The OCC recently issued new civil money penalty guidance and Bank Secrecy Act/Anti-Money Laundering supervision procedures. The NCUA said although it will address CMPs during the board's June meeting, it does not currently plan to make changes to its BSA/AML regulatory regirm.
On Feb. 26, the OCC revised its Policies and Procedures Manual policy for assessing civil money penalties. The bulletin, which is guidance and not a formal rule, detailed a new CMP matrix for institutions.
The matrix included 11 factors to consider when rating the severity of the regulatory violation: Intent; continuation after notification; concealment; financial gain or other benefit as a result of violation; loss or risk of loss to the bank; impact or harm other than financial loss to the bank; loss or harm to consumers or the public (consumer law or Bank Secrecy Act violations), previous concern or administrative action for similar violation; history of violations and tendency to engage in violations; duration and frequency of violations before notification; and, effectiveness of internal controls and compliance program.
Recommended For You
Each category was assigned a factor weight. Intent was weighted the highest, followed by concealment. History of violations and duration and frequency of violations before notification were weighted lowest.
The matrix also assigned numerical progressive levels of security to each factor. Additional categories graded, weighted and measured the bank's good faith, cooperation and restitution. Total tabulated scores will be applied against a second CMP matrix that classified institutions by asset size. The smallest category was assets of $50 million or fewer; the largest was total assets of more than $100 billion. Penalties ranged from no CMP for a total matrix score of less than 40 to a maximum of $100,000 plus for institutions with $50 million in assets or less, to more than $150 million for the largest banks. All CMPs were capped at less than 1% of total assets.
The OCC defined offenses potentially subjected to the matrix as any violation of law, rule, regulation, order, condition imposed in writing or written agreement; and, any reckless unsafe or unsound practice.
The OCC's bulletin only applied to national banks, said Ralph Sharpe, currently a Washington-based compliance attorney with Venable, who was formerly the OCC's director of enforcement and compliance.
However, Sharpe added, existing FFIEC guidance on CMPs written in 1998 was based on the OCC's original 1993 guidance. It's logical to assume all FFIEC members, which include the NCUA, may adopt a similar matrix, he said.
Sharpe said given the escalation of CMP amounts in recent years, he can understand why any institution would be concerned about the change.
The good news, he said, is that the matrix distinguished between small and large institutions, and the parameters should provide some comfort to small institutions. And, it provided at least a framework for what kind of penalties violating institutions could anticipate, he said.
However, he cautioned, the matrix is only guidance, not legally binding and the OCC has the option to escalate penalties as it sees fit.
According to NCUA Public Affairs Specialist John Fairbanks, the agency is required by law to update maximum CMPs in various categories by June of this year, and Chairman Matz plans to include the update in the open agenda for the June 16 board meeting. Public notice of the NCUA's regulatory plans for CMPs will be included in the agency's Spring Semiannual Regulatory Agenda, which is due to the General Accounting Office by March 18.
However, Fairbanks cautioned the agency has not assessed CMPs for regulatory violations since Matz was named chairman, only for credit unions that filed late call reports.
Sharpe said the OCC's CMP matrix only applies to 12 U.S. Code 1818; late call report fines don't fall under the companion code for credit unions.
On Feb. 29, the OCC released a regulatory bulletin that supplemented interagency guidance on Bank Secrecy Act/Anti-Money Laundering compliance. The bulletin said a statutory mandate requires the OCC to issue a cease-and-desist order when citing BSA/AML compliance violations or violations of 12 USC 1818 for repeat or uncorrected BSA/AML compliance problems.
The institution will be given 15 days to respond to BSA/AML exceptions. The OCC's supervisory office, along with its legal department, will provide a recommendation to an OCC supervisory review committee. The SRC will then determine whether to pursue an enforcement action, which would include the cease and desist and CMPs.
The bulletin also said the OCC would notify FinCEN of all formal and informal actions, including potential CMPs, at the time it issues the 15-day notice to the violating bank.
However, Fairbanks said the NCUA has no plans to follow the OCC's lead, despite the banking regulator's position that the cease-and-desist orders are required by law.
"While all federal financial regulators fall under the same statutory requirement for BSA/AML enforcement, each regulator makes its own determination as to whether it is in compliance and if changes should be made," he said, adding that the NCUA does not have plans to make changes to its current regulatory regime.
"The authorities and practices of NCUA have not changed and do not need to change," he said.
The NCUA has continued to maintain a progressive supervisory approach to BSA compliance that may include a formal enforcement in those cases where a credit union has failed to comply with as outlined in the Federal Credit Union Act, Fairbanks said.
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.