The order requires the bank to improve longstanding technology and operational risk governance, technology risk assessments, internal controls, and staffing deficiencies to address the unsafe or unsound practices. In a consent order, the OCC is also requiring MUFG Union’s board to assemble a compliance committee of at least three members, with a majority being non-executive directors, to monitor and oversee the bank’s compliance with the provisions of the consent order. The bank will also be required to report to the agency on its progress in addressing the deficiencies uncovered by the OCC.
Among additional requirements in the order are:
- Plans for the board to ensure the bank has sufficient processes, management, personnel, control systems, and corporate and risk governance measures in place.
- Sufficient training for bank management and personnel to execute their duties and responsibilities.
- A updated information security program and a plan for implementing it.
- A written plan to hire and retain sufficient staff to support the Bank’s remediation of information technology and operational risk issues
In the order, the OCC noted that MUFG Union Bank has begun corrective action and has committed resources to remediate the deficiencies. The bank now has varying periods to comply with different aspects of the order with the threat of additional judicial proceeding should it not comply.
A day after the announcement of the consent order, U.S, Bancorp announced that it will purchase MUFG Union Bank for approximately $8 billion, including $5.5 billion in cash and approximately 44 million shares of U.S. Bancorp common stock. 
Joseph McCafferty is editor and publisher of Compliance Chief 360°