OCC: Credit, Strategic Risk Leading Issues for Small, Midsize Banks

The OCC is focusing on credit risk and strategic risk as the top risk priorities in its supervision of community and midsize banks, according to the agency’s Semiannual Risk Perspective report released today. For larger banks, compliance and operational risks remain dominant concerns, the agency added.

Credit risk has grown throughout the upswing in the economy cycle, which has seen strong loan growth combined with eased underwriting standards as banks compete among themselves and with nonbank lenders for loans. The report noted that credit concentrations have grown at banks of all sizes, particularly in commercial real estate, financial services and energy loans. Supervisors will be focusing closely on concentration risk management, the OCC said.

The agency raised particular concerns about the “notable and unprecedented growth” in auto lending, with total loan volume growing by 50 percent since 2010. As delinquencies rise and collateral values decrease, the OCC said that “some banks’ risk management practices have not kept pace with the growth and increasing risk in these portfolios.”

Strategic risk remains high as smaller and midsize banks struggle with increased nonbank competition (from marketplace lenders, for example), merger trends, the persistent low-rate environment and governance issues — particularly around innovation. “Banks are increasingly adopting innovative products, services, and processes in response to the evolving demands for financial services and the entrance of new competitors, such as out-of-market banks and financial technology firms,” the agency said.

For larger banks, the OCC highlighted operational and cybersecurity risks from their large and complex operations, as well as the ongoing challenge of integrating new rules — such as the Military Lending Act amendments taking effect in October — into their compliance management systems. Other top operational and compliance priorities for the next year include Bank Secrecy Act compliance, third-party risk management and cybersecurity, the agency added.