January 13, 2017
The traditional banking sector has witnessed considerable changes in the market environment, technology trends and customer expectations, leading to the necessity to respond to those changes. Regardless, a year ahead still holds certain risks federal financial institutions will face and develop an appropriate response to.
A strategic approach is vital for those institutions to remain relevant and is important for timely adoption of advanced technologies, adjustment of business models and transformation of internal processes and structure for higher operational efficiency. Experts from The Office of the Comptroller of the Currency (OCC) in their recent report on the main risks financial sector is expected to face in 2017 suggest that aggressive competition forces incumbents to adopt changes in underwriting standards to revive lending. However, easing of underwriting standards in commercial, CRE, and auto- lending presents increasing credit risk.
Competitive pressures and continued growing credit risk appetites have driven easing in underwriting standards and increased credit risk for some loan portfolios, the OCC notes. Banks continue to ease underwriting practices across a variety of commercial and retail credit products given their desire to boost loan volume and respond to competition from bank and nonbank lenders.
Another class of risks comes from the operational side of the business – evolving cybersecurity threats impose operational risks, which only increase with the heavy reliance on third-party relationships. Changing sales practices, such as bank-FinTech partnerships to extend capital reach through marketplace lending, invite risks associated with disarray in security practices across partners.
The number, nature, and complexity of domestic and foreign third-party relationships continue to expand, increasing risk management challenges and possible third-party concentration risk, the OCC emphasizes.
Given the transition from rivalry to collaborative culture in the financial services industry, third-party cybersecurity threat will become one of the priorities to develop an appropriate response to. The OCC emphasizes the critical need for assessing service providers’ risk management structures for managing cybersecurity, assessing the level of cyber resilience of the service providers, and assessing other control functions communicated in FFIEC cybersecurity guidance statements and the FFIEC Cybersecurity Assessment Tool as part of the examination process.
Institutions will also need to develop and deploy appropriate standards and controls for implementing new systems and operations procedures for new products, product updates, or new processes provided to banks.
Mentioned earlier business models are also expected to be under increasing pressure as banks seek to launch new products and services directly or through third parties. OCC states that banks are attempting to control expenses by leveraging technology, reducing staff, outsourcing critical activities, reengineering business processes, and partnering with firms unfamiliar with the bank regulatory environment. These firms can include marketplace lenders, payments systems providers, and other FinTech companies. To address increasing pressure and associated risks, it's important for banks to focus on timely adapting risk management and control processes to these changes in business strategy.
The OCC also notes that consumer compliance risk management in some banks has not kept pace with the increasing complexity of the regulatory and risk environment.
Compliance risk remains high as banks continue to manage money laundering risks subject to resource constraints in an increasingly complex risk environment and implement changes to policies and procedures to comply with amended consumer protection requirements, according to OCC.
Customer-related compliance risks have another side – bank decisions to terminate customer relationships resulting from risk reevaluations continue to pose the risk that certain customer segments or transactions may move out of the formal financial system where they can be monitored and reported to law enforcement authorities.
Moreover, the regulatory body suggests that there is also a continued risk that potentially higher-risk customer relationships that are terminated by a bank may migrate to other banks that are less experienced in managing complex money laundering risks.