WASHINGTON — The Office of the Comptroller of the Currency has added sales practices as a source of significant risk to the banking industry, a response to the phony-accounts scandal that engulfed Wells Fargo in the final few months of last year.
In its semiannual risk review released Thursday, the agency largely found a well-performing industry, but one that is still vulnerable to certain risks, including loosened underwriting standards, commercial real estate exposure, cybersecurity threats and being left potentially obsolete in a rapidly changing technological environment.
While many of these fears have been raised before, a new focus on "governance over sales" as a key risk issue for large banks was added in the wake of the Wells fiasco. Critics blamed Wells' aggressive sales culture for encouraging employees to open fake accounts in order to reach sales goals.
"After the OCC's actions against Wells Fargo for failures in governance of its sales practices, the OCC initiated a broader review to assess whether similar practices and weaknesses are occurring in other large and midsize banks," Comptroller of the Currency Thomas Curry said in a conference call with reporters. "We are at this stage assessing how the banks that we've identified are dealing with similar issues that have occurred at Wells Fargo."
The report went far beyond Wells, tackling other issues as well. Following is a guide to what the agency sees as the danger zones for banks in the new year:
The Fintech Challenge
Just a month after the OCC proposed to offer a limited-purpose bank charter for fintech companies, the agency reiterated that financial institutions remain vulnerable to so-called strategic risk stemming from the rise of financial innovation. The agency fears some institutions will be left behind by new technologies.
"Part of our focus on fintech has really been to make sure that our community banks are in a position to adapt to the changing consumer demands for newer and better technology and that's really what we're trying to address from a policy standpoint," Curry said.
For the OCC, this risk is particularly severe for smaller institutions, and is listed as the number one priority for midsize and community banks.
"Strategic risk continues to be concentrated in smaller banks searching for revenue and market niche," the report said. "Failure to innovate to meet evolving needs or financial services may place a bank at a competitive disadvantage."
However, the OCC also noted that large banks face strategic risks of their own associated with growing regulatory requirements beyond certain size thresholds, or with the U.K.'s decision to leave the European Union. Responding to that will force large banks to "reassess staffing and legal entity structures, booking models" and make organizational changes, the report said.
Oil, CRE and Underwriting Standards
The OCC warned that in a number of areas — including commercial real estate lending, oil and gas loans and auto loans — financial institutions might be spreading themselves too thin.
"Banks continue to ease underwriting practices across a variety of commercial and retail credit products given their desire to boost loan volume and respond to competition from bank and nonbank lenders," the report said. "The level of risk is increasing, however."
In 2016, underwriting practices eased "incrementally" for the fourth consecutive year because of reasons including competition, higher credit risk appetites, and an optimistic outlook on the economy, according to a survey conducted by examiners.
Auto lending, which has sparked interest from
In addition, the OCC said, certain banks have underestimated loan growth, rising credit concentrations and other important factors when calculating their loan and lease losses. Credit underwriting and stress testing that addresses low oil prices should be among the top three priorities for midsize and community banks, the agency said.
Anti-Money-Laundering and Cyber Threats
The OCC highlighted new and changing rules governing anti-money-laundering and consumer protection, including the application of the Bank Secrecy Act to a growing number of users entering the banking system through third parties.
It also cited struggles by banks to adopt new integrated mortgage disclosures and changes to the Military Lending Act.
The OCC last year created a new department dedicated to compliance and supervision issues, said Curry, to send "a clear message of the importance of compliance."
Cybersecurity, meanwhile, remains a top threat — one that is likely to only increase.
"Banks and regulators must continuously up their game to protect against the latest cyberattack and ensure they are capable of maintaining their operations and recovering in the event that an attack does occur," Curry said.
In its report, the OCC noted that hackers had targeted interbank networks. For instance, last year hackers gained access to the Swift network through the Bank of Bangladesh, allowing criminals to steal $101 million from the Bangladesh bank's account at the New York Fed in February.
"The number, nature, and complexity of domestic and foreign third-party relationships continue to expand, increasing risk management challenges and possible third-party concentration risk," the report said.
Meanwhile, with rising pressure to integrate innovative technologies, banks are finding themselves working with more and more third parties, which also gives them less control of their systems, the OCC said.
"It is important for banks to focus on timely adapting risk management and control processes to these changes in business strategy," the report said.