OCC Flags Elevated Credit, Cyber, & Compliance Risks in Spring Risk Report

Key Takeaways

• Commercial Credit Risks Rising: Geopolitical instability, sustained higher rates, and refinancing risks are creating pressure across CRE and leveraged corporate lending segments.
• Operational and Cyber Risk Elevated: Sophisticated cyber threats, legacy IT vulnerabilities, and third-party dependencies highlight the need for strong operational resilience.
• Compliance and Fraud Risks Persist: BSA/AML compliance challenges and fraud schemes—especially involving fintech partnerships—continue to escalate.
• Innovation Brings Complexity: Adoption of AI, digital payments, and crypto services offer efficiency gains but introduce governance, model, and cybersecurity risks.
• Banking System Resilient but Cautious Outlook Ahead: Profitability remained stable in 2024, but slower loan growth and growing economic uncertainty cloud the 2025 outlook.

Deep Dive

The Office of the Comptroller of the Currency (OCC) has released its Spring 2025 Semiannual Risk Perspective, highlighting a growing list of pressures on the federal banking system, from rising commercial credit and refinance risks to increasingly sophisticated cyberattacks and compliance challenges tied to fraud and digital innovation.

While the OCC affirms that the overall strength of the federal banking system remains sound, the report paints a more cautious picture of the road ahead. Consumer sentiment is cooling, macroeconomic indicators are softening, and global geopolitical tensions are introducing new variables into an already complex risk landscape.

Commercial credit risk, for instance, is on the rise, driven by sustained high interest rates, persistent geopolitical risk, and heightened uncertainty across sectors. Refinancing remains a key vulnerability, particularly for loans originated during low-rate periods or tied to underperforming commercial real estate (CRE) assets. Office vacancy rates are projected to rise into 2026, while property values across some CRE sectors may continue a slow decline. The OCC also flagged increasing pressure on borrowers in the agricultural sector and industries exposed to global trade volatility.

Retail credit risk remains stable, for now. While most consumer segments continue to weather elevated prices and debt levels, wage growth is slowing and consumer sentiment is deteriorating, factors that may eventually strain repayment capacity, especially for credit cards and auto loans.

Market Risk and Bank Performance

Net interest margins (NIMs) improved in late 2024, benefiting from cuts to the effective federal funds rate (EFFR). However, unrealized losses in investment portfolios remain a concern, particularly with sharp fluctuations in 10-year U.S. Treasury yields. Deposit competition continues to warrant close attention.

Bank profitability held steady in 2024, with the federal banking system reporting an 11.7% return on equity. Smaller banks under $10 billion in assets saw a slight dip in profitability but still posted historically solid performance. Net income increased year-over-year for both large and small banks, even as loan growth remained tepid at just 1.6%.

The OCC noted that many banks may now be better positioned to benefit from a rate decline, with recent changes in balance sheet structures giving them more flexibility compared to previous rate-cutting cycles.

Operational and Cyber Threats Intensify

Operational risk remains elevated. The OCC underscored the increasing complexity of the banking environment, particularly for institutions that lag in system upgrades and digital transformation. Emerging technologies are creating efficiency gains, but they also introduce new dependencies and third-party risks, especially when working with fintech providers.

Cyberattacks have become more advanced and frequent, including ransomware and double extortion tactics. Threat actors continue to target payment platforms, insiders, and critical third-party service providers, with jack-potting and ATM cashout attacks among the highlighted threats. The OCC emphasized that operational resilience, including business continuity planning and incident response testing, is essential in defending against cascading failures.

Compliance and Fraud Risk Remain High

The OCC flagged compliance risk as elevated, with continued concern over Bank Secrecy Act/anti-money laundering (BSA/AML) and consumer protection obligations. The agency pointed to growing fraud schemes, ranging from account takeovers to business email compromise, and the increasing use of advanced technology by both criminals and banks.

Recent regulatory shifts have added to the complexity. While FinCEN removed certain beneficial ownership reporting obligations earlier this year, OCC-supervised banks must still comply with existing due diligence and BSA requirements. Moreover, fintech partnerships are introducing risks that some providers may not be fully equipped to manage, especially when it comes to sanctions and AML controls.

The OCC also highlighted the importance of fair and clear communication with customers as banks roll out new products, particularly in a high-rate environment where competitive deposit offerings can lead to confusion or compliance slip-ups.

The report acknowledges the potential of emerging technologies, particularly artificial intelligence (AI) and generative AI, to drive more efficient banking operations and customer engagement. But it also warns that innovation must be tempered by robust governance, especially as banks increasingly rely on third-party models and tools.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.