Whistleblower’s defamation case reveals scope of USAA ‘coverup’

The estimated scope of the MLA violations was first reported in a three-part investigative series by Compliance Week in May 2022. Lenn Ferrer, a former USAA director of compliance turned whistleblower, told Compliance Week that senior executives at USAA ignored warnings from compliance staff and third-party consultants for years regarding numerous violations of U.S. federal banking laws and “intentionally” hid from regulatory authorities the true scope of its illegal practices, including the MLA violations, violations of the Servicemembers Civil Relief Act (SCRA), and various consumer lending laws. 

“From the beginning, I have done nothing other than tell the truth and try to do the right thing,” said Ferrer, after filing his defamation lawsuit against USAA. 

Since Compliance Week published its investigative series, several more USAA risk and compliance insiders and third-party contractors retained by USAA came forward to share their own experiences. Like Ferrer, several whistleblowers internally reported alleged violations of federal banking laws to USAA’s management only to be terminated days or weeks later. 

USAA did not challenge the disclosures within the court records, nor in a statement to Compliance Week for this story. “The case was dismissed on legal grounds, so we did not address the allegations in the complaint,” said Roger Wildermuth, USAA’s director of public relations. 

“It’s misconduct, upon misconduct, upon misconduct. In the federal white-collar prosecution world, the maxim is, ‘The coverup is worse than the crime’–and it is.” 

– Lenn Ferrer, Former Director of Compliance, USAA

USAA’s story is not unique. Corruption in the financial services industry is endemic, with numerous financial institutions paying billions in fines and penalties ultimately for not prioritizing compliance. It happened at TD Bank in November, when that firm agreed to pay nearly $3.1 billion in fines after U.S. investigators found massive anti-money-laundering failures. JPMorgan Chase, meanwhile, agreed to pay $151 million over disclosure lapses. Earlier this year, Navy Federal Credit Union, agreed to pay $95 million over incorrectly charging overdraft fees to accounts that showed sufficient funds. The list goes on, highlighting failures at Citi, Wells Fargo, and others. 

Anecdotally, a half dozen compliance officers in the financial services industry who spoke with Compliance Week say these issues keep repeating because companies don’t seem to take their roles seriously enough. Instead, they’ve said, compliance feels more like window dressing to appease regulators, rather than a true effort to do the right thing.  

“I’ve left situations multiple times thinking, ‘The grass has to be greener on the other side,’ and I’m always sadly disappointed,” said one current vice president of compliance in the industry, who said they’ve now seen it at multiple businesses, including the industry’s largest firms. Speaking on the condition of anonymity for fear of retribution, the person added that even when issues come up, they’re quickly dismissed. “They just want you to shut up and go away,” this person added. 

Even among all those household names, USAA Bank is somewhat unique. It’s a member-based organization that caters to military members and their families. But in his complaint, Ferrer said the firm had failed in its duties. “They’re violating the very statutes that are designed specifically to protect military members, a protected class,” Ferrer said. 

Immediately prior to USAA, Ferrer served four years as counsel at the Federal Deposit Insurance Corporation and, earlier in his career, had been awarded accolades both as a senior Navy judge advocate general officer and in his role as a tenured assistant U.S. attorney for the Department of Justice’s Criminal Division, representing cases that included bank and mortgage fraud.

Regarding Ferrer’s defamation lawsuit against USAA, Exhibit 4 within the defamation complaint revealed the MLA violations were significantly more widespread than what was reported to regulatory authorities before Ferrer blew the whistle.

Among them, court exhibits outlined MLA violations concerning guaranteed asset protection insurance, a technical provision of the MLA, in USAA’s consumer bank lending area. Court records also include approximately 10,000 instances of illegal use of “remotely created checks” or “remotely created payments” in USAA’s member debt solutions area.

If a military service member owes a debt and money is taken from the servicemember’s account to create a remotely created check or remotely created payment to the debt, that’s an MLA violation, explained Ferrer. 

The exhibits in the court filings contain screen captures of an internal review conducted by a USAA-retained third-party contractor of MLA violations “identified as having a significant potential reputational impact.”  According to Ferrer, the Office of the Comptroller of the Currency (OCC), USAA Bank’s primary regulator, mandated the internal review under a January 2019 consent order. 

