A high or increasing number of repeat regulatory findings is a red flag for bank management and directors. Whether findings are uncovered by examiners, audits, compliance reviews, lines of business, or other means, identified issues must be corrected promptly – or your institution must be prepared to face the consequences.
This is especially true when dealing with findings uncovered by examiners, including matters requiring attention (MRAs). The regulatory agencies are never happy when they identify deficiencies at a financial institution, and they are even more frustrated when they identify deficiencies and an institution fails to take corrective action.
That frustration frequently translates into financial penalties. And just because your institution paid a penalty, it doesn’t mean you won’t pay one again – and at even higher cost – if you don’t make things right.
Related: 6 Findings Management Practices Examiners are Looking for
Let’s look at some of the most recently publicized repeat findings to understand how they escalated and the consequences of inaction.
A common area for repeat findings is BSA/AML violations.
In 2023, the New York State Department of Financial Services (NYSDFS) fined a $1.8 billion New York-based bank $25 million for failing to make sufficient progress on BSA compliance. That was after the FDIC issued a consent order against the bank in 2017, saying it had an understaffed BSA compliance team, lacked sufficient BSA controls, and failed to file Suspicious Activity Reports (SARs). The bank then entered a subsequent memorandum of understanding with the FDIC in 2020 for failing to satisfy the terms of its original consent order.
A Mississippi bank had a similar experience in 2023. Three years after a 2020 FDIC consent order noted a lack of sufficient BSA controls, staffing issues, and a failure to conduct adequate Customer Due Diligence (CDD), the FDIC found no progress had been made and ordered the bank to pay a $600,000 civil penalty.
In both cases, the banks could have avoided significant penalties if they had fulfilled the requirements and timeframes of the original consent order.
Banks aren’t the only ones who make the mistake of not following up on exam findings. It happens to mortgage lenders too.
In October 2023, the CFPB announced a $3.95 million lawsuit against the third-largest mortgage lender in the U.S. for continuing to submit inaccurate HMDA data. The proposed financial penalty is more than double the $1.75 million the mortgage company paid in 2019 in a similar enforcement order.
Related: Remediating Regulatory Trouble: Your Step-by-Step Guide
The CFPB says the company reported inaccurate race, sex, and ethnicity information between 2014 and 2017. Staff were told to select non-Hispanic if applicants didn’t provide their race or ethnicity, regardless of whether it was true. The consent order required the company to improve its compliance management system and prevent further HMDA violations. However, the company’s 2020 HMDA data was riddled with errors, thus violating the consent order, according to the CFPB.
The lesson here is the same: If you have an exam finding, you need to solve it. Regulators aren’t playing around.
Regulators don’t need a new enforcement action to make a financial institution pay when it doesn’t correct its mistakes. In July 2024, the OCC amended a 2020 cease and desist order against Citibank to include a $75 million penalty because it failed to make progress in meeting remediation milestones related to deficiencies in its enterprise risk management, compliance risk management, data governance and internal controls. While the bank had taken some steps to improve, “persistent weaknesses remain[ed].”
The lesson here: It’s not enough to simply make progress when remediating an exam finding. You need to move at the pace expected by regulators. No procrastination. No lollygagging.
Repeat findings played a huge role in Signature Bank's collapse in March 2023. According to an FDIC report analyzing what went wrong, one major issue was Signature’s management repeatedly failing to address regulatory concerns.
FDIC examiners consistently flagged issues with liquidity risk management, BSA/AML, and model risk management, yet leadership prioritized growth over addressing these problems. This neglect was particularly evident in liquidity issues, which were first identified in 2019 and remained unresolved as the bank expanded rapidly.
Related: 6 Features to Look for in a Findings Management Solution
Management's response to Signature’s regulatory findings was often neglectful or superficial, with a FDIC report sharing that “executives were sometimes disengaged from the examination process and were generally dismissive of examination findings.” Repeat findings spanned multiple exam cycles, and the FDIC says that anything management did to address risk was done to check a box required by examiners instead of getting to the root cause of findings and control weaknesses.
For example, rather than addressing liquidity risk that exceeded the bank’s tolerance and appetite in 2018 and 2021, the bank simply increased risk limits without assessing whether it was a good idea. (Spoiler alert: It wasn’t.) Weaknesses in its fund management practices were mentioned in 2019, 2020, 2021, and 20222. Weak corporate governance, including unclear decision-making processes and concentrated authority, further compromised the bank's risk management and responsiveness to exam findings.
In the end, the FDIC didn’t have to fine the bank. It met a far more costly fate. It imploded.
These may seem like extreme examples, but failure to promptly address findings will hurt your financial institution. Whether it’s ignoring consumer complaints and losing business or uncovering that your vendor management oversight and controls are lacking and actually increasing your third-party risk exposure, ignoring findings is asking for trouble.
Avoid repeat findings (and the steep penalties that can accompany them) with a comprehensive findings management program that helps ensure issues identified during exams, audits, and reviews are promptly addressed and resolved.
Does your findings management program need fine tuning?
Download our white paper Best Practices for Tracking Audit & Exam Findings to find out.