OCC's July 2024 Enforcement Actions Spotlight Governance & Risk Management Failures

The Office of the Comptroller of the Currency (OCC) has announced a series of enforcement actions for July 2024, highlighting its dedication to maintaining robust governance, risk management, and compliance (GRC) across national banks and federal savings associations. These measures underscore the OCC's commitment to ensuring that institutions operate within regulatory frameworks and uphold high standards of conduct.

The OCC's recent actions emphasize the importance of a comprehensive compliance management system (CMS), crucial for managing consumer compliance risk, supporting adherence to consumer protection laws, and preventing consumer harm. These systems include policies, procedures, processes, monitoring, testing programs, and compliance audits, all essential for effective governance and risk management.

1. Citibank, N.A., Sioux Falls, South Dakota: Citibank has been issued an Amended Cease and Desist Order along with a $75 million Civil Money Penalty for failing to meet the compliance requirements set out in a previous order from October 2020. This significant penalty highlights the critical role of sustained compliance efforts and robust risk management practices.
2. CNB Bank & Trust, N.A., Carlinville, Illinois: The bank received a Cease and Desist Order due to violations of the Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance program, including inadequate customer due diligence and identification processes. This order underscores the necessity for comprehensive internal controls and adherence to regulatory requirements.
3. Lincoln FSB of Nebraska, Lincoln, Nebraska: The OCC's Formal Agreement with Lincoln FSB addresses unsafe practices in strategic planning, liquidity risk management, contingency funding, interest rate risk management, and corporate governance. This agreement emphasizes the need for smaller financial institutions to establish robust governance frameworks and risk management strategies.
4. Summit National Bank, Hulett, Wyoming: Summit National Bank has been issued a Cease and Desist Order for unsafe practices in capital and strategic planning, liquidity risk management, and transactions with affiliates. The bank also violated BSA/AML compliance requirements. This action reinforces the importance of integrated risk management and strategic foresight.

The OCC's enforcement actions reflect its risk-based supervision approach, as outlined in the Comptroller’s Handbook on Compliance Management Systems and Corporate and Risk Governance Handbook. This approach ensures that banks maintain effective CMS to manage compliance risks and support adherence to consumer protection laws. The primary components considered in evaluating a bank's CMS include board and management oversight, compliance programs, and robust internal controls.

The OCC's actions for July 2024 reinforce the importance of strong governance, risk management, and compliance practices within the banking sector, holding both institutions and individuals accountable to the highest standards.

Holding Individuals Accountable

In addition to institutional actions, the OCC has issued Orders of Prohibition against several individuals, emphasizing personal accountability in maintaining ethical standards and regulatory compliance.

1. Cindy M. Flores: Former Branch Operations Associate Manager at a Wells Fargo branch in Fargo, North Dakota, has been prohibited from banking activities for misappropriating at least $47,600 by diverting funds from customer accounts.
2. Randall David Ditzer: Former Banking Center Team Lead Relationship Banker at a BOKF branch in Prairie Village, Kansas, has been barred for unauthorized withdrawals from an elderly customer's accounts.
3. Andre Jackson: Former Relationship Banker at a Bank of America branch in Kenmore, New York, has been prohibited for misappropriating at least $8,000 in cash.
4. Cordia Shedde McDonald: Former Associate Banker at a JPMorgan Chase branch in New Rochelle, New York, has been barred for misappropriating at least $10,000 in cash.
5. Aaliyah Shaheed: Former Digital Banking Representative for Varo Bank, working remotely from Charlotte, North Carolina, has been prohibited for improperly accessing and modifying customer account information, resulting in $21,700 in fraudulent transfers.
6. Kathryn Thomure: Former Business Banking Specialist at a U.S. Bank branch in Farmington, Missouri, has been barred for making false representations on two Paycheck Protection Program loan applications, receiving $29,300.
7. Valeria Martinez Vazquez: Former Branch Relationship Banker at Zions Bancorporation, has been prohibited for misappropriating $11,100 from a customer’s account.

A well-planned GRC strategy yields significant benefits, such as improved decision-making, optimized IT investments, elimination of silos, and reduced fragmentation among divisions and departments. As GRC becomes increasingly critical, many organizations have elevated it to a high-level function, with responsibilities assigned to C-level executives. Best practices, frameworks, and technologies have been developed to support this work.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.