CA bank draws cease-and-desist order over weaknesses in customer-info security program

A cease-and-desist order issued Monday requires MUFG Union Bank, N.A., San Francisco, to undergo a series of steps to strengthen its compliance with interagency guidance focused on the protection of customer information.

The consent order with the Office of the Comptroller of the Currency (OCC) cites the bank for unsafe or unsound practices regarding technology and operational risk management; and the bank’s noncompliance with the Interagency Guidelines Establishing Information Security Standards contained in Appendix B to 12 CFR Part 30, implemented under provisions of the Gramm-Leach-Bliley Act. Appendix B addresses standards for “developing and implementing administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of customer information.”

The order states that the bank has begun corrective action and “has committed resources to remediate the deficiencies.”

OCC Issues Cease and Desist Order Against MUFG Union Bank for Deficiencies Relating to Technology and Operational Risk Governance