As Compliance Week previously reported, and as later shared with regulatory authorities by Ferrer, the findings from the internal review were presented at a January 2020 management meeting. However, senior management “intentionally” kept hidden from regulatory authorities the true scope of USAA Bank’s U.S. federal banking law violations, including the MLA violations, telling USAA Bank compliance personnel in attendance at that meeting they were going to “massage” the message, he said. 

Communications seen by Compliance Week showed that Ferrer alerted several USAA senior executives on numerous occasions regarding “systemic, willful violations” of the MLA and the SCRA before reporting his observations in a whistleblower complaint to regulatory authorities. He was subsequently terminated from USAA. 

Defamation lawsuit 

Following Compliance Week’s investigative series, the San Antonio Express-News published a follow-up article, in which Kate Gallivan, USAA’s head of regulatory relations, was quoted as stating that Ferrer had been placed on administrative leave for “inappropriate and threatening comments made to co-workers, including reference to firearms.”  

Gallivan also told the newspaper that Ferrer “grossly overstated” the estimated 400,000 MLA violations, claiming the actual figure was a “fraction” of that.  

In his defamation complaint, Ferrer alleged that USAA “acted with malice” by portraying him as “a dangerous, disgruntled, lying former employee to facilitate denial of USAA’s blatant violation of myriad banking laws.” Ferrer alleged USAA fabricated a cause to fire him. The judge dismissed the case on Sept. 11, granting USAA’s motion to dismiss, because it had been filed beyond Florida’s two-year statute of limitations for slander and libel action. 

In its Motion to Dismiss, USAA asserted that since Ferrer did not file this action until May 22, more than two years after the San Antonio Express-News published the article, his action was time-barred. 

Tumultuous times 

Executive turnover at USAA has continued over the past few years. Recent departures include Chief Risk Officer Neeraj Singh, USAA Bank President Paul Vincent, and Chief Audit Executive Gilbert Gitiche. Additionally, USAA President and CEO Wayne Peacock said this summer that he plans to retire in 2025. As Compliance Week previously reported, the departures are part of a continued trend within USAA Bank and USAA Group, with the bank playing musical chairs on who served as chief compliance officer as far back as 2019.

Asked about the reasoning behind the latest wave of departures, Wildermuth told Compliance Week, “Each situation is unique, as individuals leave to pursue other opportunities and as USAA adapts.” 

During that time, USAA has received numerous consent orders from the OCC, the Financial Crimes Enforcement Network, and the Consumer Financial Protection Bureau. These agencies have cited USAA Bank for various violations of the MLA, the SCRA, and the Truth in Lending Act. 

In 2022, USAA Bank reported a $1.3 billion net loss for the first time in its more than 100-year history, and twice now the OCC has publicly downgraded USAA Bank’s performance rating under the Community Reinvestment Act (CRA) from “satisfactory” to “needs to improve.”  

In its 2023 performance rating review, the OCC cited 6,477 violations of the Federal Trade Commission Act’s Unfair and Deceptive Acts or Practices “due to failure to provide promised interest rate discounts on automobile loans.” According to the OCC, “management did not improve the bank’s CRA performance with respect to compliance risk management from the last evaluation in 2018.” 

USAA also continues to challenge legal actions nationwide. In August, USAA reached a $64 million settlement in a North Carolina federal court to resolve a class-action lawsuit that alleged, in part, USAA violated the SCRA by illegally overcharging servicemembers and veterans on interest rates and fees on credit cards and loans.  

“Before this lawsuit was filed, we had already compensated members for errors that may have occurred related to the allegations in the lawsuit,” Wildermuth said. “Roughly half of the announced settlement amount is simply reissuing checks we had previously mailed that our members never cashed.”  

Many members never cashed the checks because they were sent in “nondescript” envelopes made to look like “junk mail,” the complaint alleged. 

Wildermuth said that USAA “strongly disagrees with the lawsuit allegations, but this settlement is in the best interest of our membership and allows USAA to avoid lengthy and expensive litigation.” 

USAA’s legal troubles are not over as other class actions continue nationwide. “It’s misconduct, upon misconduct, upon misconduct,” Ferrer said. “In the federal white-collar prosecution world, the maxim is, ‘The coverup is worse than the crime’–and it is.” 

This story has been updated to clarify that among recent executive departures, USAA CEO Peacock has announced plans to retire in 2025 after overseeing what the company said was “industry-leading service.”