OCC's Semiannual Risk Perspective: What Bank Asset Managers Should Know

The Office of the Comptroller of the Currency (“OCC”) recently issued its Spring 2019 Semiannual Risk Perspective, a recurring report of key risk areas and emerging threats to the federal banking system that are monitored by the OCC's National Risk Committee. In this blog post, we summarize the risk areas that impact banking asset management groups, and operational risk, strategic risk, and BSA/AML.

What You Should Know

Operational risk has grown since the OCC's last report. The primary drivers being: persistent cybersecurity threats, increasing third-party risk, and innovation in financial products and services. These three drivers are important to all bank asset managers.

• Cybersecurity Threats: Banks hold sensitive corporate and personal information that have value to bad actors. Cybersecurity threats like hacking, social engineering and other tactics are exploited to misappropriate this information for unapproved and criminal use. This is why regulators expect banks to develop and maintain sound cybersecurity governance and controls.
• Third-Party Risk: Bank custodians are beginning to hold digital assets like cryptocurrency, which have been targeted by hackers and have resulted in some high-profile thefts. The volatility of these assets along with the ease at which they can be misappropriated exposes banks who hold digital assets to significant financial, reputation, and legal risks. Banks are engaging third parties to custody digital assets, and they will be criticized if the risks are not understood and vendor oversight is not satisfactory.
• Financial Product Innovation: Banks are changing at a rapid pace due to continued proliferation and adoption of financial and regulatory technology. Third parties are often engaged to reduce the time to implement desired changes, which increases the bank's risk profile. Banks who fail to consider all the risks associated with a change, involve appropriate stakeholders, or implement effective mitigating controls will be criticized. Additionally, regulators are concerned with whether risk and compliance professionals can keep up with the rate of change.

Strategic risk for bank asset managers is one byproduct of the proliferation of fintech. Fintech has increased competition for banks' investment management and custody services and made it easier for customers to transfer funds between competitors. According to the report, "drivers of higher strategic risk include rapid industry changes, poor business decisions, imprudent or incomplete change management plans, pressure to reduce expenses and control costs, the burden of some legacy technology systems, resource limitations, and need for scale of operations."

According to the OCC, "compliance risk related to Bank Secrecy Act/Anti-Money Laundering ("BSA/AML") remains high." Compliance programs and systems must be commensurate with risk levels, and this is challenging given the complexity of banks' operating and regulatory environments. Additionally, banking asset management is not a core service for many banks. Consequently, BSA/AML compliance risk management programs tend to be less developed for banking asset management groups relative to other core services like deposit-taking or lending.

ACA Guidance

Bank asset management groups need to incorporate these risk areas into their risk, compliance and internal audit programs. It is likely that the risks described above are already integrated into supervisory strategies for banks across the nation, and it is always better to identify issues before your regulators do.

How ACA Can Help

ACA provides bank asset management groups engaged in trust, custody, and investment management activities with risk, compliance and internal audit consulting services leveraging techniques used by banking regulators and industry leaders. ACA specializes in asset management, and its true value and competitive advantage is the breadth and depth of expertise at all levels of the firm including prior regulatory experience at agencies like the Office of the Comptroller of Currency (OCC), Department of Labor (DOL) and Securities Exchange Commission (SEC). Learn more about our services for Bank Asset Managers.

About the Author

Roy Kim joined ACA’s Diversified Financial Services practice in 2018 as the Director of Banking Asset Management. Prior to ACA, Roy served in the Office of the Comptroller of the Currency as Examiner-in-Charge and Functional Examiner-in-Charge for a portfolio of trust banks and divisions. Specifically, he developed and led the execution of supervisory strategies for his portfolio and assisted other examiners with similar activities. In addition, Roy led the development of regulatory technology at the OCC to enable examiners to supervise fiduciary activities more efficiently and effectively.

In his career, Roy has also worked as part of the first, second, and third lines of defense as a risk, compliance, and audit leader. In this capacity, Roy helped organizations within the asset-management industry identify, assess, mitigate, and monitor risk by, among other things, applying his programming skills and building tools to automate risk and control monitoring and validation. Roy earned his Bachelor of Science degree in Finance from the University of Maryland at College Park. Roy is a Certified Fiduciary and Investment Risk Specialist (CFIRS), and Certified Internal Auditor (CIA). Roy also earned the Certification in Risk Management Assurance (CRMA).