教授,博士生導師。復旦大學中國反洗錢研究中心首任主任,復旦大學俄...
復旦大學國際金融學院教授,中國反洗錢研究中心執行主任,陸家嘴金...
復旦大學法學院教授、博士生導師;復旦大學國際刑法研究中心主任。...
華東政法大學刑法學教授,復旦大學中國反洗錢研究中心特聘研究員,荷...
安永金融服務風險管理、咨詢總監,曾任螞蟻金服反洗錢總監,復旦大學...
周錦賢先生,香港人,廣州暨南大學法律學士,復旦大學中國反洗錢研究中...
高級經濟師,復旦大學金融學博士,復旦大學經濟學博士后。現供職于中...
武漢中南財經政法大學信息安全學院教授。長期專注于反洗錢/反恐...
生辰:1977.7.26 籍貫:遼寧撫順 民族:漢 黨派:九三學社 職稱:教授 研究...
祝亞雄,1974年生,浙江衢州人。浙江師范大學經濟與管理學院副教授,博...
復旦大學中國反洗錢研究中心特聘研究員;現任安永管理咨詢服務合伙...
工作履歷:曾在國家審計署從事審計工作,是國家第一批政府審計師;曾在...
In its Fall 2023 Semiannual Risk Perspective, published on December 7, the Office of the Comptroller of the Currency (“OCC”) reported on key issues facing the federal banking system. In evaluating the overall soundness of the federal banking system, the OCC emphasized the need for banks to maintain prudent risk management practices. The key risk themes that the OCC underscored in the report included credit, market, operational, and compliance risks.
Of particular note was the discussion on the Bank Secrecy Act (“BSA”)/Anti-Money Laundering (“AML”) compliance risks with respect to fintech relationships. We also will discuss briefly certain other compliance and operational risks highlighted by the OCC.
Fintech Partnerships
The OCC cautioned banks that are adopting or considering fintech relationships to scrutinize each third-party relationship. The OCC stressed that banks need to understand the risks associated with each third-party relationship, and enter into effective contracts to address the potential for default and termination. It also emphasized the identification of nested relationships, in which fintech firm may be providing services to other fintech firms without appropriate controls. In such circumstances, banks are considered on the hook for those partners’ practices. Overall, the OCC recognized that the range of payment methods and their accessibility continue to expand and evolve, but cautioned banks to keep pace with the corresponding risks by continuing to evaluate their BSA/AML risks and corresponding controls. In a separate section of its report, the OCC essentially reiterated these BSA/AML compliance risks with third-party arrangements with fintech firms as operational risks as well.
This discussion comes on the heels of recent OCC and FDIC consent orders involving banks concerning their third-party risk management practices. This discussion also tracks concerns noted by the Federal Reserve, FDIC, and OCC in final interagency guidance issued in June 2023 regarding managing risks associated with third-party relationships, including relationships with financial technology-focused entities such as bank/fintech sponsorship arrangements.
The OCC further emphasized the BSA/AML and financial crime risks associated with the expanding use by banks of digital and electronic products and services, as well as with more traditional financial crime risks, such as mail-theft related check fraud, business email compromise schemes, and payroll tax evasion. Overall, Suspicious Activity Report (SAR) filing “data trends reflect significant increases in SAR filings related to fraud.”
Other Compliance and Operational Risks
Another compliance risk highlighted by the OCC is the need to ensure equal access to credit, and the fair and consistent treatment of consumers. “Banks’ compliance risk management frameworks should be commensurate with their existing risk profiles and capable of efficiently and effectively supporting risk profile changes.” These consumer-facing concerns can sometimes be in tension with AML concerns which can lead to banks engaging in de-risking.
Similar to the BSA/AML compliance risks outlined above, the OCC identified the expanding use of new technologies by banks, including the use of faster and real-time payment products, as an operational risk. “Sound risk management practices can help safeguard against fraud, financial crimes, and operational errors[,]” including fraud targeting P2P and related payment platforms. Such products can enhance consumer convenience, but the speed and irreversible nature of these payments also make these products attractive instruments for perpetuating consumer fraud.
Finally, the OCC identified artificial intelligence (“AI”) as a special topic presenting potential compliance, credit, reputation and operational risks. Although AI presents many opportunities and potential benefits, it also can result in third-party risk, privacy concerns, cybersecurity risks, and potential consumer-facing bias and other consumer protection concerns. The OCC states that it is “technology neutral” and will continue to monitor the use of generative AI.
Although the OCC does not specifically discuss the potential use of AI in regards to BSA/AML compliance, there is increasing discussion of this topic in the industry. However, it is likely more accurate to regard machine learning, which is a subset of all AI, as currently having more direct applicability to BSA/AML compliance, including as to transaction monitoring.