Takeaways From the OCC’s Semiannual Risk Perspective

The Office of the Comptroller of the Currency’s (OCC’s) Semiannual Risk Perspective summarizes the key risks and emerging issues facing the federal banking system; assesses trends across credit, market, operational, compliance, strategic, and liquidity risk categories; and highlights critical vulnerabilities. The fall 2025 report, published in December 2025, primarily reflects financial data as of June 30, 2025. Following is a summary of the report with a focus on key findings.

Economy and banking industry health overall

According to the OCC, the U.S. economy generally demonstrates overall resilience, characterized by steady corporate profitability, sustained consumer spending, and moderate gross domestic product growth, notwithstanding a contraction in the first quarter of 2025. While job creation has decelerated, the unemployment rate remains at historically low levels. In response to moderating inflation and signs of softening in the labor market, the Federal Reserve has reduced the federal funds rate, and additional rate cuts are anticipated. Inflationary pressures are easing, and most economic forecasts project ongoing expansion without a recession; however, even modest increases in unemployment could heighten credit risk among more vulnerable borrowers.

The OCC notes that banking sector performance remains solid, in part because of increases in both net interest income and noninterest income. Smaller financial services organizations, in particular, are benefiting from favorable loan repricing dynamics and improved net interest margins. Overall, bank balance sheets are sound and supported by strong capital and liquidity positions, which provide a buffer against potential economic volatility and interest rate fluctuations while sustaining earnings stability.

Per the OCC’s report, the federal banking system also is in good condition, underpinned by robust capital and liquidity positions, satisfactory profitability, widening net interest margins, a reduction in unrealized losses on investment securities, stable credit quality indicators, and strong liquidity supported by deposit growth and available contingent funding sources. Concurrently, cyber risks, particularly those stemming from foreign state-sponsored entities and increasingly sophisticated criminal organizations, continue to present significant threats. Rapid financial innovation also creates strategic opportunities and operational challenges; organizations that do not invest in emerging technologies and evolving service delivery models could encounter longer-term performance and franchise sustainability risks. In response, the OCC continues to advocate for a regulatory framework that fosters responsible innovation while preserving safety and soundness.

The OCC’s commentary on strategic priorities underscores the importance of organizational agility and disciplined, well-focused investments in cybersecurity and operational resilience, technological advancement and innovation, and careful oversight of growth strategies and new business initiatives. Although organizations currently benefit from strong financial footing, this period requires sustained vigilance and proactive engagement with strategic partners and regulatory authorities as the risk environment continues to evolve.

Key risk themes and takeaways for risk managers

Credit risk

Although overall loan performance remains manageable, certain segments, such as multifamily commercial real estate (CRE), are showing weakening credit performance, and tighter underwriting standards reflect stress in commercial and industrial and CRE lending.

Credit risk requires targeted oversight. Delinquencies, loss rates, and classified levels remain below long-term averages despite modest year-over-year increases. While overall asset quality remains manageable, emerging stress on multifamily CRE and economically sensitive borrowers calls for enhanced portfolio monitoring, refined stress testing, and active concentration management.

Organizations should maintain disciplined monitoring; however, current conditions do not suggest an immediate need for broad-based defensive actions. A targeted approach to risk identification, rather than indiscriminate tightening, helps allocate attention and resources more effectively. Organizations can strengthen oversight by actively monitoring portfolio performance, maintaining current insight into individual borrower conditions, and remaining attentive to concentration risk indicators. Additionally, focusing on leading credit signals of borrower stress, such as increasing use rates and late or irregular payments, provides more timely and actionable information than relying solely on lagging measures, including rising classifications.

Market and liquidity risk

Net interest margins vary across banks due to changing loan yields and funding costs, and unrealized investment portfolio losses, while reduced from prior years, remain a consideration.

Market and liquidity risk management must remain dynamic. Variability in net interest margins and lingering exposure to unrealized investment losses highlight the need for proactive balance sheet management, interest rate risk modeling, and disciplined funding strategies.

