Whistleblower, former USAA employee accuses the bank of ‘ripping off’ its customers

Patrick Danner

San Antonio Express-News

A former USAA Federal Savings Bank employee has gone public with allegations that the bank “ripped off” customers and committed other financial crimes, charges the San Antonio institution calls “baseless.”

Lenn A. Ferrer, a former federal prosecutor and Navy lawyer who worked in USAA Bank’s compliance department from 2014 until he was fired in March 2020, says the bank violated laws meant to protect military members against certain lending practices.

Ferrer said he recently sent the U.S. Consumer Financial Protection Bureau a whistleblower complaint outlining his allegations, adding that he believed it should be forwarded to the Department of Justice for potential criminal prosecution.

“I am not going to stop until I get all of these matters referred to DOJ,” Ferrer told the Express-News.

USAA officials forcefully disputed Ferrer’s allegations, which were first reported by Compliance Week, a publication for regulatory compliance officers.

“Frankly, it’s offensive to USAA employees because we really take our obligations seriously to live by our values,” said Kate Gallivan, head of regulatory relations and senior vice president. “Those values are service, loyalty, honesty and integrity. When you work here, serving members is really — it’s at the center of everything we do.”

USAA said it placed Ferrer on administrative leave in February 2020 “for inappropriate and threatening comments made to co-workers, including reference to firearms,” and dismissed him about two weeks later.

Ferrer asserted that the company “manufactured cause to fire me” because he is a whistleblower.

The retail bank offers credit cards, consumer loans, residential mortgages, home equity loans and trust services. It is an arm of USAA, the giant insurance and financial services comany, which has about 13 million customers — members of the military, veterans and their families. USAA has no affiliation with the U.S. military.

Ferrer accuses the bank of violating the Military Lending Act and the Servicemembers Civil Relief Act.

The MLA protects service members and their families from lending practices that could pose a threat to military readiness and hurt service member retention. The SCRA provides protections for military personnel in the event their service interferes with their ability to meet financial obligations. Among other things, it protects them against default judgments.

In 2020, USAA Bank’s primary regulator — the Office of the Comptroller of the Currency — found the bank had violated the MLA and SCRA by failing to put in place an effective compliance risk management program. USAA agreed to pay an $85 million civil penalty under an October 2020 consent order with the OCC. The bank neither admitted nor denied the regulator’s findings.

Ferrer, however, said the consent order barely scratched the surface. USAA has been “emboldened by regulators failing to see red flags” and has been given a “free pass on all of the statutory criminal penalties included in the MLA,” he told the OCC in a November 2021 letter.

For example, a creditor who knowingly violates the MLA can be imprisoned for up to one year.

No criminal charges were ever filed against USAA Bank or its personnel in connection with the OCC’s findings. And the consent order included a release of liability, meaning the regulator can’t take any further enforcement action related to MLA and the SCRA over the violations alleged in the order.

Ferrer also said any installment-loan contract that violated the MLA is deemed “void from inception.” That means the bank wouldn’t be able to collect on the principal it loaned to its members or on any interest charges.

He has alleged the bank committed some 400,000 violations of the MLA in all. He said he based that figure on internal USAA documents prepared by a third-party contractor and reported to the OCC. The Express-News did not obtain these documents, but Compliance Week said it had reviewed them.

In an interview, Ferrer said most of the alleged violations — around 380,000 — involved guaranteed asset protection (GAP) insurance on vehicle loans. He did not elaborate on how USAA Bank may have violated the MLA regarding the insurance contracts.

GAP insurance protects a car owner in the event a vehicle is badly damaged or stolen. It covers the difference between the vehicle’s value and the unpaid loan balance, so the owner won’t be stuck owing more than the vehicle is worth. USAA Bank refers to its GAP coverage as “Total Loss Protection.”

Gallivan called the 400,000 violations cited by Ferrer “grossly overstated” and said the actual figure is a “fraction” of that, though she declined to say what it is.

For example, USAA said some service members may have been charged more than its 4 percent interest limit on loans when they went on active duty for a period of less than 30 days.

The bank issued checks last year to members who it “may have harmed or may have potentially harmed,” Gallivan said.

At odds

Ferrer, 52, worked at the Federal Deposit Insurance Corp., another bank regulator, before joining USAA Bank in January 2014. Previously, he was an assistant U.S. attorney in Puerto Rico, prosecuting white-collar crime, and a senior Navy Judge Advocate General officer. He also served in the Army and did two combat tours in Iraq and Afghanistan.

Ferrer said USAA Bank hired him as director of compliance and that he supervised two people in a department of 15 when he started.

