Crypto, cybersecurity and climate in focus in OCC risk report

Dive Brief:

  • The Office of the Comptroller of the Currency (OCC) highlighted the rise of digital assets, cybersecurity and the effects of climate change as emerging risks banks should focus on in its Semiannual Risk Perspective for Fall 2021, which it released Monday.
  • Banks are weathering the COVID-19 crisis “with resilience and satisfactory credit quality and strong earnings,” the regulator said, adding credit risk is moderate because of widespread government programs and appropriate risk management. But weak loan demand and low net interest margins continue to weigh on banks’ performance, the OCC added.
  • Monday’s report, which covers risks facing financial institutions based on data as of June 30, presents data in five main areas: the operating environment, bank performance, special topics in emerging risks, trends in key risks and supervisory actions.
  • Dive Insight:It comes as no surprise that the OCC is urging banks to approach cryptocurrencies with caution.As far back as June, the OCC’s acting chief, Michael Hsu, said he planned to revisit past actions regarding crypto that were taken under his predecessor, Brian Brooks. The regulator issued a statement last month requiring banks to first seek approval from the OCC before engaging in certain digital asset activities.The OCC reiterated its call for due diligence and caution regarding the booming sector in Monday’s report.

    “The OCC is approaching crypto-related activities in the federal banking system very carefully with a high degree of caution and expects its supervised institutions to do the same,” it said in the report. “OCC-supervised institutions should reach out to the appropriate OCC supervisory office before engaging in crypto-related activity.”

    While the regulator acknowledged that crypto-asset based products and services can create opportunities for banks and their customers, they can come with significant risks, the OCC added.

    “Banks should conduct due diligence and risk management as with other new, modified, and expanded services,” the agency said in the report.

    The OCC said more clarity on crypto is forthcoming, referring to the conclusion of a multi-agency “crypto sprint” which will result in the release of more guidance throughout 2022.

    The OCC also referenced the President’s Working Group on Financial Markets’ stablecoin report, which was also released last month, adding the study identified key gaps in prudential authority over stablecoins used for payments purposes.

    Cybersecurity risks

    The agency said it has observed an increase in ransomware attacks in financial services, including phishing emails targeting employees and compromised credentials to gain access to networks through remote access channels.

    “Operational risk remains elevated as cyber attacks evolve, become more sophisticated, and cause damage to a variety of industries,” the OCC said in the report.

    The increase in remote work and the use of personally owned computers and mobile devices boosts the importance of effective cyber controls, the OCC said.

    To mitigate cybersecurity risks, banks should implement multifactor authentication or equivalent controls to authenticate access to sensitive systems, the regulator said.

    “Network systems should be properly configured and have effective patch management processes in place,” the OCC said. “Banks should also ensure that critical systems and records are backed up and stored in immutable formats that are isolated from ransomware or other destructive malware attacks.”

    Climate change

    Monday’s report highlighted the OCC’s commitment to acting on the risk that climate change presents to the financial system.

    “These risks are driven by impacts of climate change on households, communities, businesses, and governments across the United States and around the world,” the OCC said. “Banks are exposed to physical and transition risks presented by climate change, which may impact the safety and soundness of supervised institutions.”

    The agency said it plans to finalize climate risk management framework guidance for large banks and to develop more detailed expectations by risk area in 2022.

    “We will review the large banks’ progress toward establishing climate risk management capabilities. We also plan to conduct additional industry outreach,” the OCC said.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.