360factors Banking Risk Taxonomy/Library
360factors’ Risk Library provides customers with a set of standardized regulatory risk definitions (e.g., a common taxonomy) that are categorized by regulation and presented in an intuitive hierarchal format. Common descriptions enable banks and financial services organizations to consistently evaluate risks and controls across business and/or product lines, ensuring a comprehensive set of risks is considered and simplifying risk aggregation across the organization.
The library includes over 400 risks definitions for regulatory compliance.
In addition to these 400+ regulatory compliance risks, the 360factors’ Banking Risk Library Taxonomy also includes risk definitions for other banking risk categories, including
- Credit
- Market
- Operational
- Liquidity
- Business
- Reputational
- Systemic
- Moral Hazard
360factors Key Risk Indicator (KRI) Library
Access 360factors’ growing library of Key Risk Indicators (KRIs) and standardize stakeholder understanding and analysis of organizational risk appetite.
- The KRI Library includes over 80 KRIs across nine categories, including Capital (3), Credit (21), Management (16), Earnings (4), Liquidity (10), Market Risk (12), Operational (12), and Compliance (6), along with key upper and lower threshold data for baselining risk tolerance. Also includes optional risk mapping – KRIs are mapped to regulatory and other banking risks from 360factors’ extensive Risk Library.
Code of Federal Registrar (CFR) Regulatory Knowledge Base
A complete database of regulations and requirements in the United States Code of Federal Registrar (CFR) is provided and pre-loaded into the Regulations & Obligations Repository. This database contains the final approved text of the CFR (it does not include proposed rules or news until they become final approved rules). The database is categorized based on the CFR number and hierarchy.
This functionality enables organizations to:
- Identify gaps where they might not be meeting their regulatory obligations;
- Identify risks to their organization; and
- Quickly understand and assess the impact of a change in a regulation.
Banking Compliance Testing Assessments & Checklists (QC/QA)
This content plug-in provides a set of compliance testing checklists and work paper templates for performing a variety of compliance testing & monitoring activities (often commonly referred to as compliance QC or QA) within a bank’s regulatory compliance organization. The content plug-in also includes a set of Word-based report templates that are automatically generated at the end of a completed compliance monitoring and testing series that summarizes the testing series, provides a list of the findings and recommendations and can be used for documenting the results of the compliance test.
This content plug-in requires the Predict360 Compliance Monitoring and Testing with Regulatory Risk Management application and comes pre-loaded into that solution.
FIS Regulatory University Training
FIS Regulatory University is the financial services industry’s most comprehensive, authoritative, cost-effective, web-based regulatory training solution with a library of more than 300 courses covering safety and soundness, consumer protection laws and regulations, high and emerging risk issues, products and services, and other topics of relevance to banks and financial services institutions.
ABA Risk Library
The ABA Risk library is a collection of over 800 risks across the typical banking risk categories including credit, operational and strategic risks that are based on ABA’s industry-leading Risk Management training courses and certificate programs. ABA members can access ABA’s Risk Library within Predict360 at no additional cost.
This library of banking risks is pre-loaded into and distributed directly within Predict360, 360factors’ ABA-endorsed Risk and Compliance Software platform for banks, and helps banks improve their risk coverage and identify missing gaps in their risk assessments while offering a fast and efficient way to onboard quickly within Predict360 with industry best practices content provided by ABA.
Crowe Risks, Controls and Testing Scripts Library
The Crowe financial services risk, control and testing scripts library includes a comprehensive catalogue of risks, attributable controls and associated testing and assessment scripts. The library, coupled with 360factors’ risk and compliance intelligence platform, is adaptable to each client’s specific needs, helps enable growth strategies and meet business and regulatory expectations, and ensures maturity and sustainability of banking risk management programs.
360factors can provide the extensive Crowe library of enterprise risks and standards aligned to regulatory guidance, typical controls for each risk and testing steps for each control for a variety of compliance and banking risk categories pre-loaded into Predict360.
FIS Risk Library
FIS’ Risk Library contains thousands of risk statements based on applicable compliance laws, regulations, guidance, and examination procedures. Risk statements are created by Certified Regulatory Compliance Managers (CRCMs) and attorneys. On an ongoing basis, risk statements are updated in response to regulatory pronouncements published by Consumer Financial Protection Bureau, along with the other federal banking agencies.
Because FIS’ risk statements are created from applicable laws, regulations, guidance, and examination procedures; the result is that each compliance rule and regulation has a set of associated risk statements, phrased as assertions. For example:
- Policies and procedures include guidance on preventing unfair, deceptive, or abusive acts or practices.
- Employees are trained on the provisions of the Wall Street Reform and Consumer Protection Act that prohibit unfair, deceptive, or abusive acts or practices.
- Consumer complaints are reviewed to identify potential compliance problems and negative trends that have the potential to be unfair, deceptive, or abusive.
- All advertisements, promotional materials, and marketing scripts are reviewed to ensure that they are not deceptive or misleading.
Risk statements are available in either a short format as concise statements, or a long format as detailed statements. Choose which format best meets your needs.
National Institute of Standards and Technology (NIST) Assessment
NIST standards enable federal agencies, contractors and organizations to assess and manage cybersecurity risk with a set of guidelines and best practices controls for critical IT systems and infrastructure.
