Free Vendor Management Risks Worksheet
Learn 7 essential vendor management risks!
4 Key Risks Facing the Banking Industry, According to the OCC
The banking sector has undergone major changes over the last few years, and is set for many more. The result? You guessed it: changing risk exposure. Here’s what the OCC has to say about the biggest risks facing the banking industry.
Twice per year, the Office of the Comptroller of the Currency (OCC) releases a wide-ranging report on the health of the US banking industry and potential risks. This spring’s report is another powerful installment in that series, with predictions on emerging risks, a potential recession, and overall bank profitability.
In this post, you’ll learn 4 important risks from the OCC’s Semiannual Risk Perspectives Report, plus a few more key takeaways.
As we've written about previously, the banking sector has undergone major changes over the last few years. The result is changing overall risk exposure. In the report, the OCC highlighted the following four trends in banking industry risks:
- Risk in loan portfolios has increased.
- Operational risk is elevated.
- Compliance risk remains high, particularly in BSA/AML, OFAC, and consumer compliance.
- Earnings may be threatened by interest rate and liquidity risk, due in part to changing depositor behavior.
Let’s jump right in to each.
1. Accumulated risk in loan portfolios, despite strong credit quality.
As mentioned above, the OCC reports that overall credit quality is very strong. They add that lenders and investors are taking more risk in pursuit of higher yield, encouraged by the strength of the economy, market liquidity, and “favorable credit risk performance indicators.”
“Credit quality is strong when measured by traditional performance metrics, but successive years of growth, incremental easing in underwriting, risk layering, and building credit concentrations result in accumulated risk in loan portfolios.”
Examples of those increased risks include:
- Eased underwriting and leveraged lending.
- One factor contributing to this risk is that nonbank entities are participating more in leveraged lending, through loan purchases or direct underwriting and syndication of exposure. This credit risk is outside of the federal banking system, meaning there is less transparency and monitoring is difficult.
- A higher tolerance for policy exceptions.
- High concentrations in commercial real estate (CRE) lending, particularly in smaller banks.
- Despite this relatively high concentration, the OCC says that CRE risk management in OCC-supervised banks is generally sound.
In response to these risks, the OCC shared the following recommendations:
- “Banks’ risk management processes and limits should keep pace with changes in the leveraged lending market, and bank management should fully consider the potential direct and indirect risks associated with these loans.
- Banks should evaluate whether their borrowers have critical suppliers or vendors that are highly leveraged, which may adversely affect a borrower’s business operations or ability to service debt in an economic downturn.
- Banks with non-depository financial institution (NDFI) exposure should measure and manage the credit risks associated with such lending, particularly how credit risks can be manifested indirectly through market events.
- Banks should plan for this economic uncertainty by identifying potentially vulnerable borrowers, reviewing the quality and thoroughness of credit control functions, and ascertaining any experience or operational gaps in collections and workout functions.
- Banks should understand whether they bear any indirect risk exposure to this external activity through other forms, such as securities or trading activities, NDFI lending, or bank partnerships with nonbank firms.”
As you work to understand the risk in your current loan portfolio, keep these recommendations in mind, particularly if you are regulated by the OCC. As stated in the report, "risk management is of heightened significance."
2. Elevated Operational Risk
Operational risk remains elevated, the OCC notes, driven by a changing banking environment.
"Operational risk is elevated as banks adapt to a changing and increasingly complex operating environment. Key drivers for operational risk include persistent cybersecurity threats as well as innovation in financial products and services, and increasing use of third parties to provide and support operations that are not effectively understood, implemented, and controlled."
In particular, the following factors are seen to be driving this elevated operational risk:
- Cybersecurity threats.
- Reliance on unsecured, unpatched, or otherwise unsupported tools by banks and their third-parties.
- Use of third-party vendors and service providers.
To respond to these challenges, the OCC recommends:
- User awareness training and testing to help reduce the risk of unauthorized access and prevent breaches.
- Having strong authentication mechanisms to prevent malicious actors from gaining access to banking systems or information.
- A strong process for managing system and software inventories.
- A strong system development lifecycle that requires regular maintenance, patching, timely updates, and disposition at end-of-life.
- Identification of vendors that may have access to data and control systems, and who perform key operations.
- Understand remote access, system interfaces, access entitlements, the third party’s ability to implement the appropriate controls to manage risk and security, and responsibilities of the third-party and bank in the case of an incident, before entering into any relationship.
- Implement appropriate operational controls and processes, and regularly validate the operational resilience of the enterprise, to ensure customer service continuity as well as fulfilling interdependent operations of the financial system.
- Designation by bank management of appropriate personnel for key responses, including personnel from operations, business units, public affairs, and legal, as well as personnel for coordination with service providers, law enforcement, and other government entities.
- Properly manage the risks involved in relying on third-party service providers for payments, transaction processing, maintaining sensitive information, and other critical functions.
