A US regulator has reportedly found that half of the major banks it oversees have weak or insufficient operational risk management in place.

People familiar with the matter told Bloomberg that the Office of the Comptroller of the Currency (OCC) uncovered inadequate risk management in areas such as cyber-attacks or employee mistakes at 11 of the 22 banks it oversees.

In a statement, the US watchdog said that acting comptroller Michael Hsu has "consistently discussed the need for banks to guard against complacency and actively manage their risks in order to build and maintain trust in the federal banking system."

The news comes days after a global IT outage saw banks experience disruption around the world, with some consumers unable to access their digital app services.

In May, the Bank of England (the Bank) urged UK firms involved in facilitating payments to do more ahead of the March 2025 deadline for its new operational resilience rules.

In a speech at the London Institute of Banking and Finance, executive director of financial market infrastructure at the Bank Sasha Mills said that Financial Market Infrastructures (FMIs), those that form part of the network of systems that make payments possible, still have a lot of work to be done.

The Bank’s upcoming operational resilience policy is designed to protect the wider financial sector and UK economy from the impact of operational disruptions.

Mills said that the Bank expects these firms to “accelerate” their efforts over the next year to ensure they are in a position to tolerate the negative impacts of disruption on their important business services, including mapping the key people, processes, technology, facilities, and information needed to deliver them in times of crisis.

---