OCC Regulations
OCC Regulations

What’s the OCC Banking Regulatory Outlook for 2022?

Henry Umney |

As the year’s end approaches, the US Office of the Comptroller of the Currency (OCC), a primary US banking regulator, has published its Banking Supervision Operating Plan for 2022.

As you might expect, much of the OCC’s focus is on managing the repercussions of the pandemic and the resulting economic, financial, operational, and compliance implications. The specific points it raises complement the existing baseline requirements of OCC bank examinations.

One objective for the OCC in 2022 is to ensure banks do not become complacent in managing their strategic and operational planning, especially related to capital, credit losses, and earnings. The OCC will focus closely on how banks plan to manage new initiatives and their impact on a bank’s risk profile, financial performance, and strategic planning process.

The OCC will also be looking at the economic fallout of the pandemic and any long-term impacts, especially around credit risk and allowances for credit losses. Other areas of interest will include climate financial risk, the transition away from LIBOR, and interest rate risk.

Infographic: Guidelines for Effective Vendor Onboarding

Mitigate risk while building strong vendor relationships.

Other areas of OCC interest

Other areas that the OCC is focusing on chime with the conversations we have with our customers and industry practitioners. Third-party risk and the potential for concentration risk continue to resonate with regulators. We already have the Interagency guidance on third-party risk, which is currently out for consultation. In it, the OCC, Federal Reserve, and the FDIC are pooling their thinking about how best to tackle third-party risk. In the UK, banking regulators are also looking to enhance their supply chain resilience for the UK’s financial services sector.

The specific guidance offered by the OCC – which will likely echo the guidance of the FDIC and Federal Reserve – will focus on ensuring that banks have proper oversight of their significant third-party relationships, including their partnerships. Banks will need to demonstrate which relationships are critical to a bank’s operations and identify where there are concentration risks that fall outside a bank’s risk tolerances.

Banks also need to assess the cyber risk profile of their third-party supply chain and ensure that their critical suppliers have measures in place that protect themselves and their customers, the banks.

New challenges for US banks

This presents an array of challenges for US banks. Clearly, banks recognize the value of third-party relationships and partnerships, as they help them deliver services faster and more efficiently than if they tried to provide them in-house themselves.

The issue is that there are few purely third-party relationships in a hyper-networked world. Instead, there are an array of third, fourth, and fifth-party relationships that need to be managed too. These deeper relationships can easily hide the concentration risk that regulators are understandably worried about.

The issue is that there are few purely third-party relationships in a hyper-networked world.

For example, there are many SaaS-based services provided to banks by numerous vendors, many of which are underpinned by a small number of huge Cloud Computing service providers. This concentration could expose banks to technical, operational, or commercial issues that can swiftly impact a bank’s ability to deliver its services to its customers and compromise confidence in the wider banking sector.

So how can banks best address these issues? Third-party Risk Management (TPRM) solutions are not necessarily new. Still, their significance is taking on a level of importance as regulators in the US and further afield recognize the risk banks can be exposed to and are raising their expectations of how it is managed.

What’s needed from a TPRM tool for banks?

So, what might a TPRM solution that meets the needs of regulators look like?

Engaging at depth within the supply chain means that a decentralized, SaaS-based application is essential. Companies in the third, fourth, and fifth tiers of a supply chain need to be able to implement the TPRM requirements of a bank quickly and easily, even where there is no direct relationship.

A centralized repository containing the relevant contracts, policy standards documentation, and the risk profiles of the various suppliers will also help manage third-party risk more effectively.

Another capability is the ability to monitor the various companies in the supply chain proactively. If issues emerge at any level – technical, commercial, operational, or political, for example – a bank’s risk, operations, and compliance functions can respond quickly and positively when they need to. Spotting issues early is the most effective way of ensuring issues get resolved fast.

Mitratech offers a range of powerful and proven TPRM solutions that will help banks respond positively and decisively to the enhanced expectations of their regulator. Learn more!

Defend yourself against vendor and enterprise risk

Learn about our best-in-class VRM/ERM solutions.