FDIC Enforcement Actions Against Banks

The Federal Deposit Insurance Corporation possesses statutory authority to compel corrective action at banks operating under its supervisory jurisdiction, using a structured system of formal and informal enforcement tools. This page covers the definition and scope of FDIC enforcement actions, the procedural mechanics by which they are initiated and resolved, the conditions most likely to trigger them, and the thresholds that determine which type of action applies. Understanding this framework is essential for bank directors, compliance officers, and depositors who need to interpret the public enforcement record maintained by the FDIC.

Definition and scope

An FDIC enforcement action is an official supervisory measure directed at a federally insured depository institution — or at an institution-affiliated party such as an officer, director, or controlling shareholder — to address violations of law, unsafe or unsound practices, or breaches of written agreements. Authority for these actions derives primarily from the Federal Deposit Insurance Act (FDI Act), 12 U.S.C. § 1818, which grants the FDIC power to issue orders, assess civil money penalties (CMPs), and remove individuals from banking.

The FDIC's enforcement jurisdiction covers state-chartered banks that are not members of the Federal Reserve System — a category historically referred to as state nonmember banks. As of the FDIC's 2023 Annual Report, the agency supervised approximately 3,000 state nonmember institutions. For national banks and federal savings associations, primary enforcement authority rests with the Office of the Comptroller of the Currency (OCC), while the Federal Reserve holds primary authority over state member banks.

Enforcement actions appear in the FDIC's publicly searchable enforcement actions database, which is updated monthly and distinguishes between formal and informal actions. Formal actions are legally binding orders entered into the public record; informal actions are supervisory tools that do not carry the force of a public order.

How it works

The enforcement process follows a defined sequence tied to findings from the FDIC bank examination process and the CAMELS rating system, which grades institutions across six components: Capital adequacy, Asset quality, Management, Earnings, Liquidity, and Sensitivity to market risk. A composite CAMELS rating of 3, 4, or 5 places a bank on elevated supervisory watch and increases the probability of enforcement action.

The process unfolds in four primary stages:

1. Examination finding — Examiners identify deficiencies during a safety-and-soundness or compliance examination and document them in a Report of Examination (ROE).
2. Supervisory communication — The FDIC issues a findings letter or matters requiring board attention (MRBAs) and evaluates management's response and remediation timeline.
3. Action determination — Based on severity, persistence, and management's response, the FDIC determines whether an informal or formal action is appropriate.
4. Order issuance or agreement execution — The action is executed, with compliance monitoring assigned to the regional office.

Civil money penalties are assessed under 12 U.S.C. § 1818(i), which establishes three tiers of penalties. Tier 1 penalties apply to technical violations and cap at $5,000 per day; Tier 2 penalties for reckless violations cap at $25,000 per day; Tier 3 penalties for knowing violations can reach $1,000,000 per day (FDI Act § 1818(i)(2)). These figures are also subject to inflation adjustments under the Federal Civil Penalties Inflation Adjustment Act.

Common scenarios

Enforcement actions arise most frequently from the following conditions, documented across the FDIC's public enforcement record:

• Capital deficiency — Banks falling below minimum capital thresholds under 12 CFR Part 325 or the Prompt Corrective Action (PCA) framework are subject to mandatory supervisory responses, including restrictions on dividends and growth.
• Bank Secrecy Act (BSA) / Anti-Money Laundering (AML) failures — Deficient BSA/AML programs, inadequate suspicious activity reporting, or failure to file Currency Transaction Reports (CTRs) routinely produce formal orders and CMPs. The Financial Crimes Enforcement Network (FinCEN) frequently coordinates with the FDIC on these actions.
• Unsafe or unsound lending practices — Concentrations in commercial real estate exceeding guidance thresholds, inadequate underwriting standards, or excessive loan-to-value ratios generate examination criticism that can escalate to enforcement.
• Consumer compliance violations — Violations of the Truth in Lending Act, the Fair Housing Act, or the Equal Credit Opportunity Act identified through FDIC consumer compliance supervision may trigger formal orders.
• Management and governance deficiencies — Boards that fail to exercise adequate oversight, as documented in ROEs, are frequently named in consent orders requiring governance reforms and independent reviews.

Decision boundaries

The FDIC distinguishes between informal and formal enforcement along two primary axes: severity of the problem and management responsiveness.

Informal actions — including memoranda of understanding (MOUs) and commitment letters — are not published in the public enforcement database and are typically reserved for institutions with CAMELS composite ratings of 3 that exhibit isolated deficiencies with cooperative management. MOUs are not legally enforceable as court orders but carry significant supervisory weight.

Formal actions — including consent orders, cease-and-desist orders, and civil money penalty assessments — are public, legally binding, and reportable. Consent orders are the most common formal instrument; they function as negotiated agreements that carry the force of law. Cease-and-desist orders under 12 U.S.C. § 1818(b) may be issued without the institution's consent when the FDIC determines that immediate corrective action is required.

Removal and prohibition orders under 12 U.S.C. § 1818(e) represent the most severe individual-level sanction, barring a person permanently from participation in the affairs of any federally insured institution. These are reserved for conduct involving personal dishonesty, willful disregard for institution safety, or criminal violations.

The FDIC problem bank list — formally the list of institutions with CAMELS composite ratings of 4 or 5 — is a leading indicator of formal enforcement activity. Institutions on this list are subject to heightened examination frequency and more aggressive supervisory timelines. Readers seeking the full scope of FDIC regulatory authority can refer to the FDIC authority overview for foundational context.