Wipfli logo

Bank on Wipfli - Blog and Podcast


Why is a FDICIA risk assessment necessary?

Dec 19, 2023
By: Cayci Branum

Federal Deposit Insurance Corporation Improvement Act (FDICIA) compliance is hardly new to the banking industry. The act was passed in 1991 to strengthen the FDIC’s role in banking oversight. The $500 million and $1 billion asset thresholds are still the triggers for compliance and, for the most part, we have not seen large changes to expectations in compliance.

I have spent the last eight years focusing on outsourced FDICIA compliance for our clients and have noted, fairly consistently, how institutions are failing to use risk assessments appropriately to drive key control identification and testing.

Every significant area of a bank typically has a risk assessment (or is highly recommended to do so) as it allows management to show their identification and planned responses to the risks specific to your institution. Compliance with FDICIA is no different.

Identify significant operations

The goal of risk assessment in compliance planning is to identify both quantitatively and qualitatively significant operations. There are different methodologies and approaches that can be used, as long as the end result is mapped to the significant operations of the institution.

Make sure your risk assessment is tailored to your institution and the ultimate goal of identifying all areas that are a risk, especially internal controls over financial reporting. It is important that the risk assessment is updated periodically to help ensure that changes in risk are identified in a timely manner. These changes could drive additional testing of key controls for compliance.

It is important to include those responsible for key control operations in the risk assessment process. It is fairly easy to set up an initial risk assessment using the institution’s financial data.

Apply qualitative factors on the financial data

The next step is to apply qualitative factors on the financial data, which may require input from others outside of accounting or finance. Some of the typical qualitative factors used include lack of strong controls, level of subjectivity/sensitivity and exposure to loss.

Wipfli typically uses a range of 10 to 15 qualitative factors when performing a risk assessment. The combination of account balance and quantitative factors will drive the significance of each account, and then the institution will identify the key controls related to each area to be tested. Early identification and testing are important to allow the institution to ensure key controls over financial reporting are in place and operating as of year-end for FDICIA compliance.

Key takeaways

Here are some key takeaways to help you determine whether you are handling the risk assessment properly in your compliance process:

  • If you are approaching the $1 billion FDICIA compliance threshold, make sure the discussion and planning for the risk assessment is a key driver during readiness.
  • Ensure the risk assessment is tailored to your institution and updated periodically.
  • Key controls need to be in place and operating as of year-end for FDICIA compliance.

How  Wipfli can help

If you are currently approaching a FDICIA threshold and do not feel prepared or are looking for an experienced third party to help, Wipfli can help. We can provide a wide range of assistance from consulting hours to a full-blown outsourced partnership. Wipfli’s professional team is equipped in every capacity to meet your compliance needs. Learn more about how we can help financial institutions.

Sign up to receive additional financial services information in your inbox or continue reading on: 


Cayci Branum, CIA, CRCM
Senior Manager
View Profile
Bank on Wipfli blog
Subscribe to Bank on Wipfli - Blog and Podcast