Risk Headlines

SEC Charges 26 Financial Firms $390 Million for Widespread Recordkeeping Failures🦄 -source sec.gov

Key Points:

The SEC's enforcement action against 26 financial firms for recordkeeping failures reveals a systemic issue in the industry regarding the maintenance and preservation of electronic communications. This widespread non-compliance with recordkeeping regulations has resulted in substantial financial penalties totaling $392.75 million.

The scale and scope of this enforcement action indicate that recordkeeping compliance will likely remain a key focus for regulators in the near future, as we have stated before this regulations is the “Unicorn Reg” as it has collected fines over $1.8 Billion dollars for Regulators. Financial institutions will need to reassess their compliance programs, invest in new technologies, and implement more training and oversight mechanisms to address these challenges, a body of work that will span over multiple years.

_________________________________

Half of Major U.S. Banks Falter in Risk Management- Regulatory Storm Brewing -source ibtimes.com

Key Points:

Eleven out of twenty two large banks have "insufficient" or "weak" operational risk management. This is significant as it indicates widespread vulnerabilities in the banking sector and should not be a surprise to Regulators. One-third of the banks received a rating of 3 or worse on the 5-point CAMELS scale for overall management. This is crucial as it affects regulatory oversight, permissible activities, and capital requirements.

The harsh grades are part of an intensified regulatory focus following last year's bank failures. This suggests increased scrutiny and potential regulatory changes that could impact bank operations and strategies.

A.I. Risk / Technology Risk

Maximizing Compliance: Integrating Gen AI into the Financial Regulatory Framework - source ibm.com

Key Points:

Financial institutions have to strategically integrate AI to enhance compliance while prioritizing transparency, ethics, and regulatory alignment.  IBM laysout a comprehensive overview of the opportunities and challenges associated with integrating generative AI, into financial services, with a focus on Anti-Money Laundering (AML) and Bank Secrecy Act (BSA) compliance.  AI's capabilities in fraud detection and compliance monitoring could significantly improve a bank's risk management profile. This represents a major opportunity to enhance security and regulatory compliance.  However, this integration comes with substantial challenges, primarily centered around transparency, data privacy, and regulatory compliance.

_________________________________

Goldman’s Top Engineer on How the Bank Is Balancing Risks & Opportunities in AI - source bloomberg.com

Key Points:

AI is having a transformative impact on the banking industry, particularly at leading institutions like Goldman Sachs. The significant increase in developer productivity (10-40%) suggests that AI tools are already delivering tangible benefits, which could lead to faster innovation cycles and reduced time-to-market for new financial products and services.

Goldman’s custom AI platform highlights the unique challenges faced by banks in implementing AI, particularly around security and regulatory compliance. This approach, while potentially more resource-intensive, allows for greater control and customization, which is necessary in the highly regulated banking environment.  This strategy could help reduce costs and vendor lock-in while still maintaining access to cutting-edge AI capabilities. This proactive approach could help navigate the complex and evolving regulatory landscape surrounding AI in finance. 

Regulatory News - Fines, Losses, & Rules

CFTC fines Truist Bank $3 Million for Recordkeeping & Supervision Failures - source cftc.gov

Key Points:

The CFTC has fined Truist Bank $3 million for failing to maintain required records and supervise its business as a swap dealer, following the bank's self-reporting of widespread use of unapproved communication methods by employees.  The order finds Truist failed to maintain, preserve, or produce records required to be kept under CFTC recordkeeping requirements.

_________________________________

Federal Reserve Board Issues Final Joint Guidance for Resolution Plans for Large Banks - source federalreserve.gov

Key Points:

The Federal Reserve Board, in collaboration with the Federal Deposit Insurance Corporation, has issued final joint guidance to help certain large banks develop their resolution plans, also known as living wills. It focuses on key areas of potential vulnerability, such as capital, liquidity, and operational capabilities, and provides expectations for both single point of entry and multiple point of entry resolution strategies.

_________________________________

OCC Released Its Annual Update On a Variety of Accounting Topics Impacting Banks - source sec.gov

Key Points:

The Office of the Comptroller of the Currency (OCC) has released the annual update to the Bank Accounting Advisory Series (BAAS), which provides staff responses to frequently asked questions on various accounting topics to ensure consistent application of accounting standards among national banks and federal savings associations. 

Risk Data to Geek Out On

6 IT Risk Assessment Frameworks Compared - source csoonline.com

Key Points:

This is a comprehensive overview of six prominent IT risk assessment frameworks, each offering unique approaches to managing technology-related risks.

This comparison of IT risk assessment frameworks reveals a diverse landscape of methodologies, each tailored to specific organizational needs and risk management philosophies. The frameworks range from broad governance approaches (COBIT) to highly specific threat analysis tools (TARA), reflecting the complex and multifaceted nature of IT risk in modern organizations.

Significance and potential implications:

1. Shift towards quantitative risk assessment: Frameworks like FAIR represent a move towards more precise, financially-oriented risk analysis. This could lead to more informed decision-making and resource allocation in IT security.

2. Holistic approach to risk management: Frameworks like COBIT and ISO/IEC 27001 emphasize integrating IT risk management with overall business objectives. This suggests a trend towards viewing IT security as a strategic business function rather than a purely technical concern.

3. Standardization of risk management practices: The prevalence of internationally recognized frameworks indicates a move towards standardization in IT risk management. This could facilitate better communication between organizations and potentially influence regulatory requirements.

4. Adaptability to emerging threats: Frameworks like TARA highlight the need for flexible, threat-focused approaches. This suggests that future risk management strategies will need to be highly adaptable to rapidly evolving technological landscapes.

5. Focus on supply chain and AI risks: The mention of supply chain and AI risk management in newer versions of these frameworks indicates growing concerns in these areas, potentially reshaping how organizations approach partnerships and technology adoption.

For a bank, the choice of framework (or combination of frameworks) should be guided by the bank's specific risk profile, regulatory environment, and strategic objectives. A multi-framework approach, potentially combining the quantitative rigor of FAIR with the comprehensive governance of COBIT or ISO/IEC 27001, could provide a robust foundation for IT risk management in a banking context. Additionally, incorporating threat-focused methodologies like TARA could enhance the bank's ability to anticipate and mitigate emerging cyber risks.

_________________________________

Thank you for reading,

Naeem

p.s. If you find the Risk Queue newsletter helpful please subscribe and share it with a friend or colleagues, you can find it here!