QuestSoft Compliance Cafe Blog

Sign up to receive our monthly newsletter!

The OCC’s 5 Key Areas of Focus for 2019

Sep 28, 2018 by Brian Arnesen

On September 25th, the OCC released its bank supervision operating plan for 2019. According to the OCC, “the operating plan guides the development of supervisory strategies for individual national banks, federal savings associations, federal branches, and federal agencies, as well as technology service providers.”

The OCC is focusing on these five areas for the upcoming year:

  • Cybersecurity and operational resiliency.
  • Commercial and retail credit loan underwriting, concentration risk management, and the allowance for loan and lease losses.
  • Bank Secrecy Act/anti-money laundering (BSA/AML) compliance management.
  • Compliance-related change management to address regulatory requirements.
  • Internal controls and end-to-end processes necessary for product and service delivery.


Financial institutions have been in the spotlight recently due to the frequency and scale of data breaches over the past few years. More than “1,500 data breaches occurred in 2017, exposing more than 170 million records” (Statista). So, it’s no surprise that regulators like the OCC will be holding institutions more responsible for the protection of consumers’ data in the future. The OCC will focus on operational resiliency and remediating identified concerns.

Underwriting and Risk Management

The OCC will continue to evaluate institutions’ underwriting policies and decisions for Fair Lending violations. The OCC also made it clear that preparation for the new Current Expected Credit Loss (CECL) model is a priority in 2019. This new accounting model will require more data than before to estimate the expected loss over the life of the loan. The new CECL standards take effect after December 15, 2019.

Bank Secrecy/Anti-Money Laundering Compliance

On May 11, 2018, the beneficial ownership rule became mandatory. This rule requires institutions to use a Customer Identification Program to collect information on individuals who own more than 25% of the equity interests in a company or are single individuals who exercises control when an account is opened. The OCC wants to further evaluate whether Anti-Money Laundering (AML) compliance programs keep pace with changing risk environments and regulatory developments.

Change Management

The OCC wants to make sure that institutions have processes in place to ensure they can respond to compliance implications of regulatory and product changes. In 2019, the OCC will focus on the implementation of regulatory requirements, including the Home Mortgage Disclosure Act (HMDA), the integrated mortgage disclosure requirements under the Truth in Lending Act and Real Estate Settlement Procedures Act (TRID), and the Military Lending Act (MLA).

Internal Controls

Internal controls should be both preventive and detective. Each internal control should have strong policies and procedures in place to ensure compliance, promote efficient operations, ensure data reliability and safeguard information. The OCC will focus on an institution’s implementation of new or revised products and strategic partnerships.

The OCC will provide periodic updates about supervisory priorities and horizontal risk assessments in the Semiannual Risk Perspective report. For more than 20 years, QuestSoft’s products and services have helped institutions of all sizes comply with regulations and reduce risk. Contact us today to learn more.