Operational risk is elevated as banks respond to an evolving and increasingly complex operating environment, according to a recent report from the US Office of the Comptroller of the Currency. Cybersecurity continues to be a key operational risk, especially in light of the continually evolving threat landscape, and innovation in the banking industry emphasizes the need for banks to effectively manage operational changes as technology advances.
The OCC also noted that banks are increasingly rely on third-party service providers to deliver key services, which presents distinct risks. Further, there are examples of core activities for the industry that are concentrated in a handful of third-party service providers.
Additional factors contributing to elevated operational risk are the expected increase in mergers and acquisitions
activity as well as rising trends in fraud and attempted fraud. Operational disruptions underscore the need for effective change management when implementing new products, services, and emerging technologies.
Compliance risk remains elevated as banks seek to manage money-laundering risks in a complex, dynamic operating and regulatory environment. In addition, the adoption of new technologies and other innovations and implementing changes to policies and procedures to comply with amended consumer protection requirements are challenging banks’ compliance risk management processes.
Moreover, the underlying technology that supports innovation in fintech and regtech and development of product and service solutions may also be used to facilitate illicit activity, thereby increasing BSA/AML (Bank Secrecy Act/Anti-money Laundering) and OFAC (Office of Foreign Assets Control) risk exposure.
“The OCC is monitoring the risks as banks increasingly explore and implement artificial intelligence, machine learning, and other innovative technologies in BSA/AML systems. It is important for banks to employ sound due diligence and validation practices when assessing and implementing technology solutions to perform or enhance BSA/AML compliance functions.”