Last week, just after we went to press, the Office of the Comptroller of the Currency (“OCC”) released its FY2023 Banking Supervision Operational Plan.
The operational plan sets out the STO’s monitoring priorities and objectives for the fiscal year that began on October 1. These priorities and objectives are:
- Strategic and operational planning. The operating plan summarizes this element as safety, soundness and fairness, noting that “reviewers should focus on strategic and operational planning to assess whether banks maintain stable financial positions, particularly with respect to relates to capital, provision for credit losses, management of net interest margins, liquidity, and revenues.
- Operational resilience and cybersecurity. The operating plan stated:[O]Operational resilience reviews should consider incident response and disaster recovery practices, with an explicit assessment of data backup and recovery capabilities. Information and cybersecurity reviews should focus on fundamental controls to identify, detect, and prevent threats and vulnerabilities; these controls include authentication, access control segmentation, patch management, and end-of-life programs.
- Third Parties and Related Mergers. The operating plan notes that examiners should monitor banks’ risk management governance of their relationships with third parties and highlighted fintech relationships.
- Credit risk management. The OCC noted that credit losses have reached historic lows, but banks need to be prepared for an evolving credit risk environment. The Exploitation Plan went on to state that “[r]Risk-based review work should focus on new products, higher growth areas, or portfolios that represent concentrations.
- Provisions for credit losses. The operating plan noted:[As] As banks finalize adoption of the current expected credit loss accounting standard in accordance with promulgated timelines, reviewers should assess the effectiveness of the ACL implementation and methodology for estimating lifetime expected losses.
- Interest rate risk. The operating plan has emphasized effective asset and liability risk management practices.
- Liquidity risk management. “[B]liquidity in the banking system remains strong,” according to the operating plan, “but large rate increases could adversely affect the volume or composition of bank deposits and reduce liquidity from collateral or portfolio sales investment due to unrealized losses.
- Consumer Compliance. The operational plan indicates that examiners should focus on compliance management systems, in addition to the assessment required by law.
- Bank Secrecy Act. In addition to the OFAC compliance review, the operational plan encourages reviewers to “continue to assess bank change management plans for implementing changes to existing BSA/AML compliance programs that will be required to implement the requirements of the Anti-Money Laundering Act 2020″.
- Fair loan. The operating plan stated:[F]Airline loan monitoring activities should take into account the full life cycle of credit products, such as mortgages, and the risk of discrimination in mortgages resulting from pricing bias or discriminatory assessments of properties.
- Community Reinvestment Act. The Operational Plan reminded reviewers of the 2020 rescinding of the previous ARC rule published by the OCC so that the OCC rule would be consistent with the 1995 interagency rule. Reviewers are also reminded that a final ARC rule could be issued by the OCC, Federal Reserve, and FDIC in fiscal year 2023.
- New products and services. The operating plan notes that reviewers should review the bank’s management processes for reviewing new product opportunities, and in particular payment products and fintech and digital assets.
- Climate-related financial risks. The operating plan stated that “[d]In fiscal year 2023, the agency will continue its information-gathering efforts and plans to conduct additional industry outreach activities. At larger banks, examiners will monitor the development of climate-related financial risk frameworks and engage with bank management to understand the challenges banks face in this effort, such as data and metrics, governance and oversight, policies, procedures and limits. , strategic planning, scenario analysis capabilities and techniques, and the integration of frameworks into current banking risk management processes.
The operational plan outlines what OCC reviewers will focus on, but nothing in the plan should come as a surprise to anyone following Acting Comptroller Hsu’s recent speeches.