OCC issued a new cease and desist order for USAA today:
https://occ.gov/news-issuances/news-releases/2024/nr-occ-2024-137.html
40 replies (most recent on top)
Funny how we brought in all these new execs for the last 4 years to fix the OCC issues yet all they did was bullsh-t everyone. The board is the biggest losers because they allowed EMG and Wayne to lie to them all these years and now the ignorance and stupidity of the board is on full display for everyone to see. What a joke! Congratulations on being a laughingstock USAA board.
Nothing new here? Are you illiterate? The Bank can't expand it's membership base or offer new products without consulting with and getting approval from the OCC. The Bank is in serious trouble regardless of how the Interim Bank President and Minister or Propaganda Wilderfilth want to spin the situation.
This was 100% factual, in fact they pushed a lot of smart people out that they stole from other banks in 2020 because they asked too many questions. Sad!
For those of you blaming this mess on people from other banks, get a reality check. USAA hired many good people and wouldn’t listen to them. They deserve every action, fine and negative news they get. The way the members have been treated is despicable!
Usaa hired tons from citi and other big banks to try and fix the problems but it runs deep theougj the ranks in san ann.
It will get ugly the next few years, take care of your own financial situation.
The bank is not the only problem, it is USAA as a whole. USAA recruited in so many compliance professionals from leading firms across the US, only to bully out, layoff and\or fire said professionals because they did not like the recommended guardrails needed to contain the risk. Skilled risk and compliance experts were thrown to the dirt because USAA did not want to align with the controls and audit tools presented. USAA prefers to hire third party workers with little to no training so they can blame those worker for any issues that arise. USAA fails again, because they seem to forget that the firm is completely responsible for its' third party actions. The firm also promotes unqualified individuals into director roles who have zero experience managing people or processes. What a ridiculous spiral pattern. In case no one has noticed, the firm is slowly selling off all of its businesses. Sinking ship......
If they were a serious FI they’d get rid of the b-m leader who ran the RCSA program at an Enterprise level into the ground instead of letting him squirm away and turn the Bank into an even bigger mess. That guy can’t make a coherent statement about the risk environment that he alone toppled to save his life. Has McKinsey on speed dial instead of directly answering questions the way Risk EMG should be capable of. Ineffectual talking head.
If they were serious about the consent order they would blow up the current RCSA process and tool. its garbage. all of the time and money trying to fix it is a waste. There ain’t enough lipstick for that pig. now we just have to wait for another bunch of inept consultants to come in and make things worse again.
Well done, WP and Exe "leaders." You are the ones who should be at the top of the layoff list.
Leadership can try all they want to spin this into something positive, because they know the employees who still drink the kool-aid will get behind them, while the realist will start looking for external opportunities. Gut feeling is, if the bank doesn’t make any headway in 2 years, they’ll sell it off.
I thought the whole reason they brought Wayne in was to straighten out our compliance problems? Now we’re back to Square 1?
I agree with the comments on how much gaslighting the message was from the bank president. We closed AML orders which is great but this new order has like 4 net new articles plus carryover articles from 2019 that were not solved. In what company is this viewed as a positive thing....
Piggybacking on the Membership rules, are we still USAA members if we get rid of our products? I came in as an intern and that's what they said
Remember the Capital One data breach in 2019? That was a third party with AWS access. When we outsource our data we put our members at risk.
@1dmg+1w2tTUwN, why Is claims data in AWS bad? I think Snowflake was just added, right?
I want to get rid of my USAA products, but I was told that if I get rid of 1 product, I won't be a member anymore. Is that true?
The board is to blame as well. They sat by with their thumbs up their a$$ and allow Wayne and executives to run this $hitshow. They did nothing and there will be no accountability while management spins this as good news.
If you think the bank risks are bad wait until you see what EMG and p-cuck have done by putting claims into Guidewire and P&C going to AWS. Get used to the phrase “Data Breach” and if you have any lines of business with USAA be warned. Get credit monitoring and lock your credit reports. Don’t say you were not warned!
I hate it here. Only reason I feel that I'm still in bank is that 1 year severance, but there's really a lack of work and awful executives
WTF. This was spun as a great thing to make the Bank profitable in 2025 and beyond by Michael Moran today in a last-minute town hall that the entire Bank was invited to...
He said things like "shows how we are USAA strong", "puts us on the right track", "we have the right people and processes in place", "we wanted to be open and transparent with you with open communication".
Absolute BS. Paul Vincent never sugar coated what was going on, but Moran is spinning everything under the guise of accountability and being transparent as a leader.
I worked with big companies in my past experiences and one thing I noticed with USAA is lack of audit as a guardrail. Other companies have different kinds of audits throughout the year (unit, IT, business, controls, and even hiring external auditors like PWC etc), and yes, we hated any kind of audits, but in many corps, risk management is mostly 80% of the work. But that how it is. Risk Management here in USAA is severely lacking and many people here do their daily jobs without asking why they do what they do. sigh.
