapt in order to support our clients, including reallocating resources from lower–priority projects to update our own SBA loan offering under the PPP.

While it is too late to plan for the current pandemic, regulators will expect financial institutions to be better prepared for the next event, and they have offered guidance on how institutions should prepare.

Show you can scale protective efforts

In response to the outbreak of COVID-19, the Federal Financial Institutions Examination Council issued updated guidance on actions that financial institutions should take to mitigate business impact during a pandemic. This new guidance builds upon guidance issued in 2006 and 2007. ”Pandemic planning presents unique challenges to financial institutions,” FFEIC notes. “Unlike most natural or technical disasters and malicious acts, the impact of a pandemic is much more difficult to determine because of the anticipated difference in scale and duration. As a result of these differences, no individual or organization is safe from the potential adverse effects of a pandemic event.”

The updated guidance requires financial institutions to take steps to mitigate business impact during a pandemic. Following are some essentials to consider in evaluating whether your bank is prepared to effectively manage impacts to your business in the wake of the COVID-19 pandemic.

Under the updated federal guidance, financial institutions must have the following: 

  • A preventive program to reduce the likelihood that an institution’s operations will be significantly affected by a pandemic event. 
  • A documented strategy that provides for scaling the institution’s pandemic efforts, so they are consistent with the effects of a particular stage of an outbreak. 
  • A comprehensive framework of facilities and systems to ensure the institution can continue critical operations in the event that large numbers of employees are absent. 
  • A testing program to ensure that pandemic planning capabilities are effective.
  • An oversight program to ensure ongoing review and updates to the pandemic plan.

State regulators have published similar guidance, including the New York State Department of Financial Services, which has required financial institutions to submit a summary of pandemic preparedness plans to the agency. Under NYDFS’s guidance, an institution’s preparedness plan must include:   

  • Preventive measures designed to mitigate the risk of operational disruption. 
  • A documented strategy addressing the impact of the outbreak in stages. 
  • Assessment of all facilities and systems necessary to continue critical operations. 
  • Assessment of potential increased cyber-attacks and fraud. 
  • Employee protection strategies. 
  • Assessment of the preparedness of critical third-party service providers; 
  • Development of a communication plan. 
  • Testing the plan to ensure the plan is effective.  
  • Governance and oversight of the plan.  

Identify and document all relevant risk

Integral to creating a preparedness plan is conducting a formal risk assessment. The current crisis has underscored the regulatory expectation that a risk assessment take into account the impact of a pandemic, as well as more isolated business continuity events.

Regulators expect financial institutions to identify and document all relevant risk factors and how well those risks are controlled. Per FFIEC guidance, financial institutions should complete the following risk assessment and risk management steps:  

  • Prioritize the severity of potential business disruptions resulting from a pandemic. 
  • Perform a gap analysis to determine what steps are needed to mitigate the severity of potential business disruptions. 
  • Develop a written pandemic plan. 
  • Require an annual review and approval of a pandemic plan by the Board of Directors or Board committee. 
  • Communicate and disseminate the plan and the current status of the pandemic to employees.  

In addition, financial institutions should consider the following:

Coordination with third parties. Open communication and coordination with critical third-party service providers is vital.

Identification of triggering events. A triggering event occurs when an environmental change takes place that requires management to implement its response plans based on the pandemic alert status.

Employee protection strategies. Employee protection strategies are critical to sustain an adequate workforce.

Mitigating controls. Control processes can be implemented to mitigate risk and the effects of a pandemic.

Remote access. Robust employee telecommuting capabilities will be required.

Be formal and proactive

Risk assessments should be formal exercises performed annually. The exact process and methodology may be customized by an institution, however the identification of inherent risk and the alignment of associated risk-mitigating controls providing an assessment of the institution’s residual risk is the generally accepted format.

When advising banks on performing a risk assessment, we recommend that our clients establish a formal, proactive risk identification, assessment and mitigation approach and methodology. Important points to consider include: 

ADVERTISEMENT
  • The assessment of inherent risks should identify risk factors that align to each applicable requirement, process, or product feature. Drilling down and considering each risk factor in greater detail provides a more thorough understanding of the impact and likelihood of all potential risks. 
  • The risk assessment approach and methodology should map risk-mitigating controls established to address each risk factor. 
  • The risk assessment methodology should be based on a mathematically driven formula that scores inherent risk, control effectiveness and the resulting residual risk. Incorporating math as a basis for deriving the scoring enhances reporting and illustrates risk objectively using heat maps. 

