Welcome to the first Enforcement Actions Roundup of 2026, covering February's latest actions. Each month, we break down what went wrong, why it matters, and what your financial institution (FI) can do to stay ahead.
This roundup features two key resources:
- Enforcement Actions Tracker: A running tally of actions by agency, category, and topic — making it easy to spot enforcement trends and emerging hot spots.
- Enforcement Deep Dive: A closer look at each action, including what happened, key takeaways, and the controls your FI should revisit to avoid similar missteps.
Let's explore this month’s enforcement actions.
Related: Bookmark the Ncontracts Enforcement Action Tracker to search the latest enforcement actions by date, category, and regulator.
2025/2026 Enforcement Action Tracker
| |
Year |
Fair Lending |
Advertising |
AML/CFT |
Underwriting |
UDAAP |
Electronic Funds Transfers |
Insider Activities |
Flood Insurance |
Financial Risk |
Concentration |
Military Lending |
| CFPB |
2025 |
1 |
2 |
|
|
4 |
1 |
|
|
|
|
1 |
| |
2026 YTD |
|
|
|
|
|
|
|
|
|
|
|
| OCC |
2025 |
|
|
3 |
|
|
|
1 |
|
8 |
3 |
|
| |
2026 YTD |
|
|
|
|
|
|
|
|
|
|
|
| FRB |
2025 |
|
|
|
|
1 |
|
|
3 |
1 |
|
|
| |
2026 YTD |
|
|
|
|
|
|
|
|
|
|
|
| FDIC |
2025 |
|
|
5 |
3 |
1 |
1 |
1 |
10 |
6 |
|
|
| |
2026 YTD |
|
|
|
1 |
|
|
2 |
|
|
|
|
| NCUA |
2025 |
|
|
|
|
|
|
|
|
|
|
|
| |
2026 YTD |
|
|
|
|
|
|
|
|
|
|
|
Enforcement Actions Deep Dive: February 2026
CFPB Enforcement Actions
The CFPB issued no institutional enforcement actions in February 2026.
OCC Enforcement Actions
The OCC issued no institutional enforcement actions in February 2026.
FRB Enforcement Actions
The FRB issued no institutional enforcement actions in February 2026.
FDIC Enforcement Actions
FDIC and Georgia Department of Banking and Finance Issue Consent Order for Safety and Soundness Deficiencies
The FDIC and the Georgia Department of Banking and Finance (GDBF) identified unsafe or unsound banking practices at a bank, including weaknesses in management, asset quality, capital, earnings, liquidity, funding, and market risk sensitivity.
At a minimum, the bank must increase the number of board members and retain an independent consultant to review staffing levels and expertise relative to the bank’s current business model. An outside party must also be retained to conduct a forensic analysis, specifically focusing on intercompany transactions, use of the bank’s loan platform for affiliate transactions, use and accuracy of loan suspense accounts, and proper accounting and reporting of the mortgage servicing asset. Lastly, the bank must refile its 2025 call reports after improperly counting $1.25 million in holding company capital.
Takeaways
This enforcement highlights the need for a strong, independent board. Foundational controls governing insider activity likely failed because of the lack of independence in the board’s structure, resulting in the need for a mandatory forensic accounting review and report on related interests and affiliates of the board and senior management. The requirement to refile two consecutive call reports after improperly counting $1.25 million in holding company capital further signals that financial reporting was not subject to meaningful audit challenge. An institution’s internal audit function must have the resources, authority, and independence to catch material errors before regulators do.
Insider risk is much more than a standalone policy document. It needs to be treated as a cross-functional discipline, focused on independence, a strong third line of defense, and sound reporting on insider loan exposures, exceptions, fee reversals, affiliate transactions, and intercompany balances.
Controls to Evaluate
- Board Member Qualification and Selection: Board member qualification and selection processes are appropriate and effective, including IT knowledge. The selection process includes reviewing whether board candidates:
- Possess the knowledge, skills, experience, and, particularly in the case of non-executive directors, independence of mind given their responsibilities on the Board and in the light of the FI's business and risk profile
- Have a record of integrity and good reputation
- Have sufficient time to fully carry out their responsibilities
- Can promote a smooth interaction between board members
- Understand IT activities and risks to carry out their IT governance responsibilities
- Board and Senior Management Oversight: Effective mechanisms through which the board and senior management execute their respective oversight responsibilities, including reviewing internal and external audit reports. The board and senior management have processes in place for the oversight of the FI's strategic objectives, including risk appetite, financial performance, capital adequacy, capital planning, liquidity, risk profile, risk culture, controls, compensation practices, and the selection and evaluation of management. Supervisors focus particular attention on the oversight of risk management, compliance, and internal audit functions. This includes assessing the extent to which the board interacts with and meets representatives of these functions. Internal controls are adequately assessed and contribute to sound governance throughout the FI.
- Internal Audit and Independent Review: Internal audit and independent review processes are in place that provide objective assurance on the effectiveness of operational controls, regulatory compliance, and process efficiency across all business functions. Audit procedures include statistical sampling to verify process adherence and control execution, compliance testing for applicable regulatory requirements and policy standards, and control effectiveness evaluation of risk management procedures, documentation practices, system security controls, and operational workflows, with audit staff maintaining independence through direct reporting to senior management and the audit committee, and unrestricted access to all business records, supporting documentation, system audit logs, and operational data necessary to complete comprehensive assessments.
