Half of top US banks have ‘inadequate’ operational risk management

A US regulator has reportedly found that half of the major banks it oversees have weak or insufficient operational risk management in place.

People familiar with the matter told Bloomberg that the Office of the Comptroller of the Currency (OCC) uncovered inadequate risk management in areas such as cyber-attacks or employee mistakes at 11 of the 22 banks it oversees.

In a statement, the US watchdog said that acting comptroller Michael Hsu has "consistently discussed the need for banks to guard against complacency and actively manage their risks in order to build and maintain trust in the federal banking system."

The news comes days after a global IT outage saw banks experience disruption around the world, with some consumers unable to access their digital app services.

In May, the Bank of England (the Bank) urged UK firms involved in facilitating payments to do more ahead of the March 2025 deadline for its new operational resilience rules.

In a speech at the London Institute of Banking and Finance, executive director of financial market infrastructure at the Bank Sasha Mills said that Financial Market Infrastructures (FMIs), those that form part of the network of systems that make payments possible, still have a lot of work to be done.

The Bank’s upcoming operational resilience policy is designed to protect the wider financial sector and UK economy from the impact of operational disruptions.

Mills said that the Bank expects these firms to “accelerate” their efforts over the next year to ensure they are in a position to tolerate the negative impacts of disruption on their important business services, including mapping the key people, processes, technology, facilities, and information needed to deliver them in times of crisis.



Share Story:

Recent Stories


Safeguarding economies: DNFBPs' role in AML and CTF compliance explained
Join FStech editor Jonathan Easton, NICE Actimize's Adam McLaughlin and Graham Mackenzie of the Law Society of Scotland as they look at the role Designated Non-Financial Businesses and Professions (DNFBPs) play in the financial sector, and the challenges they face in complying with anti-money laundering and counter-terrorist financing regulations.

Ransomware and beyond: Enhancing cyber threat awareness in the financial sector
Join FStech editor Jonathan Easton and Proofpoint cybersecurity strategist Matt Cooke as they discuss the findings of the State of the Phish 2023 report, diving into key topics such as awareness of cyber threats, the sophisticated techniques being used by criminals to target the financial sector, and how financial institutions can take a proactive approach to educating both their employees and their customers.

Click here to read the 2023 State of the Phish report from Proofpoint.

Cracking down on fraud
In this webinar a panel of expert speakers explored the ways in which high-volume PSPs and FinTechs are preventing fraud while providing a seamless customer experience.

Future of Planning, Budgeting, Forecasting, and Reporting
Sage Intacct is excited to present FSN The Modern Finance Forum’s “Future of Planning, Budgeting, Forecasting, and Reporting Global Survey 2022” results. With participation from 450 companies around the globe, the survey results highlight how organisations are developing their core financial processes by 2030.