On February 2, the Federal Reserve Board (Fed) cited compliance breakdowns and widespread consumer abuses as the primary factors behind its decision to issue an order to cease and desist against a national bank. In addition to blocking the bank from growing beyond $1.95 trillion in assets until the Fed approves internal governance and risk management reforms, the order also requires the bank to take actions in the areas of board effectiveness, risk management program improvement, third party reviews of plans and improvements, and reports on progress. The bank must, among other things, (i) create “separate and independent reporting lines” to the chief risk officer and the board, and (ii) enhance risk management oversight and functions, which includes creating “an effective risk identification and escalation framework.” The bank concurrently agreed to replace four current board members in 2018, with three replaced by April. Notably, the order does not require the bank to cease current activities such as accepting customer deposits or making consumer loans.

The Fed also sent letters to the bank’s former lead independent director and former chair of the board of directors (see letters here and here) to address the “many pervasive and serious compliance and conduct failures” that occurred during their tenures. Citing ineffective oversight following awareness of alleged consumer abuses, the Fed stated that the former directors failed to initiate any serious inquiry or request that the board do so. Further, the Fed asserted that the former chair of the board continued to support the sales goals that were a major cause of the identified sales practice problems and failed to initiate a serious investigation or inquiry. A third letter sent to the current board of directors outlines steps the board must take to improve senior management reporting, maintain an effective risk management structure, and ensure compensation and other incentive programs are “consistent with sound risk management objectives and promote . . . compliance with laws and regulations.” (See here and here for previous InfoBytes coverage on the alleged improper sales practices.)

In response, the bank issued a press release stating it will commit to the Fed’s requirements and will provide a compliance plan for oversight, compliance, and operational risk management to the Fed within 60 days. The plan will also outline measures already completed by the bank, and if approved by the Fed, the bank will engage independent third parties to review its adoption and implementation of the plan.