The regulator of national banks issued its fiscal 2021 supervisory plan Thursday, with credit risk management “given projected weaker economic conditions” and commercial and residential real estate concentration risk management the first two items on the agency’s list of supervisory strategies for the coming year.
The agency will also be monitoring banks for their transition away from LIBOR (London Interbank Offered Rate) as a reference rate, compliance risk management related to this year’s COVID-19 pandemic-related activities, Bank Secrecy Act/anti-money laundering (AML) compliance, cybersecurity, planning for and implementation of the current-expected-credit-losses (CECL) accounting standard, Community Reinvestment Act (CRA) performance, and more.
The plan, just over two pages long, notes that while objectives are similar for the agency’s large bank and midsize/community bank supervision units, managers “will differentiate bank size, complexity, and risk profile when developing individual bank supervisory strategies.”
“The OCC will adjust supervisory strategies, as appropriate, during the fiscal year in response to emerging risks and supervisory priorities,” the plan states. “For FY 2021, supervision efforts will be flexible to recognize the broad and bank-specific impacts of the pandemic and resulting economic, financial, operational, and compliance implications.”
The OCC’s FY2021 supervisory strategies are detailed in full below:
- Credit risk management given projected weaker economic conditions. Examiner focus should be on commercial and retail credit risk control functions, including portfolio administration and risk management, timely risk identification, independent loan review, risk rating accuracy, policy exception tracking, collateral valuation, stress testing, and collections/workout management.
- Commercial and residential real estate concentration risk management, including verification that risk assessment and management practices adequately account for concentration risks. Examiner focus should include portfolios with material concentrations, especially in sectors hard hit by the pandemic.
- Appropriateness of allowance for loan and lease losses/allowance for credit losses, forecasting the cumulative impact from a lengthy period of eased underwriting standards, and potential higher probability of default and loss given default. Examiners should focus on Current Expected Credit Losses implementation for those institutions that have adopted the standard, and preparation for those that will be implementing the standard.
- Cybersecurity and operational resilience with a focus on threat vulnerability and detection, access controls and data security, and managing third-party access. Examiners should also focus on incident response and remediation processes.
- Bank Secrecy Act/anti-money laundering (BSA/AML) compliance, ensuring the effectiveness of BSA/AML risk management systems relative to the complexity and risks associated with business models and products, evaluating technology and modeling solutions to perform or enhance BSA/AML oversight functions, and determining the adequacy of suspicious activity monitoring and reporting systems and processes.
- Compliance risk management associated with 2020 pandemic-related bank activities, such as CARES Act loan forbearance requirements or other bank-provided consumer loan or account accommodations. Effects of the pandemic on overall compliance risk as well as specific areas of risk (e.g., SCRA risk associated with increased foreclosure volume).
- Community Reinvestment Act performance, including implementation of new guidance, procedures and tools related to the CRA rule issued on June 5, 2020.
- Fair lending examinations and risk assessments, including risks associated with 2020 pandemic-related loan accommodations and loss mitigation efforts and new technology used in underwriting processes.
- The impact of a low-rate environment on banks’ business models, strategies, asset and liability risk exposures, net interest margin, and funding stability.
- Bank preparation for the phaseout of the London Interbank Offering Rate as a reference rate after 2021, including operational and consumer impact assessments and change management related to implementation and disclosure of an alternative index for pricing loans, deposits, and other products and services.
- Proper oversight of significant third-party relationships, including partnerships. Examiners should identify where those relationships represent significant concentrations in operations, bank resiliency, or other risks. Examiners should assess risk oversight of third party’s own management of cybersecurity and resilience risks.
- Change management over significant operational changes. Examiners should evaluate governance over new technology innovation and implementation, including use of cloud computing, artificial intelligence, digitalization in risk management processes, new products and services, and notable changes in strategic plans. Examiners will also focus on change management over emergency programs in response to the pandemic including the CARES Act and pandemic-related operating conditions.
- Payment systems products and services, currently offered or planned, focusing on new or novel products, services, or channels for wholesale and retail customer relationships. Examiners should consider potential risks including operational, compliance, strategic and reputation and how these risks are incorporated into institution-wide risk assessments and new product review processes.