December 12, 2022

OCC flags cybersecurity, UDAAP risks in new report

digital dollarThe Office of the Comptroller of the Currency (OCC) released its semiannual risk report last week, which found that interest rates, cybersecurity, compliance, and loan portfolio performance are among the top risks facing the banking industry.

As the financial services industry adopts new technologies and finds innovative ways to serve consumers, the OCC warned of an increasingly complex operating environment and recommended banks practice appropriate due diligence, change management, and risk management when partnering with fintech companies.

Of note, within compliance risk, the OCC specifically flagged unfair, deceptive, or abusive acts or practices (UDAAP) risk in fintech partnerships.

“For example, some banks are partnering with fintech firms allowing the fintech firm to provide banking services, or to provide opportunities for customers to enter the digital asset market,” the report stated. “These relationships may also increase the risk of unfair or deceptive acts or practices because of the coordination, communication, and disclosure challenges involved in these partnerships, including coordination in managing the customer relationship.”

The agency also reiterated its cautious approach to crypto-asset products, services, and activities: “These include high volatility among crypto-assets, high-risk lending and leverage within crypto-asset markets, high interconnectedness and concentration within the crypto industry, and a lack of consistent or comprehensive regulation for certain crypto-asset entities.”

The crypto industry has been a hot topic in recent months, as the Fed in August released some guidance for banks engaging in crypto-asset-related activities and the CFPB last month published a Complaint Bulletin on the topic. Congressional committees are also set to hold hearings on these issues this week.

NAFCU has engaged with several agencies including the FedTreasury Department, and Commerce Department to share credit union feedback and concerns around digital asset regulation.

The association has offered several high-level principles to incorporate in a digital asset regulatory framework which includes setting a level playing field for credit unions, banks, and other financial companies seeking to engage with digital asset technologies, applying consumer protection laws to entities facilitating consumer engagement with digital assets, and supporting responsible innovation within the credit union industry. 

NAFCU will continue to work with lawmakers and regulators to ensure a level playing field and appropriate cybersecurity regulations within the financial services industry.