3. Challenges in BSA/AML, OFAC, and Consumer Compliance
Banks face many challenges in complying with BSA/AML, OFAC, and Consumer Compliance requirements. Compliance risks continue to evolve.
"Compliance risk related to Bank Secrecy Act/Anti-Money Laundering (BSA/AML) is high as banks remain challenged to effectively manage money laundering risks."
In general, these challenges appear to be related to the increasing sophistication of money launderers and other “bad actors,” rather than a failing on the part of financial institutions. Remember, these risks are present in both traditional products and services, as well as virtual currencies and cryptocurrencies.
In fact, the OCC reports that they have “identified improvements in banks’ BSA/AML risk management systems, including risk assessments, policies and procedures, and associated controls.”
However, where risks exist, they are related to:
- Inadequate customer due diligence and enhanced due diligence.
- Some financial institutions still face challenges when dealing with the newly released and implemented “Fifth Pillar” or BSA/AML compliance, also known as the Beneficial Ownership and Enhanced Due Diligence requirement.
- All necessary updates are expected to be in place during the 2019 OCC examination cycle.
- Insufficient customer risk identification.
- Ineffective processes related to suspicious activity monitoring and reporting, including the timeliness and accuracy of Suspicious Activity Report filings.
- Talent acquisition and staff retention.
- This is true for all areas of compliance risk mentioned in the report, not only BSA/AML compliance.
In addition, technological advancements present challenges for Fair Lending and other areas of consumer compliance. Banks are leaning on FinTech and other technologies to create efficiencies and offer consumers more and different product offerings. The OCC reports that they have seen some consumer compliance risk related to changing product and service offerings. In particular, the agency states that "some banks have failed to involve the compliance function when evaluating changes in, or additions to, products or services, which increases compliance risk."
Once again, here are some of their recommendations for managing compliance risk:
- For OFAC: "Bank management should have processes for diligently reviewing and monitoring for the comprehensive prohibitions under sectoral and geographic, as well as list-based, sanctions programs to effectively manage associated compliance and operational risks."
- When incorporating new technologies, products, and solutions, banks should "be mindful of privacy and data governance issues."
- "Bank management should be aware of the potential Fair Lending risk with the use of AI or alternative data in their efforts to increase efficiencies and effectiveness of underwriting."
- Even when using AI, machine learning, or other emerging technologies, "bank management should be able to explain and defend underwriting and modeling decisions."
4. Interest Rate and Liquidity Risk
In the report, the OCC writes that there may be elevated interest rate risk, which is the risk that a negative change in interest rate could result in a loss of future income or economic value of equity.
Consumer behavior changes are also driving risks in the banking industry. More specifically, consumers are able to move their deposits around more easily, resulting in a "lack of deposit stability and potential funding pressures."
"Interest rate risk and the related liquidity risk implications pose potential challenges to earnings given the uncertain rate environment, competitive pressures, changes in technology, and untested depositor behavior.”
According to the OCC, some trends may indicate a shift away from lower-cost non-maturity deposits into higher-cost time deposits. If deposit rates don't increase, this would elevate the overall liability cost, and has the potential to shrink net interest margins.
To understand your interest rate and liquidity risk, the OCC recommends conducting stress tests and developing comprehensive contingency funding plans.
Additional Notes from the Risk Report
There were a few additional points made in the report that the OCC chose not to highlight directly.
For one, they note that overall strategic risk across the banking industry is elevated. In general, this is driven by technological innovation and market consolidation, both among financial institutions and among service providers. The OCC recommends that financial institutions should consider these concerns in their risk assessments. They also added this warning: “Banks that do not assess business relevancy and impacts from technological advancement or innovation, or are slow adopters to industry changes, may be exposed to increasing strategic risk.”
Finally, the OCC also explained that the likelihood of a recession has increased. However, it’s more likely that the economy will continue to grow, albeit more slowly in 2020 and beyond, as it continues to expand.
TRUPOINT Viewpoint: As the risks in banking evolve, know that TRUPOINT is also working to continue to serve your needs. Through our recent partnership with Ncontracts, we are now able to provide powerful risk and vendor management solutions. (You can learn more about those here.)
In the meantime, check out this free Guide to the 5th Pillar of BSA/AML Compliance!
But are you making the most of that data from a risk management perspective? Not if that data is only used by the lending, credit, or compliance departments.
While compliance and lending are the most closely linked to Fair Lending risk, the truth is that Fair Lending extends into many operational areas. From marketing to the location of new branches to M&A, Fair Lending risk has a role to play in decision making.
About Kinsey Sullivan
After studying Journalism at the University of North Carolina at Chapel Hill, I switched to the other side of content: Marketing, Advertising and PR. At TRUPOINT, I love turning complex data and ideas into high-impact content and campaigns. In my free time, I make art, read, and listen to a lot of podcasts on long walks with my dog, Charlie "Bird" Barker.