Please ensure Javascript is enabled for purposes of website accessibility

Regulators Hit Capital One With $80 Million Fine, Cease and Desist Orders

By Bram Berkowitz – Aug 6, 2020 at 2:02PM

You’re reading a free article with opinions that may differ from The Motley Fool’s Premium Investing Services. Become a Motley Fool member today to get instant access to our top analyst recommendations, in-depth research, investing resources, and more. Learn More

The enforcement actions relate to data security issues at the bank that allowed a massive hack of credit card applicants' personal data in 2019.

Banking regulators are slapping Capital One (COF 0.38%) with an $80 million fine and requiring it to improve its risk management systems in the wake of a hack at the bank last year that resulted in one of the largest personal data breaches ever.

The U.S. Office of the Comptroller of the Currency (OCC), which regulates national banks, issued the fine and a cease and desist order, while the Federal Reserve, which regulates bank holding companies, issued its own cease and desist order.

Last July, an Amazon software engineer was able to obtain access to a Capital One server containing credit card applications and accounts. She then posted personal and financial data about more than 100 million people on the GitHub platform.

Federal Reserve building

Image Source: Getty

According to the OCC's order, Capital One did not implement "effective risk assessment processes prior to migrating its information technology operations to the cloud operating environment." The bank also failed to implement the proper controls for its cloud operating environment, and therefore violated a law regarding information security.

As a result, the OCC is requiring Capital One to appoint a compliance committee and create a written plan detailing how it will get into compliance with proper information security standards. The bank must also create and submit detailed plans of how it will improve internal controls and oversight of its cloud operating environment and other technology systems.

Cease and desist orders are among the most severe enforcement actions regulatory agencies can take, and can be in place for several years. Capital One will likely have to invest in its regulatory infrastructure to get into compliance.

The Fed's cease and desist order was somewhat similar to the OCC's. It found deficiencies in Capital One's "enterprise wide risk management program," and mandates that the company create a new, more comprehensive plan that can better identify and detect risks across the organization.

Bram Berkowitz has no position in any of the stocks mentioned. The Motley Fool has no position in any of the stocks mentioned. The Motley Fool has a disclosure policy.

Stocks Mentioned

Capital One Financial Stock Quote
Capital One Financial
$93.58 (0.38%) $0.35

*Average returns of all recommendations since inception. Cost basis and return based on previous market day close.

Related Articles

Premium Investing Services

Invest better with The Motley Fool. Get stock recommendations, portfolio guidance, and more from The Motley Fool's premium services.