The Office of the Comptroller of the Currency’s (OCC) Committee on Bank Supervision (CBS) recently released the agency’s supervision priorities and objectives for fiscal year 2021, which began on October 1, 2020 and ends September 30, 2021. While not always the case, these priorities represent how examiners will allocate resources when reviewing institutions. For trust companies and bank asset managers, here’s what your board and senior leaders should be prepared to discuss, and ensure are adequately covered by risk, compliance, and internal audit.
- Cybersecurity and Operational ResilienceExaminers will confirm banks can adequately detect threat vulnerability and breaches, have adequate access controls and data security, including controls for third-parties, and have appropriate incident response and remediation processes in place in the event of a breach or attack.
- Bank Secrecy Act (BSA) and Anti-Money Laundering (AML)Examiners will assess an institution’s BSA/AML risk management programs to confirm they are effective relative to the complexity of risks associated with the institution.
- 2020 Pandemic-Related Compliance RiskExaminers will look at the effects of the pandemic on the bank’s overall compliance risk. Some examples of what they will consider are CARES Act loan forbearance requirements, other bank-provided consumer loan or account accommodations.
- Best Interest Implications of Affiliate Products Resulting From Sustained Low Interest RatesExaminers will inspect the banks’ business models, strategies, asset and liability risk exposures, net interest margin, and funding stability.
- Phase Out of the London Interbank Offering Rate (LIBOR)Examiners will assess the operational and consumer impact and change management of the implementation and disclosure of an alternative index for pricing loans, deposits, and other products and services.
- Third & Fourth-Party Risk ManagementExaminers will consider not only the institution’s oversight of third-parties, including partnerships, but also the third-party’s own management of cybersecurity and resilience risks.
- Change Management With Emphasis on Operational RiskExaminers will assess the institution’s governance over new technology innovation and implementation and change management over emergency programs in response to the pandemic.
Although the OCC may adjust supervisory priorities throughout the year in response to emerging risks, trust companies and bank asset managers should incorporate these priorities into their risk, compliance, and audit plans for the year. Any updates to these priorities will be published in the Semiannual Risk Perspective report.