- Affiliate Transaction Monitoring: An automated affiliate transaction monitoring system is in place and calculates both individual and aggregate affiliate exposures using current valuations updated through daily feeds from market data providers, loan servicing systems, and collateral management platforms. The system automatically adjusts exposure calculations based on valuation changes, generating alerts when revaluations cause exposures to approach regulatory limits. System calculations undergo quarterly validation by Internal Audit against manual calculations, with Operations performing daily reconciliations to subsidiary ledgers and general ledger entries to ensure data completeness and accuracy.
- Enterprise-Wide Affiliate Registry: An enterprise-wide affiliate registry system automatically identifies and tracks all affiliate relationships through daily feeds from corporate ownership databases, regulatory filings, and shareholder records. The system calculates direct and indirect ownership percentages using multi-tier ownership algorithms, identifies control relationships based on voting rights, board representation, and management overlaps, and generates real-time affiliate maps showing all covered relationships, including foreign subsidiaries, investment companies, and sponsored entities. Automated change detection alerts trigger within 24 hours when ownership structures change, new entities are formed or acquired, voting agreements are modified, or control relationships shift through board or management changes. The system maintains a complete audit trail of all affiliate additions, modifications, and deletions, with monthly reconciliation to general ledger entity codes, ensuring all system entities conducting transactions are properly classified as affiliate or non-affiliate.
- Insider Loan Underwriting: Underwriting memo for insider loans is comprehensive, including analysis of market rate, term, collateral type/valuation/LTV (loan-to-value), DTI (debt-to-income)/cash flow, credit score, etc., to ensure that the terms are comparable to non-insider transactions. In addition, the memo includes a total aggregation of credit extensions for the insider to ensure compliance. The memo is presented to the Board for pre-approval.
- Internal Controls Over Financial Reporting: Internal controls over financial reporting are maintained through structured control testing and documented oversight of key processes within the financial close and reporting cycles. Management performs reviews and provides approval of critical control activities, including journal entries, reconciliations, and reserve calculations, to ensure accuracy, accountability, and compliance with established control frameworks.
Related Ncontracts Content in Your Platform
Ncomply Sample Policies
Nrisk Risk Assessments
Nverify Audits
FDIC and Massachusetts Division of Banks Issue Consent Order for Board Oversight, Asset Quality, and Compensation Deficiencies
The FDIC and the Massachusetts Division of Banks (MADOB) issued this enforcement action for breaches of fiduciary duties or nonconformance with interagency guidelines related to operational, managerial, and compensation standards.
The bank’s board must strengthen its board oversight and conduct an independent third-party assessment of board and management qualifications, including lending, credit, security, and compensation committees. The bank must also adopt compliant compensation practices, reduce its exposure to assets classified as “Substandard” or “Doubtful,” remediate weaknesses in loan underwriting and credit administration, and improve loan review and risk rating processes.
Takeaways
Regulators focused not only on asset quality, but also on whether the bank’s board composition, committee structure, and executive compensation practices were aligned with its risk profile. Executive compensation tied to metrics and aligned with comparative market analysis, claw-back provisions for misconduct, and transparent documentation are significant steps to ensure your institution doesn’t make the same mistakes.
Clear escalation protocols for problem loans, board-level review of material downgrades, and tight controls on renewals or extensions to adversely classified borrowers are critical. Disciplined underwriting and independent loan review are non-negotiable. Institutions should ensure timely borrower financial reporting, refresh collateral valuations when repayment becomes uncertain, and validate independent risk ratings.
Controls to Evaluate
- Board Member Qualification and Selection: Board member qualification and selection processes are appropriate and effective, including IT knowledge. The selection process includes reviewing whether board candidates:
- Possess the knowledge, skills, experience, and, particularly in the case of non-executive directors, independence of mind given their responsibilities on the Board and in the light of the FI's business and risk profile
- Have a record of integrity and good reputation
- Have sufficient time to fully carry out their responsibilities
- Can promote a smooth interaction between board members
- Understand IT activities and risks to carry out their IT governance responsibilities
- Compensation Committee Oversight: Compensation Committee meets periodically to review compensation or incentive programs, overall benefits, and compensation levels for directors, executive officers, employees, and principal shareholders. The Committee reviews the information to ensure that compensation and benefits are appealing, reasonable, fair, equitable, and consistent with regulatory guidelines and applicable regulations. External salary surveys are reviewed periodically to ensure employee salaries are in line with market rates. The Committee reports to the Board periodically.
- Asset Management Committee (AMC): Asset Management Committee (AMC) regularly reviews loan totals, concentrations, interest rate exposure, delinquency, collection activity, other real estate (ORE), Allowance for Credit Loss (ACL) and ESG (Environmental, Social and Governance) reports, then makes decisions accordingly, such as revising loan-to-values (LTV's), exposure limits, concentration limits, exceptions, etc.
- Loan Review Program: The Loan Review Program, internal and/or external, is comprehensive, with annual plans reviewed and approved by the board. The program includes appropriate staffing to attain adequate coverage, scope, analysis, and written reports. The loan review program provides timely and accurate credit classification and risk grading, as well as compliance with SBA lending requirements and some compliance requirements. The reports are presented periodically to the board.
- Problem Loan Management: Problem Loan Management Program and procedures include:
- Timely and accurate credit classification and risk grading for commercial and retail lending, including current assessment of collateral value in support of classified loans
- Timely charge-off for uncollectible balances
- Timely designation of nonaccrual
- Timely reductions of terminations of cancellable off-balance sheet credit exposure
- Documentation of all action plans and results
- Active collection process
Related Ncontracts Content in Your Platform
Nrisk Risk Assessments
NCUA Enforcement Actions
The NCUA issued no institutional enforcement actions in February 2026.
Did you know you can manage all your compliance tasks on one platform? Ncomply connects your teams, streamlines oversight, and keeps you current on regulatory changes.
See it in action with a product tour.