OCC Takes Action Against USAA for Failing to Address Multiple Deficiencies
The Office of the Comptroller of the Currency (OCC) has issued a comprehensive cease-and-desist order to USAA Federal Savings Bank, citing noncompliance with prior directives and regulatory requirements. The order mandates corrective actions in risk governance, compliance, IT, fraud management, and third-party services, and includes restrictions on the bank’s growth and innovation. This marks the latest in a series of regulatory actions against USAA, highlighting ongoing deficiencies and raising concerns about its management practices.
![OCC Takes Action Against USAA for Failing to Address Multiple Deficiencies](https://www.ghtna.com/uploads/images/202412/image_870x_676c0c22af15a.jpg)
The Office of the Comptroller of the Currency (OCC) has issued a comprehensive cease-and-desist order to USAA Federal Savings Bank, citing the bank’s noncompliance with elements of prior orders and OCC requirements. Publicly disclosed on Wednesday, the order mandates USAA to address a wide range of deficiencies identified by the regulator, including issues related to management, earnings, information technology, consumer compliance, internal auditing, and violations of suspicious activity reporting protocols.
Additionally, the order restricts the bank from introducing certain new products or services and imposes limitations on expanding its membership criteria.
In response, a USAA spokesperson stated on Thursday that the OCC’s directive "outlines requirements to advance the Bank’s risk and compliance management to the level we and our regulators expect." The spokesperson acknowledged inconsistent and slow progress but emphasized that the bank is well-positioned to complete the necessary improvements.
USAA provides banking and insurance products to military members, veterans, and their families.
The latest enforcement action against USAA’s bank adds to a series of regulatory challenges in recent years. In January 2019, the OCC issued a consent order addressing unsafe banking practices related to the bank’s IT program, compliance management system, and risk governance framework. In 2020, the OCC imposed an $85 million penalty for these issues.
Further scrutiny came in March 2022 when the OCC identified deficiencies in USAA’s anti-money laundering (AML) and Bank Secrecy Act (BSA) compliance programs, resulting in an additional $140 million in penalties from both the OCC and the Financial Crimes Enforcement Network.
The new order, which supersedes the 2019 and 2022 directives, cites continued noncompliance with previous orders and the OCC’s heightened standards for large banks. It mandates comprehensive corrective actions to address deficiencies in risk governance, compliance, IT, fraud, and third-party services.
The bank’s board has been instructed to establish a compliance committee to oversee the corrective actions, and USAA must develop an action plan detailing the necessary remedial steps with clear timelines. The OCC also emphasized the need for more timely suspicious activity reporting, enhanced consumer protection compliance, and improved risk management and audit training.
A USAA spokesperson stated that the order acknowledges progress made in the bank's BSA/AML program, particularly the closure of the 2022 consent order. “With a stronger foundation in place to prevent and mitigate risk, we will continue to enhance our capabilities and processes to ensure we consistently serve our members with excellence,” the spokesperson said.
According to risk management consultant James Lam, the order must be the top priority for the bank’s board and management. He noted that, after multiple orders, there may be opportunities to improve communication with lead examiners.
A notable aspect of the new order is its focus on compensation. It stipulates that the bank must refrain from making incentive-based compensation payments to covered individuals starting April 1, 2025. The bank must submit an annual plan within 90 days outlining a process for ensuring that incentive-based payments reflect adverse risk outcomes. Legal expert Carl Goss described the measure as “harsh,” comparing it to a civil money penalty.
USAA CEO Wayne Peacock, who has held the position since 2020, will step down in the first half of 2025 after a new CEO is appointed.
The bank is also prohibited from adding new products or services or expanding membership criteria without evaluating the compliance and operational risks associated with those changes, documenting controls to mitigate those risks, and providing 90 days’ notice to the Examiner-in-Charge.
Lam expressed concern that the timing of the restriction, particularly during a period of technological disruption in banking, could hinder USAA’s growth and innovation.
The OCC has directed the bank to implement a fraud risk management program aligned with its risk profile, covering both internal and external fraud. Goss noted that specific fraud risk management provisions are becoming more common in enforcement actions due to rising fraud-related losses.
The new order highlights that USAA has made insufficient progress on prior regulatory concerns while also introducing new issues, such as fraud risk management. Patrick Haggerty from Klaros Group commented on the comprehensiveness of the order, noting it covers much of the same ground as previous ones after five years of oversight, but without civil money penalties.
The OCC has reserved the right to impose further penalties or enforcement actions if the bank fails to address the issues outlined in the current order.
The USAA spokesperson reiterated that the bank is committed to identifying and resolving issues while strengthening its programs and risk management culture. The bank is investing in additional systems and training to reinforce these efforts.
Lam emphasized the importance of a unified enterprise risk management framework that integrates all of these requirements, rather than a fragmented approach. "You can’t play whack-a-mole," he said.
What's Your Reaction?
![like](https://www.ghtna.com/assets/img/reactions/like.png)
![dislike](https://www.ghtna.com/assets/img/reactions/dislike.png)
![love](https://www.ghtna.com/assets/img/reactions/love.png)
![funny](https://www.ghtna.com/assets/img/reactions/funny.png)
![angry](https://www.ghtna.com/assets/img/reactions/angry.png)
![sad](https://www.ghtna.com/assets/img/reactions/sad.png)
![wow](https://www.ghtna.com/assets/img/reactions/wow.png)