Top enforcement actions against banks in 2024

December 27, 2024 2:00 PM

Banking regulators cracked down on companies in 2024 for violations related to banking as a service amid a massive breakdown in the sector, historic money-laundering crimes and a litany of practices that harmed consumers.

The industry's four top watchdogs — the Federal Reserve, the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corp. and the Consumer Financial Protection Bureau — dished out more than 120 enforcement actions, fines, lawsuits and complaints against banks of all sizes. The OCC alone took 36 formal enforcement actions against banks, more than triple what it did in 2023.

More than half a dozen banks got dinged in the last year for struggling to manage their third-party relationships, known as banking as a service, or BaaS. The issue was exacerbated in April after the bankruptcy of Synapse, a software firm that connected banks with fintechs, left thousands of people without access to their money. Synapse and four partner banks are still missing between $65 million and $85 million of customer funds.

In 2024, some banks, including Blue Ridge Bank, Five Star Bank and Metropolitan Commercial bank, said they would exit the BaaS business.

Policing for dirty money also got the spotlight in 2024, as TD Bank Group was found to have facilitated the movement of more than $670 million due to major shortfalls in risk management. Other megabanks also got the hammer for similar violations, on far smaller scales, which some experts pointed to as a renaissance of the compliance issue from a spate of enforcement actions following the financial crisis of 2007.

The CFPB also zeroed in on failings with card services. The bureau fined Navy Federal Credit Union $95 million for unfairly charging overdraft fees and penalized Goldman Sachs nearly $65 million for rolling out a credit card with Apple that wasn't up to snuff.

Here's a list of some of the most significant enforcement actions of 2024.

Bloomberg

TD Bank Group

The Canadian bank was fined more than $3 billion in penalties and hit with the second-ever asset growth cap for regulatory violations in the U.S. when it pleaded guilty to record anti-money-laundering-related crimes in October.

TD is the first bank in U.S. history to plead guilty to conspiracy to launder money after a Department of Justice probe alleged the bank knew its compliance system was subpar and ignored "glaring red flags." The OCC, marking a first for the agency, slapped growth handcuffs on TD that will hamper U.S. operations indefinitely.

Still, law enforcement and regulators have taken some flack for not more harshly penalizing TD — the 10th-largest bank in the States by asset size. Sen. Elizabeth Warren, D-Mass., said in a letter to the DOJ that its "absurd legal gymnastics" helped the bank avoid charter-revocation proceedings with the OCC, known as the death-penalty provision. CFPB Director Rohit Chopra said in December that the FDIC should consider expanding the benchmark for launching deposit-insurance termination hearings, noting that crimes like TD's should trigger such measures.

TD also saw regulatory strife in its home country with the Financial Transactions and Reports Analysis Centre of Canada, or Fintrac. The bank was hit with a fine of 9.2 million Canadian dollars for anti-money-laundering violations, the largest penalty in Fintrac's history.

On top of the AML headlines, the CFPB ordered TD in September to pay $28 million for credit reporting failings. The bank entered a consent agreement with the bureau that says it reported false information to consumer-reporting companies.

Bloomberg

Wells Fargo

In September, the $1.9 trillion-asset bank was dinged by the OCC for what the agency called "deficiencies" in its controls to prevent money laundering. The enforcement action, a hitch in Wells' efforts to overcome years of compliance issues, mandated that the bank take "comprehensive corrective actions."

"We are committed to completing the work with the same sense of urgency as our other regulatory commitments," the bank said in a statement when the order was announced.

The OCC's order came about three years after Wells was freed from a different anti-money-laundering enforcement action with the regulators. The prior action had been laid against Wells in 2015 for risk-management issues in the bank's wholesale banking unit.

When that order was lifted in 2021, CEO Charlie Scharf said the release signaled progress but noted, "We have a significant amount of work ahead of us."

Wells has also been operating under an asset cap for almost seven years, first imposed by the Fed due to a spate of offenses, including the revelation that bank employees had opened millions of unauthorized credit cards and checking accounts for unknowing customers.

