Skip to main content

Looking for Valuant? You are in the right place!

Valuant is now Abrigo, giving you a single source to Manage Risk and Drive Growth

Make yourself at home – we hope you enjoy your new web experience.

Looking for DiCOM? You are in the right place!

DiCOM Software is now part of Abrigo, giving you a single source to Manage Risk and Drive Growth. Make yourself at home – we hope you enjoy your new web experience.

How the OCC risk governance framework applies to community banks

December 11, 2014
Read Time: 0 min

In September, the Office of the Comptroller of the Currency (OCC) published final guidelines designed to “strengthen the governance and risk management practices of large financial institutions.” The guidelines apply to institutions with more than $50 billion in assets, and the effective date of the guidance varies by asset size. For institutions over $750 billion, this guidance is effective immediately upon the Nov. 10, 2014 effective date. For those with assets between $100 billion and $750 billion, the effective date is May 10, 2015, and for those between $50 billion and $100 billion, guidance will be effective on May 10, 2016.

Thomas Curry, comptroller of the currency, commented that the recent financial crisis proved the need for stronger supervisory standards. “As a result [of the crisis], the OCC raised its standards for risk management, corporate governance and control to help ensure these institutions effectively anticipate, evaluate and mitigate the risks they face.”

While the final guidance clearly applies to larger financial institutions, community banks should still take note. In fact, one section of the OCC guidance highlights how community banks could be impacted, stating that the “OCC reserves the authority to apply the guidelines, in whole or in part, to a bank below the $50 billion threshold if the OCC determines that the bank’s operations are highly complex or otherwise present a heightened risk.” The section further details this would only occur under extraordinary circumstances, but community banks should be aware of the new framework and even consider applying the guidelines as a proactive, best practice.

In today’s challenging regulatory environment, institutions of all sizes should implement, review and revise sound risk management practices. Linnea Solem, chief privacy officer and vice president for risk and compliance at Deluxe, recently highlighted three ways institutions can review their existing risk management program.

1. Assess risk management structures. Solem notes the first step is to review the inventory of regulation – the laws, rules, regulations, standards and guidelines – that apply to your institution. Once reviewed, creating a checklist can help identify areas of weakness. Here are a few additional recommendations provided by Solem:

• Review the current skill sets of your board of directors to detect any “gaps in risk management knowledge or experience.”
• Generate a timeline to “show staffing levels for key assurance and audit functions to assess capacity and sufficiency of resources to manage oversight.”

2. Update the scope and frequency of risk management reporting. With the changing regulatory environment, management level risk reporting should go beyond a simple status update exercise, notes Solem. In addition to reviewing and refreshing the scope and frequency of risk management reporting, institutions should “broaden the depth of risk management content provided to the audit committee and board with enhanced reporting so that the Board can more actively participate in evaluating the effectiveness of executive management in managing risk.” Further, creating a risk appetite statement can help “identify gaps in risk coverage for your existing risk management reporting.”

3. Leverage industry frameworks for risk management and controls. As regulatory, business and operating environments change, it is necessary to update risk approaches. Solem recommends leveraging industry resources available for assessing key functions, which include:

• Control environment
• Risk assessment
• Control activities
• Information & communication
• Monitoring functions

While the new guidance primarily applies to larger financial institutions, all banks and credit unions can benefit from reviewing the guidelines and using the above recommendations. Solem points out that reviewing enforcement actions can be an indicator for areas of focus to apply within community banks. Further, “building a three year strategic plan on how to address your financial institution’s current and expected risks will enable your organization to respond more effectively to further shifts in regulatory expectations.”

In addition to building a stronger risk management framework, bankers involved the ALLL calculation should also be cognizant of how they can improve their methodology in 2015. To learn about the key components, access an archived webinar: Building a Better ALLL in 2015 – What You Need in Your Strategic Plan.

About Abrigo

Abrigo enables U.S. financial institutions to support their communities through technology that fights financial crime, grows loans and deposits, and optimizes risk. Abrigo's platform centralizes the institution's data, creates a digital user experience, ensures compliance, and delivers efficiency for scale and profitable growth.

Make Big Things Happen.