We can deny as much as we want, but the truth of humans wanting to edge out each other has stood the test of time. Our innate ambition to become the best has proven to be both positive and negative. In a positive sense, it has led to innovative solutions from both the ends, thus introducing the world with something unique. On the other hand, though, the negative consequences of it have been huge in their own right. This desire to be ahead of others has often forced us to do things that can’t be considered as entirely ethical and certain activities across different sectors testify for that big time. To curb these situations, if not uproot them altogether, dedicated regulatory bodies work around the clock, staying vigilant about any inconsistencies that may appear on the way. Apart from ensuring that there is a level-playing field amongst the competitors, these regulatory bodies also take care of consumers’ interests. There is no dearth of cases where consumers have been wronged in some way or the other, so the regulators are tasked with the responsibility of enforcing consumer protection laws on the ground level, something that has become trickier in the age of technology. While any praise for technology feels underwhelming, it has also created a gigantic issue for the regulators by doubling down on the chances of a violation. Nevertheless, after scrambling a fair bit against all the loopholes that technology had cut open, the authorities are finally looking in a state to catch up, and it can be seen quite clearly in a warning sent out to the MUFG Union bank.
The Office of the Comptroller of the Currency (OCC) has recently issued a Cease and Desist order against MUFG Union bank for persistent deficiencies in technology and operational risk governance. OCC’s order specifically mentions about the bank’s unsafe practices and its non-compliance with the interagency guidelines that are there as a benchmark for the institutions in terms of information security. As of now, the MUFG Union bank will be allowed a timeframe of 90 days within which they have to submit an action plan. Through this action plan, the bank is asked to share all the corrective measures it is planning to take for resolving the issue in question. Furthermore, all the details regarding timeline requirements for the implementation of the same must be provided to the OCC board. It should be noted that the action plan won’t just address the problem of technology and operational risk governance, but it will also be expected to provide an idea about how to rework internal controls, staffing deficiencies, and tech-driven risk assessment methods.