Bank to Pay $80M Penalty for Failed Risk Management Processes & Untimely Corrective Action

Weiner Brodsky Kider PC
Contact

Weiner Brodsky Kider PC

The OCC recently entered into an $80 million consent order with a national bank for its failure to safeguard consumer financial data.  The OCC found that the bank failed to establish appropriate risk assessment and management processes in the transfer and maintenance of consumer financial data on a cloud operating system.  

The OCC also found that the internal audit conducted by the bank was inadequate because it failed to uncover exposures associated with the bank’s use of the cloud operating system, including the lack of appropriate network security controls, data loss prevention controls, and alert dispositioning.  The audit also failed to effectively report and highlight exposures identified during the review.  For certain exposures that were raised by the audit, the OCC found that the bank’s board of directors failed to take timely corrective action to hold bank management accountable.  Although the bank agreed to the penalty, it did not admit or deny the OCC’s findings.

As part of the consent order, the bank is to develop a comprehensive action plan that contains remedial measures relating to board and management oversight, risk assessment, cloud operations risk management, independent risk management, internal controls testing, and internal audits. The objectives of these measures are to improve the bank’s monitoring, oversight and reporting functions and risk assessment and management processes.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Weiner Brodsky Kider PC | Attorney Advertising

Written by:

Weiner Brodsky Kider PC
Contact
more
less

Weiner Brodsky Kider PC on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.