Skip to main content
Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations

OCC warns of key cybersecurity and climate-related banking risks

Agency Rule-Making & Guidance Federal Issues OCC Bank Regulatory Covid-19 Risk Management Community Banks Climate-Related Financial Risks Privacy/Cyber Risk & Data Security Third-Party Risk Management

Agency Rule-Making & Guidance

On December 6, the OCC reported in its Semiannual Risk Perspective for Fall 2021 the key issues facing national banks and federal savings associations and the effects of Covid-19 on the federal banking industry. The agency reported that although banks showed resilience in the current environment with satisfactory credit quality and strong earnings, weak loan demand and low net interest margins continue to affect performance.

The OCC identified elevated operational risk as banks continue to face increasingly complex cyberattacks, pointing to an increase in ransomware attacks across financial services. While innovation and technological advances can help counter such risks, the OCC warned they also come with additional concerns given the expansion of remote financial services offered through personally owned computers and mobile devices, remote work options due to the Covid-19 pandemic, and the reliance on third-party providers and cloud-based environments. “The adoption of innovative technologies to facilitate financial services can offer many benefits to both banks and their customers,” the report stated. “However, innovation may present risks. Risk management and control environments should keep pace with innovation and emerging trends and a comprehensive understanding of risk should be achieved to preserve effective controls. Examiners will continue to assess how banks are managing risks related to changes in operating environments driven by innovative products, services, and delivery channels.”

The report calls on banks to “adopt robust threat and vulnerability monitoring processes and implement stringent and adaptive security measures such as multi-factor authentication or equivalent controls” to mitigate against cyber risks, adding that critical systems and records must be backed up and stored in “immutable formats that are isolated from ransomware or other destructive malware attacks.”

The report further highlighted heightened compliance risks associated with the changing environment where banks serve consumers in the end stages of various assistance programs, such as the CARES Act’s PPP program and federal, state, and bank-initiated forbearance and deferred payment programs, which create “increased compliance responsibilities, high transaction volumes, and new types of fraud.”

The report also discussed credit risks, strategic risk challenges facing community banks, and climate-related financial risks. The OCC stated it intends to request comments on its yet-to-be-published climate risk management framework for large banks (covered by InfoBytes here) and will “develop more detailed expectations by risk area” in 2022.