AIBAAnnual Compliance Seminar

June 17, 2015

Table of Contents

•OCC Risk Perspective•Current Regulatory Environment•Expectations for BSA/AML Risk Assessments•Matters Requiring Attention (MRAs)

2

National Risk Committee (NRC) Risk Priorities and Actions

• Strategic Risk

• Cyber Threats

• Loosening Underwriting

• Interest Rate Risk

• BSA/AML Compliance

• Effective strategic planning key to managing risk

• Increasing threats in number and sophistication

• Confirmed in 2014 Underwriting Survey

• Varied range of practice in IRR modeling

• Compliance challenges continue

3

OCC Risk Perspective Fall 2014

Operating Environment• Competitive pressures• Prolonged low interest rates• Varied loan growth• Challenge to increase revenue and operating profit without

taking on excessive risk• Expense reduction difficult without diminishing quality of

control environments• Difficulty retaining and replacing key experienced personnel• Increasing frequency and sophistication of cyber-attacks

4

OCC Risk PerspectiveFall 2014

Key Risk Themes Strategic RiskImplications: Anxiety for income

•Increased risk taking and risk layering to beat competition and increase revenues

•Strategic viability, existing business models, risk appetites, and merger/acquisition opportunities are being assessed

•Entry into new products/services, where banks may not have past experience or expertise, or the appropriate risk controls to safely embark. See OCC guidance on Risk Management of New, Expanded, or Modified Bank Products and Services

•Limited management succession and talent retention options

5

OCC Risk PerspectiveFall 2014

Key Risk Themes Operational Risk

Implications: Systems not keeping pace with changes and threats

•Banks continue to be targets of coordinated, sophisticated and evolving cyber-attacks •Business models are under increasing pressure as bankers seek to launch new products, use IT automation, reduce staffing and re-engineer business processes. •Many operational risk management programs are under development or have failed to evolve or incorporate appropriate controls into new products, services or regulatory changes•Number, nature and complexity of foreign and domestic third-party relationships continue to expand potentially without appropriate due diligence and ongoing oversight as required by OCC Bulletin 2013-29•Increased use of foreign central counterparties exposes banks to additional legal, political and concentration risk

6

OCC Risk PerspectiveFall 2014

Key Risk Themes Credit Risk

Implications: Underwriting loosening and increased risk layering

•Credit risk building during period of improving credit quality

– Competition resulting in eased underwriting across a variety of products

– Erosion of underwriting standards already noted in syndicated leveraged loans, indirect auto, ABL, CRE and C&I lending

– Risk layering via increased collateral advance rates, waiving/loosening of guarantees, and more liberal repayment terms such as extended interest-only payments

– Increasing policy, underwriting, and collateral exceptions

•ALLL and capital not always keeping pace with increased loan growth and noted underwriting concerns

7

OCC Risk Perspective Fall 2014

Key Risk Themes Interest Rate Risk

Implications: Vulnerability to rapidly rising interest rates

•Range of practice for IRR management in midsize and community banks vary

•Risk of atypical rate sensitivity in nonmaturity deposits, which may include surge deposits merits additional analysis and stress testing to support underlying assumptions

•Extending asset maturities for yield with decreasing regard for affect on interest rate risk

•Depending on the severity and timing of interest rate moves, some banks could face significant earnings pressure and potential capital erosion

•Asset managers seeking to increase yields in client portfolios face similar reputation and compliance risks as balance sheet managers if rates rise and portfolio performance significantly declines.

8

OCC Risk Perspective Fall 2014

Key Risk Themes Compliance Risk

Implications: Increased risk due to inadequate resources or expertise

•Some compliance programs have failed to evolve or incorporate appropriate controls into new products, services, regulatory changes and changing customer profiles

•Changing money laundering methods and growth in the volume and sophistication of electronic banking fraud challenge compliance risk managers

•BSA/AML risk increasing in community banks due to noted increases in cash intensive customers and internationally oriented transactions

9

OCC Risk Perspective Fall 2014

Large BanksCondition •Sound financial condition with continued positive trends in asset quality, liquidity and capital•Earnings and management remain challenged•MRAs are predominantly associated with operational, credit, BSA/AML, compliance, and internal controls.

•RAS ratings reflect high operational, compliance, reputation, and strategic risks.

•Risk management weaknesses predominately associated with operations, BSA/AML, compliance,

internal controls, and credit are driving MRAs, ratings and enforcement actions.

Outlook•Moderate to strong commercial loan growth into 2015.•Cyclical margin expansion that is possible in 2015 and beyond, in the event short-term interest rates begin to rise. •Increasing ALLL provisions.

10

OCC Risk Perspective Fall 2014

Large BanksSupervisory Priority

Governance/oversight

Cyber/Operational risk

Credit Underwriting

BSA/AML Compliance

Supervisory Action

Focus on identifying substantive gaps in relation to OCC’s heightened standards guidelines.

Focus on bank risk management and how the banks manage operational risk in an integrated fashion, including bank preparedness for assessing and continuously adjusting controls for the evolving cyber-threat environment.

Review commercial and retail credit underwriting practices, especially for leveraged loans, indirect auto and commercial loans for slippage in structure or terms.

Focus on the adequacy of enterprise-wide compliance risk management, including BSA/AML programs, in response to evolving money-laundering schemes and the rapid pace of technological change. Assess banks’ effectiveness in identifying and responding to applicable risks posed by new products, services, customers and regulatory requirements.