The OCC's 2024 action, which didn't come with a monetary penalty, requires Wells to take extra steps before it considers launching new products and services.

The bank has chipped away at the slew of public enforcement actions it's seen in the last decade. Regulators have ended six consent orders with Wells since 2019, most recently in February, when the OCC lifted an action related to Wells' sales conduct.

Citigroup

In July, the Fed and the OCC fined Citi $136 million for not moving fast enough in its efforts to repair risk-management issues that had been flagged in 2020. The regulators said the bank had missed certain milestones to address issues with its internal controls, as identified in a pair of consent orders the agencies issued four years ago.

The Fed and the OCC assessed penalties of $60.6 million and $75 million, respectively, for the bank's violations of the prior orders. The OCC also said Citi must file a timeline and plan for cleaning up its compliance. The Fed added in a separate order that the bank could face additional penalties if it didn't step up appropriately.

The Fed said the actions this summer followed a report from the Federal Reserve Bank of New York, which found ongoing deficiencies in Citi's data quality management and ineffective compensating controls to lessen associated risk. The report said the bank's game plan to address the 2020 consent orders was not adequate.

Citi's woes, in part, stemmed from a mistaken $900 million payment the bank made to lenders of cosmetics company Revlon. A few months later, then-CEO Michael Corbat announced his plan to retire, at least a year ahead of his intended timeline. He was succeeded by Jane Fraser.

The OCC and the Fed's orders, accompanied by a $400 million fine, came shortly after news of the erroneous Revlon payment was made public.

JPMorgan Chase

America's biggest bank agreed to pay $348 million to the Fed and the OCC in March due to poor monitoring of trades and orders across at least 30 platforms.

The regulators' spring action also placed restrictions on JPMorgan's ability to add new trading venues and mandated the bank launch reviews of its trade surveillance systems. The order, based on an exam of the company's corporate and investment bank between 2014 and 2023, flagged JPMorgan's reconciliation processes for trades. The OCC claimed JPMorgan improperly monitored billions of dollars of trading activity since at least 2019.

The bank has since said it would improve those systems.

JPMorgan signaled several months prior that it expected such regulatory penalties, noting that certain trading data wasn't feeding into its surveillance system.

JPMorgan had been out of regulatory hot water since 2020. That year, the OCC fined the bank for conflicts of interest in its fiduciary services business, and the DOJ and the Commodity Futures Trading Commission mandated the bank pay $920 million for illegal trades.

Then, in October of this year, the Securities and Exchange Commission charged JPMorgan $151 million to settle five enforcement actions related to misleading disclosures to investors, a breach of fiduciary duty, prohibited joint transactions and principal trades, and failures to make recommendations in the best interest of customers.

Zelle

In December, the CFPB sued Early Warnings Services, Zelle's operator, and its three largest owner banks — Bank of America, JPMorgan and Wells Fargo — for enabling systemic fraud.

The bureau, which had been investigating Zelle for three years, alleged that the banks failed to protect Zelle's network from fraud, resulting in more than $870 million in consumer losses since 2017. The CFPB claims the banks, three of the four largest in the country, violated the Consumer Financial Protection Act, among several rules, by not quickly and effectively working to handle the fraud challenges on Zelle.

Bank of America, JPMorgan and Wells represent nearly three-quarters of all Zelle network activity, though other bank owners include Capital One Financial Corp., PNC Financial Services Group, Truist Financial and U.S. Bancorp.

"This is about financial institutions fulfilling their basic obligations to protect customers' money and help fraud victims recover their losses," CFPB Director Rohit Chopra said when the suit was announced. "These banks broke the law by running a payment system that made fraud easy and then refusing to help the victims."

A JPMorgan Chase spokesperson said at the time that the lawsuit was "a last-ditch effort" by the CFPB "in pursuit of their political agenda."

