Regulators cite MUFG Union Bank for IT shortcomings

Federal regulators penalized MUFG Union Bank on Monday for shortcomings in the Japanese-owned bank’s information security and operational risk controls.

MUFG Union Bank entered into a consent order with the Office of the Comptroller of the Currency, which found that the bank was not complying with information technology security guidelines from federal regulators. The OCC did not fine the bank as part of the consent order.

Bloomberg

The $133 billion-asset MUFG Union Bank is based in San Francisco and is owned by the Japanese banking giant Mitsubishi UFJ Financial Group. A separate U.S. unit of the company, MUFG Bank, got hit with an OCC consent order in 2019 over concerns with its anti-money-laundering compliance program.

The OCC’s action comes as Mitsubishi UFJ Financial Group is reportedly considering putting Union Bank up for sale, according to a Bloomberg News report.

Union Bank has “engaged in unsafe or unsound practices” and must lay out an action plan to improve its tech and information security protocols, the OCC wrote in its consent order. The bank has already started to remediate those concerns, the agency added.

The bank did not admit to or deny the OCC’s findings as part of the consent order. In a securities filing, the bank’s U.S. holding company said its leaders are “committed to taking the necessary actions to fully address the provisions” of the consent order.

The order requires bank officials to create and implement an updated information security program. The bank must also address “known staffing concerns” by hiring and retaining enough staff to support its improvements, the consent order said.

Its board is also required to create a new compliance committee within the next month that will meet at least quarterly to monitor the bank’s improvements. The committee must be made up mostly of directors who do not work directly for the bank.