Banking regulators have identified a range of operational shortcomings at USAA Federal Savings Bank, criticizing its risk management program, its systems for complying with various laws and regulations, and its information security efforts.
In an agreement that was made public Friday, the Office of the Comptroller of the Currency ordered the San Antonio bank to develop plans to remedy the alleged failures.
The 21-page agreement does not include any financial penalties. USAA, an $82 billion-asset bank that serves members of the U.S. military and their families, neither admitted nor denied the claims.
“We are committed to complying with regulatory expectations for companies of our size and complexity,” USAA spokesman Matt Hartwig said in an email. “We already have been proactively addressing these issues and made progress enhancing our systems and processes. But we have more to do to continue delivering the service members deserve.”
Hartwig said that the bank’s agreement with the OCC is not related to a consent order with the Consumer Financial Protection Bureau that was announced on Jan. 3, though he added that work the bank has been doing addresses the concerns of both agencies.
The CFPB
In the agreement announced Friday, the OCC found that USAA failed to implement an effective risk management program that was commensurate with its size, complexity and risk profile. The bank’s audit program was deemed insufficient, as was its compliance management system.
The regulatory agency also determined that the bank’s information technology program does not comply with federal guidelines that establish information security standards.
The agreement, which took effect on Jan. 7, gives USAA until late March to submit a written plan detailing the steps it will take to remedy the problems.
