Article
|
August 6, 2025
|
No items found.

Rethinking internal controls for your financial institution

Low angle ground level image of a city street in Washington DC

Following our recent Financial Services Group webinar, this article explores how financial institutions can modernize their internal control environments in light of regulatory changes and emerging risks.

Although the FDIC’s recent proposal to raise the Internal Control over Financial Reporting (ICFR) threshold from $1 billion to $5 billion may ease the regulatory burden for hundreds of community banks, organizations should continue to reassess and optimize their internal control structures to support sound governance and resilience.

Many banks and credit unions still operate with overly complex, duplicative, or outdated controls. In some extreme cases, institutions maintain over a thousand controls, often without clear justification, which raises the question: How well are we mitigating risk?

Finding the Right Number of Controls

There’s no one-size-fits-all formula. The ideal control environment depends on a mix of internal and external factors, each contributing to greater control precision. Consider the following:

A table detailing a number of factors like culture and regulation and their associated influence on controls

What might be excessive for one institution may be insufficient for another. A thorough risk assessment helps identify areas that are either under- or over-controlled. Too few controls can leave critical risks unmitigated and increase the chance of compliance failures. Too many, or overly complex ones, can drive up costs and create operational drag.

Generic control frameworks are a great starting point, but they shouldn’t be relied upon as a standalone solution. An effective risk management approach requires tailoring to your organization’s specific risks and operations.

Streamlining Without Compromise

Organizations should aim to simplify controls without sacrificing compliance. That means:

  • Consolidating duplicative or outdated controls
  • Automating manual processes and controls where possible
  • Integrating controls into business workflows
  • Documenting controls clearly to support accountability and audit readiness
  • Monitoring continuously to adapt to change and emerging risks

Avoid falling into the trap of “check-the-box” compliance. Generic frameworks can be helpful, but without customization to your operations, they often leave real risks unaddressed. As the saying goes, the most expensive words in business are: “But that’s how we’ve always done it.”

A risk-based approach helps determine whether existing controls are sufficient, or if new ones are needed. To keep compliance structures relevant and aligned with strategic goals, organizations should prioritize continuous monitoring, internal audits, and self-assessments.

Growth, Technology, and Emerging Risks

Control frameworks must keep pace with organizational change.  Static controls can quickly become obsolete, leaving gaps in risk mitigation and compliance.

Emerging technologies, especially AI and cloud platforms, introduce new risks that require thoughtful oversight. Controls should address:

  • Responsible use of AI (e.g., open source vs. proprietary tools)
  • Data privacy and security
  • Governance and audit trails for AI-driven decisions
Execution Pillars: Collaboration, Systems, and Training

A strong control environment is sustained when people, processes, and systems work together to promote a culture of control awareness. Addressing common organizational challenges through targeted solutions strengthens both the effectiveness and sustainability of internal controls. Consider the following best practices:

A table detailing a number of challenges as well as their associated solutions and benefits

Together, collaboration, system alignment, and continuous training form the foundation for a resilient and responsive control environment.

We Can Help

At Elliott Davis, our Financial Services Group works with institutions to navigate regulatory changes and prepare for growth. We help you:

  • Assess your current control environment
  • Identify opportunities to streamline and automate
  • Align controls with your risk appetite and business goals
  • Prepare for IPO or regulatory shifts
  • Build a culture of accountability and continuous improvement to support control awareness

Let’s work together to find the right balance of controls tailored to your organization, without compromising compliance or performance.

Download our PDF from the webinar, watch the full webinar replay below, or contact our team today to start the conversation.

The information provided in this communication is of a general nature and should not be considered professional advice. You should not act upon the information provided without obtaining specific professional advice. The information above is subject to change.

No items found.
contact our team

links and downloads.

Ready to find your business’ potential?

get in touch

download the white paper

contact our team

contact our team.

contact our team.

meet the author

meet the team

meet the authors