The National Risk Committee of the OCC, which monitors the federal banking system and identifies key risks, recently released its Semiannual Risk Perspective. The report highlights several areas where financial institutions are experiencing heightened risk, including operational resilience and compliance.
“Continuing cyberattacks and current geopolitical tensions highlight the importance of heightened threat monitoring and safeguarding against disruptive attacks targeting the financial sector,” the report states.
Cyber criminals also frequently target the third parties of financial service providers to exploit vulnerabilities. Between cybersecurity concerns and increased reliance on outsourcing and third-party partnerships, banks need to be vigilant about the risks presented by vendor relationships. Effective oversight, including due diligence and ongoing monitoring, and risk management processes that align with vendor criticality and risk ratings are essential for institutions to navigate the threat landscape.
Third-party partnerships also increase the possibility of exposure to financial crime risks such as money laundering and terrorist financing.
Financial institutions must stay on top of Bank Secrecy Act (BSA) and Office of Foreign Assets Control (OFAC) compliance requirements, particularly in light of increasing fraud risk.
Related Reading | Fighting Fraud and Cybercrime →
Because “banks operate in a dynamic compliance environment,” the report points out, “new, modified, or expanded products, services, and operational structures expose banks to heightened consumer compliance risk if they are not effectively implemented with appropriate changes and updates to compliance management systems.”
As regulators prioritize consumer protection — and the consumer privacy compliance landscape grows more complex at the state level — banks need compliance management processes and systems that can keep pace.
Despite an uncertain future for environmental, social, and governance (ESG) regulation, risk management in these categories remains an area of focus for regulators.
Related Reading | Where ESG and Risk Management Intersect →
The Securities & Exchange Commission (SEC) launched a Climate and ESG Task Force within its Division of Enforcement in 2021, and the OCC currently supervises its largest banks (over $100 billion in total assets) on climate-related financial risk management.
Risk leaders in financial services are monitoring this evolving regulatory environment. More than 90% of bank risk officers believe that climate regulation will be one of the five most important forces in the financial industry in the next three years, according to a recent survey.
With regulation on the horizon, “banks should have robust risk management programs in place to identify, measure, monitor, and control climate-related financial risks,” the Risk Perspective report observes, and the OCC anticipates that “all large banks will need to increase their capabilities, investments in data, and sophistication of their analysis to be fully effective in their risk management of climate-related financial risks.”