OCC flags risks from banks' tech overhaul, Libor transition

WASHINGTON — Banks' efforts to keep pace with rapid-fire technological change, adoption of a new interest rate benchmark, and prepare for potential future shifts in interest rates or the credit cycle all present looming risks to an otherwise healthy industry, the Office of the Comptroller of the Currency said Monday.

The OCC's semiannual report on warning signs for the industry flagged elevated operational risks "as banks adapt to a changing and increasingly complex operating environment."

"Key drivers elevating operational risk include the need to adapt and evolve current technology systems for ongoing cybersecurity threats," the agency said. "Technology advances and innovation in core banking systems result in a challenging operational environment and potential risks if not effectively understood, implemented, and controlled."

In the report, the OCC also said the agency will be “increasing regulatory oversight” of national banks' transition away from the London interbank offered rate as Libor will likely be unavailable at the end of 2021. A committee convened by the Federal Reserve has recommended the secured overnight financing rate as an alternative reference rate.

OCC building
The seal of the Office of the Comptroller of the Currency (OCC) is displayed outside the organization's headquarters in Washington, D.C., U.S., on Wednesday, March 20, 2019. The OCC this week fined Citibank $25 million for failing to offer some existing customers lower interest rates on mortgages or closing cost discounts that they were entitled to under a program for borrowers with a relationship with the bank. Photographer: Andrew Harrer/Bloomberg

Examiners will begin to evaluate “whether banks have begun to assess their exposure to Libor in assets and liabilities to determine potential impacts and develop risk management strategies,” the OCC report said.

On a conference call with reporters, one official described the change as a move from “an awareness perspective towards preparedness.”

“Last year, we really focused on getting the word out and making sure that everybody was aware that something was going to be happening to Libor,” the official said. “This year, we’re following the typical kind of bank oversight approach” through “the identification, measurement, monitoring and attempt to control that risk.”

But overall, the federal banking system remains healthy and institutions are in good position to handle risks, Comptroller Joseph Otting stressed on the call.

“We feel very comfortable with the growth and development of the risk management systems within the U.S. banking system,” he told reporters. “We have the best risk management, at least that I’ve observed in the 30-plus years that I was a banker, that are in place.”

Net income among national banks increased 8.2% in the past year, according to the OCC. But “headwinds facing the U.S. economy strengthened in 2019,” the agency said in its Semiannual Risk Perspective, pointing to downward trends in global growth, U.S. manufacturing and trade.

Beyond the general environment, however, the OCC was more keen to address operational risk, and zeroed in on “core banking systems" and third-party service providers.

The report said risk drivers from banks' tech upgrades "include the increasing use of third-party service providers, which requires effective planning and ongoing oversight, and the continued threat of fraud."

"The potential for operational disruptions underscores the need for effective controls and operational resilience to help ensure the ongoing delivery of financial products and services in a safe and sound manner," the report said.

One official noted that with cybersecurity a "heightened area of focus" for the agency, "that has transferred over to our technology service provider program, where we are going into some of the largest and most significant service providers to the national banking system."

"The work really has mirrored what we have done at the national banks themselves,” the official said.

In general, the OCC said, cybersecurity practices among national banks have improved in the last few years. Since the agency began using its Cybersecurity Assessment Tool four years ago, “cybersecurity-related matters trends have decreased and have remained relatively stable over recent quarters, reflecting increasing maturity of banks’ cybersecurity program,” the report said.

Still, the report added, "cybersecurity remains a significant risk area for banks, with opportunities for further improvement,” namely with institutional software update practices, network configuration, and access management.

The agency also advised banks to proceed carefully in building up credit risk. “Credit risk has accumulated in many portfolios,” the report said, adding that institutions must prepare for any potential cyclical downturns.

The OCC also pointed to “recent volatility in market rates” as an area of concern, with aggregate net interest margins lower today than in previous periods of low interest rates. “Even if the yield curve steepens, but overall interest rates decline, NIMs could be negatively affected by asset-sensitive balance sheets,” the agency said.

For reprint and licensing requests for this article, click here.
Core systems LIBOR SOFR Vendor management Cyber security Risk management Policymaking Joseph Otting OCC
MORE FROM AMERICAN BANKER