OCC Releases Supervision Operating Plan for 2023

On October 6, 2022, the Office of the Comptroller of the Currency (“OCC”) released its Supervision Operating Plan for 2023 (the “Plan”), outlining its risk-focused bank policy initiatives and supervisory strategies for the new year.

The priorities will apply to national banks of all sizes, as well as federal savings associations, federal branches, federal agencies, and technology service providers.

Examination Priorities

Safety and soundness, and fairness

OCC examiners will focus on strategic and operational planning to assess bank stability, as well as bank governance with regard to the employees of the organization. The OCC is particularly concerned with improper talent management as “[w]eaknesses in talent management processes could lead to control breakdowns, untimely completion of material audits or other reviews, or failure to comply with rules and regulations that leads to customer impacts.”

Operational resilience and cybersecurity

Pursuant to the assessment of a bank’s operational resilience, a bank’s responses to cybersecurity threats and incidents will be subject to heightened scrutiny as the Plan requires “explicit evaluation of data backup and recovery capabilities.”

Third parties and related concentrations

The risk attributes of third-parties engaged by banks, including financial technology (fintech) companies will be reviewed, as well as banks’ risk management governance of these relationships, including ensuring third-parties have qualified staff that can fulfill the the third partyies’ contractual obligations and reviewing their “cybersecurity risk management and resilience capabilities.”

Credit

With banks stabilizing from the historic credit lows during the COVID-19 pandemic, banks’ ability to manage credit risk in light of “volatile changes in market conditions, interest rates, and geopolitical events, as well as supply chain disruptions and areas of continued weakness from the pandemic such as urban commercial real estate performance[.]” This means that examiners will be engaged in stress testing “of adverse economic scenarios and the implications.”

Allowances for credit losses (“ACL”)

Examiners will focus on “ACL adequacy, including the need for provisions to build the ACL, consistent with any stress on credit portfolios due to volatile economic conditions, . . .the effectiveness of the implementation and ACL methodology at estimating lifetime expected losses”

Interest rate risk

A bank’s risk management practices for interest rate risk should include consideration of “a robust suite of interest rate scenarios and assumption sensitivity analyses, when appropriate, as rising rates may negatively affect asset values, deposit stability, liquidity, and earnings.”

Liquidity risk management

Pursuant to the possibility of “sharp rate increases” and the potential adverse affects incurred by banks as a result, the liquidity risk management practices of banks will be reviewed, “including stress testing of primary, secondary, and contingent sources of liquidity and strategic and tactical measures to address liquidity needs[.]”

Consumer Compliance

The implementation of “compliance management systems, including complaints management, and the build-out of new or innovative products, services, or delivery channels" will be a focus of the Plan.

Bank Secrecy Act (“BSA”), anti-money laundering (“AML”), and Office of Foreign Assets Control (“OFAC”)

Considering the “growing number and complexity of OFAC sanctions programs” OFAC sanction compliance and risk management systems will be at the forefront of regulatory considerations.

Fair Lending

In order to consider the “full life cycle of credit products,” “[e]xaminers should ensure that banks have sufficient risk management practices in place to assess and mitigate redlining risks.”

Community Reinvestment Act (“CRA”)

Pursuant to the release of the OCC Bulletin 2021-61, “Community Reinvestment Act: Final Rule to Rescind and Replace Community Reinvestment Act Rule Issued in 2020,” examiners will need to “plan accordingly for examinations affected by the 2021 CRA rule” and should “be aware of and prepared to alter strategies for any changes that could result from a potential joint rule” that could be forthcoming in 2023.

New Products and Services

Bank partnerships with fintech operations and their offering of new payment systems products and services will be subjected to examination as these “innovative or new activities” have a potential to impact a “bank’s financial performance, strategic planning process, and risk profile.”

Climate-related financing risks

The largest banks will be subject to examiner review of the “development of climate-related financial risk frameworks and will engage with bank management to understand the challenges that banks face in this effort, including data and metrics, governance and oversight, policies, procedures, and limits, strategic planning, scenario analysis capabilities and techniques, and incorporation of the frameworks into current bank risk management processes.”