The OCC’s Risk Outlook

This week the Office of the Comptroller of the Currency (OCC) published its Semiannual Risk Perspective, which gives bank compliance officers and risk managers an important glimpse into the federal banking agency’s current outlook on risk.

Here is a brief summary of the report.

The Basics of the OCC’s Semiannual Risk Perspective

Every six months, the OCC’s National Risk Committee (NRC) issues the agency’s Semiannual Risk Perspective. According to the introduction to the Perspective, the NRC is made up of senior OCC supervisory and policy officials who meet quarterly.

The NRC is responsible for monitoring “the condition of the federal banking system and identifying key risks,” as well as monitoring emerging threats.

This Spring 2018 Semiannual Risk Perspective was published on May 24, 2018, and is based on data as of March 31, 2018, except where otherwise noted.

Overall Report Card

The Perspective’s Executive Summary provides an overall status of the banking system:

  • Condition of Federal Banking System: Strong
  • Comparison of System’s Condition: 2017 and 2018 show improvement over 2016
  • Economic Environment: Supports loan growth and profitability
  • Asset Quality: Sound
  • Capital and Liquidity: Near historical highs
  • Earnings: Improving
  • Overall Risk Management Practices: Incrementally improving

On Operational Risk

The OCC reports that “Operational Risk is elevated as banks adapt business models, transform technology and operating processes, and respond to evolving cyber threats.”

Specific threats to operational risk include the following:

  • Ever increasing threat of cyber attacks
  • Growing bank reliance on third-party vendors to perform critical functions
  • Concentration of third-party risk due to the “consolidation among large technology service providers”
  • Evolving business and operating models that include new delivery channels, products, and services

On Compliance Risk

The OCC warns that Compliance Risk “remains elevated,” with particular concern in the following areas:

  • Bank Secrecy Act (BSA) Compliance Challenges: The combination of the “dynamic nature” of money laundering along with “evolving delivery channels” makes complying with the BSA difficult. The OCC warns banks that are “engaging in such offerings” to refine and update their BSA compliance programs to ensure they are adequately mitigating the associated risks.
  • BSA and Anti-Money Laundering (AML) Compliance Risk Management Systems: The OCC notes that, such BSA/AML risk management systems “often do not keep pace with evolving risks, resource constraints, changes in business models, and regulatory changes.”
  • OFAC Sanctions: The OCC questions whether bank OFAC compliance programs are keeping pace with the increasing number and complexity of sanctions programs.
  • Overall Regulatory Complexity: The number of amended regulations and/or highly complex requirements continue to present challenges for banks.
  • Specific Complexity of TRID: The OCC acknowledges the continued bank struggle to incorporate the Truth-in-Lending RESPA Integrated Disclosure (TRID) forms.

On Interest Rate Risk

The OCC states that, “There is uncertainty in how bank deposits will react to increasing interest rates. Banks may experience unexpected adverse shifts in liability mix or increasing costs that may adversely affect earnings or increase liquidity risk.”

Read the OCC’s complete Semiannual Risk Perspective for Spring 2018 for an even more in-depth analysis of the current state of banking in the United States.

 

OCC Warns Banks Against Complacency

By Mary Crotty, Freelance Writer for Banks and Third-Party Service Providers

Twice a year the Office of the Comptroller of the Currency (OCC) releases a summary of current and emerging risk trends for the banking system. The OCC’s latest “Semiannual Risk Perspective for Fall 2017” (Perspective) was published last Friday, January 18, and is based on financial data compiled and analyzed through June 30, 2017.

While noting a strong economy and continued improvement in overall bank performance, the Perspective does sound some warning bells. “The current operating environment presents strategic risk for many banks in increasingly diverse ways. Thus, this report emphasizes the need for vigilance by bank management at this point in the economic cycle.”

OCC-Noted Risk Areas

  • Credit Policy and Practices: The OCC warns that banks are slowly loosening their commercial credit underwriting practices due to increased competition. It also noted an increased concentration in Commercial Real Estate (CRE), a trend it noted could hurt the entire financial system if not monitored and checked.
  • Cybersecurity Programs: Cyber criminals continue to evolve their methods and tools faster than bank cybersecurity programs can keep up.
  • Vendor Management Programs: Banks’ increasing reliance on third-party service providers, especially for critical functions, continues to concern the OCC.
  • Bank Secrecy Act (BSA) Compliance: Just like cybercrime, money laundering continues to evolve into an ever more complex crime that creates significant problems for banks. The OCC warns that banks are struggling to comply with the BSA, even before the related Customer Due Diligence (CDD) Final Rule goes into effect on May 11, 2018.
  • Consumer Protection Compliance: According to the Perspective, consumer compliance risk management continues to be an issue for banks “due to the increasing complexity in consumer compliance regulations.”
  • Current Expected Credit Loss (CECL) Model: The OCC also warns that the “current expected credit losses standard for which implementation begins in 2020 may pose operational and strategic risk to some banks when measuring and assessing the collectability of financial assets.”

Avoid Complacency

The Perspective reads like a road map for determining what areas will receive the most attention during upcoming regulatory examinations. There are two things your bank can do right now to improve its performance on such examinations:

  1. Review the following policies and make sure processes and procedures reflect any updates: Credit Policy, Cybersecurity Policy, Vendor Management Policy, Bank Secrecy Act Policy, UDAAP Policy and other consumer protection policies.
  2. Reiterate your bank’s policy stances by communicating them with your employees.