OCC Report Highlights Risks Linked to Evolving Cyberthreats

According to the latest semi-annual risk report issued by the U.S. Office of the Comptroller of Currency (OCC), new methods of money laundering and a growth in both the volume and sophistication of electronic banking fraud have significantly increased the Bank Secrecy Act (BSA) and anti–money laundering (AML) risks faced by U.S. banks. Of particular concern is the potential of cybercriminals shifting from current disruptive attacks to those intended to cause destruction and corruption.

The report finds that rapidly evolving technology and business processes, together with a limited ability to increase revenue and operating profit are making it difficult for banks to keep up with threats. Sluggish economic growth has led many banks to diversify their business models, often accepting additional risks by venturing into new, unfamiliar or high-risk products and services. Banks that fail to evolve or incorporate appropriate controls into these new endeavors further compound risks. Others have lowered their overhead expenses, resulting in inadequate resources and expertise devoted to BSA/AML risk management. Furthermore, an expansion in the amount, nature and complexity of third-party relationships has resulted in increased interconnectedness, further heightening vulnerabilities to cyberattacks, especially where banks fail to carry out appropriate due diligence measures.

Noting that banks remain attractive targets for cyberattacks, the OCC advises banks to increase awareness of these risks and deploy the appropriate resources to properly identify and mitigate the associated risks. In the current environment, such proactive measures are crucial for avoiding the financial and reputational losses and/or liability that can result from data breaches, money laundering and other financial fraud.

Banks can protect themselves and their customers by carrying out thorough risk assessments, implementing effective internal controls, due diligence and data security measures and retaining staff qualified to carry out these functions. Employee training is also crucial for effective compliance programs and data security frameworks.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Thomson Reuters Compliance Learning | Attorney Advertising

Written by:


Thomson Reuters Compliance Learning on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.