Pub. 6 2015 Issue 3

www.wvbankers.org 20 West Virginia Banker By Jonathan Levin, Dinsmore & Shohl LLP OCC Risk Perspective – The Risk You Save May Be Your Own Jonathan Levin is Partner Of Counsel in the Financial Services Regulatory & Enforcement Group (FinsREG) at Dins- more & Shohl LLP where he focuses his practice on providing regulatory counsel to banks and other financial companies. Throughout his career, Jonathan has advised banks and financial services providers on the full range of regulatory issues, prepared licensing and charter applications, structured mergers and acquisitions, and developed financial compliance programs. He began his career with the Office of the Comptroller of the Currency where he served for more than 12 years as Senior Attorney. T he Office of the Comptroller of the Currency (OCC) has issued its Semiannual Risk Perspective for Spring 2015, offering guidance to national bank examiners on current industry trends and highlighting issues of critical concern, though it is intended to have much wider impact as a resource for the financial ser- vices industry and the public. As part of its core mission of chartering, regulating and supervising national banks, the OCC monitors the condition of the national banking system and designates emerging threats to safety and soundness. To accomplish this essential task, twice a year the OCC’s National Risk Committee (NRC) issues a report based on mid-year and year-end data. Based on year-end 2014 data, the NRC has identified strategic, cybersecurity, compli- ance, underwriting, and interest rate risk as paramount supervisory concerns. Among these top five, the NRC assigns the highest priority to cybersecurity risk. Echoing the warning in its 2014 Annual Report, the NRC observes, “Attackers are custom- izing malware to target banks and bank customers, and the methods of attack are evolving in response to banks’ mitigating controls.” It adds that cyber threats are increasing not only at U.S. banks, but also at foreign financial institutions and U.S. non-financial companies, and the OCC is working closely with all members of the Federal Financial Institutions Examina- tion Council to raise awareness and guide banks in combating these risks. Particular supervisory attention is being devoted to cybersecurity at third-party technology service providers. While the NRC finds banks of all sizes are generally in sound financial condition, it considers large banks to have more of the necessary resources to address diverse risks than do community and midsize banks. Risk from a Large Bank Perspective The NRC finds large banks particularly face weaknesses in their risk management process relating to operations, BSA/ AML (anti-money laundering), compli- ance, internal controls, and credit. These involve misalignment of governance and enterprise risk management practices with heightened supervisory standards, increas- ing sophistication and number of cyber threats, elevated consumer compliance risks, poor controls on third-party provider relationships, inadequate underwriting in leveraged lending, indirect auto credit and commercial loans, and continual updat- ing of information systems in response to changes in regulatory and reporting requirements. Risk from a Community and Midsize Bank Perspective Much more serious concern is expressed for community and midsize banks as the NRC takes pains to note the “pressures” created by “acute competition for quality lending opportunities and declin- ing investment yields.” These nine key risks are spotlighted: • Strategic adaptation of bank business models to respond to sluggish eco- nomic growth, low interest rates, and intense competitive pressures • Management succession and retention of key staff • Erosion of underwriting standards in loan products • Exposure to volatile oil- and gas-re- lated industries through involvement with service, office and hotel sectors • Expansion into new products and services, including participations in syndicated leveraged loans, that require specialized risk management processes and skills • Outsourcing operational and business functions to third-party vendors • Increasingly sophisticated and fre- quent cyber threats • Failure to adapt BSA/AML programs to changing customer profiles, rapid pace of technological change, and advanced money-laundering schemes • Exposure to interest rate volatility associated with concentrations in mortgage-backed securities and other longer-term assets and potential runoff of nonmaturity deposits when interest rates inevitably increase Not Just for National Banks – Foreshadowing the Industry Standard The OCC’s National Risk Committee is followed as the bellwether for understand- ing the condition of the nation’s banking system in its entirety. Therefore, examin- ers and officials across all bank supervi- sory agencies can be expected to sharpen their focus on the risks identified in the Semiannual Risk Perspective. In particu- lar, community and midsize banks should be prepared for intensified scrutiny of the components of their risk management pro- grams relevant to these identified risks. n