On October 20, the OCC released modifications to its risk management principles for new, modified, or expanded financial products and services (collectively, new activities). Bulletin 2017-43 rescinds OCC Bulletin 2004-20 and section 760 of the Office of Thrift Supervision Examination Handbook. The Bulletin provides guidance on risks in the following categories: strategic, reputational, credit, operational, compliance, and liquidity. The Bulletin also outlines the main components of an effective risk management system, such as the need for:

  • “adequate due diligence and approvals before introducing a new activity”;
  • “policies and procedures to properly identify, measure, monitor, report, and control risks”;
  • “effective change management for new activities or affected processes and technologies”; and
  • “ongoing performance monitoring and review systems.”

According to the OCC, the sophistication of a bank’s risk management system should be commensurate with the bank’s size, complexity, and risk profile. Further, “bank management and boards of directors should understand the impact of new activities on banks’ financial performance, strategic planning process, risk profiles, traditional banking models, and ability to remain competitive.”