OCC Targets Cybersecurity and AML Deficiencies - ERM is the Answer

The OCC released its “Semiannual Risk Perspective” and, perhaps as anticipated, banks continue to struggle plugging gaps in information technology practices.

Among the risks highlighted in the study, as reported by Joe Mont at Compliance Week:

  • Evolving cyber-threats and information technology vulnerabilities require heightened awareness and appropriate controls.
  • The high volumes and frequency of changes to information systems to address regulatory requirements, enhance risk monitoring reporting, and update compliance systems.
  • Banks are taking on additional risks by expanding into new, less familiar, or higher-risk products without adequate due diligence or appropriate risk management and controls.
  • The number, nature, and complexity of domestic and foreign third-party relationships continue to expand, increasing complexity, concentration, and risk management challenges.

While these risks are diverse in nature, the OCC identifies a possible solution. They suggest that banks use “Enterprise Risk Management practices to fully align with heightened standards.”

Enterprise Risk Management is an effective tool for compliance management because it evaluates a bank’s obligations in the context of both the regulatory and business environment to properly prioritize resources. Rather than just meeting the letter of the law, ERM provides a mechanism to document the achievement of compliance while improving daily operations and increasing operational efficiency on a daily basis at the same time.

For example, cross functional risks like cybersecurity are only addressable across silos with an Enterprise Risk Management methodology. Cybersecurity is not only an internal concern, but has cascading effects on vendors and service providers. One in three banks don’t require third parties to alert them about ..., indicating an obvious communication failure between the IT and vendor management governance functions. Many businesses conduct an IT assessment on vendors AFTER they select the vendor to validate what mitigation controls are actually in place verses what was promised during the sales cycle. ERM provides a common, risk-based approach to Governance, Risk, & Compliance activities to identify connections between departments, vendors and the impact of risks based on these connections; so that these gaps can be identified and addressed before they make their rounds on social media.


How does LogicManager help organization’s address the cross functional issues posed by cybersecurity? Learn more by downloading our annotated guide on how to implement SEC Cybersecurity Best Practices with ERM.

Views: 81


You need to be a member of GlobalRisk community to add comments!

Join GlobalRisk community

Our Sponsors

Would you like to reach over 90,000 + Risk Professionals? 



Current Partners Include:





Join GRC Inner Circle - Get Top Risk Resources, Member Support PLUS become our patron

Business Exchange

If your organization delivers products and services that bring value to our members, you are welcome to join our partnership program.

Companies are welcome to setup a business profile page in our Multimedia Business Directory. You will get full control of the page and can include cutting edge possibilities – videos, adverts, presentations, white papers, job offers, Press Releases, product information, company blog, news feeds and more.


Our Knowledge Partners

Request our MEDIA KIT

Our Twitter feed

© 2020   Created by Boris Agranovich.   Powered by

Badges  |  Report an Issue  |  Terms of Service