2024 ABA Risk and Compliance Conference Insights

This year’s 2024 American Bankers Association (ABA) Annual Risk and Compliance Conference in beautiful Seattle provided an in-depth exploration of the evolving landscape of risk and compliance within the banking industry. Besides the engaging sessions, it was a fantastic opportunity to meet industry leaders, peers, and colleagues in person. With excellent weather and a vibrant venue, attendees could relax a little and enjoy the city while gaining valuable insights.

The conference covered a wide array of topics, from regulatory updates and data governance to the integration of artificial intelligence and the management of climate-related risks. The sessions were designed to equip banking professionals with the knowledge and tools needed to navigate the increasingly complex regulatory environment and to manage emerging risks effectively.

The conference began with an industry update from ABA President and CEO Rob Nichols, a native of Seattle, who highlighted the critical regulatory and supervisory issues facing the banking sector. Mr. Nichols highlighted the ABA’s active advocacy on behalf of the banking industry including lobbying and litigation when necessary. This opening set the stage for a series of sessions focused on optimizing risk management and compliance practices.

One of the key sessions, “Optimizing Testing: Addressing Resources Trends and Efficiency Strategies,” emphasized the importance of dynamic testing calendars that adapt to regulatory changes and business issues. The session advocated for reducing test duplication through standardized reliance and leveraging automation for real-time insights and streamlined processes. The expert panelists offered a self-assessment guide for testing that could be obtained through the ABA and reviewed the modern testing automation tools and techniques currently available.

Data governance was another hot topic, with a dedicated session titled “Check Up on Your Data Governance to Avoid New Risks.” This session underscored the importance of keeping data governance programs up to date with the latest risks and trends. It highlighted the impact of new technologies like generative AI and upcoming regulations such as the CFPB’s Section 1033, which pertains to personal financial data rights. The discussion focused on understanding and inventorying data, assessing its usage, sharing, and destruction, and preparing for the new regulatory requirements.  The presenters offered views on how to start and mature data governance while at all times aligning with the objectives of management, the regulators and other stakeholders.

The conference also addressed the evolving risks associated with new customer relationships and deposit classes in the session “Creative Methods to Obtain Deposits: What Risks are We Taking On.” This session explored the risks banks face when pursuing relationships with customers from various industries, such as gaming, cannabis, and Fintech. Participants were encouraged to consider a broader range of risks beyond mere compliance and to develop strategies for analyzing and managing these risks effectively.  A key insight from Thomas Healy, SVP and Chief Compliance Officer at Discover Financial Services, was that streamlined modules of Fintech companies may inadvertently violate Federal and State laws in certain circumstances, because these institutions may not have the banking attorney oversight built into typical banks.

One of the standout themes of the conference was the integration and regulation of artificial intelligence (AI) in banking operations. The session “Evaluation of the Risks of Artificial Intelligence” delved into the complexities of assessing AI risks, including data integrity, technological glitches, security issues, privacy violations, and discriminatory outcomes. The discussion highlighted the need for robust policies and procedures to mitigate these risks and ensure that AI solutions remain reliable and appropriate for their intended use.  The impressive panel for this session offered valuable insights such as how AI helps banks better manage risk but poses new risks that banks must prepare to address and mitigate in advance.  For example, if left unchecked, AI can exasperate discriminatory lending.  Regulators are encouraging the use of AI in risk management and compliance, but the industry will have to lead the development of proper controls and not rely on the regulators to establish sufficient rules in this new area.

Another critical area of focus was cybersecurity, with sessions like “Redirecting Your Cybersecurity Threat Focus to Improve Bank-Wide Effectiveness.” This session emphasized the importance of understanding cybersecurity threats in the broader context of the entire enterprise. Reid Sawyer from Marsh Advisory presented a comprehensive overview of changing regulatory requirements and provided a roadmap for understanding the economic impact of cyber risks on the entire banking ecosystem.  Attendees learned that ransomware attacks dropped off when Russia invaded Ukraine due to the Russian Government enlisting private resources in support of military operations, but now Russian cyber-attacks are back on the rise.  Overall, the “tail event” cost of ransomware demands (high severity events) in the financial institutions sector has increased from $300 million just five years ago to $2.2 billion recently.

The conference also explored the challenges and strategies related to compliance with the Community Reinvestment Act (CRA) in sessions such as “CRA: An Executive Overview” and “CRA: Adapting Your Business Strategy to the New Rule.” These sessions provided insights into the new CRA rule, its implications for bank risk and strategy, and the necessary adjustments to meet new CRA obligations and tests.  One of the panels walked through useful examples to facilitate attendee understanding of the new rule.

A particularly pressing issue discussed was the management of climate-related risks in the session “Navigating the Climate Minefield: Risks and Strategies for Banks in an Evolving Regulatory Landscape.” This session addressed the regulatory, statutory, and investor-driven risks related to climate change. It highlighted the complexities of complying with varying state and federal regulations, the potential conflicts between them, and the strategies banks can use to navigate these challenges effectively.

Overall, the 2024 ABA Annual Risk and Compliance Conference highlighted significant trends and issues of concern in the banking industry. The conference emphasized the need for dynamic and adaptable risk management strategies, the importance of leveraging technology and automation, and the critical role of comprehensive data governance and cybersecurity practices in safeguarding the banking sector.

For more information on how Oakleaf can assist your organization in navigating these complex challenges, visit our website and explore our wide range of services designed to support your compliance, risk management, and data governance needs.