The Office of the Comptroller of the Currency (OCC) on Wednesday levied a $85 million civil money penalty against USAA Federal Savings Bank for a series of "unsafe or unsound banking practices" in its compliance risk management and information security programs.
The OCC first identified the issues in a January 2019 consent order, where it ordered the bank to fix the operational failures.
"While we've worked diligently to address our challenges by hiring the right expertise and improving systems and processes, we have not moved fast enough to close some gaps," USAA spokesperson Matthew Hartwig wrote in an email. "USAA Bank is working cooperatively with the OCC and will continue to do so."
USAA Bank's penalty comes a week after the OCC rated the San Antonio-based bank as "needs to improve" in its compliance with the Community Reinvestment Act (CRA), the 1977 anti-redlining law that governs lending in low-income neighborhoods.
The regulator's report found 546 recorded violations of the Servicemembers Civil Relief Act, including failure to provide protections to military reservists, wrongful repossessions of vehicles and the filing of inaccurate affidavits in default judgment cases, according to the San Antonio Business Journal.
The OCC report also found evidence of 54 violations of the Military Lending Act for using remotely created checks to collect past-due amounts from members who were covered borrowers, according to S&P Global.
The bank — a subsidiary of USAA, an insurer that primarily serves the military community and its families — had a previous overall rating of "satisfactory."
"The Bank has failed to implement and maintain an effective compliance risk management program and an effective IT risk governance program commensurate with the Bank's size, complexity, and risk profile," the OCC's consent order states.
The regulator said the bank has deficiencies in all three lines of defense — "first-line business units, independent risk management, and internal audit" — in its compliance risk management program.
"Simply put, we have fallen short of our high standards and those of our members and our regulators," USAA CEO Wayne Peacock wrote in an emailed statement. "[W]e did not sufficiently invest in the capabilities and expertise necessary to meet regulatory requirements and evolving business needs. We have been working diligently and investing substantial resources to address the gaps. This is our most urgent and fundamental priority and is essential to serve members with excellence, now and in the future."
Prior to last year's OCC consent order, the bank entered into a separate, unrelated consent order with the Consumer Financial Protection Bureau (CFPB) over allegations the bank reopened deposit accounts without customers' consent and ignored requests to stop payments, according to American Banker.
As part of the CFPB order, the bank agreed to pay a $3.5 million fine and $12 million in restitution to 66,000 customers.