The U.S. banking industry is stable nearly nine months into the coronavirus pandemic, but the Office of the Comptroller of the Currency (OCC) this week warned of increased risks for banks seeking to comply with the Bank Secrecy Act (BSA) and consumer protection and fair lending requirements.
The OCC’s “Semiannual Risk Perspective for Fall 2020,” released Monday, lays out new and emerging pandemic-related risks for banks caused by credit defaults and historically low interest rates; cyber-security threats posed by work-from-home environments; and compliance risks being elevated by remote work as well as “the requirement to quickly operationalize federal, state, and proprietary programs designed to support businesses and consumers,” the agency said in a press release accompanying the report. The report covers risks facing national banks and federal savings associations based on data as of June 30.
In response to coronavirus-induced stresses, banks’ first reactions have been to trim operating costs, the OCC said. But these cuts should be implemented in a way as to not weaken important compliance functions, the agency warned.
“Key control functions and processes, such as risk management, audit, compliance, and staff development, should be maintained to ensure risk management oversight during times of economic stress,” the report said. “Cost-cutting considerations need to be carefully balanced with a proper control and testing environment as well as risk management practices that can prevent increased losses.”
On BSA compliance, banks need to be ever more vigilant in detecting fraud within their financial transactions, including fake charities; phishing, counterfeit medicine, and work-from-home scams; and other schemes seeking to take advantage of people affected by the pandemic.
As banks make adjustments to their BSA programs due to coronavirus-related circumstances, they should keep their regulators informed of the changes, as well as any potential delays in meeting regulatory requirements. The OCC says it will consider the impact of coronavirus-related circumstances and is adjusting its supervisory responses accordingly.
Also of note, cyber-criminals are increasingly attacking financial institutions with ransomware attacks, most commonly with phishing emails used to trick employees into handing over system passwords.
“Banks should have a clear understanding of the impact of a ransomware attack and the potential effects on the banks’ customers and third parties,” the OCC said. The OCC and the Federal Deposit Insurance Corporation issued a joint statement in January regarding ransomware attacks with guidance about how to respond.
Increased compliance risks also stem from the approval and management of coronavirus-related government loans through the CARES Act’s Paycheck Protection Program (PPP) and other federal, state, and bank-initiated forbearance and deferred payment programs.
“These programs featured increased compliance responsibilities and high transaction volumes while banks were trying to assess the impact of a weakened economy,” the OCC report said.
Banks may find an avalanche of operational changes including branch closures, reduced hours, communication issues, and employee turnover could lead to disparate treatment of applicants and borrowers in ways that could trigger violations of consumer protection laws. Bank employee work-from-home arrangements may increase the risk of the loss of consumer’s private information through breaches.
Banks should also be implementing a system of controls, and new policies and procedures, to handle compliance with the final Community Reinvestment Act enacted in June, the OCC advised.
“The OCC considers the unique circumstances affecting borrowers and banks due to the COVID-19 pandemic and will consider banks’ good faith efforts designed to support customers and comply with applicable laws and regulations,” the agency said.