Technology advances such as artificial intelligence, machine learning, algorithms, and cloud data storage are having a significant impact on banking operations. Financial technology (FinTech) companies are creating new opportunities to provide consumers, businesses, and communities with more access to and options for products and services.
Some of these opportunities are in concert with financial institutions and others compete with traditional banks. Even evolving blockchain technologies may present future opportunities to better serve consumers and businesses.
However, whenever there is change, including the evolutionary and even potentially disruptive changes on the horizon, there is increased risk. According to the OCC, "bank management and boards of directors should understand the impact of new activities on banks' financial performance, strategic planning process, risk profiles, traditional banking models, and ability to remain competitive".
OCC examiners consider new activities' effect on banks' risk profiles and the effectiveness of banks' risk management systems, including due diligence and ongoing monitoring efforts. From the regulator's perspective, when banks fail to fully consider appropriate risk management systems and controls before approving new activities, the lapses can result in:
- Costly errors, unfavorable consequences, and losses
- An inability to achieve business plan objectives
- Systems and control problems
- Violations of applicable laws and regulations
- Litigation
Moreover, negative results can lead to strategic, reputation, credit, operational, compliance, and liquidity risk.
Learning Objectives:
- Methods for identifying risks associated with new activities
- Designing effective risk management systems to identify, measure, monitor, report, and control risks when developing and implementing new activities
- Methods for addressing effective and principles-based risk management systems based on the following components covered during regulatory examinations
- Adequate due diligence and approvals before introducing a new activity
- Policies and procedures to properly identify, measure, monitor, report, and control risks
- Effective change management for new activities or affected processes and technologies
- Ongoing performance monitoring and review systems