(270) 506-5140 CONTACT US

OCC Released 2018 exam priorities: NR 2017-113

Oct 18, 2017 by Branan Cooper

On September 28, 2017, the Office of the Comptroller of the Currency (OCC) released Bank Fiscal Year 2018 Bank Supervision Operating Plan, aka, NR 2017-113. Thanks for the acronym fun… but what does that really mean? That means if you are a compliance officer, risk manager or third party risk manager, you should be paying very close attention.

Areas of Focus for 2018

In the advisory, the OCC identifies several areas of focus – none of which should come as a surprise, if you’ve followed the events of 2017 closely. Among these priorities are:

  • Cybersecurity and operational resiliency
  • Commercial and retail credit loan underwriting
  • Business model sustainability
  • BSA/AML compliance management
  • Change management to address new regulatory requirements

You can find the entire bulletin as well as the supporting documentation here.

Vendor Management Expectations for 2018

Wait! Did we hear a yawn and see a shrug from the folks in third party risk management? Wait a second – you have lots to read yourselves. In fact, there’s an entire section devoted to Service Providers and specific expectations.

In total, Service Providers and third parties are referenced over 60 times in the document. That’s right – 60 – as in approximately the same leap in heart rate that we experienced when we read that.

Now, we shouldn’t find that surprising – after all, we could have seen it coming – numerous UDAAP (Unfair, Deceptive or Abusive Acts and Practices) enforcement actions throughout the year – many with third party implications, updated OCC guidance in bulletins 2017-7 and 2017-21 on third party risk management and the alarming Equifax data breach.

On top of that, as we noted in a special advisory a few months ago, both the FDIC and OCC internal reports have been highly critical of lapses in third party oversight activities during examinations.

Next Steps to Prepare

Now is the time to start preparing for 2018 – a few key steps we’d strongly recommend:

  1. Review your policy and program document for any items that need to be updated
  2. Review your last internal audit and examination reports for any deficiencies that need to be addressed
  3. Review recent enforcement actions and use that as a lens to examine your own practices
  4. Read carefully Bulletins 2017-7 and 2017-21 – they are practically the playbook for the upcoming examinations. In fact, one is the supplemental examination guide for third party risk management – do
  5. .1esn’t get much more plain English than that as to what they’ll be expecting
  6. Consider the adequacy and training of your staffing
  7. Make sure your processes are thoroughly documented and can be evidenced in actual work products
  8. Read the Bank Supervision Operating Plan in detail – it’s only 8 pages long but much of it will be very instructive in terms of particular things you may wish to consider unique to your own institution

We have published lots of material on all of these topics throughout the year and the OCC, to its credit, is telling us precisely the things they’ll be looking for. Each institution is different, each one has its unique strengths and weaknesses, so it’s important that you develop detailed plans around the OCC guidance, particularly the supplemental examination guide.

Finally, lest you think we’re warning you far too soon – remember, the government fiscal year 2018 actually started October 1, 2017, and while your exam may be months away, it’s never too soon to think in terms of 2018 priorities.

For more exam preparation help, download our infographic.

how to write a third party policy

Branan Cooper

Written by Branan Cooper

Branan Cooper is the Chief Risk Officer at Venminder. Branan has nearly 30 years of experience in the financial services industry with a focus on the management of operational and regulatory processes and controls—most notably in the area of third party risk and operational compliance. Branan leads the Venminder delivery team as the third party risk management subject matter expert in residence. Branan also serves as an industry thought leader. He's a member of InfraGard and the Professional Risk Management Industry Association (PRMIA). And, he was selected in 2018 as an advisor to the Center for Financial Professionals (CEFPro) and board member for the Global Sourcing Resource Network (GSRN).

Follow Branan Cooper

Subscribe to the Venminder Blog