The beginning of October marked the start of the Office of the Comptroller of the Currency’s (OCC’s) new fiscal year. To ring in the new fiscal year the OCC’s Committee on Bank Supervision (CBS) recently released an operating plan setting forth the OCC’s supervision priorities and objectives for the coming year. It is a useful tool for national banks to get into the minds of their regulators and examiners and see where they may place particular emphasis come exam time. Even for those not supervised by the OCC, some of these may be indicators of what the other agencies are prioritizing as well.
Given the bank failures of the last year, such as Silicon Valley Bank, it is not surprising that the first noted priority objective is asset and liability management. Examiners are asked to determine whether or not banks are managing their interest rate and liquidity risks through use of effective asset and liability risk management policies and practices, such as stress testing and contingency planning. Supervisory focus will also include back-testing practices to assess whether models performed accurately during recent stress events. Contingency funding plans will also be reviewed to determine whether banks have adequate operational readiness to access contingent funding sources, effective monitoring of established borrowing lines, good collateral management practices, and the ability to access contingency liquidity sources in an efficient and timely manner.
Significant attention was also given to cybersecurity. Cybersecurity, incident response, and data recovery were all listed as supervisory focal points because of the continued evolution and volatility of cyberattacks. Banks should make sure they are conducting regular cybersecurity assessments and actively identifying weakness and areas of concern and then apply those results to future practices. Particular emphasis was given to operational resilience capabilities that enable recovery from disruptive and destructive attacks, such as ransomware. It also indicates that banks need to make sure their incident response plans and third-party risk management policies are up-to-date and working effectively.
Consumer compliance was another stated objective. Examiners will focus on banks’ compliance risk management systems for new or innovative products, expanded services, and delivery channels offered to consumers or that involve products or services offered through third-party relationships, including those with fintechs or through banking-as-a-service activities. No one was surprised that the OCC noted unfair, deceptive, or abusive acts or practices relating to overdrafts, “authorized positive, settle negative,” and multiple re-presentment fees given the intense regulatory scrutiny of such fees over the past year by the OCC and other regulators. Banks need to ensure that their disclosures related to any such practices are up-to-date and that practices are in line with what has been disclosed to your customers.
Other areas of focus noted in the operating plan include credit, allowance for credit losses, operations, distributed ledger technology, change management, payments, BSA/AML, CRA, fair lending, and climate-related financial risks.
CBS’s operating plan can be reviewed at the following link: Fiscal Year 2024 Bank Supervision Operating Plan The OCC intends to provide periodic updates about supervisory priorities and emerging risks in its “Semiannual Risk Perspective” reports, typically released in the fall and spring on each year.