OCC Official: Banks Need ‘All-Hazards Approach’ to Operational Resilience Plans  

The coronavirus pandemic response has demonstrated the need for banks to take an “all-hazards approach” when designing a comprehensive operational resilience framework, said Kevin Greenfield, the OCC’s deputy comptroller for operational risk policy during the ABA Risk and Compliance Virtual Conference today. Noting that COVID-19 provides a “textbook case of operational disruption,” Greenfield emphasized the importance of implementing a framework that includes, among other things, effective change management processes.

“In our current scenario, we’ve seen banks rapidly redesign many operations to adhere to many of the COVID-19 restrictions, as well as quickly stand up processes to support government stimulus efforts,” Greenfield said. “Risk and change management capabilities are needed not only to address operational, credit risks with pandemic response programs, but there’s also the need to manage the reputation, compliance and even strategic risks associated with these efforts.”

Greenfield also flagged a rise in cyber threats—both related to and unrelated to the pandemic—that warrant banks’ particular focus on ensuring cyber resiliency. Regulators have noted a recent uptick in in the use of destructive malware, particularly ransomware, he said. “These attacks have the potential to be especially damaging, and can quickly jeopardize the safety and soundness of a financial institution. I cannot emphasize enough the importance of having sufficient controls to detect, protect and most importantly, respond to these types of structured attacks.”