The Office of the Comptroller of the Currency, in a coordinated action with the Consumer Financial Protection Bureau, on Friday assessed a total civil money penalty of $1 billion against Wells Fargo Bank for engaging in abusive lending practices concerning its auto loans.

The OCC assessed a $500 million civil money penalty against Wells Fargo and ordered the bank to make restitution to customers harmed by its “unsafe or unsound practices,” the OCC stated. Wells Fargo must also develop and implement an effective enterprise-wide compliance risk management program. Separately, the CFPB assessed a $1 billion penalty against the bank and credited the $500 million collected by the OCC toward the fine. The $1 billion penalty represents the bggest fine ever levied by the CFPB, which was created in 2010 under the Dodd-Frank act.

The OCC said it took these actions “given the severity of the deficiencies and violations of law, the financial harm to consumers, and the bank’s failure to correct the deficiencies and violations in a timely manner.” Specifically, the OCC found deficiencies in the bank’s enterprise-wide compliance risk management program that “constituted reckless unsafe or unsound practices” in violation of Section 5 of the Federal Trade Commission (FTC) Act.

Additionally, the OCC found that Wells Fargo violated the FTC Act and engaged in unsafe and unsound practices relating to improper placement and maintenance of collateral protection insurance policies on auto loan accounts and improper fees associated with interest rate lock extensions, resulting in consumer harm.

The $500 million civil money penalty reflects numerous factors, including the bank’s failure to develop and implement an effective enterprise risk management program to detect and prevent the unsafe or unsound practices, and the scope and duration of the practices. “The OCC also reserves the right to take additional supervisory action, including imposing business restrictions and making changes to executive officers or members of the bank’s board of directors,” the agency stated.

The OCC consent order also modifies restrictions placed on the bank in November 2016 relating to the approval of severance payments to employees and the appointment of senior executive officers or board members. “The original restrictions related to severance payments applied to all employees, which unnecessarily delayed severance payments to employees who were not responsible for the bank’s deficiencies or violations,” the OCC stated. “This order maintains restrictions on the approval of severance payments to senior and executive officers and the appointment of senior executive officers or board members.”

According to the CFPB’s consent order, Wells Fargo also violated the Consumer Financial Protection Act (CFPA) in the way it administered a mandatory insurance program related to its auto loans. The CFPB also found that Wells Fargo violated the CFPA in how it charged certain borrowers for mortgage interest rate-lock extensions.

Compliance procedures

Under the terms of both consent orders, Wells Fargo will remediate harmed consumers and undertake certain activities related to its risk management and compliance management. Under the CFPB consent order, the compliance risk management plan “must be commensurate with the size, complexity, and risks” of Wells Fargo’s operations.

At a minimum, it must include detailed steps to develop, implement, and maintain policies and procedures that are designed to ensure:

Oversight and commitment to an effective compliance management system;

Comprehension, identification, and management of consumer-related risks arising from Wells Fargo’s products, services, and activities;

Self-identification and timely self-reporting to the CFPB of violations and potential violations of federal consumer financial law as Wells Fargo identifies such issues and develop an appropriate consumer remediation plan;

Effective third-party vendor oversight; and

Wells Fargo’s consumer complaint resolution process is responsive and effective.

Additionally, Wells Fargo must take steps to develop, implement, and maintain policies, procedures, and other applicable employee guidance—as well as monitoring, testing, and other compliance oversight controls—to address the acts and practices that are the subject of the consent order.

“For more than a year and a half, we have made progress on strengthening operational processes, internal controls, compliance and oversight, and delivering on our promise to review all our practices and make things right for our customers,” Wells Fargo President and CEO Timothy Sloan said in a statement. “While we have more work to do, these orders affirm that we share the same priorities with our regulators and that we are committed to working with them as we deliver our commitments with focus, accountability, and transparency.”