Compliance departments at financial institutions must become more involved in ensuring their firm’s operational resiliency to address emerging risks, the Treasury Department’s Office of the Comptroller of the Currency (OCC) said in its semi-annual risk perspective.
The OCC’s semi-annual report, published Tuesday, recommended that compliance become more involved in assessing and responding to operational risks posed by cyber intrusions, the increased digitization of banking and use of financial technology firms (fintechs), and criminal activity related to the use of false records, identity theft, third-party money laundering, and circumvention of identity verification standards.
“The report highlights the necessity of firmwide resilience efforts as risks may be interconnected and events could simultaneously affect multiple risk categories. It is crucial that banks establish an appropriate risk culture that identifies potential risk, particularly before times of stress,” the OCC said Tuesday in a press release. “Each stress event may vary (e.g., operational, liquidity, credit, compliance, and other) and resiliency implications need to be proactively considered. Prudent planning from a firmwide perspective can enhance a bank’s ability to maintain operations, remain financially sound, and service customers in times of stress.”
Malicious actors continue to target the financial services industry with ransomware attacks, account takeovers, and fraudulent activity like money laundering through transactions. These risks are increased by the digitization of banking and the onboarding of more third parties and fintechs by banks, the OCC said.
The report said a firm’s compliance risk management framework should match their firm’s risk profile and be “capable of growing and evolving as their risk profiles change.”
“Compliance risk management programs should consider operational resilience and the bank’s ability to deliver products and services during disruptions, while ensuring compliance with consumer protection laws and regulations,” the report said. “The identification and management of compliance risks related to third-party relationships are vital to operational resilience.”
The OCC also noted that one of the most common ways that bad actors gained access to the platforms of financial institutions was through “impersonation tactics and compromised credentials during authentication. These findings emphasize the critical importance of effective customer identification and verification processes, at account opening and throughout the banking relationship,” the report said.
In its previous semi-annual risk report, issued in December, the OCC homed in on risks posed by the use of artificial intelligence tools by financial institutions.
No comments yet