new report issued by the federal Office of the Comptroller of the Currency (OCC) identifies top safety and soundness risks to national banks and federal savings associations, as well as OCC supervisory priorities for the next 12 months. Semiannual Risk Perspective for Spring 2015 reflects bank financial data as of December 31, 2014. Although the report is directed at banks supervised by the OCC, it should not be ignored by state-chartered depository institutions.

Following are key risks and supervisory priorities identified by the OCC.

Cybersecurity

Banks and their employees, customers, and third-party service providers are vulnerable to evolving cyber threats that can compromise data or systems and allow criminals to illegally obtain personally identifiable data. OCC examiners will review a bank’s program for assessing and mitigating such threats and vulnerabilities. OCC reviews will include assessments of data and network protection practices, business continuity practices, risks from vendors, and compliance with any new guidance. (The Federal Financial Institutions Examination Council recently released its Cybersecurity Assessment Tool to help financial institutions identify cybersecurity risks and determine their level of cybersecurity preparedness. The OCC announced it will incorporate the Assessment Tool into its examinations of financial institutions subject to its jurisdiction in late 2015. Ballard Spahr has scheduled an August 4, 2015 webinar on the Assessment Tool)

Use of Third Parties

To lower overhead expenses, banks are outsourcing critical functions to third-party providers without establishing the risk management processes necessary for appropriate oversight and controls to monitor associated risks. An assessment of a bank’s operational risk by OCC examiners will include a focus on third-party risk management. The OCC, the other federal banking regulators, and the Consumer Financial Protection Bureau (CFPB) have been beating this drum for several years.

Compliance

Banks are subject to high compliance risk that includes:

1)   Bank Secrecy Act/Anti-Money Laundering (BSA/AML) risks (with the OCC observing that “BSA programs at some banks have failed to develop or incorporate appropriate controls as products and services have evolved, and insufficient resources and expertise have been devoted to BSA/AML in some banks.”);

2)   risk of unfair or deceptive practices arising from the use of third parties to conduct all or a portion of consumer credit-related product development, implementation and fulfillment (with the OCC noting the failure of a number of banks to exercise adequate risk management and controls when developing and offering add-on products to customers);

3)   fair lending risk arising when banks engage a third party to conduct all or a portion of the application or underwriting process or make decisions regarding terms or pricing; and

4)   risk created by the need for banks to implement significant changes to policies and procedures to comply with the new Truth in Lending Act/Real Estate Settlement Procedures Act integrated mortgage disclosure requirements that become effective October 3, 2015. 

OCC examiners will review a bank’s BSA/AML program and controls and the effort of bank management to maintain an effective program. For large banks, OCC examiners will coordinate with the CFPB to determine compliance with consumer laws, regulations, and guidance, and continue to assess compliance with the Flood Protection Act and the Servicemembers Civil Relief Act. For both large and smaller banks, OCC examiners will assess a bank’s effectiveness in identifying and responding to risks created by new products, services, or terms and, with regard to fair lending, assess a bank’s “efforts to meet the needs of creditworthy borrowers” and monitor its compliance with the Community Reinvestment Act, fair lending laws, and other consumer protection laws.

Other top safety and soundness risks identified by the OCC include loosening of underwriting standards in response to competitive pressures (particularly in leveraged lending, indirect auto finance, and commercial loans) and vulnerabilities arising from the low interest rate environment.

Ballard Spahr’s Consumer Financial Services Group is nationally recognized for its guidance in structuring and documenting new consumer financial services products, its experience with the full range of federal and state consumer credit laws, and its skill in litigation defense and avoidance. The group includes experienced lawyers who follow significant legislative and regulatory banking developments and counsel banking clients and their boards of directors and senior management.

For more information, please contact Consumer Financial Services Group (CFS) Practice Leader Alan S. Kaplinsky at 215.864.8544 or kaplinsky@ballardspahr.com, CFS Practice Leader Jeremy T. Rosenblum at 215.864.8505 or rosenblum@ballardspahr.com, Glen P. Trudel at 302.252.4464 or trudelg@ballardspahr.com, John L. Culhane, Jr., at 215.864.8535 or culhane@ballardspahr.com,  or Mark J. Furletti at 215.864.8138 or furlettim@ballardspahr.com.


Copyright © 2015 by Ballard Spahr LLP.
www.ballardspahr.com
(No claim to original U.S. government material.)

 

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, including electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of the author and publisher.

This alert is a periodic publication of Ballard Spahr LLP and is intended to notify recipients of new developments in the law. It should not be construed as legal advice or legal opinion on any specific facts or circumstances. The contents are intended for general informational purposes only, and you are urged to consult your own attorney concerning your situation and specific legal questions you have.

 

 

 

 

 

 

Related Practices

Consumer Financial Services
Privacy and Data Security

CFPB

Visit CFPB Monitor, our blog on the Consumer Financial Protection Bureau >

Subscribe to the blog via e-mail >