Intelligence Report | November 2026 - Flipbook - Page 17
8 BEST PRACTICES FOR BOARDS OVERSEEING RISKS
1. Oversee a company-wide assessment of risk by bringing together the heads of
departments and geographies.
2. Oversee the risk appetite, anti-fraud policies and controls, and adjust regularly based
on changing risk, such as new geographies or products. Regulators expect a risk-based
approach.
3. Understand internal controls and follow up with management on any significant audit
concerns, cyber problems that aren’t being fixed or problems with internal controls.
Regulators consider the board ultimately accountable for making sure the executives
do their job.
4. Educate yourself on the latest fraud trends and risks, including thorough presentations
from inside and outside experts.
5. Make sure the board or a committee has direct access to the chief risk officer
and/or chief compliance officer, not necessarily at every meeting, but to hear reports
and ensure the bank’s resources match the risk appetite.
6. Board meeting packages should include information on fraud trends, whistleblower
reports and customer complaints. Make sure you’re getting the full trend line, not a
snapshot. Ensure an independent board member receives complaints about financial
fraud.
7. The head of cybersecurity should report to someone other than the head of information
technology.
8. The board should run through tabletop exercises to get a sense of how the cyber
incident response plan will play out in the event of a major cyberattack.
THE FRAUD MENACE: PROTECTING YOUR BANK | 15
