USAA Faces Penalties for Inability to Address Issues Across Multiple Departments
USAA Federal Savings Bank, a large federally chartered savings bank, is currently under regulatory scrutiny from the Office of the Comptroller of the Currency (OCC). This scrutiny is primarily focused on compliance, particularly in areas related to Anti-Money Laundering (AML)/Bank Secrecy Act (BSA) programs.
In 2020, the OCC levied an $85 million penalty against the bank for various issues, including unsafe or unsound practices related to management, earnings, information technology, consumer compliance, internal audit, and suspicious activity reporting. The order, made public in 2020, required USAA to address these deficiencies.
More recently, in March 2022, the OCC issued another order, identifying flaws in the bank's AML/BSA compliance program, resulting in a $140 million penalty. The bank was found to have willfully failed to implement and maintain an AML program that met minimum regulatory requirements, highlighting serious compliance management deficiencies.
The OCC's latest order, issued on an unspecified date, is a comprehensive cease-and-desist order. It directs USAA to fix a range of deficiencies and implement different frameworks related to IT, fraud, third-party risk, and compliance risk management. The bank is also prohibited from adding new products or services or expanding its membership criteria without evaluating and documenting compliance and operational risks.
In addition, the OCC has ordered USAA to advance its risk and compliance management, including the implementation of a fraud risk management program commensurate with the bank's risk profile and appetite. The bank is also required to have a unifying enterprise risk management framework that encompasses and integrates all of the requirements outlined by the OCC.
The order also limits the addition of some new products or services and puts restrictions around USAA's ability to expand its membership criteria. Notably, the newest order replaces the 2019 and 2022 actions against the bank and states that the bank is not complying with certain elements of either prior order.
USAA, which provides banking and insurance products to military members, veterans, and their families, is investing in additional systems, training, and reinforcing a strong risk management culture. The OCC reserves the right to assess penalties or take other enforcement actions if USAA fails to address the issues identified in the most recent order.
It is worth noting that the most recent comprehensive regulatory action against USAA Federal Savings Bank from the OCC, as of the search results available, is not explicitly detailed. However, the enforcement history implies ongoing corrective orders and monitoring related to AML/BSA shortcomings and possibly information security, compliance management, and other risk areas.
USAA Federal Savings Bank's Resolution Plan filed with the FDIC in 2025 also underscores continued regulatory engagement on financial stability and operational compliance. The bank's CEO, Wayne Peacock, has announced his intention to step down in the first half of 2025.
A previous version of this article included incorrect information about USAA's chief risk officer. The interim chief risk officer, George Stamatelatos, is part of the company's executive council.
USAA Federal Savings Bank, in the context of ongoing regulatory scrutiny, faces challenges in both finance and business, as it is directed to address numerous deficiencies in areas such as IT, fraud, third-party risk, compliance risk management, and the implementation of a unifying enterprise risk management framework.
The OCC's most recent order also requires USAA to strengthen its risk management culture and implement a fraud risk management program commensurate with its risk profile and appetite, suggesting the need for improvement in its overall business operations.
