The Office of the Comptroller of the Currency (OCC) has fined USAA’s federal savings bank business $85 million for risk management failures.
In a statement last week, the regulator said the bank had failed to “implement and maintain an effective compliance risk management program and an effective information technology risk governance program”.
The penalty is the third multi-million-dollar fine levied by the OCC this month, following a $60 million fine for Morgan Stanley relating to the decommissioning of two data centers, and $400 million for Citibank over risk management and data governance failings.
On the USAA fine, the OCC said the failings resulted in law breaches, including the Military Lending Act and the Servicemembers Civil Relief Act.
USAA entered into an agreement with the OCC in January 2019 regarding the breaches, and has been working to address the problems since then.
In a statement, cited by the San Antonio Express News, USAA CEO Wayne Peacock said: “Simply put, we have fallen short of our high standards and those of our members and our regulators.
“As we grew quickly over the last decade, we never wavered from our commitment to serve members. However, we did not sufficiently invest in the capabilities and expertise necessary to meet regulatory requirements and evolving business needs.
“We have been working diligently and investing substantial resources to address the gaps. This is our most urgent and fundamental priority and is essential to serve members with excellence, now and in the future.”
The OCC’s investigation fund that USAA had “deficiencies in all three lines of defense (first-line business units, independent risk management, and internal audit) in its compliance risk management program”.
The January 2019 consent order detailed how USAA’s internal audit capabilities were insufficient for a bank of its size, on top of the compliance risk management failures.