Thursday, January 25, 2018

Operational risk elevated with cyber threats and use of third-party service providers

By Andrew A. Turner, J.D.
 
The Office of the Comptroller of the Currency highlighted key risk concerns in its Semiannual Risk Perspective for Fall of 2017. The report is intended to address issues facing banks in four main areas: the operating environment, bank performance, trends in key risks, and supervisory actions.
 
The top matters requiring attention were operational, credit, and compliance (for community and midsize banks); and compliance, operational, and credit (for large banks). Key issues discussed in the report focus on those risks and include:
  • incremental easing in commercial credit underwriting practices;
  • increasing complexity of cybersecurity threats;
  • increasing concentrations in third-party service providers for some critical operations;
  • ongoing challenges in complying with Bank Secrecy Act requirements; and
  • challenges in consumer compliance risk management for banks due to the increasing complexity in consumer compliance regulations.
Operational risk remains elevated because of increasing cyber threats and use of third-party service providers as banks adapt business models, transform technology and operating processes. As use of third-party service providers is increasing, and critical operations are increasingly concentrated in a few large service providers, third-party risk management remains a supervisory focus.
 
Compliance risk remains elevated as banks continue to manage money laundering risks in an increasingly complex risk environment. Implementing changes to policies and procedures to comply with amended consumer protection requirements tests bank compliance risk and change management processes.
 
Asset quality remains strong, and overall underwriting is acceptable. Nonetheless, the credit environment continues to be influenced by strong competition, tighter spreads, and slowing loan growth. These factors are driving incremental easing in underwriting practices and increasing concentrations in select loan portfolios—leading to heightened risk if the economy weakens or markets tighten quickly.
 
Potential system-wide issues. The report notes risks that could develop into system-wide issues, including:
  • weaknesses in the governance of product sales, delivery, and service, resulting in elevated levels of operational risk for some banks;
  • increasing concentrations of commercial real estate loans demonstrate the need for sound risk management processes;
  • the potential for renewed declines in prices for grain crops, livestock, and dairy, which, combined with declining prices and increasing debt, may impact the ability of agriculture borrowers to service debt; 
  • new requirements under the Military Lending Act and pending changes to the data collection and processing rules for the Home Mortgage Disclosure Act may result in further challenges to compliance change management processes; and
  • the current expected credit losses standard (for which implementation begins in 2020) may pose operational and strategic risk when measuring and assessing the collectability of financial assets.
For more information about risk management for banks, subscribe to the Banking and Finance Law Daily.