The Office of the Comptroller of the Currency (OCC) on Tuesday fined JPMorgan Chase Bank N.A. $250 million for weaknesses in its internal controls and internal audit for its fiduciary activities.

Enforcement actions are often viewed by compliance and audit professionals as containing valuable insights—not just about what happened, but also how the violations were addressed and remedied. Nowhere in the consent order does it say JPMorgan and the OCC agreed to limit the amount of information released about what led to the fine.

The announcement of the fine, which is to be paid to the Treasury Department, is light on details, with the OCC saying the bank’s risk management practices were “deficient and … lacked a sufficient framework to avoid conflicts of interest.” The deficiencies “constituted unsafe or unsound practices” that violated federal banking laws requiring federally insured banks to conduct “a suitable audit over all significant fiduciary activities,” the OCC said.

The agency does not say when the violations happened—only that they occurred over several years and were “part of a pattern of misconduct,” according to a consent order.

Enforcement actions are often viewed by compliance and audit professionals as containing valuable insights—not just about what happened, but also how the violations were addressed and remedied. Nowhere in the consent order does it say JPMorgan and the OCC agreed to limit the amount of information released about what led to the fine.

JPMorgan, which neither admitted nor denied the findings, agreed to pay the fine and has remediated the issues, the OCC noted.

“We are committed to delivering best-in-class controls across our business, and we have invested significantly in and enhanced our controls platform over the last several years to address the issues identified,” a JPMorgan spokesman said in an emailed statement.

Earlier this month, JPMorgan disclosed in a filing with the Securities and Exchange Commission that the bank was close to reaching a settlement with a regulatory agency regarding “historical deficiencies in internal controls.”

This is the second time in less than two months the OCC provided almost no justification in announcing a significant enforcement action. In October, the agency issued an $85 million fine against USAA Federal Savings Bank without providing much explanation beyond a “pattern of misconduct” at USAA that led to consumer law violations. But neither USAA nor the OCC would comment on what the bank’s failures where, how many violations of consumer law occurred, and how many consumers were impacted.

By contrast, the OCC’s $400 million fine against Citigroup in October laid out the bank’s “long-standing” deficiencies in generating and evaluating its customer data, as well as weaknesses and deficiencies in its risk management programs and internal controls. The consent order also outlined how Citigroup is addressing those deficiencies.

Aaron Nicodemus covers regulatory policy and compliance trends for Compliance Week. He previously worked as a reporter for Bloomberg Law and as business editor at the Telegram & Gazette in Worcester, Mass.

Topics