Featured Product

    OCC Outlines Supervisory Priorities; FFIEC Updates Cybersecurity Guide

    October 27, 2022

    The Office of the Comptroller of the Currency (OCC) published its supervisory plan for banks for 2023 and issued a statement, from the Acting Comptroller Michael J. Hsu, welcoming the proposed rule on resolution-related resource requirements for large banks. The proposed rule aims to re-evaluate the resolvability risks and requirements for globally non-systemic banks to help mitigate the too-big-to-fail risk. OCC also announced plans to establish the Office of Technology early next year, aiming to provide strategic leadership, vision, and perspective for its financial technology activities and related supervision. Additionally, the Federal Financial Institutions Examination Council (FFIEC) updated the cybersecurity resource guide for financial institutions.

    FFIEC amended the October 2018 Cybersecurity Resource Guide for financial institutions to update certain references and include ransomware-specific resources to address the ongoing threat of ransomware incidents. The guide is aimed to help financial institutions meet their security control objectives and prepare to respond to cyber incidents. In another development, OCC recently released the "Bank Supervision Operating Plan," which facilitates the implementation of supervisory strategies for individual national banks, federal savings associations, federal branches, and agencies of foreign banking organizations as well as identified third-party services subject to OCC examination. The plan outlines supervisory priorities for 2023 (October 01, 2022 to September 30, 2023) and aligns with OCC's Strategic Plan, Fiscal Years 2023–2027 and the National Risk Committee’s (NRC) priorities. In addition to the baseline activities, OCC risk-based supervision will heighten its focus on the following areas:

    • The potential impact to operational risk from cybersecurity threats, control breakdowns, and risk management gaps remains a supervisory focus. Operational resilience examinations should consider incident response and business resumption practices, with explicit evaluation of data backup and recovery capabilities. Information and cybersecurity examinations should focus on fundamental controls to identify, detect, and prevent threats and vulnerabilities; such controls include authentication, access controls segmentation, patch management, and end-of-life programs. Examiners should review the effectiveness of governance processes dealing with technology investment and the implementation of systems and infrastructure changes.
    • Examiners should determine whether banks are providing proper risk management governance of their third-party relationships and should identify the risk attributes of these relationships, for example, if they involve customer-facing products and services, are critical to bank operations, represent significant concentrations, affect the bank’s operational resilience, or affect compliance with requirements such as the Bank Secrecy Act and consumer protection laws. Additionally, examiners should determine whether the bank and third parties have sufficient, qualified staff to meet contractual obligations. Examiners should be aware of the cyber-related risks arising from third parties and evaluate the bank’s assessments of third parties’ cybersecurity risk management and resilience capabilities.
    • Examiners should assess whether banks remain vigilant when considering growth and new profit opportunities. Examiners should assess bank management’s and the board’s understanding of the impact of innovative or new activities, including activities offered through third-party relationships, on the bank’s financial performance, strategic planning process, and risk profile. Such activities could potential involve areas such as payments, fintech, and digital assets.
    • OCC will continue to work to better understand climate-related financial risks, particularly as they relate to risks at large banks. During 2023, the agency will continue information gathering efforts and plan on conducting additional industry outreach. At the largest banks, examiners will monitor the development of climate-related financial risk frameworks and will engage with bank management to understand the challenges that banks face in this effort, such as data and metrics, governance and oversight, policies, procedures, and limits, strategic planning, scenario analysis capabilities and techniques, and incorporation of the frameworks into current bank risk management processes.
    • Other focus areas include credit risk management, allowances for credit losses, interest rate risk, liquidity risk management, consumer compliance, Bank Secrecy Act, fair lending, and Community Reinvestment Act

     

    Related Links

     

    Keywords: Americas, US, Banking, Regtech, Interest Rate Risk, Credit Risk, Liquidity Risk, Fintech, Digital Assets, Operational Resilience, Cyber Risk, Third Party Arrangements, Climate Change Risk, Scenario Analysis, Basel, FDIC, FFIEC, OCC

    Featured Experts
    Related Articles
    News

    US Agencies Issue Several Regulatory and Reporting Updates

    The Board of Governors of the Federal Reserve System (FED) adopted the final rule on Adjustable Interest Rate (LIBOR) Act.

    January 04, 2023 WebPage Regulatory News
    News

    ECB Issues Multiple Reports and Regulatory Updates for Banks

    The European Central Bank (ECB) published an updated list of supervised entities, a report on the supervision of less significant institutions (LSIs), a statement on macro-prudential policy.

    January 01, 2023 WebPage Regulatory News
    News

    HKMA Keeps List of D-SIBs Unchanged, Makes Other Announcements

    The Hong Kong Monetary Authority (HKMA) published a circular on the prudential treatment of crypto-asset exposures, an update on the status of transition to new interest rate benchmarks.

    December 30, 2022 WebPage Regulatory News
    News

    EU Issues FAQs on Taxonomy Regulation, Rules Under CRD, FICOD and SFDR

    The European Commission (EC) adopted the standards addressing supervisory reporting of risk concentrations and intra-group transactions, benchmarking of internal approaches, and authorization of credit institutions.

    December 29, 2022 WebPage Regulatory News
    News

    CBIRC Revises Measures on Corporate Governance Supervision

    The China Banking and Insurance Regulatory Commission (CBIRC) issued rules to manage the risk of off-balance sheet business of commercial banks and rules on corporate governance of financial institutions.

    December 29, 2022 WebPage Regulatory News
    News

    HKMA Publications Address Sustainability Issues in Financial Sector

    The Hong Kong Monetary Authority (HKMA) made announcements to address sustainability issues in the financial sector.

    December 23, 2022 WebPage Regulatory News
    News

    EBA Updates Address Basel and NPL Requirements for Banks

    The European Banking Authority (EBA) published regulatory standards on identification of a group of connected clients (GCC) as well as updated the lists of identified financial conglomerates.

    December 22, 2022 WebPage Regulatory News
    News

    ESMA Publishes 2022 ESEF XBRL Taxonomy and Conformance Suite

    The General Board of the European Systemic Risk Board (ESRB), at its December meeting, issued an updated risk assessment via the quarterly risk dashboard and held discussions on key policy priorities to address the systemic risks in the European Union.

    December 22, 2022 WebPage Regulatory News
    News

    FCA Sets up ESG Committee, Imposes Penalties, and Issues Other Updates

    The Financial Conduct Authority (FCA) is seeking comments, until December 21, 2022, on the draft guidance for firms to support existing mortgage borrowers.

    December 20, 2022 WebPage Regulatory News
    News

    FSB Reports Assess NBFI Sector and Progress on LIBOR Transition

    The Financial Stability Board (FSB) published a report that assesses progress on the transition from the Interbank Offered Rates, or IBORs, to overnight risk-free rates as well as a report that assesses global trends in the non-bank financial intermediation (NBFI) sector.

    December 20, 2022 WebPage Regulatory News
    RESULTS 1 - 10 OF 8697