A number of major banks in the United States have been identified as having an inadequate grasp of operational risk by the Office of the Comptroller of the Currency (OCC), according to confidential assessments. The OCC, which is a key U.S. regulator, found that 11 out of 22 large banks it oversees have insufficient or weak management of operational risk.
Operational risk encompasses a broad range of potential threats to banks beyond loans going bad or market swings causing losses. These risks include cyber attacks, employee errors, legal troubles, natural disasters and technology issues.
Approximately one-third of these banks rated three or worse on a five-point scale for overall management. This indicates concern from U.S. regulators about the level of risk at the country's largest banks.
The OCC's operational risk assessments are part of a larger scoring metric known as CAMELS rating, which stands for six measures of operations: capital adequacy, asset quality, management, earnings, liquidity and sensitivity to market risk.
The downgrading of banks' CAMELS rating can have far-reaching implications. It affects banks' deposit insurance premiums, audits and their ability to engage in certain activities. Downgraded lenders may be barred from making deals and denied emergency liquidity from the Federal Reserve.
The harsh grades are part of sweeping regulatory scrutiny following record-setting bank failures last year, with regulators vowing to do more to identify and act on problems.
Banks have to show regulators plans for managing operational risks, and they have to hold capital against those threats. However, these risks are harder to measure than credit or market risks.
Operational risk is a catch-all category that functions as the broadest component of the OCC's supervisory framework. It is elevated as the industry responds to an increasingly complex operating environment.