The Federal Reserve Board this week levied an enforcement action against Santander, ordering it to overhaul its governance practices in the areas of board oversight, risk management, capital planning, and liquidity risk management. No financial penalties were issued.

In a written agreement, the Fed said that the most recent inspection of Santander Holdings, the U.S. unit of Santander, conducted by the Federal Reserve Bank of Boston identified “deficiencies in the organization’s governance, risk management, capital planning, and liquidity risk management.” The bank has 60 days from July 2, the date the agreement was issued, to implement the changes.

“This written agreement underlines how much work we have to do to meet our standards of excellence and our regulators’ expectations," a Santander Holdings USA spokeswoman said in a statement to Compliance Week. "We have begun a comprehensive, multi-year transformation project within our organization. We are confident this project will address the concerns the Federal Reserve has cited and position Santander for long-term success.”

Board Oversight

Under the agreement, Santander’s board must submit a written plan “acceptable to the Reserve Bank” to strengthen its board oversight of the company’s management and operations. At a minimum, the plan must address:

Actions that the board of directors will take to maintain effective control over, and supervision of, the consolidated organization’s risk management, capital planning, and liquidity risk management, including Santander Consumer USA’s operations and activities;

The structure of Santander Holdings oversight of the consolidated organization, including a description of the committees and officer positions responsible for oversight of the consolidated organization; a description of the duties and responsibilities of each committee and officer; and reporting lines from the various subsidiaries to Santander Holdings and within Santander Holdings;

The responsibility of the board in approving policies and procedures related to the consolidated organization’s material business lines and operations;

The responsibility of the board to monitor management’s adherence to approved policies and procedures, and applicable laws and regulations;

A description of the information and reports that will be regularly reviewed by the board of directors in its oversight of the operations and management of Santander Holdings and its subsidiaries;

The designation of a qualified and experienced individual to manage and oversee the development and implementation of the remedial actions required by this Agreement; and

A formal project plan, including milestones, timetables, success measures, and adequate funding for personnel and other resources, to ensure the development and implementation of the remedial actions required by the agreement.

Risk Management

Santander Holdings must also submit a written plan on how it will enhance its risk management program. The Fed said that plan, at a minimum, must address:

An assessment of the effectiveness of its current risk management program;

Enhanced written policies, procedures, and risk management standards designed to identify, assess, manage, and monitor risk exposures, including risks in new activities and products, investments, and liquidity;

The establishment of appropriate written risk tolerance guideline limits and controls;

Consistency with the Board of Governors guidance related to risk management;

Clearly defined roles and responsibilities for the risk management function, including staffing levels and expertise required;

Steps to improve the information, reports, systems, and data that identify,

measure, and aggregate on-and off-balance sheet risk and exposure data of the consolidated bank holding company; and

The implementation of incentives that are consistent with risk management objectives and standards.

The agreement also requires Santander Holdings to submit a written plan to improve capital planning and management for the consolidated organization “that is commensurate with the size and complexity of the organization,” the Fed said. Additionally, it must submit a written plan on how it plans to strengthen its liquidity risk management at the consolidated organization.