Highlighting the operational, strategic, and compliance risks confronting financial institutions, the Office of the Comptroller of the Currency (OCC) published its “Semiannual Risk Perspective” report in late June based on 2013 year-end data. Banks examined by the FDIC or Federal Reserve should also consider the report a weather vane for their next examinations.

While the agency began its report on a positive note, describing the improved financial performance of federally chartered institutions in 2013 and a new record level of net income, it identified significant challenges and concerns in the current lending and operating environment. Competition for limited lending opportunities is resulting in loosening credit policies and underwriting standards and a search for revenue in new, often less familiar and higher risk products and services or outsourcing expense control solutions, sometimes without sufficient due diligence. The report also noted the cost and challenge to banks as “the volume and velocity of change in technology systems and business processes continue to increase.”

Cyberthreats and risks related to the Bank Secrecy Act and anti-money laundering compliance (BSA/AML) rank among on the agency’s list of key risk areas. Both the volume and sophistication of electronic banking fraud have increased, the OCC said, making it hard for banks to keep pace. Methods of money laundering continue to develop and change, requiring financial institutions to stay on their toes. “BSA programs at some banks have failed to evolve or incorporate appropriate controls into new products and services,” according to the report, suggesting that additional resources be devoted to the issue.

While most cyber attacks currently aim to disrupt business, the report expressed concern that attackers could change their approach and aim for “destruction and corruption.” Complicating the issue is the growth in “the number, nature, and complexity” of foreign and domestic third-party relationships, which leads to increased interconnectedness of systems and, in turn, greater cyber vulnerability.

Banks also face significant strategic risks, the OCC said, in looking for sustainable ways to generate target rates of return in the wake of the continued slow pace of the recovery from the financial crisis. Many banks are reevaluating their business models by expanding into new products while others are trying to cut costs and lower overhead. Smaller banks continue to lag behind larger banks in returns on equity and increasingly face competitive pressure from nonbank firms seeking to expand into traditional banking activities, the report acknowledged.

The OCC cautioned that examiners have begun to detect an “erosion in underwriting standards” due to the increased competition, citing the indirect auto lending market as problematic. Auto loans – typically obtained through a dealership – were a source of growth for banks, the report noted, but competition has led to tweaks in lending terms. “The results have yet to show large-scale deterioration at the portfolio level, but signs of increasing risk are evident,” the OCC said.

To read the OCC’s Semiannual Risk Perspective, click here.

Why it matters: Boards of Directors and senior bank management should not be surprised if their governance and risk management are questioned in upcoming examinations for shortcomings in credit underwriting or new strategic efforts as well as lapses in controls and compliance—particularly in BSA/AML or cyberfraud protection. The OCC emphasized the need for risk management by “balancing resource constraints, retention of key talent, and overall capability to monitor the breadth of change.” For cyberthreats and vulnerabilities, the agency referred financial institutions to statements from the Federal Financial Institutions Examination Council earlier this year cautioning banks about data security threats, adding that the “threats require heightened awareness and appropriate resources to identify and mitigate the evolving risks.”