The federal banking sector remains sound, although banks’ operational risk remains elevated as evolving cyber threats target the financial services industry and their key service providers, the Office of the Comptroller of the Currency said today in its semiannual risk perspective.
The OCC report examined risks in several areas. Commercial credit risk remains moderate and shows signs of stabilizing, although the commercial real estate office sector remains stressed, according to the agency. Overall retail credit risk is stable, with delinquency and loss rates on residential real estate secured loans held by banks remaining historically low but increasing.
However, operational risk is elevated as cyber threat actors continue to evolve and refine their tactics by using more advanced technology, such as artificial intelligence, the OCC said. Banks also continue to engage with third parties, including financial technology firms, “expanding the cyberattack surface.”
“It is important that banks maintain effective change management and third-party risk management, including ensuring that third parties throughout the bank’s information technology supply chain are adhering to secure software development standards to reduce the risk of disruptions or compromises,” the OCC said in the report.
“Additionally, it is critical that banks and their service providers have effective threat and vulnerability monitoring processes and security measures, including the use of multi-factor authentication, hardening of systems configurations, testing software updates before implementation, phased rollouts of software updates, timely vulnerability patch management and immutable backups,” it added.
