On July 19th, the world awoke to a global IT outage caused by a single software update to widely used security software that inadvertently impacted 8.5 million Microsoft Windows machines and creating issues for some 75% of top US banks. Two days later, we learned of a private OCC report finding that 11 of the 22 large banks it oversees do not adequately manage operational risks. Operational risk is one of the categories evaluated by the OCC and includes anything from vendor failures and natural disasters to technology snafus, like the July 19th outage.
Banks increasingly rely on fintech partnerships and third-party service providers. Such reliance can create concentrated points of failure for business and operational functions, making them a target of heightened regulatory scrutiny. This post outlines the essential steps US banks should take to manage this risk and maintain regulatory compliance.
Banks must conduct comprehensive due diligence that includes:
Compliance History: Investigate any past compliance failures, regulatory enforcement actions, and legal issues
Business Practices: Analyze the business model, data privacy policies, and cybersecurity measures, ensuring they meet regulatory and internal bank requirements
Business Continuity: Review the business continuity plan to ensure the necessary framework is in place to manage disruptions and that the plan addresses recovery strategies, communication protocols, and testing requirements
Banks must establish ongoing monitoring and oversight to ensure they and their third parties comply with applicable laws and regulatory requirements. Such monitoring must include:
Banks must establish a culture of risk management by implementing an internal framework that includes:
Identification and Reporting: Encouragement of all employees to actively identify and report potential risks helps to remediate and control risks promptly
Standardized Reporting: Standardized reporting mechanisms such as risk assessment checklists and dashboards help track and quantify risks, providing more detailed risk analysis
Clear Escalation Path: Establishing and communicating steps employees should take when they encounter risks help resolve issues quickly before they become more significant operational challenges
In conclusion, as banks increasingly depend on fintech partnerships and third-party providers, they must adopt robust risk management practices to mitigate the related operational risks. Conducting thorough due diligence, establishing ongoing monitoring, and fostering a strong internal risk identification culture are essential to ensure compliance and safeguard operations. By proactively addressing these challenges, banks can navigate potential disruptions while maintaining trust with customers and regulators alike.
Need more insights or assistance with compliance strategies? With extensive experience working directly with regulators and implementing third-party risk governance and controls, our experts can provide valuable insights and guidance tailored to your specific compliance needs. We can strengthen your risk management strategies and ensure your company remains resilient in this ever-changing environment.
Click here to contact us today.