The Office of the Comptroller of the Currency recently issued its Semiannual Risk Perspective for Spring 2017, identifying areas where technology is increasing the strategic and operational risks the banking industry faces.
Increased competition from fintech firms and consumer demand for new products have increased the strategic risks banks face, according to the report.
For example, alternative payments tools that are less transparent increase the risk of money laundering schemes going undetected. In addition to having to address compliance risks associated with new technology, some banks are struggling just to keep up with the technology.
“Risks related to changes in technologies and typologies are often cumulative, requiring banks to enhance processes to address these risks while maintaining existing controls,” according to the report.
OCC also named cybersecurity as a key risk for banks of all sizes. “Cybersecurity and fraud continue to pose risk from the increasing volume and sophistication of cyber threats and IT vulnerabilities,” the report said of large banks, while noting that it’s increasingly important for midsize and community banks to develop “cyber resiliency” as malware and extortion schemes become more complex and these banks are more likely to rely on third parties for cyber protection.
In fact, OCC warned that more banks are outsourcing their cybersecurity function to a small number of providers. Risk is getting more concentrated, especially around specialized functions like card processing or denial-of-service mitigation, creating “concentrated points of failure for certain lines of business or operational functions for a large segment of the banking industry.”
The speed at which cyber incidents occur, as well as their sophistication, are increasing, according to the report. Furthermore, cybercriminals are more willing to act aggressively with the information they extract.
The cybercriminals themselves are changing their business model as hackers start selling ransomware as a service, the report noted.
Phishing is the primary means of access for hackers, the report found, though ransomware and denial-of-service attacks are also among the threats banks face.