Conducting the risk assessment to this level of detail and objectivity not only positions companies to a proactive risk management posture, but it serves as an invaluable control inventory and ongoing living record of a company’s risk position.

Now more than ever, regulators will expect financial institutions to have properly assessed the risks from pandemics and to develop appropriate preparedness and response plans. When the next pandemic arrives, regulators will want financial institutions to implement those plans to help mitigate operational impacts. For all our sakes, let’s hope they don’t have to.

Neal Doherty, consulting manager for CMS and regulatory consulting with Wolters Kluwer Compliance Solutions, is an attorney and compliance professional with 20 years of experience in the financial services sector.  

Tags: ComplianceCoronavirusDisaster preparednessEmployeesEnterprise risk managementRemote workThird-party risk
ShareTweetPin

Related Posts

The ever-expanding role of chief risk officer

The ever-expanding role of chief risk officer

Human Resources
July 7, 2025

'A new era has emerged in which CROs faced greater nonfinancial risk amid pressure to boost the bottom line.'

OCC releases Q3 bank trading revenue report

OCC report: Banking system sound, key risks highlighted

Compliance and Risk
June 30, 2025

The strength of the federal banking system remains sound, the OCC reported in its most recent semiannual risk perspective report. The report covers risks facing national banks, federal savings associations, and federal branches and agencies based on data...

2025 bank marketing trends

ABA Viewpoint: Toward a smarter framework for bank asset thresholds

Compliance and Risk
June 30, 2025

Indexing regulatory thresholds for growth makes sense. Here’s how to do it most effectively.

Fighting fraud on the frontline

Fighting fraud on the frontline

Compliance and Risk
June 30, 2025

Customer inquiries and complaints are important tools for detecting scams, but structural barriers in the bank may prevent them from being fully utilized.

Treasury names FinCEN director

Banking agencies allow banks to collect CIP data from third parties

Compliance and Risk
June 27, 2025

The order permits banks to obtain TIN information from a third party rather than the customer as long as the bank otherwise complies with the customer identification program rule.

Mutuals Ion Bank, NVE Bank plan merger

ABA Viewpoint: Banking has changed, and so should the rules around bank mergers

Compliance and Risk
June 27, 2025

Three decades on, the test for bank mergers no longer reflects the competitive marketplace.

NEWSBYTES

OCC allows Texas banks affected by flooding to close

July 7, 2025

U.S. Bank survey: Small-business owners focus on succession planning

July 6, 2025

FDIC report: 97% of supervised institutions rated satisfactory or better for consumer compliance

July 6, 2025

SPONSORED CONTENT

Navigating Disruption in Ag Lending – Why Tariffs Are Just the Tip of the Iceberg

Navigating Disruption in Ag Lending – Why Tariffs Are Just the Tip of the Iceberg

July 1, 2025
AI Compliance and Regulation: What Financial Institutions Need to Know

Unlocking Deposit Growth: How Financial Institutions Can Activate Data for Precision Cross-Sell

June 1, 2025
Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

April 25, 2025
Outsourcing: Getting to Go/No-Go

Outsourcing: Getting to Go/No-Go

April 5, 2025

PODCASTS

Podcast: Inside ABA’s new Treasury Check Verification System API

June 25, 2025

Podcast: Staying close to clients amid tariff-driven volatility

June 18, 2025

Podcast: Old National’s Jim Ryan on the things that really matter

June 12, 2025
ADVERTISEMENT

American Bankers Association
1333 New Hampshire Ave NW
Washington, DC 20036
1-800-BANKERS (800-226-5377)
www.aba.com
About ABA
Privacy Policy
Contact ABA

ABA Banking Journal
About ABA Banking Journal
Media Kit
Advertising
Subscribe

© 2025 American Bankers Association. All rights reserved.

No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive

© 2025 American Bankers Association. All rights reserved.