- 360factors offers pre-populated assessment questionnaire related to NIST standards and controls to manage cybersecurity risk as presented in the NIST Framework. This content includes 130 Categories and Subcategories for the five NIST functions including: Identify, Protect, Detect, Respond, and Recover.
FFEIC Cybersecurity Assessment Tool (FFEIC CAT)
Federal Financial Institutions Examination Council (FFEIC)’s CAT provides organizations with an assessment framework for organizations to assess and review their inherent risk profile and risk maturity levels. The framework offers five categories: Technologies and Connection Types, Delivery Channels, Online/Mobile Products and Technology Services, Organizational Characteristics, and External Threats and five Maturity Levels: Cyber Risk Management and Oversight, Threat Intelligence and Collaboration, Cybersecurity Controls, External Dependency Management, and Cyber Incident Management and Resilience.
- 360factors provides over 130 assessment guidelines with mapped evaluation categories (Baseline, Evolving, Intermediate, Advanced, Innovative) across the five CAT domains.
Regulatory Intelligence (News & Notifications Feed) from Reg-Room
Reg-Room LLC is dedicated to tracking Regulatory and Legal changes impacting the Financial Services Industry globally. With a team of over 30 subject matter experts (mostly lawyers) who track over 1,000 primary regulatory sources globally, Reg-Room’s goal is to provide a standardized feed of Expert High Level Analysis together with associated structured data to streamline the horizon scanning, applicability and impact analysis work undertaken by banks and financial services organizations.
Vendor Surveillance
Argos Risk’s optional AR Surveillance offers access to a continuous stream of data, which aids in addressing the following common questions:
- Operational Risk: Does the vendor possess the stability required to be an integral part of your mission-critical operations?
- Financial Risk: Does the vendor possess the financial resources necessary to fulfill the terms of your contractual agreement?
- Legal Exposure: Is the vendor exposed to legal actions that could potentially impact your business relationship?
- Cybersecurity Risk: Is the vendor maintaining a robust and secure online presence?
- Reputational Risk: Is the vendor’s reputation in alignment with your organization’s values and goals?
- Sanctions Risk: Is it legally permissible for your organization to engage in business with this entity?
- Diversity Inclusion: Does the vendor meet the criteria for participation in your organization’s diversity and inclusion program?
AR Surveillance provides an extensive array of data and information, ongoing monitoring, risk-based scoring, and one of the industry’s most user-friendly interfaces. It is the dominant way to analyze, assess, and monitor the overall viability and health of your commercial third-party relationships and empowers your vendor management program to leverage real-time risk intelligence for making informed decisions.
Regulatory Intelligence (News & Notifications Feed) (from Compliance.ai)
A Compliance.ai powered news & notifications feed is displayed directly in the Predict360 Regulatory Change Management module that is filtered based on the specific topics, agencies, jurisdictions, states and/or countries relevant to the organization and provides the ability to initiate a regulatory change management workflow or dismiss each item with full audit trail and connection to regulatory mapping within the system.
- Effectively, this single solution replaces are the external email subscriptions, RSS feeds and periodic web site research that your regulatory compliance team often need to review periodically.
- Create and manage action items for regulatory intelligence
- Includes 1 user license to the Compliance.ai service connector
Other Plug-Ins
Additional content frameworks and standards can be made be available as required but are dependent on how these frameworks and standards have been implemented within your organization. The Predict360 helps organizations manage their processes that have been implemented on an ongoing basis.
- COBIT Framework and Toolset
- COSO Framework and Toolset
- ISO27000 Framework
- PCI Compliance Framework
- PII Compliance Framework
- HiTrust Framework and Toolkit
Learn How 360factors Empowers Customers to Manage Their Risk and Compliance Programs with Ease.
We look forward to working with 360factors to advance our enterprise risk and compliance programs for the bank while increasing the products and services we offer to the community.
Mark Casel Chief Risk OfficerWe selected Predict360 due to its ease of use, banking industry design, and endorsement by the American Banker’s Association.
Eric Sprink President & CEOPredict360’s banking workflows, risk library content, and endorsement from the American Bankers Association are a great fit for our bank.
Julie Dahle EVP and Chief Risk OfficerPredict360’s out-of-the-box applications designed specifically for banks our size along with their banking content was a significant influence in our selection of 360factors.
John Dunne EVP Chief Risk OfficerAs part of our initiative to expand our products and services, we wanted to enhance our enterprise risk and compliance management to support this growth. Predict360 will enable our team to meet these goals efficiently.
David Claussen Chief Risk Officer360factors’ solutions, powered by artificial intelligence, enables our organization to adapt and respond effectively to the ever-changing regulatory compliance landscape.
Joanna Chancellor Business Support ManagerThe powerful features combined with the easy implementation of the cloud solution made Predict360 a great fit for our organization.
Steve Parker Chief Executive OfficerWe believe our collaboration with 360factors and the technology they bring supports our vision for the future.
Gina Anonuevo Chief Compliance OfficerDeploying Predict360 is another step by us towards becoming a more streamlined and efficient organization.
Crystal Barnes Regulatory Compliance Specialist