Strategic, underwriting, cyber-security, compliance, and interest rate risks sit atop the Office of the Comptroller of the Currency’s list of supervisory concerns in its Semiannual Risk Perspective for Fall 2015, released on Wednesday.

The report covers risks facing national banks and federal savings associations based on data through June 30, 2015. It reinforces concerns about the growing risk posed by weakening credit standards, Comptroller Thomas Curry said during a conference call. “As the economic cycle turns, we see banks and thrifts reaching for yield and growth, sometimes extending their reach at the expense of sound underwriting, strong risk management, and adequate loan loss provisioning,” he said. “OCC examiners will be paying close attention to each of those areas in the coming months.”

“In the area of credit risk, the warning lights are flashing yellow,” he added. “Regulators and bank management need to act now to prevent those risks from becoming reality. We can’t afford to wait until the warning lights turn red.”

Many national banks and federal savings associations continue to face strategic challenges to growing revenues to meet target rates of return in a slow-growth, low interest rate environment, the report says. Banks also face an inability to exit balance-sheet positions because of declining market liquidity.

As a result, many are easing credit underwriting standards and practices, and reaching for yield by loosening underwriting and extending asset duration trends. Some banks have reached for yield to boost interest income with decreasing regard for interest rate or credit risk. Banks that extend asset maturities to pick up yield could face significant earnings pressure and capital erosion, depending on the severity and timing of interest rate moves as well as changes in the yield curve.

Business operating models are under increasing pressure as bankers seek to launch new products, leverage technology, reduce staffing, outsource critical activities, reengineer business processes, and partner with firms unfamiliar with the bank regulatory environment. The OCC’s warning: “Banks may not always adapt risk management and control processes to these changing business strategies.

Bank Secrecy Act and anti-money laundering compliance risks remain high, as technological developments that benefit customers through enhanced products and greater access to financial services may be vulnerable to criminals who exploit those innovations. Some banks failed to develop or incorporate appropriate controls as products and services have evolved, the OCC says. It found that some banks failed to devote sufficient resources and expertise to BSA/AML.

Banks are increasingly adopting innovative products, services, and processes in response to evolving needs for financial services and growing competition from other banks and financial technology firms. Doing so often involves assuming unfamiliar risks, an expanded reliance on third-party relationships, and the need to update or acquire new systems and technology platforms. “Banks involved in responsible innovation recognize the benefit to consumers and businesses (including their own operational efficiencies), as well as the need for sound risk management to properly oversee and control heightened risks,” the report says.

Other concerns detailed in the report:

Cyber threats, reliance on service providers, and resiliency planning remain industry concerns, particularly in light of increasing global threats. Operational risk is high as banks adapt business models, transform technology and operating processes, and respond to these threats, including attacks that involve extortion and those that can compromise, disrupt, or destroy data and systems.

Banks may not be adequately incorporating resiliency considerations, including recovery from cyber events, into their overall governance, risk management, or strategic planning processes.

The pace of mergers and acquisitions increased in the past 12 months among banks with less than $20 billion in total assets. Merger and acquisition activity, however, challenges risk control structures, management information systems, and operational platforms.

The number, nature, and complexity of domestic and foreign third-party relationships continue to expand, increasing concentration and risk management challenges.

The use of third-party relationships to conduct all or a portion of consumer credit-related product development, implementation, and fulfillment can increase the risk of unfair or deceptive practices. In recent years, a number of banks failed to exercise adequate risk management and controls when developing and offering various add-on products to customers.

While banks increasingly use central counterparties (CCP), or central clearinghouses, to reduce counterparty exposures and settlement risks, those memberships can expose banks to increased concentration, credit, liquidity, and legal risks. Foreign CCPs may introduce additional risks from jurisdictional differences in rules, requirements, and authorities.

The OCC’s supervisory priorities for the next 12 months include a focus on governance and oversight, specifically assessing the risks posed by business model and strategy changes and any substantive gaps regarding heightened regulatory standards. Examiners will ensure that management has committed to closing the gaps within an appropriate time frame.

Examiners will also focus reviews on commercial and retail credit underwriting practices, compliance with new regulatory requirements (including those related to capital, liquidity, trading activities, residential mortgages, and risk retention); effectiveness in identifying and responding to risks posed by new products, services, or terms; and programs for assessing the evolving cyber threat environment and banks’ resilience to cyber attacks.