OCC Defines Top Threats To Banks This Season

The U.S. Treasury’s Office of the Comptroller of the Currency (OCC) has again released its report on top risks facing banks, with its Spring 2017 analysis warning FIs that threats are coming from all angles.

In some ways, the risks facing banks are longstanding: Non-traditional FIs and innovation are forcing banks to rethink their position in the market. But the Spring 2017 report reveals news of threats that are just beginning to flare up.

“The federal banking system is, and should be, a source of strength for the nation and its economy. When it is running well, it powers tremendous growth and economic prosperity for consumers, businesses and communities across the country,” said Keith A. Noreika, acting Comptroller of the Currency, in a statement.

“Today, the federal banking system remains healthy,” he continued. “As outlined in the report, however, the OCC again identifies issues related to strategic, credit, operational and compliance risks as top concerns.”

PYMNTS outlines some of those key trends found in the OCC report below.

Shifts in Lending Practices

While commercial loan growth remained strong in 2016, it is still slower than 2015 levels, the report found, increasing by 2.1 percent in the first half of 2016 but then slowing toward the end. Commercial real estate (CRE) loans, however, continued to strengthen.

Amid these fluctuations, the U.S. Treasury’s Office of the Comptroller of the Currency found that underwriting standards have eased thanks to an increased appetite for credit risk, increased competition and an overall perception of improved economic circumstances.

“The greatest volume of easing has occurred in large and mid-sized banks,” the report found, “and the easing has occurred most often in pricing, guarantor requirements and loan convenants, as well as in retail loan sizes, collateral requirements and debt-to-income requirements.”

Cyber Threats

Considering the increasing volume of cyberattacks and heightened awareness of these threats, it’s only appropriate the OCC would highlight this issue for banks.

“Cyber threats are increasing in speed and sophistication,” the OCC stated. “These threats target large quantities of personally identifiable information and proprietary intellectual property and facilitate misappropriation of funds at the retail and wholesale level.”

As cyberattackers deploy more aggressive tactics, corporate banking firms have to respond with heightened cybersecurity measures to ensure confidence in the nation’s financial system, the OCC warned.

Phishing, ransomware, business email compromises, data theft and denial-of-service tactics can be especially harmful to FIs, and not only threaten the bank, but put the FI’s entire supply chain at risk, too. The OCC is urging corporate banking firms to upgrade security software and hardware, enhance authentication measures and deploy greater management of privileged user access.


The conversation continues over the rise of FinTech and alternative financial service providers as threatening the position of traditional banks. But while past conversations have focused on the competition these players offer, the discussion has now shifted to the cooperation between banks and FinTechs, M&A activity and partnerships.

“Many banks have increasingly leveraged and become dependent on third-party service providers to support key operations within their banks,” the report stated. “Over time, consolidation among service providers has resulted in large numbers of banks reliant on a small number of service providers.”

This means banks are at risk for “concentrated points of failure” along certain parts of their businesses, especially areas like card processing or denial-of-service mitigation, if FIs are using a third-party partner to handle these aspects of their operations.


As is often the case with banks, risks of non-compliance remain high, the OCC noted. Bank Secrecy Act and Anti-Money Laundering compliance risk is especially high as new technologies that support open access to financial services may expose a bank to money laundering risk. Electronic and alternative payment systems mean less transparency for the FI and, therefore, a diminished ability to identify whether a transaction is occurring for the purpose of money laundering or terrorist financing.

“Moreover,” the report continued, “ongoing changes in payment technologies and criminal typologies increase the challenges for banks to maintain effective systems to keep pace with these changes.”