US banking regulator the Office of the Comptroller of the Currency (OCC) has published its Semiannual Risk Perspective for the first half of 2019. Cybersecurity and compliance emerge as dominant themes in the 30-page report, which sets out what the OCC believes are the key risks facing banks operating in the US.
First, there is some good news for the financial services sector, at least in the short term. Overall, the federal banking system is strong, says the report, with earnings boosted by the Tax Cuts and Jobs Act in 2018, strong asset quality, and capital and liquidity remaining at, or near, historic highs. US economic growth is expected to slow in 2019, but the environment is still expected to support loan growth and bank profitability.
However, in this broadly optimistic environment – in 2019, at least – credit, operational, compliance, and interest rate risk are four main areas of concern for the regulator, with rapid growth in financial and regulatory technology (FinTech and RegRech) touching on each of them. In some ways, this is in itself a risk, suggests the OCC.
In terms of credit, it is important that bankers prepare for a potential downturn by understanding the risk embedded in their portfolios and how external elements such as interest rates, economic factors, and nonbank lending activities could affect it.
Key drivers for operational risk include persistent cybersecurity threats as well as “innovation in financial products and services, and increasing use of third parties to provide and support operations”.
“The potential for operational disruptions underscores the need for effective change management and operational resilience when implementing new products, services, and technologies and when maintaining existing operations,” says the report.
The Federal Reserve recently indicated that it may proceed with implementing enhanced cybersecurity standards that were first discussed with the OCC and the Federal Deposit Insurance Corporation (FDIC) in 2016. Among other things, these could establish a new standard of cyber liability for large financial institutions and their service providers.
They would also oblige organisations to consider their own interconnectedness as a factor in their cybersecurity strategies. The proposed standards would cover banks with $50 billion or more in assets, along with financial market utilities and nonbank systemically important financial institutions.
Compliance risk related to Bank Secrecy Act/anti-money laundering (BSA/AML) remains high, continues the OCC report. Worldwide, bank are continuously being challenged to manage money-laundering risks in a complex, dynamic operating and regulatory environment.
Meanwhile, interest rate risk poses potential challenges to earnings, given uncertainty over rates, competitive pressures, and (again) changes in technology, which have made it easier for customers to move funds. These and other factors, such as unpredictable depositor behaviour, increase the difficulty in forecasting liability costs, says the OCC.
Many banks face additional challenges, including “strong competitive pressures from nonbanks, embedded credit risk, and evolving technology in the financial services sector”.
The subtext is clear: the influx of new technology is both a solution to individual problems and a destabilising force to the sector overall, in some cases opening up new sources of risk.
“Strategic risk may be elevated for some banks because of competition. Sources of competition include FinTech companies and other nonbank financial services providers. These firms may influence customer expectations for delivery of financial services, and bank management should consider if and how this affects their business model,” concludes the report.
Be part of a discussion and connect with like-minded leaders in your sector at our exclusive event series on banking and RegTech.