The regulators say USAA didn’t report thousands of suspicious transactions, including those of customers who used personal accounts for what appeared to be criminal activity. From at least January 2016 to April 2021, the bank also failed to implement and maintain an anti-money-laundering program that met minimum BSA standards, according to FinCEN. It’s just the latest in a series of regulatory problems for USAA, a San Antonio-based bank with $117 billion in assets that serves mostly military members and their families.
“As its customer base and revenue grew in recent years, USAA FSB willfully failed to ensure that its compliance program kept pace, resulting in millions of dollars in suspicious transactions flowing through the U.S. financial system without appropriate reporting,” said FinCEN’s acting director Himamauli Das.
The Office of the Comptroller of the Currency (OCC) assessed a civil penalty of $60 million for related violations. As many of the facts and circumstances underlying the OCC’s civil penalty also form the basis of FinCEN’s consent order, FinCEN agreed to credit the $60 million civil penalty imposed by the OCC.
Unreported Suspicious Activity
FinCEN provided several examples of lax AML compliance, including one instance where a USAA customer received $1.5 million in deposits from a virtual currency exchange and withdrew $1.6 million from ATMs while living in Colombia. Yet USAA failed to report the suspicious activity to regulators. “Customer A,” as the consent order describes him, “made over 2,800 ATM cash withdrawals totaling approximately $1.6 million from ATMs in Colombia, a high-risk jurisdiction for money laundering.” USAA FSB failed to issue a suspicious activity report (SAR) after an initial review of the transactions and took seven months to finally report the suspicious conduct.
“While the issues identified in these orders did not result in any individual member harm, we understand the importance of these requirements. Compliance is a top and urgent priority that is fundamental to providing our members with the highest level of service,” Peacock said. “USAA has already made progress in many critical areas by investing in new systems and training, enhancing staffing and expertise, and improving our processes.”
The OCC’s consent order requires USAA FSB, within 15 days, “to appoint a Compliance Committee of at least three (3) members, of which a majority shall be directors who are not employees or officers of the Bank or any of its subsidiaries.”
“USAA FSB also received ample notice and opportunity to remediate its inadequate AML program, but repeatedly failed to do so. Today’s action signals that growth and compliance must be paired, and AML program deficiencies, especially deficiencies identified by federal regulators, must be promptly and effectively addressed,” said FinCEN’s Das.
The compliance committee will oversee USAA FSB’s compliance with the OCC order, meet at least every 60 days, and submit progress reports to the bank’s board of directors, which will file the progress reports with the OCC.
Recurring Compliance Failures
It’s not the first time the bank has been in regulators’ crosshairs. In 2020, the OCC fined USAA $85 million for falling short of risk management standards and for being out of compliance with laws protecting military service members. The year before, the agency issued a consent order that identified failures in the bank’s risk management program and IT systems.
Also in 2019, the Consumer Financial Protection Bureau issued a consent order against USAA, ordering the bank to pay more than $15 million in restitution and fines and restitution as a result of claims that it didn’t adequately respond to stop-payment requests, and that it reopened deposit accounts without customers’ permission. 
Joseph McCafferty is editor & publisher of Compliance Chief 360°