On March 21, the Federal Reserve Bank of Boston (Boston Fed) and a national bank holding company and its nonbank subsidiary (a Dallas-based auto lender) entered into a Written Agreement to address concerns related to their July 2015 Written Agreement, which required a detailed description of the holding company’s efforts to strengthen board oversight specifically with regard to committees, executive positions, and lines of reporting (see July 2015 InfoBytes summary). The 2017 Written Agreement is a result of deficiencies identified by the Boston Fed in the subsidiary’s compliance risk management program. The terms of the current Written Agreement require, among other things, the board of directors of the subsidiary to submit a revised compliance risk management plan addressing, among others: (i) comprehensive compliance risk assessments to identify “risks associated with applicable consumer compliance laws”; (ii) enhanced written policies and procedures to address risks arising from noncompliance; and (iii) a revised code of conduct for employees that outlines rules governing compliance and reporting processes for known or suspected violations of consumer compliance laws, regulations, and supervisory guidance. Furthermore, the company must submit written revisions to its firm-wide internal audit program with respect to auditing its revised compliance risk management program.