Q2’2024 Newsletter

Click here to download

Regulatory Risk Perspectives

Semiannual Risk Perspectives

In June 2024 the Office of the Comptroller of the Currency (“OCC”) released its semiannual risk perspective on key issues facing the banking system[1]. Areas of greatest concern are as follows:

Credit Risk – Commercial Real Estate refinancing at higher rates especially in office premises and multifamily property present credit risk challenges. These risks are elevated where loans have interest-only terms set to refinance within the next three years. Also, higher interest rates and ongoing inflation are expected to result in financial challenges for some consumer households which could impact consumer lending default rates.
Competitive Cost of Funding – Net interest margins are stressed due to the competitive cost of deposit funding and continue to result in the growth of more expensive wholesale funding. The uncertainty of near-term interest rate changes present interest rate and liquidity risk management challenges which is also impacted by investment portfolios still carrying unrealized losses.
Operational Resiliency – Cyber threats continue to increase with the industry and their service providers being targeted by ransomware attacks. The risks continue to increase with increased digitalization and third-party vendor reliance. In addition, check and wire fraud underscore the need for robust fraud risk management processes.

The release reinforces the importance for banks to establish a sound risk management culture geared toward timely recognition of stress events and the impact to risks. Operational resiliency is expected, and banks are expected to maintain risk management framework that is commensurate with their risk profiles, which at the same time is capable of growing and evolving as their risk profiles change.

Emerging Risks related to Artificial Intelligence

On June 6, 2024 the Acting Comptroller of the Currency spoke at the Conference on Artificial Intelligence and Financial Stability providing perspectives on emerging risks related to Artificial Intelligence (“AI”) and the potential threats to financial stability[2]. He addressed the accountability challenges and the importance of risk management given the ability of AI to “learn” and pose challenges not seen through using other technologies, and therefore enhanced controls are needed around any development activity involving AI use cases. He discussed risks that AI introduces when being used as a tool by bad actors in their attacks on financial institutions and consumers. Threats discussed included:

Fraud – Fraud is rising, and AI is a contributing factor. For example, AI is being used to impersonate peoples’ voices, and the dark web has launched FraudGPT. As a result, the sophistication and complexity of fraud attempts will continue to increase.
AI-enabled Cyberattacks – AI is being used to generate code rapidly increasing the scale and frequency of innovative cyberattacks.
Disinformation – disinformation on social media and even in main-stream media enabled by AI continues to increase. Such information can result in sudden market reactions that can cause temporary disruption and result in unexpected financial losses.
Lack of Accountability – part of the problem with AI is attributing responsibility when things go wrong. If for example an AI-powered credit underwriting tool is making mistakes and denying credit inappropriately based on some algorithm is the cause for denial readily apparent and how is this to be defended under the consumer protection laws.

Despite the power and potential benefits of AI there are challenges that arise related to accountability and governance. Overall, many interesting questions and issues were raised for consideration in managing risk and need to incorporate AI risks into risk assessments going forward.

FinCEN Updates

FinCEN has recently issued various rulings and advisories of importance in managing AML/CFT Risk. These being:

Financial Measures Against AL-Huda Bank[3] – On June 26, 2024 Financial Crimes Enforcement Network (FinCEN) issued a final rule under section 311 of the USA PATRIOT Act that severs Al-Huda Bank, an Iraqi bank that serves as a conduit for terrorist financing. from the United States financial system. This final rule also requires covered financial institutions to apply special due diligence to their foreign correspondent accounts to prevent transactions involving Al-Huda Bank from going through them. The covered financial institutions are also required to notify their foreign correspondents in the matter.

Financial Action Task Force (FATF)[4] – On July 3, 2024, as this Newsletter was being finalized, FinCEN alerted financial institutions that FATF has highlighted the concerns over serious threats posed by Democratic People’s Republic of Korea (DPRK) to the proliferation and financing of weapons of mass destruction. In addition, FATF updated its lists of jurisdictions with strategic AML/CFT/CPF deficiencies, adding Monaco and Venezuela to its list of Jurisdictions under increased monitoring and removing Jamaica and Türkiye from the list. Also, FAFT issued two statements, one that specified jurisdictions that require additional monitoring due to strategic deficiencies in their AML/CFT/CPF regimes and who are concurrently committed to resolving or are actively in the process addressing their deficiencies. The second statement identifies high-risk jurisdictions with significant strategic deficiencies in their AML/CFT/CPF regimes and calls on all FATF members to apply enhanced due diligence and, in the most serious cases, apply countermeasures to protect the international financial system from the money laundering, terrorist financing, and proliferation financing risks emanating from the identified countries.

Proposed New Rule for AML/CFT Program[5] – On June 28, 2024 FinCEN announced a proposed rule to strengthen and modernize financial institutions’ anti-money laundering and countering the financing of terrorism (AML/CFT) programs. The proposed rule was prepared in consultation with the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation, and the National Credit Union Administration and are based on changes to the Bank Secrecy Act (BSA) enacted by the Anti-Money Laundering Act of 2020 (“AML Act”) and are a key component of Treasury’s objective of a more effective and risk-based AML/CFT regulatory and supervisory regime. This rule articulates certain broader considerations for an effective and risk-based AML/CFT framework as envisioned by the AML Act.

The new rule proposes changes to existing AML/CFT programs and requires a review of government-wide AML/CFT priorities, incorporating them appropriately into risk-based AML/CFT programs. The rule also aims to promote clarity and consistency across FinCEN’s program rules.

Advisory Update re Fentanyl Supply Chain[6] – On June 20, 2024 the Secretary of the Treasury announced that FinCEN issued an advisory alerting U.S. financial institutions to new trends in the illicit fentanyl supply chain and urge vigilance in identifying and reporting suspicious activity associated with Mexico-based transnational criminal organizations and their illicit procurement of fentanyl precursor chemicals and manufacturing equipment from People’s Republic of China-based suppliers. The supplemental advisory builds off FinCEN’s 2019 advisory with new typologies and red flags to identify and report suspicious transactions, and fulfills the requirement in Section 3202 of the recently enacted FEND Off Fentanyl Act. It may be mentioned that, based on the then FinCEN’s advisory, RGS had published an article in December 2019.

Miscellaneous Updates

NACHA Operating Rules – Updates to Combat Fraud

Recently, NACHA passed amendments to its operating rules[7] to help reduce the incidence of successful fraud attempts and improve the recovery of funds after frauds have occurred. These amendments follow the flow of a credit-push payment to promote the detection of fraud both through the origination process (at the Originator, ODFI, and any third parties) and at the point of receipt (at the RDFI). Two of the amendments require parties to establish and implement risk-based processes and procedures to identify entries suspected of being unauthorized or authorized under false pretenses including, non-consumer originators, third parties, ODFIs and RDFIs. Certain of changes will go into effect on October 1, 2024, and these areas include: