OCC Penalizes Bank for Violations of Prior Cease and Desist Order

The Office of the Comptroller of the Currency (OCC) amended a prior consent order and issued significant civil money penalties against a large national bank for violations of the prior consent order related to deficiencies in risk management, internal controls, and data governance.

In 2020, the OCC and the bank entered into a consent order due to the bank allegedly failing to implement and maintain sufficient enterprise-wide compliance and risk management programs, internal controls, and a data governance program commensurate with the bank’s size, complexity, and risk profile.  These failings allegedly violated the OCC’s heightened risk governance requirements for banks with more than $50 billion in assets.  As a result, the bank was required, among other things, to create a new board of director’s compliance committee; implement significant remedial action to address the deficiencies; increase staffing and technology resources related to risk management and data governance; and obtain prior approval from the OCC for any large acquisitions, such as portfolio or business acquisitions.  The prior consent order did not include any monetary penalty or fines.

Now, the OCC has found that while the bank took steps to meet its obligations under the 2020 consent order, it failed to make sufficient and sustainable progress towards achieving compliance.  The OCC and the bank therefore amended the prior consent order to further require OCC approval for any future dividend or capital distributions based on whether the OCC finds that the bank has allocated sufficient resources towards achieving timely and sustainable compliance with the consent order.  The bank also agreed to pay a $75 million civil money penalty.