Information Technology to be Reviewed

by Mary Beth Guard

If you're a national bank and you have a safety and soundness exam scheduled to take place soon, you'll want to make sure your IT staff is aware of the scrutiny they will be under.

Consistent with the new OCC 2001 Community Bank Supervision Booklet (don't you love it when the regulators refer to something that's 156 pages long as a "booklet"?), examiners will now be reviewing a national bank's information technology as part of a safety and soundness exam. The OCC has integrated the review of technology into the core assessment in two ways. First, examiners will consider the effect of technology on each area they review, especially its effect on the accuracy, reliability, and timeliness of automated reports used in the bank's risk management process. Second, examiners will assess the potential impact of technology on each of the nine OCC-defined risks.

Technological risk is not defined as a separate category of risk, but OCC notes that because risks are interdependent, a single weakness in technology can increase risk in several risk categories. For example, a weakness in Internet banking controls could lead to increased fraud (i.e., transaction risk). If this fraud becomes public knowledge, reputation risk may also increase. The bank's tarnished reputation can increase the cost of funding or reduce funding's availability (i.e., liquidity and interest rate risks).

We've been noticing an increase in the number of regulatory enforcement orders that relate to IT weaknesses, so take special care to ensure your information technology area is strong.

Originally appeared in the Oklahoma Bankers Association Compliance Informer.

First published on BankersOnline.com 12/10/01