OCC highlights cyber, third party, and compliance as key risks facing banks
Last week the Office of the Comptroller of the Currency (OCC) released their Semiannual Risk Perspective report. The report looks at risks facing national banks and federal savings associations in the first half of 2017, including trends in key risks and threats to financial institutions. Highlights from the report include:
Operational risk. The OCC says banks are challenged by the increasing complexity of cybersecurity threats, the use of third-party service providers, and increasing concentrations in third party service providers for some critical operations.
Among the recommendations: “It is important for banks to have a well-established and tested response plan if a cyber breach occurs. Bank management should clearly designate appropriate personnel for key response mechanisms, which include public affairs, operations, legal, service providers, law enforcement, and other government entities.”
On third party risk management: “While the number of concerns relating to banks’ third-party risk management practices is declining as banks implement more effective processes to address supervisory concerns, banks’ increasing use of third-party service providers and the Semiannual Risk Perspective, Fall 2017 emergence of new products and services offered through financial technology companies or other industry collaborations warrant heightened supervisory focus.”
Compliance risk. Risk remains elevated as banks continue to manage money laundering risks and consumer compliance risks. The report says that some of the risk is due to the increasing complexity in consumer compliance regulations.
“BSA/AML compliance risk management remains an area of emphasis as banks are challenged with adopting risk management systems that can keep pace with evolving risks, constraints on resources, changes in business models, and an increasingly complex risk environment,” says the report. It highlights Financial Crimes Enforcement Network’s Beneficial Ownership/Customer Due Diligence regulation coming into effect in 2018, along with mortgage disclosure requirements under the TILA (Truth in Lending Act) and RESPA (Real Estate Settlement Procedures Ac) as well as the new requirements under the HMDA (Home Mortgage Disclosure Act) and MLA (Military Lending Act).
“Banks are expected to have consumer compliance risk management systems commensurate with the risk inherent in their products and services. In some banks, these systems have not kept pace with the increasing complexity of the regulatory and risk environments in which they operate,” says the report.