OCC Semiannual Risk Perspective

FALL 2024	vs	SPRING 2025
Highlights increased external fraud activity, reflecting an immediate and pressing threat to the federal banking system. The report emphasizes proactive fraud detection and response measures to safeguard banking operations.		Reaffirms external fraud as a persistent operational risk, now more intertwined with system vulnerabilities and legacy tech risks. Emphasis has shifted from simply identifying fraud to ensuring fraud risk management is integrated into broader operational resilience strategies.
Cyber threats are directly linked to the rise in external fraud, such as ransomware, phishing, and supply chain attacks. It stresses the urgency of implementing advanced monitoring tools and robust incident response frameworks.		Elevates concern over cascading failures due to overreliance on single service providers. Warns of ATM “jackpotting,” expanded ransomware tactics (e.g., double extortion), and broader systemic implications of cyberattacks, urging advanced incident response and operational resilience measures.
Focuses on the regulatory and operational risks posed by adopting products like digital currencies and instant payments. It highlights the importance of aligning innovation with compliance and risk assessments.		Adds sharper focus on AI, including generative AI use in underwriting, fraud detection, and compliance. Encourages responsible AI adoption while acknowledging cybersecurity, model, and compliance risks from AI integration.
The focus on external fraud activity delves into emerging schemes targeting customer and institutional vulnerabilities. Banks are advised to enhance fraud prevention strategies and cross-industry collaboration.		Shifts to a broader theme of operational resilience, encompassing fraud, cyber threats, fintech reliance, and climate-related disruption. Encourages banks to map interdependencies, prepare for cascading disruptions, and stress-test both liquidity and operational recovery plans.

Highlights increased external fraud activity, reflecting an immediate and pressing threat to the federal banking system. The report emphasizes proactive fraud detection and response measures to safeguard banking operations.

Reaffirms external fraud as a persistent operational risk, now more intertwined with system vulnerabilities and legacy tech risks. Emphasis has shifted from simply identifying fraud to ensuring fraud risk management is integrated into broader operational resilience strategies.

Cyber threats are directly linked to the rise in external fraud, such as ransomware, phishing, and supply chain attacks. It stresses the urgency of implementing advanced monitoring tools and robust incident response frameworks.

Elevates concern over cascading failures due to overreliance on single service providers. Warns of ATM “jackpotting,” expanded ransomware tactics (e.g., double extortion), and broader systemic implications of cyberattacks, urging advanced incident response and operational resilience measures.

Focuses on the regulatory and operational risks posed by adopting products like digital currencies and instant payments. It highlights the importance of aligning innovation with compliance and risk assessments.

Adds sharper focus on AI, including generative AI use in underwriting, fraud detection, and compliance. Encourages responsible AI adoption while acknowledging cybersecurity, model, and compliance risks from AI integration.

The focus on external fraud activity delves into emerging schemes targeting customer and institutional vulnerabilities. Banks are advised to enhance fraud prevention strategies and cross-industry collaboration.

Shifts to a broader theme of operational resilience, encompassing fraud, cyber threats, fintech reliance, and climate-related disruption. Encourages banks to map interdependencies, prepare for cascading disruptions, and stress-test both liquidity and operational recovery plans.

Comparison table between fall 2024 and spring 2025