About Us | Contact Us
View Cart

The OCC’s Risk Analysis Executive Summary

By Dan Hadaway | Wednesday, June 25, 2014 - Leave a Comment

Top Six Risks Defined by OCC

(And the top six reasons to read the report, defined by Dans New Leaf!)


Another  one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . 

So right in the middle of requiring banks to roll out enterprise risk assessments, the OCC expresses the top six risks facing their banks, as follows:

  1. Competition for limited lending opportunities is intensifying, resulting in loosening underwriting standards, particularly in indirect auto and leveraged lending. Easing in underwriting and increased risk layering is also occurring in commercial loans.
  2. The prolonged low interest rate environment continues to lay the foundation for future vulnerability. Banks that extend asset maturities to pick up yield, especially if relying on the stability of non-maturity deposit funding in a rising rate environment, could face significant earnings pressure and potential capital erosion depending on the severity and timing of  interest rate moves.
  3. Many banks continue to re-evaluate their business models and risk appetites to generate returns against the backdrop of slow economic growth and low interest rates. OCC examiners will focus on banks’ strategic business and new product planning to ensure appropriate risk management processes are established.
  4. Cyber-threats continue to evolve, requiring heightened awareness and appropriate resources to identify and mitigate the associated risks.
  5. Financial asset prices have experienced very low volatility for an extended period. As a result, measures of price risk, such as value-at-risk, are at very low levels. The reduced willingness of dealers to hold securities in inventory, due to capital and other concerns such as a change in monetary policy, could contribute to greater price swings going forward and increased price risk.
  6. Bank Secrecy Act and Anti-Money Laundering risks remain prevalent as money-laundering methods evolve, and electronic bank fraud increases in volume and sophistication. Banks work to incorporate appropriate controls to oversee higher risk customers and new products and services.

This is from a report published by the OCC yesterday, located here.  (for quick reference, try m.infotex.com\occ062414).

The report presents data in five main areas: the operating environment; the condition and performance of the banking system; key risk issues; elevated risk metrics; and regulatory actions. It focuses on issues that pose threats to the safety and soundness of those financial institutions regulated by the OCC and is intended as a resource to the industry, examiners, and the public. The report reflects data as of December 31, 2013.

Six Reasons To Read the Report!
I believe studying this report can help a community-based bank in several ways:

  1. Question #1:  Do these risks apply to our bank?  Be sure that each of the above-expressed risks are somehow addressed in your next enterprise risk assessment.  Most auditors will use this as a guide to assure the mile-wide part of the inch deep assessment.  The risks expressed above may not apply to your bank, but you should at least be asking yourself if they do.
  2. Notice the format, tone, organization, and general expression of the report.  This is a risk analysis.  It is presented to you, the public, the way the OCC would like you to educate your team on the risk it faces.  It has an executive summary that, when read, gives high-level people a high-level summary of the entire report.  Risks are expressed in narrative form.  When it includes tables and pictures, they are to support the statements being made, rather than express the risks being accepted.
  3. Of course, understand and analyze the risks inherent in the above summary. especially if the answer to Question #1 is “yes, we’re seeing this.”  #1 seems to be related to #2, but they’re all inter-related in many ways, which is one of the Big Deliverables we’re finding in enterprise risk assessments.  And, you IT guys, you CAN understand the risks expressed in the five items without the word “cyber.”  And doing so will inspire others in the organization to understand the risk expressed in item #4!
  4. Regarding paragraph #4 though, notice that the words “heightened awareness” are the first to come after “requiring” when discussing cyber-risk.
  5. The second set of words in the cyber-risk paragraph:  appropriate resources.
  6. To me, a discussion about this report could be a good way to launch your next Enterprise Risk Assessment, if the kickoff meeting starts in the next six months or so, and especially if your organization is governed by the OCC.

 

Original article by Dan Hadaway CRISC CISA CISM.
Founder and Managing Partner, infotex

Dan’s New Leaf” is a “fun blog to inspire thought in the area of IT Governance.”

 

Latest News
    Reasons why we should be considered! infotex provides a number of services that can be checked out if you click over to offerings.infotex.com! We even made a movie with all the reasons why infotex should be your next MSOC!  
    infotex and GoTo To all infotex managed security service Clients: As recently reported by major news outlets there was a data breach affecting GoTo (formerly LogMeIn) wherein attackers stole encrypted backups containing customer information in November 2022.  Based on the advisory from GoTo the products they offer that are affected include LogMeIn Pro, LogMeIn Central, […]
    An option for increasing security for ALL organizations. . . The threat landscape is evolving daily, and it is becoming increasingly difficult for even large organizations providing cyber defense services to keep up. As Brandao (2021) notes, it is important for organizations to adapt holistic technologies that can correlate all attack events. Therefore, developing XDR […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Check out posters.infotex.com for the whole collection! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape) You are welcome to print out and distribute this around your […]
    A relic of the internet’s less secure past, many small firms struggle to secure their email systems… An article review. With a great deal of cybersecurity related news focused on new threats and similarly new techniques aimed at combating them, it can be easy to forget some of the older threats that have never gone […]
    Seven Trends . . . …that small bank Information Security Officers face in 2023 Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Welcome to the Magnificent Seven, my annual predictive article about the seven trends in technology that will impact the Information Security Officers of […]
    System Security and Cybersecurity are not the same thing. . . Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Regarding “information security,” the last thirty years have seen an evolution of frameworks, laws, and assessment approaches which intimidate the management team with their complexity.  […]
    The cryptographic algorithm is vulnerable to attack and is no longer considered secure… An article review. NIST has announced that it plans to retire the SHA-1 cryptographic algorithm by the end of 2030, citing multiple vulnerabilities in the standard, effectively ending its use after nearly 30 years.  Introduced in 1995, SHA-1 used a 160-bit hash […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Check out posters.infotex.com for the whole collection! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape) You are welcome to print out and distribute this around your […]
    Trending: Awareness Posters Meet Infographics Here are the top seven posters as of the last twelve months! As always, our Awareness Posters were a hit in 2022! So we decided to run some reports to see what our most popular posters were since November 2021. As everybody loves top ten lists and contests, we thought […]