OCC Lays Out Supervision Plan for 2017

On September 14, the OCC released its bank supervision operating plan for fiscal year 2017. The plan identifies the OCC’s priority objectives, which include: (i) commercial and retail loan underwriting; (ii) business model sustainability and viability; (iii) operational resiliency; (iv) BSA/AML compliance; and (v) processes to address regulatory changes. Moreover, the plan affirms that the OCC will look at each individual bank’s key risks, and will continue the process of stress testing, both for large banks and for midsize and community banks.


OCC to Host Workshop for Bank Directors

From September 19 through September 21, the OCC will host a “Building Blocks for Directors” workshop in St. Louis for directors of national community banks and federal savings associations supervised by the OCC. OCC supervision staff will lead the workshop, which will focus on directors’ duties and responsibilities, relevant laws and regulations, and increasing understanding of the examination process. The OCC is limiting the workshop’s capacity to the first 35 registrants.


OCC Releases Semiannual Risk Perspective Report

On July 11, the OCC released its Semiannual Risk Perspective for Spring 2016, which generally provides an overview of supervisory concerns for the federal banking system and specifically presents data as of December 31, 2015 in the following areas: (i) operating environment; (ii) bank performance; (iii) key risk issues; and (iv) regulatory actions. Similar to the fall 2015 report, the current report identifies cybersecurity, third-party vendor management, business continuity planning, TRID, and BSA/AML compliance, among other things, as key areas of potential operational and compliance risk. Further, the report highlights the new Military Lending Act rule, effective October 3, 2016, as a new key potential risk. According to the report, the OCC’s supervisory priorities for the next twelve months will generally remain the same; moreover, the outlook for the OCC’s Large Bank Supervision and Midsize and Community Bank Supervision operating units will remain broadly similar.


OCC Names Beverly Cole Deputy Comptroller for Compliance Supervision

On June 22, the OCC named Beverly Cole its Deputy Comptroller for Compliance Supervision. Effective July 2016, Cole will serve as the operational executive responsible for developing and promulgating compliance operational protocols, examination strategies, and schedules. Cole started at the OCC in 1979 as an Assistant National Bank Examiner. In 1984, she left the OCC to work in the banking industry, but she returned to the OCC three years later. Throughout her tenure with the OCC, Cole has served in various supervisory roles overseeing banks of all sizes.

COMMENTS: Comments Off
POSTED IN: Banking, Federal Issues

New York DFS Submits Letter to Federal Regulators Regarding Potential Cybersecurity Regulations

On November 9, the New York DFS sent a letter to federal regulators and other interested parties, including the CFPB, Federal Reserve Board, and the OCC, regarding potential new regulations aimed at increasing cybersecurity efforts within the financial sector. The letter references recent DFS reports that covered key findings from surveys given to regulated banking organizations on their cybersecurity programs, costs, and future plans. The reports raised the following concerns: (i) the speed of technological change and the increasingly sophisticated nature of threats; (ii) third-party service providers tend to have access to sensitive information and companies’ IT systems, providing potential hackers with a point of entry; and (iii) the “scale and breadth of the most recent breaches and incidents.” In light of these concerns, the DFS asserts that it would be beneficial to coordinate with state and federal regulators to “develop a comprehensive [cybersecurity] framework that addresses the most critical issues, while still preserving the flexibility to address New York-specific concerns.” According to the letter, the DFS expects to propose regulations requiring entities to set specific requirements in areas such as: (i) cybersecurity policies and procedures; (ii) third-party service provider management; (iii) cybersecurity personnel and intelligence, including implementing mandatory cybersecurity training programs; and (iv) notice of cybersecurity breaches.