Half of top US banks have ‘inadequate’ operational risk management

A US regulator has reportedly found that half of the major banks it oversees have weak or insufficient operational risk management in place.

People familiar with the matter told Bloomberg that the Office of the Comptroller of the Currency (OCC) uncovered inadequate risk management in areas such as cyber-attacks or employee mistakes at 11 of the 22 banks it oversees.

In a statement, the US watchdog said that acting comptroller Michael Hsu has "consistently discussed the need for banks to guard against complacency and actively manage their risks in order to build and maintain trust in the federal banking system."

The news comes days after a global IT outage saw banks experience disruption around the world, with some consumers unable to access their digital app services.

In May, the Bank of England (the Bank) urged UK firms involved in facilitating payments to do more ahead of the March 2025 deadline for its new operational resilience rules.

In a speech at the London Institute of Banking and Finance, executive director of financial market infrastructure at the Bank Sasha Mills said that Financial Market Infrastructures (FMIs), those that form part of the network of systems that make payments possible, still have a lot of work to be done.

The Bank’s upcoming operational resilience policy is designed to protect the wider financial sector and UK economy from the impact of operational disruptions.

Mills said that the Bank expects these firms to “accelerate” their efforts over the next year to ensure they are in a position to tolerate the negative impacts of disruption on their important business services, including mapping the key people, processes, technology, facilities, and information needed to deliver them in times of crisis.



Share Story:

Recent Stories


Data trust in the AI era: Building customer confidence through responsible banking
In the second episode of FStech’s three-part video podcast series sponsored by HCLTech, Sudip Lahiri, Executive Vice President & Head of Financial Services for Europe & UKI at HCLTech examines the critical relationship between data trust, transparency, and responsible AI implementation in financial services.

Banking's GenAI evolution: Beyond the hype, building the future
In the first episode of a three-part video podcast series sponsored by HCLTech, Sudip Lahiri, Executive Vice President & Head of Financial Services for Europe & UKI at HCLTech explores how financial institutions can navigate the transformative potential of Generative AI while building lasting foundations for innovation.

Beyond compliance: Building unshakeable operational resilience in financial services
In today's rapidly evolving financial landscape, operational resilience has become a critical focus for institutions worldwide. As regulatory requirements grow more complex and cyber threats, particularly ransomware, become increasingly sophisticated, financial services providers must adapt and strengthen their defences. The intersection of compliance, technology, and security presents both challenges and opportunities.

Unleashing generative AI: A force multiplier for financial crime teams
This FStech webinar, sponsored by NICE Actimize sees industry experts examine the revolutionary impact of generative AI on financial crime operations, and provides actionable insights to enhance your compliance strategies.