OCC Issues Consent Order and Assesses $30 Million Civil Penalty Against Bank of America

Highlights of Bank of America’s recent penalty and consent order with emphasis on the need for financial institutions to focus their efforts on enterprise-wide compliance activities.

Summary

The recent Consent Order and penalty against Bank of America (B of A) by the U.S. Office of the Comptroller of the Currency (OCC) reinforces the need for all financial institutions to approach compliance through an appropriate enterprise-wide compliance management program. The regulators’ focus is intense and no institution will go unobserved.

In June, the OCC announced a Consent Order and assessment of a $30 million civil penalty against Bank of America for:

1. violations of law and unsafe or unsound practices in connection with weaknesses in the bank’s non-home mortgage loan program for complying with the Servicemember’s Civil Relief Act (SCRA); and
2. unsafe or unsound practices in connection with sworn affidavits used in the bank’s debt collection litigation.

The OCC found violations of the SCRA in all credit lines—except home mortgage—that were attributable to broad-based deficiencies in B of A’s compliance practices. The Consent Order directs B of A to improve:

• policies and procedures for determining whether military personnel are eligible to receive SCRA benefits;
• methodologies for calculating SCRA benefits; and
• practices for verifying military service status prior to seeking or obtaining default judgments on home loans.

The Order also requires B of A to provide appropriate remediation to the 73,000 customers adversely affected by the bank’s SCRA practices and submit a comprehensive SCRA Compliance Plan to the OCC. The Order provides expectations of the Compliance Plan concerning, but not limited to: policies and procedures; third-party oversight; training; risk management practices, including ongoing monitoring, testing, and reporting across each applicable line of business and applicable vendors; record retention practices; procedures regarding state laws that provide more protection than the SCRA, and independent audits.

Regarding B of A’s use of sworn affidavits, the OCC found that the bank filed or caused to be filed, affidavits executed by its employees or third-party agents which incorrectly asserted that the affidavit was based on the affiant’s personal knowledge or their review of relevant books and records. In addition, the OCC determined that numerous filed affidavits did not comply with proper notary procedures. The Order requires B of A to develop, and submit to the OCC a written compliance action plan for strengthening policies, procedures, and practices related to the use of sworn affidavits. In addition, B of A must conduct a Collections Litigation Account Review for the purposes of identifying those customers who are eligible for remediation.

Finally, in addition to containing Articles that address specific deficiencies in B of A’s compliance practices related to the SCRA and the use of sworn affidavits, the Order includes an Article entitled “Bank Enterprise Compliance Risk Management Program.” This requires the bank to see approval from its Board of Directors for “an enterprise-wide compliance risk management program with respect to the bank’s compliance with all applicable regulations, and regulatory guidance.”

Although the B of A Consent Order covers two seemingly unrelated areas of bank operations (i.e. SCRA compliance and collection litigation), the Order emphasizes a number of key common themes:

1. The need for an appropriate “enterprise-wide compliance risk management program,” which is stressed throughout the document. In this regard, the Order offers helpful guidance by outlining the requisite elements of such a program.
2. Detailed expectations for training beyond the bank’s formal training program; e.g. “guidance, guideline, checklists and other documentation” provided to employees and third-party agents to assist them in their day-to-day activities.
3. The importance of an effective vendor management program, consistent with the expectations set forth in OCC Bulletin 2013-29 (Third-Party Relationships: Risk Management Guidance).

How Bridgeforce Law Can Help

Bridgeforce Law can provide assistance with respect to both assessing the current state of your institution’s technical compliance with the SCRA and its ability to meet supervisory expectations for an effective compliance program—such as those outlined above. We work with a variety of banks, ranging from the nation’s largest financial institutions to community banks, to arrive at solutions that are both technically compliant and practical in operation. To this end, we frequently call upon industry consultants when real-life, deep operational experience will facilitate long term, sustainable compliance.