OCC Risk Report: New Risks for U.S. Banks?
The Office of the Comptroller of the Currency (OCC) has just released its semiannual risk report, highlighting a series of strategic, credit, operational and compliance risks facing the United States’ banking system as 2018 gets underway. The guidance provided in this report is vital for the ultimate success of banks across the U.S., and has in the past proven to be a potent, informative tool for compliance officials looking to improve current initiatives and avoid costly breaches. The OCC, a bureau of the U.S. Treasury Department that serves to regulate and provide supervision over all financial institutions (FI’s) and savings associations located in the States – including branches of foreign banks, has based its latest findings off of data obtained from four key areas that many believe are major contributors to the overall health and ever-changing state of the global financial system. Focusing on emerging issues and trends that may pose significant threats to U.S.-based financial institutions in the coming year, the OCC compiles and examines profound amounts of data on factors such as operating environments, bank performance, key risk issues, and regulatory actions from multiple time periods during the course of a financial year. The latest report comes from the Fall of 2017, reflecting all bank financial data as of June 30th, 2017. The Semiannual Risk Perspective is published by the OCC’s National Risk Committee (NRC), a group composed of senior officials from supervisory, law, policy, and economics departments, and issues guidance to help propel FI’s to maintain financial security and compliance with current AML/BSA laws. The OCC has identified several developing areas that may turn out to be difficult obstacles for FI’s to overcome in 2018 and beyond, thus Global RADAR has provided a comprehensive breakdown of all of the “need-to-know” information that was just released.
Of the complex topics touched on by the OCC, two areas in particular clearly stood out, especially when compared to reports produced by the bureau in years past. Cybersecurity continues to gain national recognition and value both in North America and overseas, and appeared to be the primary focus of the OCC’s report. The article “OCC Report Identifies Cybersecurity and AML as Key Risks for Federal Banking System” cited in BSA News Now on January 23rd, 2018, analyzes the OCC’s take on cybersecurity and steps which banks must take to stay up to par with today’s regulatory landscape. Writer Kim Phan writes that the OCC has emphasized that “the speed and sophistication of cybersecurity threats are increasing. Banks continually face threats seeking to exploit bank personnel, processes, and technology”, with threats exploiting personal information and intellectual property for fraud purposes at the forefront of the discussion (Phan, 2018). “Phishing” and other malicious data breaching techniques commonly employed by criminals have also been spotlighted, with the bureau believing that the establishment of thorough software and employee training protocols will help to thwart such efforts before they have the chance to do serious damage. As banks continue to adapt their business models and operational strategies to incorporate new and advanced technologies, they too must adjust and subsequently implement adequate measures in response to increased cyber-threats. Although we have only begun to scratch the surface in terms of the advancements provided by financial technology (FinTech), the budding relationships between FI’s and third-party companies, including an increasing amount of FinTech startups, poses not only new opportunities for banks, but also opens up a door to new and unprecedented risks.
The OCC later ties in the growth of technology in the financial sector with compliance risks related to management of financial crime, pointing out that with the influx of new and evolving processes aimed at boosting customer service and convenience, as well as greater access to more useful financial services, compliance risks remain elevated due to the ever-increasing complexity of the risk environment. They continue, stating that although these measures are necessary to keep pace with other growing industries, “Implementing changes to policies and procedures to comply with amended consumer protection requirements tests bank compliance risk and change management processes” (OCC, 2018). Contrary to popular belief, the continual updating of regulations place a strain on all levels of a financial institution’s performance, not solely the compliance departments of said FI’s. Banks are forced to constantly review and refine their BSA compliance programs to address the many vulnerabilities that are created by new regulations and new undertakings/technologies. Risk management practices must too be edited to provide sufficient protection to banks and their customers, a process that many have had difficulties addressing thus far, specifically when dealing with the validation of systems that rely on software, automated tools and greater reliance on third parties. This is an area that many FI’s will undoubtedly need to address moving forward.
The study also has corroborated past findings that demonstrated the trend of financial institutions across the United States continuing the improvement and/or strengthening of their financial conditions and risk management procedures on a yearly basis. The report notes however that one of the keys to success in the near future will be for banks to avoid complacency, specifically in regards to compliance. While the number of enforcement actions against banks by the OCC continues to decline at a steady rate, this does not mean that banks should let up in following through with their compliance responsibilities, nor in the updating of their plans going forward to meet the demands of the industry and new, pervasive threats that continue to emerge. The figure below illustrates the declining number of enforcement actions taken by the OCC against U.S. banks, showing an exponential decrease in the sheer number of EA’s taken since reaching its peak 2009.