Michael Brauneis and Andrew Retrum, Protiviti Managing Directors
While cybersecurity and operational resilience have been on the Office of the Comptroller of the Currency’s (OCC) supervisory radar for several years, the emphasis appears to have expanded. In the 2019 plan, the stated supervisory objective was maintaining information technology systems and remediating identified concerns. In the latest plan, however, the emphasis is on threat vulnerability and detection, access controls and data management, and managing third-party connections.
This article further discusses the OCC’s supervisory plan for 2020, which is designed to help financial institutions set their own risk management strategies and priorities.