A bank’s compliance department essentially acts an an internal police force, ensuring the institution complies with banking laws and regulations. It plays an essential role in helping preserve a bank’s integrity and reputation.

Before arriving at USAA, Ferrer said he was first involved in redrafting policies and procedures in the wake of the 2010 Dodd-Frank financial reform legislation, enacted after the Great Recession. He eventually moved into compliance related to banking laws and regulations protecting military personnel and their families.

Ferrer said USAA promised him a promotion to “executive director” once the person in that position retired. Ferrer, a Navy reservist, said the bank reneged on that promise and demoted him to “Compliance Advisor Lead” after he returned from about two years of reserve service in 2016. USAA said Ferrer’s title at termination was “Compliance Risk Manager Lead.”

The dispute led Ferrer to level charges that the bank committed multiple violations of the Uniformed Services Employment and Reemployment Rights Act (USERRA), which protects military members’ and veterans’ civilian job rights.

Ferrer filed a complaint under the act with the U.S. Labor Department, which he said investigated “ad nauseam” until he told officials to refer it to the Justice Department — which he said didn’t take any action either.

“They came back and said, ‘Yeah, we’re not going to touch it,'” Ferrer said, adding that he wasn’t given a reason.

On Feb. 19, 2020, about two weeks before Ferrer’s termination, Sam McCosh — an internal investigator at USAA — questioned Ferrer. Each made a recording of the discussion. Ferrer forwarded his copy to the Express-News.

McCosh is heard saying on the recording that the scope of his investigation was to “ferret out allegations” that Ferrer was making “with regards to USAA’s criminal culpability.”

Ferrer told McCosh he saw problems within two or three weeks of joining the bank.

“Come on board and realize this bank is operating way outside all professional norms, to include broken IT systems, to include people literally using spreadsheets to do statistically irrelevant sample size, manual process of massive —,” Ferrer told the investigator. “I said at a meeting I was appalled.

“I said, ‘Hey, guys, this is a problem. This rises to the level of either criminal negligence or flat criminal offenses,'” Ferrer said.

Ferrer told McCosh he heard colleagues discussing “remotely-created checks.”

“A military member owes a debt (to USAA Bank), doesn’t pay the debt,” Ferrer told the investigator. “USAA takes the money out of their account by basically creating a check to themselves. That’s a violation of law. This has been known for years.”

The MLA prohibits a creditor from using a service member’s account information to generate a remotely-created check to collect on a debt. Remotely-created checks are a widely available service except to military members who are deployed, USAA said.

That occurred around 10,000 times, Ferrer said in an interview with the Express-News, citing internal bank documents.

Ferrer said the remotely-created checks are among the 400,000 violations he contends USAA Bank committed. That figure never came up when McCosh questioned Ferrer. But Ferrer did tell the investigator he intended to “go to all these regulators” and “inform them of all this stuff.”

Regulatory actions

Troubles at USAA Bank first emerged in early 2019 when the Consumer Financial Protection Bureau found the bank failed to honor customers’ stop-payment requests on electronic fund transfers and had reopened customers’ previously closed deposit accounts without their authorization.

The bank reopened nearly 17,000 closed accounts without customer consent over a five-year span that ended in late 2016. More than 5,100 customers incurred fees totaling about $270,000 after the accounts were reopened. USAA later reimbursed those members.

Without admitting or denying the CFPB’s findings, USAA Bank agreed to pay a $3.5 million penalty and $12 million in restitution.

About a month and a half after the CFPB released its findings, the OCC issued a cease-and-desist action against the bank for “engaging in unsafe or unsound banking practices.” USAA Bank failed to implement and maintain a risk management program appropriate for its size and risk profile, the OCC said.

In March 2019, the OCC downgraded USAA Bank’s performance rating from “satisfactory” to “needs to improve” under the Community Reinvestment Act (CRA), which was intended to encourage banks to extend credit and services to lower-income communities. The regulator took the action after uncovering evidence of 600 violations involving customers.

The OCC found evidence of 546 violations of the Servicemembers Civil Relief Act, including failure to provide protections to military reservists, wrongful repossession of vehicles and the filing of “inaccurate” affidavits in default judgments in civil court cases in which the bank was suing to collect debts.

In addition, the regulator found evidence of 54 violations of the MLA relating to using remotely-created checks to collect past-due amounts from members.

USAA Bank again caught blowback two years ago when it kept portions of some customers’ federal stimulus checks — intended to provide a financial cushion during the pandemic — to collect on debts to the bank. After reports by the New York Times and the American Prospect, the bank quickly reversed course to allow members with negative account balances to access the full amount of their stimulus checks.

