Rules Navigator

OCC flags rising risks and innovation challenges in federal banking system

The Empire State Building casts a shadow as the sun rises behind the skyline of midtown Manhattan during a heat wave in New York City on June 24, 2025, as seen from Jersey City, New Jersey.
Photo: Gary Hershorn/Getty Images

Vlada Gurvich

 Click to share on Facebook (Opens in new window/tab) Click to share on Twitter (Opens in new window/tab) Click to share on LinkedIn (Opens in new window/tab) Click to share on WhatsApp (Opens in new window/tab)

The OCC’s latest risk report warns of rising fraud, cyber threats, and compliance pressures …

The US Office of the Comptroller of the Currency (OCC) has published its Spring 2025 Semiannual Risk Perspective, underscoring that the federal banking system remains fundamentally sound despite macroeconomic headwinds.

Persistent inflation, geopolitical volatility, and high interest rates have clouded the economic outlook, but the OCC highlights that innovation, particularly through partnerships with financial technology firms, can enhance product delivery and improve customer experience.

The report encourages banks to embrace technological adoption as a competitive necessity in the evolving financial landscape.

Risks remain unevenly distributed across credit markets. While consumer credit performance remains generally stable due to wage gains since 2019, commercial credit portfolios face growing strain from interest rate pressure and heightened refinancing risk, particularly in commercial real estate.

Market risk exposure has moderated somewhat, aided by reduced funding costs following federal funds rate cuts. However, liquidity remains under scrutiny, especially in light of unrealized losses in investment portfolios and intensified competition for deposits.

Operational and compliance risks have become more acute. The OCC warns that failing to modernize systems could leave traditional banks vulnerable to fintech competitors and criminal exploitation.

Fraudsters are increasingly targeting checks, wire transfers, and peer-to-peer platforms, often with insider assistance. Meanwhile, cyber threats from sophisticated actors are intensifying, stressing the need for stronger operational resilience and third-party oversight.

Compliance concerns are also elevated, with institutions facing scrutiny under anti-money-laundering rules and consumer protection laws as fraud surges and banking models evolve.

Operational risk

The OCC highlights that operational risk across the federal banking system remains elevated, fueled by rising cyber threats, expanding third-party dependencies, and the complexities introduced by rapid digital transformation.

Financial institutions face persistent attacks from sophisticated actors leveraging ransomware and “double extortion” tactics, while traditional schemes like ATM “jackpotting” continue to evolve in tandem with vulnerabilities.

The sector’s increasing reliance on a narrow pool of service providers, particularly in fintech, has amplified the risk of single points of failure, underscoring the need for robust resilience planning, including scenario testing and third-party oversight.

The OCC stresses that while the adoption of artificial intelligence, distributed ledger technology, and innovative service models can improve consumer experience and enhance competitiveness, they also introduce governance, model, and cybersecurity risks.

Boards and management teams are advised to carefully align new tech deployments with risk appetite.

AI tools already support fraud detection, credit underwriting, and customer service, but gaps in oversight could lead to compliance failures and systematic breakdowns. Boards and management teams are advised to carefully align new tech deployments with risk appetite, ensure ongoing monitoring, and threat legacy infrastructure as a strategic vulnerability, not just a technical inconvenience.

Meanwhile, the OCC reaffirmed that banks may engage in crypto-related activities, including custody and stablecoin issuance, provided such activities are conducted prudently and in line with applicable regulations.

Against this backdrop, HR departments have emerged as unexpected but critical players in AI risk management. When AI is used in hiring, performance evaluation, or restructuring, HR teams are best positioned to manage discrimination, privacy, and compliance risks.

Their involvement in drafting policies, conducting impact assessments, and leading workforce communications help mitigate legal exposure and foster organizational trust. As AI reshapes job roles and regulatory obligations tighten, HR-led upskilling and inclusion in multidisciplinary AI taskforces is key to ensuring that innovation does not outpace internal safeguards.

Regulators have also sounded alarms about AI’s darker applications. FinCEN has warned of deepfake-enabled fraud schemes, where criminals use generative AI to falsify identity documents and deceive banks’ verification systems. It recommends that institutions implement live identity checks, scrutinize metadata, and watch for behavioral anomalies in account activity.

The CFTC, for its part, flagged a surge in AI-powered investment scams, fake trading platforms, and social engineering campaigns that impersonate executives or family members using synthetic voices and videos.

Together, all these alerts signal a regulatory pivot: financial crime is no longer a question of compliance alone, but a fight to preserve trust and reality in an AI-altered financial ecosystem.

Compliance risk

Compliance risk across OCC-supervised institutions remains elevated, driven by surging fraud volumes, evolving sanctions regimes, and the operational challenges introduced by new technologies.

Traditional and tech-enhanced fraud schemes are pressuring banks to file more Suspicious Activity Reports (SARs) under the Bank Secrecy Act (BSA), while growing reliance on third-party fintechs, some lacking the resources or experience to manage BSA/AML risk, has reshaped risk profiles.

Although the Treasury Department in March 2025 removed certain beneficial ownership reporting obligations under the Corporate Transparency Act, OCC-regulated banks must still comply with existing due diligence rules. The increasing complexity of financial products, such as high-yield certificates of deposit (CDs) and shifting deposit offerings, has also introduced fresh compliance challenges, particularly when customer communications lack clarity or lead to confusion over terms.

More broadly, the role of technology in compliance is also accelerating. Speaking at the RegHub Summit, CFTC Commissioner Kristin Johnson outlined a “three-dimensional” approach to market oversight: where firms, industry bodies, and regulators share responsibility for supervision, and AI is quickly becoming a linchpin in this structure.

AI tools are now being used to detect anomalies, verify identities, and enhance anti-money-laundering (AML) and counter-terrorism-financing (CFT) surveillance. The integration of machine learning, generative AI, and natural language processing into compliance programs allows for real-time monitoring and the interpretation of unstructured data.

However, Johnson and other regulators emphasize that successful AI integration must be coupled with thoughtful regulatory oversight and cross-jurisdictional cooperation. As oversight expectations evolve, organizations are encouraged to build governance structures that embed AI ethics and risk management into core compliance operations.

, , , ,

You may also like