Wait, perhaps we can blame them on ship jumpers from other banks like Wells Fargo? WFC is notorious and very well know for such violations and consent orders and look to your left and to your right, there must a former WFC there with you. No, please don't get me started on talking about bringing back OCC.
Wait what? We were told by d circle tree that we are good with the occ…
What does this mean for aml investigations????
"a positive thing that AML ones were closed. " is simply BS.
OCC stated clearly, "This order replaces prior cease-and-desist orders issued against the bank in 2019 and 2022". The previous one was not closed but replaced by a new one.
USAA EMG is literally Insulting someone's intelligence. This consent order also imposes limitations on the bank’s ability to add certain new products and services, as well as expanding its membership criteria. Why is it positive?
This probably hurts them the most.
"NEW OR EXPANDED PRODUCTS, SERVICES, OR MEMBERSHIP CRITERIA
(1) The Bank shall not add any new product or service or expand its membership
criteria without evaluating and documenting the compliance and operational risks posed by
adding the new product or service or expanding its membership criteria, ensuring the Bank has
adequate controls to mitigate such risks, and providing 90 days prior written notification to the
Examiner-in-Charge.
19
(2) The Bank shall not add any new product or service with medium or high
compliance or operational risk or expand its membership criteria without providing a written
request to and receiving a prior written determination of no supervisory objection from the
Examiner-in-Charge."
Only a matter of time before they spin off their garbage bank
I’m in Bank and the town hall framed it as a positive thing that AML ones were closed.
My leadership said the same thing.
What does it actually mean? I feel so gaslit by Moran
Sad news
The craziest part about this is the current management and but kissers will pat themselves on the back over the "work" they have done so far
Remember that Stevens W. Peacock knew all this and decided to influence layoff of critical members of CO teams… shame. Also stop saying Wayne. Nobody addresses people by middle name these days.
Most of the "new modern" Bank systems have lots of risks. They all have bad IT architecture. Few of them are here:
- - AJAX are used in the UI layer. Hackers can go in browser debug mode and can manipulate the system by altering the value of the field data.
- - Most of the data going to the backend are not validated at the field level (user authorizations at field level).
- - NoSQL databases are used that do not validate within the database unlike the relational database. Database transactions have no two-phase commit and rollback.
- - Rouge isolated process within the network can manipulate the data in the database at massive scale as the data is not structured.
- - Manual rerun process rather than self-healing resilient system.
- - Audit messages are generated and displayed on the fly anytime rather than a true snapshot when the event happens. New code or patch can alter the text and can cheat the auditor or a regulator.
- - Most of the processing happens through "events bus". It can be manipulated easily by a person who knows the system or has the infrastructure access.
And about the EMG, IT mid-level management, staff/principal engineers, they all came up through manipulation rather than merit skills. I hope smart and sharp federal regulators will uncover it sooner.
USAA Hit by OCC for Failing to Fix Management, IT Shortcomings
Evan Weinberger
Evan Weinberger
Correspondent
Email Evan Weinberger
Tweet Evan Weinberger
OCC previously cited USAA in 2019, 2022 enforcement actions
USAA paid combined $225 million over earlier orders
USAA Federal Savings Bank failed to address problems with its management, information technology, and anti-money laundering compliance that had been subject to earlier enforcement actions, a federal banking regulator said.
The Office of the Comptroller of the Currency on Wednesday hit USAA with a “comprehensive” cease-and-desist order after the bank didn’t make fixes that it had promised in consent orders from 2019 and 2022. The new order terminates and supersedes the previous ones, according to the OCC.
The 2019 consent order, which ultimately led to USAA paying an $85 million penalty, focused on management problems at the bank, which ...
The old consent orders were terminated because nothing was fixed. Welcome back to square one.
Don’t worry, Wayne is riding off into the sunset with his millions and leaving his mess behind him for someone else to clean up.
Wayne and all of EMG are to blame. What a Charlie Foxtrot! Embarrassing to work for this company and have its logo on my shirt. Is the board going to wake up and clear out the entire executive management lever at USAA and bring in someone to fix this? Get Syring in here ASAP
This is a colossal cluster f$ck. To paint this as nothing new is a lie. The fact is that executive management has failed over a 5 year period and now the process is starting over again. And now everyone has to again eat a sh!t sandwich for several more years. Seriously, this was supposed to be resolved after a few years. It’s embarrassing. It’s illegal. There is no bright spot.
I’m not surprised. Certain executives were telling compliance they couldn’t see the forest through the trees when their compliance risk assessment resulted in an insufficient rating. I guess the forest is on fire now.
LMFAOOO place is a dumpster fire and clown show. Almost like having this cr-p on your resume is a bad thing
Buckle up. Layoff is coming!
It is the inevitable consequent when USAA is managed by a group of incompetent executives.
Nothing new here. It is good the old CO was closed out and not continued.