On November 18, Comptroller of the Currency Thomas Curry spoke at the Annual Community Bankers Symposium. His speech covered the OCC’s supervisory priorities, risk management goals, and responsible innovation initiative for community banks. Among the issues he identified as regulatory priorities were strategic risk issues, loan underwriting, operational resiliency, and BSA/AML compliance. He also discussed FinTech and third-party vendor management issues.
Comptroller Curry began his remarks by identifying the OCC’s areas of regulatory focus for community banks, which should be familiar to community bankers. These focus areas include business model sustainability and viability, commercial and retail loan underwriting, operational resiliency, BSA/AML compliance management, and processes to address new regulatory requirements. He noted that community bank exam teams are instructed to “develop and execute risk-based supervisory strategies for each bank that are tailored to the specific risks and particular circumstances of that bank.”
He also spoke at length about strategic risk issues. He summarized a community bank’s strategic risk responsibilities as follows: “you need to have the right plan to meet your business goals in your market.” According to Comptroller Curry, this requires banks to ask the following questions:
- Are we offering the right products, and have we identified the right goals?
- Have we properly identified the needs of our customers and communities?
- Do we have a plan for adapting to the changing marketplace in the next five or 10 years?
- Has our board adopted approaches and policies consistent with the bank’s long-term business model, and have we articulated our goals effectively?
Comptroller Curry also discussed FinTech and the OCC’s responsible innovation initiative, including the agency’s recent creation of an Innovation Framework Development Team. He recognized that the costs associated with innovation make it difficult for community banks to implement new technology on their own, often necessitating relationships with third-party vendors. Similar to some of the best practices for vendor management in my Independent Banker article, Comptroller Curry identified some advice for managing third-party relationships:
- Assure an outsourcing arrangement aligns with the bank’s strategic direction
- Assess the appropriateness of the fee structure for the services received
- Implement necessary user controls
- Monitor service providers’ performance
- Research references, financial condition, customer complaints, and litigation
- Validate legal and regulatory compliance capabilities, including information security controls, operating resilience, and MIS capabilities
- Assess insurance coverage