Organizations should maintain active balance sheet management rather than defensive retrenchment. They should avoid becoming complacent with funds management and continue to monitor risk factors such as concentrations of deposit, type of industry, and sector exposures.

Operational and cybersecurity risk

Cyberthreats from sophisticated and state-sponsored actors continue to target the banking sector and legacy technology infrastructure reveals operational vulnerabilities. These dynamics underscore the importance of sustained investment in operational and cyber resilience, including robust cybersecurity controls, effective third-party risk management, and timely modernization of IT systems.

Because of the myriad threats involved, organizations should adjust their approach. Cyber risk is no longer solely a technology issue; it is a strategic, operational, and compliance risk requiring cross-functional ownership. Business continuity and disaster recovery considerations should be included as part of the risk assessment process across all risk stripes.

Fraud risk

Elevated levels of progressively more sophisticated fraud and scam activity continue to generate operational losses across the banking sector, which draw heightened regulatory attention, including consideration of coordinated actions to mitigate payments fraud risk. In response to this escalating threat environment, banks are incorporating enhanced fraud detection capabilities, strengthened payments controls, and customer awareness initiatives into broader operational risk management frameworks.

Organizations should account for fraud risk as a stand-alone operational risk, not a subordinate issue of compliance or technology. They should consider either outsourced arrangements or investing internally in assessments to evaluate the level and significance of fraud risk exposure arising from the organization’s unique business model and operational footprint.

Compliance risk

Ongoing compliance pressures include adapting to evolving consumer protection and anti-money laundering (AML) requirements, fair lending considerations, and regulatory changes affecting the Community Reinvestment Act (CRA) and other areas. Compliance adaptability is essential. Ongoing regulatory change across consumer protection, AML, sanctions, and CRA expectations necessitates flexible compliance systems and strong governance.

Organizations should confirm compliance programs are nimble and well documented, with clear processes to track, interpret, and operationalize regulatory changes without creating gaps or overcorrecting. Something as foundational as making sure policy and procedures are up to date and consistent with operational practices can significantly mitigate risk exposures. For Bank Secrecy Act and AML concerns, organizations should maintain alignment of risk assessment, customer due diligence, and account action decisions to support transparency and consistency. Additionally, organizations should maintain a strong governance framework that promotes board and senior management awareness to allow for prompt detection and mitigation of potential risks.

Innovation and strategic risk

Rapid financial innovation presents opportunities but also risks for banks that lag in investing in new technologies, which could affect long-term performance and competitive position. Both strategic and innovation risks must be actively managed. Banks that fail to invest in new technologies and evolving delivery channels risk long-term competitive disadvantages.

Strategic risk stems from inaction, so organizations need to innovate, but they first should create a road map for how to do so. Organizations need to balance innovation pace with disciplined execution, sound risk management and oversight, and regulatory alignment. No matter their size or complexity, organizations must consider risk appetite frameworks as they increasingly seek third-party partnerships. Establishing risk frameworks helps promote a culture of innovation while maintaining controls.

Themes across OCC reports

The fall 2025 report reflects an evolution in both emphasis and context compared with previous reports. Consistent with earlier editions, the report affirms that the federal banking system remains sound overall, with strong capital and liquidity metrics, manageable credit quality, and generally controlled market risk. However, compared with the spring 2025 edition, the fall 2025 report places greater emphasis on emerging vulnerabilities tied to cybersecurity threats and technological innovation and highlights an increase in sophisticated foreign state-sponsored cyber activity and the strategic importance of modernizing legacy IT infrastructure – areas that were present in previous reports but less prominent.

Streamlined approach

A review of the fall 2025 report reveals a more concentrated set of risk themes and a more streamlined narrative. Overall, the fall 2025 report cuts back on breadth and depth of analysis compared to previous years’ reports. The fall 2025 report (15 pages) is a much more succinct summary with less granular data compared to earlier editions, prioritizing high-level insights and emerging themes. Looking back one year, the fall 2024 report (40 pages) includes extensive sections on trends, risk drivers, special topics, and risk metrics. The fall 2025 report demonstrates a shift from previous reports’ broader analytical depth toward more focused and theme-oriented reporting. It is organized around a targeted focus on specific emerging threats such as cyber risk, fraud, and innovation risk management.

