Earlier this week, the Office of the Comptroller of the Currency assessed a $85 million civil money penalty against USAA Federal Savings Bank.

According to a news release, the OCC took this action based on the bank’s failure to implement and maintain an effective compliance risk management program and an effective information technology risk governance program.

Officials explained these deficiencies resulted in violations of law, including but not limited to violations of the Military Lending Act and the Servicemembers Civil Relief Act.

The regulator indicated USAA is in the process of remediating these violations pursuant to the requirements of a January 2019 consent order the bank entered into with the OCC.

The consent order detailing the new penalty mentioned that the comptroller found — and the bank neither admits nor denies — the following:

— The bank has failed to implement and maintain an effective compliance risk management program and an effective IT risk governance program commensurate with the bank’s size, complexity and risk profile. The bank has deficiencies in all three lines of defense (first-line business units, independent risk management, and internal audit) in its compliance risk management program.

— As a result of the deficiencies described, the bank engaged in violations of law, including but not limited to violations of the Military Lending Act and the Servicemembers Civil Relief Act. Such violations are being remediated pursuant to Article VI of the 2019 order.

— By reason of the foregoing conduct, the bank engaged in unsafe or unsound practices and violations of law, which were part of a pattern of misconduct.

The OCC said the penalty will be paid to the U.S. Treasury.