WASHINGTON — Dallas-based Comerica Bank & Trust Thursday entered into an enforcement action with the Office of the Comptroller of the Currency following the agency’s findings of unsafe and unsound practices at the bank, particularly in its risk governance framework and internal controls.
The bank is required to establish plans to enhance financial data collection and regulatory reporting, with independent reviews to ensure accuracy and compliance. Comerica must also develop an effective program managing third-party risks, strengthen its internal controls, revise its internal audit program to ensure comprehensive, independent evaluations of its operations and provide the board and management with insights into the sufficiency of its internal control systems.
Additionally, Comerica will implement a program to mitigate risks associated with end-of-life IT assets, which includes policies for managing existing and new technology assets, conducting risk assessments and planning for upgrading or replacing outdated systems.
This agreement comes as Comerica was reportedly under investigation by the OCC late last year after it overdrew its own accounts by millions of dollars due to a technological update gone awry. The incident triggered significant disruptions and highlighted deficiencies in the bank’s technology management, an episode the agreement mentions as illustrative of the challenges at the bank.
OCC indicated that Comerica’s board of directors is responsible for ensuring the timely adoption and implementation of all corrective actions in the agreement, including authorizing necessary measures, ensuring adequate staffing and training and holding management accountable for compliance.
Not long before the technological error, Comerica was found to have mismanaged the Treasury Department’s Direct Express program, which provides federal benefits to millions of unbanked Americans. Internal documents revealed compliance failures including that the bank outsourced sensitive data handling to a vendor’s office in Pakistan, a violation of contractual obligations.
A spokesperson from Comerica expressed the bank is taking steps to adhere to the agreed actions.
“We take this agreement very seriously,” they wrote in an email. “This effort is a top priority,”