Cyber security, fintech and laundering key risk areas for banks, U.S. big-bank regulator says

NEW YORK (Thomson Reuters Regulatory Intelligence) - The U.S. Office of the Comptroller of the Currency (OCC) highlighted cyber security, and banks' relationship with financial technology companies, and anti-money laundering, as key concerns for the federal banking system in its Semiannual Risk Perspective for Fall 2017(here).

A man types on a computer keyboard in this illustration picture taken February 28, 2013.

In addition to spotting key risk areas, the report also covers banks’ operating environment, their performance, and related supervisory actions.

Through the report the regulator, which oversees U.S. nationally chartered banks and federal branches of foreign banks, focuses on issues that pose threats to financial institutions and relies on bank financial data as of June 30, 2017.


According to the report, operational risk remains one of the main risk areas for banks. The topic continues to challenge banks because of increasing complexity of cyber security threats – especially specific targeting of personally identifiable information and proprietary intellectual property through cyber attacks such as phishing. Banks should have a multi-layered security approach, with strong authentication and management of privileged and high-value user access, the report advised.

Use of third-party service providers in transforming banks’ technology and operating platforms is another area of operational risks that warrant heightened supervisory focus, the report said. Through new products and services offered by financial technology companies banks have been increasing their use of third-party service providers that support their key operations.

The OCC noted the increased use of a limited number of third-party service providers for some critical operations, such as merchant card processing, denial-of-service mitigation, trust accounting systems securities settlements and custody. It warned this may create concentrated points of failure resulting in systemic risk to the financial services sector.


Compliance risk remains elevated as banks continue to face money-laundering risks and increasingly complex risk in consumer compliance regulations.

“BSA/AML compliance risk management remains an area of emphasis as banks are challenged with adopting risk management systems that can keep pace with evolving risks, constraints on resources, changes in business models, and an increasingly complex risk environment,” the report noted.

In particular, the OCC expects banks to be aware of regulatory changes, including the Financial Crimes Enforcement Network’s beneficial ownership/customer due diligence regulation(here), which has an implementation date of May 2018, and to ensure that its processes comply with the new regulatory requirements including the appropriate system changes, training, quality assurance, independent testing, and controls.

New Office of Foreign Assets Control sanctions as well as additional requirements in existing sanctions programs also require attention and system updates.


The report noted that while the asset quality remains strong, and the capital and liquidity levels are near historic highs, there is incremental easing in underwriting practices and increasing concentrations in select loan portfolios owing to the credit environment -- namely, aggressive competition, tighter spreads, and slowing loan growth. While currently not significant, these may lead to heightened risk if the economy weakens or markets tighten quickly, the report suggested.

(Bora Yagiz, FRM is a New York-based Regulatory Intelligence Expert for Thomson Reuters Regulatory Intelligence, specializing in risk.)