11

OCC Risk Perspective Fall 2014

Community and Midsize BanksCondition •Satisfactory and improving primarily because of positive trends in asset quality•Pressures persist at many small banks because of acute competition for existing loan demand and declining investment yields.

•Top 5 MRAs are credit, compliance, management, information technology, and audit.

•RAS ratings reflect higher strategic and compliance risk and increasing operational risk.

Outlook•Moderate to strong loan growth; however, not in all banks.•Stabilizing NIM and stronger capital ratios.•Suppressed mortgage-banking revenue and low gain-on-sale margins.•A continued search for higher-yielding assets and profitable strategic business niches.•Expansion into new products and services to meet rate-of-return objectives.

12

OCC Risk Perspective Fall 2014

Community and Midsize Banks Supervisory PriorityStrategic plan execution

Cyber security/Ops risk

Credit underwriting

Interest rate risk

BSA/AML compliance

Supervisory ActionFocus on the adequacy and execution of strategic, capital, and succession plans in light of assumed risks and planned initiatives (including M&A), assessing whether bank plans are realistic and risk management processes are followed.

Review programs for assessing the evolving threat environment as well as for robust vulnerability assessments and incident response programs. Assess contingency and reconstitution planning for disruptions including destructive attacks.

Evaluate the underwriting practices for new or renewed loans in banks’ commercial and industrial (C&I), commercial real estate (CRE), indirect auto, ABL, middle market, and energy portfolios for slippage in structure or terms.

Assess individual banks’ IRR management practices in light of range of practice data. Focus on each bank’s ability to accurately identify and quantify IRR in both assets and liabilities (e.g., investment securities and nonmaturity deposits) under varying model scenarios.

Focus on whether BSA/AML programs are sufficiently staffed and keeping pace with rapidly evolving money-laundering schemes, as well as with new products, services, and customers.

13

OCC Risk Perspective Fall 2014

OCC Risk Perspective Fall 2014

14

Current Regulatory Environment

BSA risk continues to increase • Technological developments • Enhanced product offerings and access to financial services• Criminal typologies evolve and leverage such innovations

Expectations• Effective risk assessment processes relative to the overall BSA/AML risk profile of the

institution• Effective suspicious activity monitoring and reporting systems• An effective sanctions screening program• Effective CDD and EDD programs to manage the risks associated with their customers

• Banks should assess the risks posed by their customers on a case-by-case basis and to implement controls to manage and monitor the relationship commensurate with the risks associated with each customer

15

Current Regulatory Environment

OCC Risk Perspective Fall 2014

Shift in risk• Banks with less sophisticated risk identification and monitoring systems may be taking

on what have been considered more high-risk customers due to customer risk reevaluation activities within some larger institutions

• With regard to “high-risk” customers, we as an agency do not direct banks to open, close, or maintain individual accounts, nor does the agency encourage banks to engage in the termination of entire categories of customers without regard to the risks presented by an individual customer or the bank’s ability to manage the risk

• As banks with historically lower risk profiles, appetite, and strategic direction previously dealt with less complex risk, these financial institutions may not have commensurate controls in place to manage an increased volume of high-risk customers and new transaction types and patterns

16

Current Regulatory Environment

OCC Risk Perspective Fall 2014

Constraints on resources• Changes in business models, increasing participation of non-bank financial institutions

in providing traditional banking services• Emerging risks with new product and service offerings, and failure to resolve

previously identified compliance issues in a timely manner continue to impact banks’ compliance efforts and have resulted in a range of supervisory enforcement actions

Lengthy remediation processes• Failure to timely and effectively remediate previously identified weaknesses within

the BSA/AML space can lead to unintended increases to the bank’s overall BSA/AML risk profile, and increased reputational and regulatory risks

OCC Bulletin 2014-58 “Statement on Risk Management Associated with Money Services Businesses (MSB)” guidance addresses MSB customers however, the overarching principals of the guidance have broad applicability.

17

Expectations for BSA/AML Risk Assessments

OCC Risk Perspective Fall 2014

Comprehensive risk assessment • Critical component of an effective BSA/AML compliance management program• The risk assessment process is a function of risk management and control, which

correlates to the institution’s mission, strategic goals, and risk appetite • The risk assessment is a living document, encompassing a dynamic process that

incorporates all facets of risk institution-wide• Consider not only transaction volumes and number of accounts for all products and

services when assessing the risk posed by these, but also the nature of the transactions and accounts

• Leverage the risk assessment for various operational and strategic initiatives BSA/AML risk evaluation • Identify traditional sources of risk, such as products, services, customers, and

geographies• Measure the level of risk posed by these sources • Evaluate controls and mitigating factors unique to the institution • Monitor risk

18

Expectations for BSA/AML Risk Assessments

OCC Risk Perspective Fall 2014

Consider unique attributes of the existing or new products and services. • Higher-risk jurisdictions• Customer types with inherently higher BSA/AML risk profiles• Method of account opening• Perceived or actual anonymity associated with the product or service• Residual risk• Not a one size fits all

Risk assessment impacts BSA Compliance Program.

Information garnered during the BSA/AML risk assessment process can be an ongoing re-evaluation of risks within a bank’s portfolio and a customary part of the normal risk assessment processes undertaken by institutions.

19

MRA Trend

20

BSA MRAs

21

Function Area

22

Questions?