find your solution.
search for solutions by category, industries, insights, and people.
search for solutions by category, industries, insights, and people.
search for solutions by category, industries, insights, and people.
The banking sector is undergoing major changes this year in regulations, technology risk, liquidity pressures, and audit expectations. Staying complacent is no longer an option. As change accelerates, banking institutions that adapt quickly with clear strategy and agile execution will gain the upper hand. From cyber threats to liquidity strategy, the conversation has been steadily moving toward risk-driven, data-informed action.
Federal banking regulators are experiencing a sharp decline in staff and leadership clarity. Early retirements and government staffing reductions have resulted in changing demographics in the makeup and experience of regulatory teams, including examination teams.
Amid this uncertainty, the Office of the Comptroller of the Currency (OCC) has begun approving fintech acquisitions of banks, signaling openness to new players who did not have access to this space under the prior administration. We would expect the other federal agencies to follow suit with similar approvals. This regulatory instability, along with new entrants to the regulated banking space, adds urgency for institutions to establish their own robust, forward-looking strategy and risk reviews.
Across the board, technology risks remain a top concern. Internal audit and risk committees are prioritizing cybersecurity, with CEOs and boards naming it a top strategic threat. Banks must ask: Is our approach to cyber keeping up with the latest threats or is it just compliant enough to appease regulators? Often, more robust approaches to cybersecurity than those required by the Federal Financial Institutions Examination Council (FFIEC) may be needed to combat these evolving risks.
Social engineering, ransomware, insider threats, and voice cloning require more than standard FFIEC compliance. Phishing simulations, training programs, and scenario-based incident response drills are now core to risk and/or audit scopes.
The regulatory focus on liquidity, pledging strategies, and deposit modeling is intensifying. Institutions are expected to stress-test their funding sources, rethink policy limits, define “core deposits” with more rigor, and continually enhance modeling and stress testing assumptions.
A matrix-style approach to liquidity that considers deposit type, depositor profile, and service channel is becoming the new standard. Maximizing unencumbered assets and increasing borrowing capacity are now expectations.
In tandem, the asset/liability committee (ALCO) process must become more dynamic. Assumptions around betas and decay rates are under scrutiny. Given the uncertainty around the economy and interest rate policies, adopting a neutral rate position focused on growth strategies and not forecasted rate movements may be the safest bet.
For many, internal audit risk assessments have traditionally been a once-a-year exercise. However, in response to recent volatility, such as tariffs, government contract cancelations, and economic uncertainties in some regions, best practices now call for continuous updates.
For example, government staffing reductions and funding cuts in the greater Washington, DC area are impacting commercial real estate (CRE) and employment, as well as those in the government contracting space. These risk factors should be reflected in credit reviews, credit and liquidity monitoring, and audit scoping. Yet many institutions finalize their audit plans early in the year and fail to revisit them as risks and priorities change over time.
From an examiner’s perspective, static risk assessments send the wrong signal. If your institution hasn’t updated its risk assessment since January, be prepared to explain why. Examiners may expect mid-year documentation showing how you assessed emerging risks and whether those developments warranted an adjustment to the audit plan.
Qualitative factors within the Allowance for Credit Losses continue to present challenges for many institutions. There is increasing pressure to anchor Current Expected Credit Losses (CECL) reserves in data, but real-time metrics are often lagging or unavailable. Institutions must balance flexibility with accountability and start using predictive indicators to inform risk appetite.
If you’re still basing policy exceptions on outdated assumptions, it’s time to update either the policy or the loan practices themselves. Asset quality hasn’t yet deteriorated significantly, but concerns persist around consumer and commercial portfolios due to macroeconomic pressure, tariff uncertainty, and government funding reductions, all of which could accelerate credit risks.
For more on CECL model validation challenges and best practices, read our related insight.
At Elliott Davis, we help financial institutions move from reactive approaches to proactive strategies across areas such as audit, ALCO, and cybersecurity. Our team brings deep industry insight and hands-on experience to help you anticipate changes in regulations, strengthen internal controls, and align your risk posture with today’s expectations.
Whether you're reassessing your CECL model, enhancing liquidity modeling, or modernizing your audit plan, we’re here to guide you with practical, data-informed solutions. Contact us today to explore how we can support your current risk priorities.
The information provided in this communication is of a general nature and should not be considered professional advice. You should not act upon the information provided without obtaining specific professional advice. The information above is subject to change.