Focus on innovation

The OCC’s treatment of innovation represents a notable and purposeful shift in supervisory emphasis. Rather than discussing innovation solely as an operational challenge or risk category, the report frames innovation as a strategic risk driver with dual implications: Innovation offers opportunities for competitive advancement but also poses material risks for organizations that fail to adapt. The OCC’s supervisory perspective recognizes innovation as integral to risk management and to long-term viability in the banking sector, as indicated by the following examples.

• Innovation as a strategic risk. The OCC highlights that the rapid evolution in financial products, services, and delivery channels, including digital transformation, fundamentally changes the competitive landscape. Banks that are slow, reluctant, or unable to adopt new technologies face opportunity costs that can erode performance and resilience over time.
• Innovation risk and risk management. Importantly, the OCC does not treat innovation purely as a threat. Instead, it emphasizes the need for banks to embed innovation into risk frameworks so that new technologies and business models are pursued without compromising safety and soundness. This approach reinforces the imperative that innovation and risk control can, and must, coexist.
• Technology modernization as a resilience imperative. Coupled with the innovation theme, clear links exist between operational and cyber risk. Outdated legacy systems and end-of-life infrastructure are not just efficiency concerns but material risk vulnerabilities. The OCC acknowledges that modernization is both a risk mitigation strategy and a platform for innovation.
• Regulatory support for responsible innovation. The OCC signals its intent to foster a regulatory environment that allows banks to evolve their business models and services. This nuanced stance balances enabling technological progress with prudent oversight – an important message for organizations navigating regulatory expectations amid competitive pressures.

Opportunity and accountability

The fall 2025 OCC Semiannual Risk Perspective underscores a shift in the OCC’s supervisory philosophy toward a more streamlined, risk-focused, and innovation-supportive approach. Rather than applying broad, prescriptive oversight uniformly across organizations, the OCC emphasizes targeted supervision aligned to material risk, bank size, complexity, and business model while maintaining core safety and soundness expectations.

This shift is reinforced by several supervisory and policy actions during 2025. The OCC’s removal of reputation risk as a standalone category from supervisory review (OCC Bulletin 2025-4) reflects a move away from subjective or indirect risk considerations toward objective, measurable, and risk-based analyses. Similarly, the adoption of tailored examination approaches for community banks (OCC Bulletin 2025-24) demonstrates recognition that proportional supervision can enhance effectiveness without diluting standards. The reduction in AML data collection requirements (OCC Bulletin 2025-38) signals the agency’s intent to improve regulatory efficiency, reduce unnecessary burden, and allow banks to focus resources on higher-risk activities and outcomes. Finally, the OCC’s proposed increase in heightened standards threshold from $50 billion to $700 billion (OCC 2025-51) illustrates the OCC’s broader supervisory recalibration by raising the bar for the most prescriptive governance expectations and concentrating those standards on truly system-critical organizations.

At the same time, the OCC positions itself as an enabler, rather than a barrier, to responsible innovation. This stance is evident in its stated goal of fostering a regulatory environment that supports banks’ efforts to modernize products, services, and delivery channels as well as in the notable increase in chartering activity during 2025. The issuance of five conditional approvals and six additional pending applications for new or converted national bank charters, including organizations proposing to offer digital asset-related products and services, illustrate the OCC’s willingness to engage with novel business models when supported by sound governance, risk management, and compliance frameworks.

Taken together, these developments indicate that the OCC is prioritizing clarity, proportionality, and forward-looking supervision while holding firm on core expectations related to safety, soundness, fairness, and regulatory compliance. For bank management, this environment presents both opportunity and accountability. Organizations that demonstrate strong risk governance, disciplined innovation, and effective change management are well positioned for growth.