Secret bank ratings show US regulator’s concern on handling risk


Pedestrians walk along Wall Street near the New York Stock Exchange (NYSE) in New York, US, on Thursday, May 16, 2024. Photographer: Alex Kent/Bloomberg

NEW YORK: A key US regulator has privately found half of the major banks it oversees have an inadequate grasp of a broad swath of potential risks from cyber attacks to employee blunders, according to people familiar with the matter.

In the confidential assessments, the Office of the Comptroller of the Currency (OCC) said 11 of the 22 large banks it supervises have “insufficient” or “weak” management of so-called operational risk, said the people, who asked not to be identified because the information isn’t public.

That contributed to about one-third of the banks rating three or worse on a five-point scale for their overall management, the people said.

The scores are the latest sign that US regulators are concerned about the level of risk at the country’s largest banks in the wake of a series of failures last year.

Operational risk is one of the categories by which regulators evaluate overall risk at the banks they oversee.

Each bank’s individual ratings are closely held, but regulators sometimes use aggregate data on banks’ grades to highlight areas of concern in discussions with other agencies and the industry.

At the OCC, the operational-risk assessment feeds into a report card known as CAMELS ratings, grading firms on a one-to-five scale for each component – capital adequacy, asset quality, management, earnings, liquidity and sensitivity to market risk.

Those grades create an overall rating that determines the degree of scrutiny or leeway a firm faces, including the activities it can engage in and how much capital it has to hold.

The OCC didn’t comment specifically on the non-public findings.

The regulator said that acting comptroller Michael Hsu has “consistently discussed the need for banks to guard against complacency and actively manage their risks in order to build and maintain trust in the federal banking system”.

Operational risk is meant to cover a range of potential threats to banks beyond loans going bad or market swings causing losses.

That can include anything from employee mistakes and legal troubles to natural disasters and technology snafus.

Banks have to show regulators plans for managing such risks, and they have to hold capital against those threats, a requirement that’s long been debated because they’re harder to measure than credit or market risks.

The harsh grades are part of sweeping regulatory scrutiny in the wake of the record-setting bank failures last year, after which regulators vowed to do more to identify and act on problems.

The OCC’s large bank portfolio ranges from regional lenders with at least US$50bil in assets to the megabanks with trillions.

Hsu said in a congressional testimony in May 2023 that, while none of the banks that had just failed were overseen by the OCC, he reviewed his agency’s processes and emphasised the need for “timely and forceful supervisory action”.

The agency calls operational risk the “broadest component” of its supervisory framework, and it functions as something of a catch-all as the technology banks rely on develops.

In a report last month, the OCC said that aspect is “elevated” as the industry responds to “an evolving and increasingly complex operating environment”.

Last year, the OCC, Federal Reserve and Federal Deposit Insurance Corp released guidance for banks on how to mitigate risks from third-party vendors.

The agencies said that “the use of third parties, especially those using new technologies, may present elevated risks” and instructed firms on how to monitor such activities.

The agencies doubled down this year, issuing a warning on the use of outside artificial intelligence tools. — Bloomberg

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Cyber , breach , attack , security

   

Next In Business News

Advancecon bags RM44.6mil construction contract from Sime Darby Property
Gamuda wins RM1.87bil contract for Goulburn River Solar Farm in Australia
FBM KLCI slides at midday as market sentiment remains cautious
Indonesia's November exports up 9.1% y/y, more than expected
Sime Darby Property retains AA+IS rating for RM4.5bil sukuk for fourth year
China's factory output up, but consumption still a drag
Malaysia’s capital market hits RM4 trillion milestone, driven by strong domestic growth and IPO surge
TopVision makes ACE Market debut with 18% premium
China November industrial output rises 5.4%, above expectations
Foreign investors extend Bursa Malaysia sell-off with RM882.4mil outflow

Others Also Read