"It's a stunning demonstration of regulation by enforcement, skirting the required rulemaking process," the spokesperson said. "Rather than going after criminals, the CFPB is jeopardizing the value and free nature of Zelle, a trusted payments service beloved by our customers."

The CFPB said banks rushed into launching Zelle seven years ago to take market share back from apps like Venmo.

Banks allege that the CFPB is overreaching its authority, and is inaccurately calculating losses.

Industry Bancshares

The $5.2 billion-asset company in Texas has been cited separately by the Fed, the OCC and the FDIC for problems related to its underwater bond portfolio.

Industry, which operates through six subsidiaries, got into the regulatory mess by putting its bets on the wrong side of interest-rate risk. The company invested in low-yielding bonds, a strategy made notorious in March 2023 when it became part of Silicon Valley Bank's downfall. Now, Industry's bond portfolio is worth more than double its total loans.

The bank started off 2024 in trouble. In January, a dispute between the bank and the OCC became public when Industry refused to sign an enforcement action. The regulator called the bank a "troubled institution" for its poor investments and performance. At the time, Industry said the OCC's action "would cause more harm than good" amid its mission to raise capital.

In August, a lifeline appeared to be within reach. Investors said they would invest $195 million to recapitalize the bank, but the deal needed approval from the Fed.

A few months later, the Fed issued an enforcement action against Industry. The November action said the bank needed to improve its management of interest-rate risk, liquidity and funding, strategy and budgeting and capital planning.

The action followed an October order from the FDIC, requiring the bank to increase its capital reserves, enhance its credit risk and interest-rate risk frameworks and ensure it had sufficient liquidity. The FDIC also mandated that the bank overhaul its management team and provide progress reports on a strategic plan to boost long-term viability.

USAA Federal Savings Bank

The OCC said in December that the bank still faced "comprehensive" shortcomings, issuing an enforcement action that marks the bank's fourth problem with the regulator in five years.

The latest order came weeks after an investigation by American Banker and the San Antonio Current found USAA didn't appropriately invest in compliance, even as its customer base rapidly grew. The military-focused customers said the company didn't feel like it valued them as much as it once had, and regulatory penalties and weak financial performance haven't helped.

The OCC highlighted the company's poor earnings, information technology systems, consumer protection compliance and internal audit practices as signs of "unsafe or unsound practices." The regulator has issued two consent orders, plus fines, in the last five years.

But the bank has also made some headway. The OCC agreed in December to lift the consent order it issued in 2022 related to USAA's anti-money-laundering controls, though said the bank still needs to improve parts of its suspicious activity reporting.

"Moving forward, our path is clear," USAA said in a statement when the action was announced, adding that it was continuing to "identify and resolve issues while strengthening the rigor of our programs and processes."

Evolve Bancorp

Evolve was one of notable BaaS enforcement actions in June, when the Fed imposed restrictions on its fintech business, noting issues related to anti-money laundering, risk management and consumer protection.

The Arkansas bank has been at the center of the legal challenges and Chapter 11 bankruptcy proceedings of the Synapse case, as one of the failed firm's main partner banks.

The Fed said the action, which was issued in conjunction with the Arkansas State Banking Department, was made independent of the bankruptcy proceedings. An Evolve spokesperson at the time said the order came from a regulatory review in 2023 and "does not affect our existing business, customers or deposits."

Evolve was required to revise several compliance policies and enhance the risk management of its fintech business.

Another company closely entwined with Synapse is Lineage Financial Network, which was tapped twice by regulators this year for BaaS concerns. In a December action from the Fed, the bank's holding company agreed to reform its board policies, better manage its transactions between affiliates and conserve capital.

Earlier this year, the FDIC gave Lineage Bank a sweeping assignment, including a board-supervised strategic overhaul to boost risk controls and capital. The agency also told the bank to offboard some of its fintech partners.

The bank had used fintech partners, which it had connected to through middleware providers like Synapse, to rapidly grow. Lineage's assets grew from $27 million at the end of 2020 to nearly $300 million at the end of 2023.