OCC Imposes Laundry List of Corrective Actions on USAA for Ongoing Failures
The Office of the Comptroller of the Currency (OCC) has issued a formal enforcement action against USAA Federal Savings Bank for serious failures in compliance with regulatory requirements. The OCC found that USAA engaged in unsafe and unsound banking practices, including deficiencies in its compliance management system, risk governance framework, information technology (IT) program, and Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance. The bank failed to correct issues identified in previous consent orders from 2019 and 2022, prompting the OCC to take further action to bring USAA into compliance.
Corrective Actions Required by the OCC
To address these significant shortcomings, the OCC mandated the following corrective actions:
-
Establish a Compliance Committee: USAA must form a Compliance Committee to oversee the bank’s adherence to all regulatory requirements and the provisions of the consent order.
-
Submit a Comprehensive Action Plan: The bank is required to submit a detailed Action Plan that outlines specific remedial actions, responsible parties, and timelines to address deficiencies in risk governance, compliance, IT, and BSA/AML processes.
-
Enhance Risk Governance and Compliance Programs: USAA must implement robust frameworks for risk governance, compliance risk management, and IT risk management to ensure effective identification, monitoring, and control of risks.
-
Strengthen Internal Controls and Monitoring Systems: The bank is obligated to improve its internal controls, IT architecture, and transaction monitoring systems to better detect and prevent compliance breaches and suspicious activities.
-
Conduct Independent Risk Assessments and Look-Back Reviews: The OCC requires USAA to perform independent risk assessments and look-back reviews to identify past compliance failures and implement corrective measures.
-
Implement a Fraud Risk Management Program: USAA must establish a comprehensive fraud risk management program that addresses both internal and external fraud risks, ensuring timely identification, reporting, and mitigation of fraudulent activities.
Every Bank Must Take Notice — And Act Now
The OCC’s enforcement action against USAA is a clear signal to all financial institutions that regulatory compliance is non-negotiable. Here’s why every bank should take immediate action:
-
Regulatory Scrutiny Is Intensifying: With regulators increasing oversight, no financial institution—regardless of size—is immune from enforcement actions. Proactively reviewing and strengthening compliance programs is essential.
-
The Cost of Non-Compliance Is High: Beyond financial penalties, non-compliance can lead to reputational damage, operational disruptions, and loss of customer trust. Investing in robust compliance infrastructure is critical to protecting against these.
-
Accountability Starts at the Top: Boards and senior management must take active roles in ensuring regulatory compliance, fostering a culture of accountability, and holding all levels of the organization responsible for adherence to compliance requirements.
Does Your Compliance Program Meet Regulatory Expectations?
The OCC’s action against USAA underscores the importance of strong governance, proactive risk management, and a culture of compliance to avoid regulatory enforcement actions and fines.
iKinetiq's team of experts has extensive experience working with financial institutions and regulators. We have seen firsthand the costs and consequences of failing to maintain proper compliance programs. We help financial institutions conduct a gap analysis and create an appropriate remediation plan to correct deficiencies.
We offer our services in two models – a self-service model utilizing our compliance assets such as regulatory checklists, process guides, and exam readiness tools; and, a full-service model where our team of experts do the work for you.