In October 2020, the OCC hit the bank with the $85 million fine for its compliance deficiencies. The MLA and SCRA violations raised in this consent order are the same as those cited in CRA downgrade, USAA said.

Growing pains

The bank has grown dramatically over the last decade. It started in 1983 as an operating arm of USAA.

While it took USAA Bank nearly 30 years to reach $58.6 billion in assets at the end of 2012, it only took the next nine years — through the end of last year — to double in size to $117.4 billion.

The bank has had its share of growing pains, losing a combined $710 million in 2020 and 2021. It has beefed up its risk management, compliance and technology systems in the wake of the penalties, contributing to the red ink. It turned a $30 million profit in the first quarter of this year.

“We have acknowledged that we didn’t make the right investments in risk and compliance, and we did not keep pace with that as the bank grew really quickly,” Gallivan said. “We have attributed the failures to systems, processes, talent and controls.

“We have taken responsibility, and we are addressing the lack of investment,” she added.

Compliance Week documented high turnover among compliance chiefs at the bank and the parent company.

“There are many compliance red flags at USAA that led to their huge fines, and perhaps the most glaring is the CCO (chief compliance officer) musical chairs,” said Kenneth Thomas, a Miami-based bank analyst and president of Community Development Fund Advisors.

“Many top compliance people will not even take a job at a company where they perceive problems based on readily available data and past problems,” he added.

USAA has been hiring experienced professionals to strengthen its risk and compliance program, a spokesman said.

‘We’re going to guns’

On Feb. 24, 2020, five days after its internal investigator spoke with Ferrer, USAA put Ferrer on administrative leave. The company said he had made threatening comments to colleagues, including references to firearms.

Ferrer said he used the expression “We’re going to guns” in talking to the USAA investigator. He said it’s a phrase JAG officers use to indicate they are going to trial on a matter, and he used it to let McCosh know that he’d be taking USAA to court.

A USAA spokesman said that was not Ferrer’s only mention of guns. “There were separate comments made by Mr. Ferrer referencing firearms that raised personal safety concerns among co-workers,” the spokesman said.

USAA told Ferrer in an email dated March 5, 2020, that his termination was effective the day before, on March 4. The company said it attempted to contact Ferrer on March 4 to inform him of his termination but was unable to reach him, so it left him a voicemail.

Ferrer filed a whistleblower complaint with the Federal Reserve less than four hours before receiving that March 5 email. He alleged USAA had engaged in “illegal” practices under the MLA, SCRA and mortgage laws. The alleged violations “span the consumer loan, mortgage, and other credit spaces,” he wrote in the complaint.

The Federal Reserve forwarded the complaint to the OCC.

Given the OCC’s findings in its October 2020 consent order, USAA Bank doesn’t anticipate any ramifications from the allegations Ferrer raised in his March 2020 complaint.

“I can’t speak for how the OCC has assessed the validity of the allegations, but to me it’s reasonable to assume that they considered the merits of any complaint they received in March of 2020 before they issued a consent order in October of 2020,” USAA’s Gallivan said.

A spokesperson for the regulator declined to comment.

Ferrer said he believes his communication with the OCC — including the March 2020 complaint, a September 2021 letter to OCC officials, and a subsequent 90-minute telephone discussion with two OCC attorneys and two national bank examiners — led the agency to take further action against the bank two months ago.

The OCC, along with the Financial Crimes Enforcement Network, or FinCEN, an arm of the U.S. Treasury Department, levied a combined $140 million in fines over deficiencies in the bank’s Bank Secrecy Act/Anti-Money Laundering compliance program. In FinCEN’s consent order, USAA Bank admitted to “willfully violating” the Bank Secrecy Act.

“As its customer base and revenue grew in recent years, USAA (Bank) willfully failed to ensure that its compliance program kept pace, resulting in millions of dollars in suspicious transactions flowing through the U.S. financial system without appropriate reporting,” said Himamauli Das, FinCEN’s acting director, in a March 17 statement.

The settlements don’t preclude the Justice Department or another government agency from pursuing its own action related to the bank’s compliance failures.

Ferrer declined to provide a copy of his recent whistleblower complaint to the CFPB. While he waits to see whether the the agency will investigate his complaint, he remains unemployed.

“‘Fired for cause’ usually means you embezzled, you did some sort of sexual impropriety, you committed a crime,” he said. “You think anybody wants to hire a high-priced, 52-year-old — even with impeccable credentials — attorney who has been fired for cause?”


(c)2022 the San Antonio Express-News

Visit the San Antonio Express-News at www.mysanantonio.com

Distributed by Tribune Content Agency, LLC.

Post navigation