Risk Headlines

Fed Cuts Interest Rates by Another 25 Basis Points - source reuters.com

Key Points:

The Fed's rate cut marks another easing cycle, with emphasis on maintaining independence and data-driven decision-making. Powell's emphasis on Fed independence and data-dependent approach suggests a careful balancing act between responding to economic conditions and navigating potential policy shifts under the new administration.

• Fed cuts rates to 4.50%-4.75% range

_________________________________

CFPB Orders Navy Federal Credit Union, the Largest Credit Union to Pay More than $95 Million for Illegal Surprise Overdraft Fees - source cfpb.gov

Key Points:

The CFPB's unprecedented action against Navy Federal signals an aggressive stance on overdraft practices, particularly "surprise" fees and timing disclosures. The case highlights the regulator's focus on fee transparency, consumer protection, and special attention to military customers. The CFPB's emphasis on "junk fees" and transaction timing transparency signals a fundamental shift in regulatory expectations for financial institutions.

A.I. Risk / Technology Risk

Citi Turns to Google to Update AI - source pymnts.com

Key Points:

Citi's partnership with Google Cloud represents a transformative approach to banking infrastructure modernization, combining advanced AI capabilities with cloud computing to enhance operational efficiency and customer service. This strategic move positions Citi at the forefront of banking technology innovation while addressing safety and soundness concerns. The initiative signals a critical shift in how major banks will approach digital transformation and compete in an increasingly technology-driven financial services landscape.

_________________________________

Enterprise Executives Cite AI-assisted Attacks as Top Emerging Risk, Gartner Finds - source cybersecuritydive.com

Key Points:

The emergence of AI as a potential cyber threat multiplier requires immediate attention from financial institutions, despite no current evidence of AI-engineered attacks. The combination of AI-assisted attacks, misinformation risks, and political polarization creates a complex risk landscape that could significantly impact banking operations and reputation.

• 80% of executives identify AI-enhanced attacks as top emerging risk

• No actual AI-engineered cyberattack campaigns identified yet

• Social engineering and language barrier exploitation are primary AI-related concerns

• AI-assisted misinformation poses significant risk to financial institutions

• Political polarization emerging as a material business risk

Regulatory News - Fines, Losses, & Rules

SEC Fines Invesco $17.5 Million for Misleading ESG Statements - source sec.gov

Key Points:

The SEC's action against Invesco signals intensified scrutiny of ESG-related claims and marketing practices in financial services, with substantial penalties for misrepresentation. The case highlights the critical need for clear policies, accurate marketing, and robust documentation of ESG integration practices. Financial institutions must ensure their ESG claims are verifiable and supported by formal policies and procedures.

_________________________________

OCC Releases Bank Supervision Operating Plan for Fiscal Year 2025 - source occ.gov

Key Points:

The OCC's FY2025 supervision plan signals intensified oversight across financial, operational, and compliance domains, with particular attention to climate-related risks for larger institutions. The plan emphasizes robust risk management frameworks, especially in credit risk, asset-liability management, and cybersecurity. Banks should prepare for enhanced scrutiny of their operational resilience and third-party risk management programs while maintaining strong compliance frameworks.

• Increased regulatory focus on climate risks for large banks (>$100B assets)

• Enhanced scrutiny of credit, capital, and ALM in volatile environment

• Strong emphasis on operational resilience (cyber, enterprise change management, operations, third-party, payments)

• Continued focus on compliance (BSA/AML, CRA, Fair Lending)

Risk Data to Geek Out On

Are Global Banks DORA (Digital Operational Resilience Act) Ready? - source globalsecuritymag.fr

Key Points:

DORA represents a fundamental shift in European financial sector regulation, introducing strict operational resilience requirements with significant penalties for non-compliance. The regulation demands comprehensive ICT (Information and Communications Technology) risk management frameworks, enhanced incident reporting, and rigorous third-party oversight. With personal liability for executives and substantial organizational fines, immediate preparation is crucial for ensuring compliance by January 2025.

The convergence of cybersecurity, operational resilience, and regulatory compliance under DORA creates a new paradigm for financial institutions, requiring integrated approaches to risk management, third-party oversight, and incident response. This framework emphasizes proactive risk management and organizational accountability at all levels.

Highlights:

• DORA enforcement begins January 17, 2025

• Significant fines for non-compliance (up to 2% of global turnover)

• Personal liability for leadership (up to €1M)

• Mandatory incident reporting requirements

• Enhanced third-party risk management obligations

• Uniform EU-wide ICT risk management standards

_________________________________

Thank you for reading,

Naeem

p.s. If you find the Risk Queue newsletter helpful please subscribe and share it with a friend or colleagues, you can find it here!