A key U.S. regulator has privately found half of the major banks it oversees have an inadequate grasp of a broad swath of potential risks from cyber attacks to employee blunders, according to people familiar with the matter.
In the confidential assessments, the Office of the Comptroller of the Currency said 11 of the 22 large banks it supervises have “insufficient” or “weak” management of so-called operational risk, said the people, who asked not to be identified because the information isn’t public.
That contributed to about one-third of the banks rating three or worse on a five-point scale for their overall management, the people said. The scores are the latest sign that U.S. regulators are concerned about the level of risk at the country’s largest banks in wake of a series of failures last year.
Operational risk is one of the categories by which regulators evaluate overall risk at the banks they oversee. Each bank’s individual ratings are closely held, but regulators sometimes use aggregate data on banks’ grades to highlight areas of concern in discussions with other agencies and the industry.
At the OCC, the operational-risk assessment feeds into a report card known as CAMELS ratings, grading firms on a one-to-five scale for each component — capital adequacy, asset quality, management, earnings, liquidity and sensitivity to market risk. Those grades create an overall rating that determines the degree of scrutiny or leeway a firm faces, including the activities it can engage in and how much capital it has to hold.
MORE:
fortune.com/2024/07/21/bank-operational-risk-occ-report/