Highlights of Bank of America’s recent penalty and consent order
with emphasis on the need for financial institutions to focus their efforts
on enterprise-wide compliance activities.
Summary
The recent Consent Order and penalty against Bank of America (B of A) by
the U.S. Office of the Comptroller of the Currency (OCC) reinforces the
need for all financial institutions to approach compliance through an
appropriate enterprise-wide compliance management program. The regulators’
focus is intense and no institution will go unobserved.
In June, the OCC announced a Consent Order and assessment of a $30 million
civil penalty against Bank of America for:
- violations of law and unsafe or unsound practices in connection with weaknesses
in the bank’s non-home mortgage loan program for complying with
the Servicemember’s Civil Relief Act (SCRA); and
- unsafe or unsound practices in connection with sworn affidavits used in
the bank’s debt collection litigation.
The OCC found violations of the SCRA in all credit lines—except home
mortgage—that were attributable to broad-based deficiencies in B
of A’s compliance practices. The Consent Order directs B of A to improve:
- policies and procedures for determining whether military personnel are
eligible to receive SCRA benefits;
- methodologies for calculating SCRA benefits; and
- practices for verifying military service status prior to seeking or obtaining
default judgments on home loans.
The Order also requires B of A to provide appropriate remediation to the
73,000 customers adversely affected by the bank’s SCRA practices
and submit a comprehensive SCRA Compliance Plan to the OCC. The Order
provides expectations of the Compliance Plan concerning, but not limited
to: policies and procedures; third-party oversight; training; risk management
practices, including ongoing monitoring, testing, and reporting across
each applicable line of business and applicable vendors; record retention
practices; procedures regarding state laws that provide more protection
than the SCRA, and independent audits.
Regarding B of A’s use of sworn affidavits, the OCC found that the
bank filed or caused to be filed, affidavits executed by its employees
or third-party agents which incorrectly asserted that the affidavit was
based on the affiant’s personal knowledge or their review of relevant
books and records. In addition, the OCC determined that numerous filed
affidavits did not comply with proper notary procedures. The Order requires
B of A to develop, and submit to the OCC a written compliance action plan
for strengthening policies, procedures, and practices related to the use
of sworn affidavits. In addition, B of A must conduct a Collections Litigation
Account Review for the purposes of identifying those customers who are
eligible for remediation.
Finally, in addition to containing Articles that address specific deficiencies
in B of A’s compliance practices related to the SCRA and the use
of sworn affidavits, the Order includes an Article entitled “Bank
Enterprise Compliance Risk Management Program.” This requires the
bank to see approval from its Board of Directors for “an enterprise-wide
compliance risk management program with respect to the bank’s compliance
with all applicable regulations, and regulatory guidance.”
Although the B of A Consent Order covers two seemingly unrelated areas
of bank operations (i.e. SCRA compliance and collection litigation), the
Order emphasizes a number of key common themes:
- The need for an appropriate “enterprise-wide compliance risk management
program,” which is stressed throughout the document. In this regard,
the Order offers helpful guidance by outlining the requisite elements
of such a program.
- Detailed expectations for training beyond the bank’s formal training
program; e.g. “guidance, guideline, checklists and other documentation”
provided to employees and third-party agents to assist them in their day-to-day
activities.
- The importance of an effective vendor management program, consistent with
the expectations set forth in OCC Bulletin 2013-29 (Third-Party Relationships:
Risk Management Guidance).
How Bridgeforce Law Can Help
Bridgeforce Law can provide assistance with respect to both assessing the
current state of your institution’s technical compliance with the
SCRA and its ability to meet supervisory expectations for an effective
compliance program—such as those outlined above. We work with a
variety of banks, ranging from the nation’s largest financial institutions
to community banks, to arrive at solutions that are both technically compliant
and practical in operation. To this end, we frequently call upon industry
consultants when real-life, deep operational experience will facilitate
long term, sustainable compliance.