The OCC's Vision for Future-Ready Bank Supervision: Enhancing Financial Resilience Amid Change

In a world where financial headlines often focus on regulations and crises, the nuances of bank supervision often remain under-appreciated. However, Acting Comptroller of the Currency Michael Hsu’s recent remarks at the Joint European Banking Authority and European Central Bank Conference shed light on the vital yet understated role of bank supervision, especially as the financial landscape grows increasingly complex.

Hsu’s speech, delivered on September 3, 2024, emphasized the evolution of bank supervision over the past few decades, highlighting how its confidential nature has often kept it out of the public eye. Yet, as banks and financial systems have expanded in size and complexity, the stakes have never been higher for both banks and their supervisors.

Supervision, as Hsu explained, is more than just enforcing regulations—it’s about cultivating safe and sound practices within banks. Drawing an analogy between regulation and supervision, he likened regulation to setting speed limits while supervision ensures safe driving. This distinction underscores the proactive and adaptive nature of supervision, which requires a mix of skills and roles to be effective.

For compliance and governance, risk, and control (GRC) professionals, Hsu’s insights are particularly relevant. The evolving role of bank supervision parallels the challenges faced by compliance teams: both must navigate a landscape where nonfinancial risks—such as cyber threats, operational disruptions, and IT vulnerabilities—are as critical as financial risks.

The Ground Game: Building Resilience Inch by Inch

Hsu described supervision as a "ground game," requiring consistent, ongoing interactions between supervisors and banks. This approach allows supervisors to develop independent, informed views of a bank’s strengths, vulnerabilities, and overall financial health. It’s a slow and steady process, much like daily exercise, where the cumulative impact over time is what truly matters.

A recent example highlighted by Hsu was the banking sector's resilience during the CrowdStrike incident. While other industries experienced significant disruptions due to a faulty patch, banks remained largely unaffected. This outcome, Hsu noted, was not by accident but the result of years of supervisory efforts focused on improving cyber, operational, and IT risk management—a lesson in the importance of persistent, long-term supervision in building resilience.

Effective supervision, according to Hsu, is a craft that demands a unique blend of skills: curiosity, critical thinking, emotional intelligence, and an unwavering commitment to public service. It’s akin to investigative journalism or intelligence gathering, where asking the right questions and drawing out new insights differentiates good supervision from great supervision.

This craftsmanship resonates with the work of GRC professionals who must navigate complex regulations, identify emerging risks, and foster a culture of compliance within their organizations. Like supervisors, they must balance the art of diplomacy with the authority to enforce rules when necessary, all while maintaining a focus on the bigger picture of risk management.

The Asymmetry of Supervision: Invisible Successes and Public Failures

One of the key points Hsu made was the asymmetry of supervision. Successful supervision is often invisible, with the public only taking notice when something goes wrong—such as the failures of Silicon Valley Bank and Signature Bank earlier this year. This dynamic can pressure supervisors to adhere closely to checklists, potentially stifling the judgment and discretion needed for effective risk-based supervision.

For compliance officers, this asymmetry is a familiar challenge. The focus often falls on what goes wrong, with successes going unnoticed. Yet, as Hsu emphasized, the true measure of effective supervision—and by extension, compliance—is the ability to prevent crises and navigate complexities before they escalate.

As the financial system continues to grow in size and complexity, Hsu called for an evolution in supervision practices. He advocated for a "team-of-teams" approach, where different supervisory teams work together to cover the broad spectrum of risks, both financial and non-financial. This approach mirrors the collaborative efforts needed in GRC functions, where cross-functional teams must work together to manage emerging risks effectively.

Hsu also highlighted the need for supervisors to be as adept at covering nonfinancial risks as they are with financial risks. With the increasing interdependencies between banks and nonbanks, and the accelerating pace of change, the stakes have risen. GRC professionals, too, must adapt to these changes, ensuring that their risk management strategies are robust, agile, and forward-looking.

The Ongoing Evolution of Supervision & GRC

In his closing remarks, Hsu urged supervisors to embrace risk-based supervision and remain vigilant against the trap of check-the-box approaches. This call to action is equally relevant to GRC professionals, who must prioritize the most significant risks and maintain the agility to adapt to an ever-changing regulatory landscape.

As Hsu’s speech makes clear, the craft of supervision is evolving alongside the banking system it oversees. For those in the compliance and GRC fields, the lessons drawn from bank supervision’s evolution offer valuable insights into managing risks, fostering resilience, and navigating the complexities of today’s financial environment.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.