Third Party Risk Management

OCC Banking Supervision Priorities – 2022 (Part 2- Technology Vendor Perspective)

OCC Banking Supervision Priorities – 2022

(Part 2- Technology Vendor Perspective)

On Friday, October 15, 2021, The Office of the Comptroller of the Currency (OCC) released its bank supervision operating plan for fiscal year 2022 (October 1, 2021 – September 30, 2022).  OCC staff members use this plan to guide their supervisory priorities, planning, and resource allocations.

To whom does this announcement apply?

  • Individual national banks
  • Federal savings associations
  • Federal branches
  • Agencies of foreign banking organizations (collectively, banks)
  • Technology service providers that provide critical processing and services

What are the examiners’ priorities as they review the technology solutions I provide to financial institutions?

Strategic and operational planning to ensure banks maintain stable financial positions Credit risk management, allowances for loan and lease losses, and allowances for credit losses
Cybersecurity and operational resilience Oversight of third parties & related concentrations
Consumer compliance management systems and fair lending risk Community Reinvestment Act performance
Impact of a low-rate environment and the transition to alternative reference rates given the cessation of LIBOR Payment systems products and services
Fintech partnerships for potential cryptocurrency-related activities and other services Climate change risk management
Bank Secrecy Act/anti-money laundering (BSA/AML) compliance management

Is there a theme to these priorities and what is the impact to the technology services my client purchases from me?

Similar to the Architecture, Infrastructure, and Operation (AIO) guidance published in June 2021, financial institutions are being encouraged to take a wholistic approach to their Operations and Risk programs.  Programs that are isolated from one another expose the institution to unnecessary risk.   Comprehensive documentation is essential to sound programs. As your client determines what documentation they do and don’t need from you, respond quickly – this is a maturation process for everyone involved.

Regulatory review of a financial institutions’ management and the oversight of Third-Party relationships continues to be a priority.  It remains vital to financial institutions that they perform a deep dive and periodic refresh of all critical relationships. Continue to respond to your client fully and efficiently.

The Pandemic is called out.   How it did and continues to impact your economic, financial, operational, and compliance programs.  Your organization would be wise to offer documentation of its own pandemic response.  A Lessons Learned paper identifying any updates and projects could be useful to your client. Demonstrating that your own organization continues to push for improvement and program maturity, further enhancing your relationship as a trusted and valued advisor.

It would be wise to take note of the risks identified in the Operating Plan. Are your own risk programs and controls appropriately designed and implemented for your organization’s size, complexity, and risk profile?  If not, take suitable steps to address any gaps, because your clients will be asking for this documentation.

In conclusion.

The regulatory standards have not changed. This Operating Plan is for the examiners.  Financial institutions may take advantage of knowing the test questions in advance of Exam Day.  As your client prepares, respond quickly to any new questions or evidence they request.  When the examiner arrives, your client will be soundly prepared, and you will have enriched your relationship as both a technology service provider and trusted partner. Contact us today to learn more!

Related Links