Alert May 22, 2012

Comptroller Curry Warns of Increased Operational Risk at Banks

Comptroller of the Currency Thomas J. Curry presented a speech at the Exchequer Club in Washington, D.C. in which he stated that the OCC is perceiving increased operational risk at national banks and that, for what may be the first time in many years, operational risk is eclipsing credit risk as a safety and soundness concern for banks.  Comptroller Curry stated that management of operational risk, which he defined as “the risk of loss due to failures of people, processes, systems and external events,” requires, among other things, that banks validate “the reports, assumptions and algorithms in their risk models,” and avoid relying on a single approach in risk models.  Comptroller Curry noted that a bank must make the necessary investments in systems and controls to allow the bank to effectively manage its risks and that banks should recognize that the controls adequate in today’s economic climate “may prove inadequate for tomorrow’s risks and threats.”  Comptroller Curry also stressed that banks must carefully monitor the risks associated with use of third party vendors in connection with the bank’s delivery of financial products.  Finally, Comptroller Curry discussed the operational and other risks to banks in meeting their anti-money laundering (“AML”) compliance responsibilities.  Among AML compliance deficiencies that the OCC has detected at community banks are violations related to ineffective account monitoring, inadequate tracking of high-risk customers, and failure to monitor effectively various forms of suspicious activity.  The Comptroller noted the difficulties that banks face in managing AML compliance operational risks because “the risks are constantly mutating, as criminal and terrorist elements alter their tactics to avoid detection…and move from one base of operations to another….”