OCC Poised to Ramp Up Scrutiny on Larger Banks

Moving into the new year, headlines swirled around bank stress tests and rulemaking from the Federal Reserve. 

And while much attention has been paid to the role of the central bank in the coming years, and the Consumer Financial Protection Bureau’s (CFPB) own rulemaking touching on everything from credit card late fees to BNPL, the Office of the Comptroller of the Currency (OCC) looks poised to impact banking as well, particularly for larger financial institutions (FIs).

AML Under the Microscope

The OCC regulates and supervises national banks and federal savings associations as an independent bureau as part of the Treasury Department, and anti-money laundering (AML) practices have been among the focal points.

Last week, the OCC announced a cease and desist order had been issued to Bank of America — and as part of the order noted that deficiencies had been identified in the Bank Secrecy Act (BSA) and sanctions compliance efforts. The OCC said in the filing that BofA had failed to file suspicious activity reports in a timely manner. 

Bank of America has been ordered to take corrective actions to address the deficiencies — and detail that the bank “shall develop, implement, and maintain an enhanced system of internal controls to assure ongoing BSA and Sanctions compliance and mitigate and manage money laundering, terrorist financing, and other illicit financial activity risks and sanctions risks commensurate with the Bank’s size, complexity, and risk profile. The internal controls shall include effective sanctions screening systems that ensure compliance with Sanctions requirements and are subject to periodic independent validation.”

Earlier that same month, OCC issued a separate cease and desist order against USAA Federal Savings Bank, where the order replaced previous orders issued in 2019 and 2022. 

Among other things, the OCC had found deficiencies with USAA’s internal audit and suspicious activity reporting. The OCC said in its order that USAA “shall not add any new product or service or expand its membership criteria without evaluating and documenting the compliance and operational risks posed by adding the new product or service or expanding its membership criteria, ensuring the Bank has adequate controls to mitigate such risks, and providing 90 days prior written notification” to examiners.

As reported here, Axiom Bank was cited for practices related to its BSA/AML compliance program. And the regulator issued a cease and desist order and $450 million penalty to the American arm of Canada’s TD Bank for failures of its BSA/AML program.

The Roadmap

In its “Semiannual Risk Perspective,” issued by the OCC in the middle of last month, the OCC detailed that “from a compliance risk perspective, banks continue to operate in a dynamic banking environment. … it remains important for banks to maintain appropriate risk-based compliance risk management frameworks capable of growing and transforming as their risk profiles change. Banks should perform timely investigations of fraud and unauthorized transaction disputes” and noted elsewhere in the report that  “operational risk is elevated. Banks continue to respond to an evolving and increasingly complex operating environment. Evolving cyber threats by sophisticated malicious actors target the financial services industry and their key service providers. Recent significant disruptions across many sectors, including the financial sector, highlight the importance of sound third-party risk management and operational resilience.”

The OCC’s observations take place against the backdrop where, as PYMNTS Intelligence has found, in collaboration with Hawk AI, 7 in 10 FIs are now using artificial intelligence and machine learning in their anti-fraud efforts.

The OCC’s bank supervision operating plan for fiscal year 2025 has offered what might be termed a roadmap that includes focusing on intelligence analysis; threat and vulnerability detection; and strong authentication and access controls, including use of multifactor authentication, to include third-party access management, network management and data management. Risk analysis also centered on “third-party and other subcontracted relationships, particularly those with financial technology companies (FinTechs) that provide consumers and businesses access to banking products and services.”

And as PYMNTS reported in November, Acting Comptroller of the Currency Michael J. Hsu said in testimony on Capitol Hill that he supports “federal payments regulation and a chartering regime for nonbanks.”

The post OCC Poised to Ramp Up Scrutiny on Larger Banks appeared first on PYMNTS.com.