Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

OCC Announces February 2017 Enforcement Actions

Privacy/Cyber Risk & Data Security Agency Rule-Making & Guidance OCC Enforcement

Privacy, Cyber Risk & Data Security

On March 17, the Office of the Comptroller of the Currency (OCC) released a list of administrative enforcement actions taken against banks and bank officers in February. Several of the reported actions included payment of civil money penalties (CMPs) for, among other things, violations of the Federal Trade Commission Act, Bank Secrecy Act (BSA) deficiencies, and unsafe or unsound practices by institution-affiliated parties for breaches of fiduciary duty. Among the actions containing CMPs a Tennessee bank fined $1 million for deficiencies related to billing practices with regard to an identity protection product consumers paid for but never received, and a California bank fined $1 million for continuous non-compliance with a 2010 Consent Order for BSA deficiencies including “inadequate risk assessment process[es], inadequate system of internal controls, inadequate suspicious activity monitoring and reporting process[es], inadequate customer due diligence and enhanced due diligence programs, ” as well as having a “BSA/AML independent audit [that] failed to identify . . . significant internal control weaknesses.”