The Office of the Comptroller of the Currency (OCC) released its Semiannual Risk Perspective report, finding that the current pandemic will stress financial performance this year.
The report also said that compliance risk is on the rise, in part because of federal programs related to the CARES Act and Paycheck Protection Program (PPP).
“Banks entered the national health emergency related to COVID-19 in sound condition, but face weak economic conditions resulting from the economic shutdown in response to the pandemic that will stress financial performance in 2020,” the agency stated. “The OCC reported weak financial performance, and increasing credit, operational, and compliance risks, among the key risk themes in the report.”
The report was prepared from April through early June, finding that profitability will be challenged as interest rates are at historic lows, past due loans and provisions for loan losses are increasing, and operational expenses are rising. It said unemployment levels will stress credit risk management, while operational risk was elevated as banks implement new processes and procedures, adopt pandemic related continuity plans, and respond to increased fraud and cyberrisk.
Finally, it warned of increasing compliance risk related to new assistance programs for consumers and small businesses, resulting in high call volumes and reassigned staff implementing new practices and procedures.
“The response to the COVID-19 pandemic triggered a broad-based shock to the U.S. and global economies. As a result, banks are facing a substantial increase in credit and operational risks,” the report stated.
Before the downturn, the OCC said the banking system was in a position of “considerable strength,” as matters requiring attention and banks rated 4 and 5 were at their lowest level in 10 years.
“The broad themes facing the federal banking system are weak financial performance, elevated credit, and operational risks,” the report stated. “The onset of the pandemic created an uncertain credit environment testing the resiliency of both commercial and retail loan portfolios. Credit risk management practices need to be flexible and proactive to meet the challenges of the current environment.”
It noted higher operational risk as banks engaged third parties to support remote work capabilities and increased capacity for technology solutions.
Finally, it called out the potential for compliance with federal programs stemming from the CARES Act, such as PPP or forbearance and deferred payment programs, to develop into a key risk.
“Among other challenges, these conditions complicate the compliance responsibilities associated with managing high transaction volumes and various programs of consumer and business lending in a weakened economy,” the OCC said.
In particular, it noted the stresses that PPP put on the banking industry to produce a high volume of loans in a short timeline – and with much of its staff working remotely.
“The high volume of lending-related requests elevates risk when banks cannot promptly process requests because of reduced staffing or because resources are shifted to other priorities. This could cause breakdowns in controls related to account management, servicing management, flood insurance coverage, credit bureau reporting, and complying with applicable laws and regulations,” the report stated.
Compliance issues with the Bank Secrecy Act (BSA) also were noted in the report, again, as the high volume of PPP applications being processed in a short time elevated risk.
“These conditions may complicate BSA, consumer protection, and fair lending compliance responsibilities associated with underwriting and opening new accounts, monitoring customer activity, communicating with customers, and timely meeting BSA and Office of Foreign Assets Control (OFAC) reporting requirements,” the report stated.
The OCC encouraged banks to monitor information provided by law enforcement agencies and international anti-money laundering standard-setting organizations regarding the ways that criminals are adapting scams and money laundering techniques to exploit vulnerabilities created by the pandemic. It said that banks should be aware of evolving typologies and ensure their anti-money laundering programs are commensurate with their risk profile.
It also noted the potential for consumer compliance and fair lending issues during the pandemic, as banks work closely with affected customers.
“Branch closures, reduced operations, and communication issues (e.g., limited hours, lobby or location closures, and strained call center capacity) may result in increased customer complaints. Banks must remain diligent to ensure compliance with consumer protection, fair lending, and other laws and regulations when dealing with applicants for new or modified loans and working with customers affected by the COVID-19 pandemic,” the report stated.
It also called out heightened cybersecurity risks during the pandemic.
“Cyberthreat actors continue to target banks, their customers, and their third parties,” the report stated. “These threats continue to adapt and elevate due to increased criminal activity and sophistication. Phishing threats against bank customers and staff are elevated, and there have been an increasing number of attacks focused on the use of virtual private networks, virtual teleconferencing services, and other remote telecommunication technologies because of widespread transitions to telework models.”
It found that the trend of increased criminal activity was expected to continue for the foreseeable future, and might increase.
“Bank management should consider measures to enhance the resilience of systems and operations against cyberthreats,” it stated. “These can include maintaining system backups either on logically segmented portions of the network or offline media. Testing recovery capabilities to respond to ransomware or other destructive malware that encrypts or corrupts data, including backup data, helps banks mitigate the impact of attacks.”