This week, U.S. Office of the Comptroller of the Currency (OCC) fined City National $65 million in a civil money penalty. The OCC said the California-based bank “engaged in unsafe or unsound practices,” stating that it failed to establish effective risk management and internal controls. The bank also allegedly violated the bank secrecy act.
Additionally, the agency sent City National a cease-and-desist order that stipulates the bank must correct its actions to improve its strategic plan and operational risk management. Specifically, the OCC wants to see the bank improve its internal controls, compliance risk management, anti-money laundering and fair lending practices, and investment management operations.
This is not only bad news for City National, but also for banks across the U.S. That’s because, given last year’s banking crisis, regulators have had their ears a bit closer to the ground than usual and are more willing to strike fines on both banks and fintechs.
So what’s a bank to do in the midst of increased scrutiny? Here are eight actions to take to avoid a similar fate.
Strengthen third-party risk management
In the era of banking-as-a-service (BaaS), multiple aspects of banking leverage third parties, and for good reason. Using a third party fintech to boost security or a lending-as-a-service provider to offer a much-needed service for customers helps bankers focus on what they do best. However, banks must establish auditable processes for managing third-party risks and implement controls to mitigate risks associated with third-party relationships, especially those related to operational, compliance, and fraud risks. And this is not a set-it-and-forget-it action. Once the process is in place, banks need to routinely monitor third party relationships.
Enhance internal controls
Once you take a look at your processes with third parties, examine your own, in-house operations. Modernize and strengthen your internal controls to detect and prevent risk management and compliance issues. And don’t slip on conducting regular compliance audits to identify and correct any weaknesses.
Improve operational risk event reporting
After surveying both your internal and external processes, establish a risk reporting system that can quickly flag any irregularities. The reporting system should be transparent and efficient in order to allow for a quick response from the right party or parties involved. A fast turnaround will help mitigate risk.
Enhance fraud risk management
While internal slip-ups pose their own threat, fraudsters are an even bigger danger, as they can be difficult to predict and control. Make sure you have robust fraud risk management practices in place, including continuous monitoring and proactive measures to prevent fraud. Because fraudsters will strike wherever they find a vulnerability, you need to ensure your entire team is on board. Stay vigilant by conducting regular training exercises for all employees to help them recognize and respond to fraud.
Address discrimination concerns
Even if your organization hasn’t been accused of redlining, proactively create a structure around your fair lending practices. Having a well-documented process in-place will serve you well if you are ever flagged for potential unfair practices. And don’t get complacent. Review your lending practices on a regular basis to ensure fairness and compliance with anti-discrimination laws.
Strengthen your bank’s financial position
Save your reputation by establishing a process that continuously monitors and assesses your bank’s financial position. Quickly address any issues that may impact your banks’ stability. Have a plan in place in the event things go wrong. Establish a strategy to address losses, such as rising costs from lower deposits. The strategy should include proactive measures that will help maintain financial health.
Create a compliance-driven culture
Regulatory action is on the rise, not only in the U.S., but across the globe. Adhering to regulations requires compliance from all levels of the organization, so permeating your culture with compliance will help ensure everyone plays by the rules. And because compliance is dynamic, be sure to regularly review and update your policies to ensure they meet current standards.
Cooperate with regulators
Let’s face it, systems fail and everyone makes mistakes. In the event the regulators come knocking at your bank’s door, be cooperative. Fostering a positive relationship with regulatory bodies and keeping communication open can go a long way. Be proactive in remediating the issues and making the necessary corrections to avoid further enforcement.