Chances are you've seen the bank's ads on TV, with smiling military families saying they are "USAA members for life."
But behind the scenes, bank leadership may be frowning, because the federal government says the Fortune 500 financial services company, with $2.4 billion in profits, is failing at risk management.
The details are revealed in a "Cease and Desist" order by the U.S. Treasury Department's Office of the Comptroller of Currency.
"... a Notice of Charges, for engaging in unsafe or unsound banking practices, including those relating to the Bank’s compliance management system, risk governance framework, and information technology program."
The Comptroller and USAA entered into an agreement that specifies what the bank must do in the first quarter of 2019 and beyond.
We won't break down the whole thing, but of interest to our SecureWorld regional cybersecurity conference leaders will be how USAA Federal Savings Bank is now being required to fix its IT risk management and IT security.
USAA must "submit a written plan describing the actions necessary for the Bank to implement and maintain an effective IT Risk Governance Program," by doing or creating the following:
The Notice of Charges agreement also calls out USAA for a lack of third-party risk management, and there is much more in the document, which runs 21 pages.
You can read the Federal Government action against USAA Federal Savings Bank for yourself.
[RESOURCE: SecureWorld web conference available on demand, The Future of Securing Data Storage]