Fahad Dar’s Post

US regulator privately finds weak risk-management at half of large banks, Bloomberg reports. A top U.S. bank regulator's confidential assessments found 11 of the 22 large banks it supervises have "insufficient" or "weak" management of a broad swath of risks ranging from cyberattacks to employee blunders, Bloomberg News reported on Sunday. About one-third of the banks secured ratings of 3 or below on a 5-point scale for their overall management of risk in confidential assessments by the Office of the Comptroller of the Currency, the report said. https://lnkd.in/eYV6Vcmx #Banking #DORA #SEC #OCC #FinancialServices #TPRA #PCIDSS #cyberattacks #cyberrisk #cybersecurity

OCC considering stronger requirements for operational resilience, including #cybersecurity , third-party/vendor risk, and business continuity. Will be interesting if they can overcome pushback on regulators and challenges to agency deference, and if OCC is envisioning some sort of stress testing. "This is not a problem that capital or liquidity can solve. Ensuring that critical operations and #banking services can withstand or recover from disruptive events requires good planning, prudent investment, well-designed systems and regular testing.” https://lnkd.in/gvpDBet2 #businesscontinuity #thirdpartyriskmanagement

Banks face a labyrinth of regulatory changes that add new risks, modify internal controls, and enforce stringent reporting standards. Non-compliance can lead to significant financial penalties and operational disruptions. #cybersecurity #banking #riskanalysis #dataanalysis #fraudprevention

The recent CrowdStrike outage highlights the risks associated with banks' reliance on a small number of third-party vendors for critical services. A faulty software update from CrowdStrike led to widespread disruptions, affecting major banks across the country. This incident underscores the need for improved risk management and diversification strategies, as many banks depend heavily on a few dominant IT providers. Regulators have increasingly scrutinized this over-reliance, emphasizing the importance of developing robust contingency plans and risk mitigation strategies to avoid severe operational impacts. https://lnkd.in/eU9_pxnc

More Concerns About Big Banks "...In the confidential assessments, the Office of the Comptroller of the Currency said 11 of the 22 large banks it supervises have “insufficient” or “weak” management of so-called operational risk, said the people, who asked not to be identified because the information isn’t public. That contributed to about one-third of the banks rating three or worse on a five-point scale for their overall management, the people said. The scores are the latest sign that US regulators are concerned about the level of risk at the country’s largest banks in wake of a series of failures last year. Operational risk is meant to cover a range of potential threats to banks beyond loans going bad or market swings causing losses. That can include anything from employee mistakes and legal troubles to natural disasters and technology snafus. Banks have to show regulators plans for managing such risks, and they have to hold capital against those threats, a requirement that’s long been debated because they’re harder to measure than credit or market risks. The harsh grades are part of sweeping regulatory scrutiny in the wake of the record-setting bank failures last year, after which regulators vowed to do more to identify and act on problems. The OCC’s large bank portfolio ranges from regional lenders with at least $50 billion in assets to the megabanks with trillions..." https://t.co/RmW0L8fi9l

Passive vs. Managed Risk: Understand the types of tech risks banks face and how to manage them effectively. Ensure your tech stack is robust and resilient. #BankTech #CCGCatalyst #BankingResearch Avoiding Another Outage: Tyler Brown https://lnkd.in/gyRjDmgT

 After the technology disruption last week, it was a dramatic reminder of how important it is that banks have a well-developed internal IT audit function to anticipate and prevent issues and, when they surface, be prepared to address them before they interrupt a bank’s day-to-day functions. If it makes sense to enlist third-party assistance in assessing or re-assessing technology risk, CCG Catalyst analysts are well poised to help. #ccgcatalyst #banktech #riskassessment

It's interesting to read the OCC's 2025 bank supervision operating plan, in which it outlines it's priorities for the coming year. Not a shock to see that cyber, third party risks, payments and AML feature prominently. Link to the report is below. #OCC #cyber #fraud #fincrime

🌟 Discover Key Insights with the Latest Treliant Takeaway 🌟 Want to stay ahead of emerging risks in the banking sector? The Office of the Comptroller of the Currency (OCC) shares critical insights you won't want to miss. 🏦✨ In this Treliant Takeaway you'll find essential information on: 🔹 Operational Resilience: Learn how to strengthen your framework to manage disruptions effectively. 🔹 Cybersecurity: Understand the growing threats and discover strategies to protect your data. 🔹 Credit Risk: Get insights on monitoring loan portfolios amidst economic changes. 🔹 Compliance and Regulatory Risks: Stay updated on evolving regulations to ensure your organization remains compliant. 🔹 Climate Change: Explore the financial implications of climate risk and how to integrate effective management strategies. Don't miss out on these vital insights. Read the full piece by Joe Sergienko and stay informed. #Banking #RiskManagement #OCC #Compliance