Half of top US banks have ‘inadequate’ operational risk management

A US regulator has reportedly found that half of the major banks it oversees have weak or insufficient operational risk management in place.

People familiar with the matter told Bloomberg that the Office of the Comptroller of the Currency (OCC) uncovered inadequate risk management in areas such as cyber-attacks or employee mistakes at 11 of the 22 banks it oversees.

In a statement, the US watchdog said that acting comptroller Michael Hsu has "consistently discussed the need for banks to guard against complacency and actively manage their risks in order to build and maintain trust in the federal banking system."

The news comes days after a global IT outage saw banks experience disruption around the world, with some consumers unable to access their digital app services.

In May, the Bank of England (the Bank) urged UK firms involved in facilitating payments to do more ahead of the March 2025 deadline for its new operational resilience rules.

In a speech at the London Institute of Banking and Finance, executive director of financial market infrastructure at the Bank Sasha Mills said that Financial Market Infrastructures (FMIs), those that form part of the network of systems that make payments possible, still have a lot of work to be done.

The Bank’s upcoming operational resilience policy is designed to protect the wider financial sector and UK economy from the impact of operational disruptions.

Mills said that the Bank expects these firms to “accelerate” their efforts over the next year to ensure they are in a position to tolerate the negative impacts of disruption on their important business services, including mapping the key people, processes, technology, facilities, and information needed to deliver them in times of crisis.



Share Story:

Recent Stories


Sanctions evasion in an era of conflict: Optimising KYC and monitoring to tackle crime
The ongoing war in Ukraine and resulting sanctions on Russia, and the continuing geopolitical tensions have resulted in an unprecedented increase in parties added to sanctions lists.

Achieving operational resilience in the financial sector: Navigating DORA with confidence
Operational resilience has become crucial for financial institutions navigating today's digital landscape riddled with cyber risks and challenges. The EU's Digital Operational Resilience Act (DORA) provides a harmonised framework to address these complexities, but there are key factors that financial institutions must ensure they consider.

Legacy isn’t the enemy: what FSIs can do to keep their systems up and running
In this webinar we will examine some of the steps FSIs have already taken to rigorously monitor and test systems – both manually and with AI-powered automation – while satisfying the concerns of regulators and customers.

Optimising digital banking: Unifying communications for seamless CX
In the digital age, financial institutions risk falling behind their rivals if they fail to unite fragmented communications ecosystems to deliver seamless, personalised customer experiences.

This FStech webinar sponsored by Precisely explores vital strategies to optimise cross-channel messaging through omnichannel orchestration and real-time customer data access.