Supervisory discipline
US bank-regulator enforcement actions
Every publicly disclosed formal enforcement action taken by the Federal Reserve and the Office of the Comptroller of the Currency against a supervised institution, reproduced from each regulator's own machine-readable export. These are public supervisory records, not verdicts of misconduct: a written agreement or a cease-and-desist order is a supervisory tool, and only an order that says so is a finding against anyone. Actions against named individuals are excluded entirely; this page is institution-level.
Data as of Jul 18, 2026 (retrieved from each regulator; the registers update continuously)
Actions per year, by type
The two regulators combined, 1987 to 2026, stacked by harmonized action category. Two waves stand out in the record: the early-1990s cleanup and, larger, the 2009–2012 post-crisis peak, which crested at 493 institution actions in 2010. Formal-agreement and cease-and-desist volume drove both.
Source: Federal Reserve enforcement actions (CSV) | OCC Enforcement Action Search Methodology
Actions per year, by regulator
The same actions split by the issuing regulator. The OCC (national banks and federal thrifts) and the Federal Reserve (state member banks and holding companies) supervise different institutions, so their counts are not a like-for-like comparison of strictness.
Source: Federal Reserve enforcement actions (CSV) | OCC Enforcement Action Search Methodology
Open vs terminated
An enforcement action is a stock, not just a flow: it stays in force until the regulator terminates it. Of the 4,266 institution actions on file, 814 carry no termination date (open, or terminated without a recorded date) and 3,452 have been terminated. A terminated action is one the regulator has lifted, typically after the bank fixed what the order named.
Penalty dollars, where machine-readable
Dollar figures are read from the OCC's Amount field and, for the Fed, parsed from the action text where a clean figure appears. Coverage is partial: 627 of 4,266 actions carry a machine-readable amount, so these are lower bounds, not the full penalty tally. The largest years are 2013–2015, the post-crisis settlement era.
| Year | Penalty / restitution total | Actions with a $ figure |
|---|---|---|
| 2013 | $2.97B | 45 |
| 2014 | $2.93B | 40 |
| 2015 | $2.32B | 34 |
| 2012 | $1.74B | 22 |
| 2024 | $1.29B | 5 |
| 2020 | $1.08B | 14 |
| 2018 | $949.8M | 24 |
| 2017 | $833.6M | 26 |
Eight largest years by disclosed dollar amount, of 37 years with any machine-readable figure.
The regulators’ own action types
The harmonized categories above collapse each regulator’s own labels. Here are the raw labels as issued, most frequent first.
| Regulator | Action type (as issued) | Harmonized category | Count |
|---|---|---|---|
| OCC | Formal Agreement | Written Agreement / Formal Agreement | 1,278 |
| Federal Reserve | Written Agreement | Written Agreement / Formal Agreement | 944 |
| OCC | Cease-and-Desist Order (C&D) or Personal Cease-and-Desist Order (PC&D) | Cease and Desist | 875 |
| OCC | Civil Money Penalty (CMP) | Civil Money Penalty | 376 |
| Federal Reserve | Cease and Desist Order | Cease and Desist | 241 |
| Federal Reserve | Prompt Corrective Action | Prompt Corrective Action | 62 |
| OCC | C&D or PC&D Requiring Restitution | Cease and Desist | 56 |
| OCC | Prompt Corrective Action (PCA) Directive | Prompt Corrective Action | 48 |
| Federal Reserve | Civil Money Penalty | Civil Money Penalty | 43 |
| OCC | Securities Enforcement Action | Other formal action | 41 |
| OCC | GLBA Agreement | Written Agreement / Formal Agreement | 12 |
| OCC | Capital Directive | Cease and Desist | 12 |
| Federal Reserve | Amendment to 4/13/2011 Order to Cease and Desist | Cease and Desist | 9 |
| Federal Reserve | Civil Money Penalty $50,000 | Civil Money Penalty | 9 |
What each regulator says
Federal Reserve
“Generally, the Federal Reserve takes formal enforcement actions against the above entities and individuals for violations of laws, rules, or regulations, unsafe or unsound practices, breaches of fiduciary duty, and violations of final orders. Formal enforcement actions include cease and desist orders, written agreements, prompt corrective action directives, removal and prohibition orders, and orders assessing civil money penalties. Since August 1989, the Federal Reserve has made all final enforcement orders public in accordance with the Financial Institutions Reform, Recovery, and Enforcement Act of 1989; since November 1990, it has made written agreements public.”
Federal Reserve, About Enforcement Actions →OCC
“The Office of the Comptroller of the Currency expressly disclaims any responsibility for the acts of any individual or entity subject to an enforcement action, whether or not that individual or entity appears on these lists. These lists are NOT guaranteed to be comprehensive.”
The OCC also notes that prohibition notifications issued before 23 December 2022 no longer appear, following the Fair Hiring in Banking Act’s amendment of 12 U.S.C. § 1829, and that subject-matter tags exist only for actions issued since 2012.
OCC Enforcement Action Search →Why the FDIC is not here
The FDIC supervises state non-member banks and publishes its Enforcement Decisions and Orders through a search site (orders.fdic.gov). That site is a Salesforce Lightning “EDOS” guest community whose results are served only through authenticated application actions: an unauthenticated automated client is told “Guest user access is not allowed.” There is no documented bulk CSV or XLSX, and the FDIC BankFind Suite REST API family (institutions, financials, history, locations, summary of deposits, demographics, failures, risk view) carries no enforcement endpoint. Rather than partially scrape it or invent figures, the FDIC is left out and the gap is recorded. It will be added if a clean machine-readable route appears.
Source: FDIC Enforcement Decisions and Orders (search only) No machine-readable export at retrieval time; documented in data/raw/enforcement/SOURCE.md. Methodology
Reading this register
- These are the issuing regulators’ own public records, reproduced as issued. FinObservatory adds no misconduct score, ranking, or editorial label.
- Institution identity is matched to an FDIC certificate only by an exact normalized name-and-state key that is unique in the FDIC registry, so 46% of actions carry a cert and the rest (mostly holding companies, which hold no deposit-insurance cert) do not. A name-based match is not a legal identification.
- Coverage is bounded by what each regulator publishes: the OCC’s list is not guaranteed comprehensive and drops certain older prohibition notices, and neither register carries the FDIC-supervised banks. Read this as most of the federal bank-supervision record, not all of it.
- This is reference information, not legal, compliance, or investment advice. See the methodology for sources, the individuals-exclusion rule, the join method and match rate, and license notes.