US Bank Oversight: Reliance on Auditors Raises Regulatory Concerns

A Shift in Oversight: Regulators Increasingly Lean on Internal Bank Audits

US banking regulators are facing a challenge as they scale back their direct supervisory efforts: a growing reliance on internal auditors at financial institutions. This shift, driven by shrinking agency headcounts and narrowed supervisory remits, is raising concerns among risk professionals and regulators alike about potential compromises to independent oversight, according to a report from Risk.net published March 23, 2026.

The Shrinking Regulatory Footprint

The Federal Reserve, the Office of the Comptroller of the Currency (OCC), and the Federal Deposit Insurance Corporation (FDIC) – the three primary US prudential agencies – are operating with fewer resources and a more focused scope. This has led to a situation where regulators are increasingly relying on the work performed by internal audit teams within banks to assess risk and compliance. While internal audits are a crucial component of a robust risk management framework, concerns are mounting that this increased dependence could create conflicts of interest.

Pressure on Audit Independence

The core of the worry centers on the inherent tension between internal auditors and the business units they are tasked with reviewing. As Risk.net points out, despite widespread acknowledgement of the need for audit independence, internal audit teams often face pressure from the incredibly departments they are auditing. This pressure can manifest in subtle ways, potentially influencing audit findings and compromising the objectivity of the process. The report highlights that when audits *do* uncover issues, the resulting scrutiny can create friction and potentially lead to diluted findings.

Broader Trends in Risk Management

This development occurs against a backdrop of evolving risk landscapes within the financial services sector. Crowe specialists identify several key risk areas for internal audit in financial services, including operational resilience, cybersecurity, and regulatory compliance. The increasing complexity of these risks, coupled with the reduction in direct regulatory oversight, amplifies the importance – and the potential vulnerability – of internal audit functions.

Internal Audit’s Expanding Role

The role of internal audit is also evolving beyond traditional compliance checks. The Internal Auditor magazine, published by the Institute of Internal Auditors, highlights a growing emphasis on internal audit’s advisory function. Auditors are increasingly expected to provide proactive insights and guidance to management, helping to strengthen risk management practices and improve overall governance. This expanded role, whereas, further complicates the issue of independence, as auditors may be perceived as being too closely aligned with the business.

Implications for Model Risk Management

The shift in oversight is particularly concerning in the area of model risk management. Banks rely heavily on complex models for a wide range of activities, from pricing derivatives to assessing credit risk. Effective model validation – ensuring that these models are accurate and reliable – is critical for financial stability. If regulators are relying more on internal audit to validate these models, and those internal audit teams are facing pressure from business units, the risk of flawed models going undetected increases significantly.

What’s Next: Increased Scrutiny of Audit Functions

The concerns raised by regulators and risk professionals suggest a period of increased scrutiny for internal audit functions at financial institutions. Regulators are likely to demand greater evidence of audit independence and objectivity, potentially requiring more frequent reviews of audit methodologies and staffing. Banks, in turn, may need to invest in strengthening their internal audit capabilities, ensuring that audit teams have the resources and authority to perform their duties effectively. The situation also underscores the need for a continued dialogue between regulators and the industry to uncover a sustainable balance between efficient supervision and robust risk management.