Banks face elevated operational risks as they adapt to evolving technologies and persistent cybersecurity risks, according to the Office of the Comptroller of the Currency's Fall 2019 Semiannual Risk Perspective, which also flagged credit risk and interest rate risk as areas of concern.
The regulator said that while banks have generally implemented appropriate security programs, there remains a need for ongoing vigilance. Management should implement and maintain appropriate security tools and internal controls to protect their operations and sensitive data, according to the OCC.
The most common control deficiencies in cybersecurity-related matters include patch management, network configuration and access management, the report said.
The agency added that the increasing use of third-party service providers and the continued threat of fraud could increase operational risk.
The OCC also warned banks to prepare for a cyclical change while credit performance is strong, as credit risk has accumulated in many portfolios.
The recent volatility in market rates has intensified interest rate risk, which could negatively affect net interest margins of asset-sensitive balance sheets, the report said. Declines in net interest income, which is the main driver of profitability, would have a material impact on overall bank profitability.