When a bank's problems are serious enough that supervisory findings alone won't fix them, regulators escalate to enforcement actions. These fall into two broad categories: informal actions, which are not public and not legally enforceable on their own, and formal actions, which are public, legally enforceable, and can carry penalties. Understanding where each action sits on the ladder, from a memorandum of understanding to a consent cease-and-desist order, tells you how serious your situation is and what a regulator expects next.
Key Takeaways:
- Informal actions (board resolutions, memoranda of understanding) are non-public and not directly enforceable, used for less severe issues
- Formal actions (written agreements, consent orders, cease-and-desist orders) are public, legally enforceable, and signal serious supervisory concern
- A consent order is a formal action the bank agrees to without admitting or denying the findings
- Civil money penalties are monetary fines that can accompany formal actions
- Most enforcement actions are resolved by consent rather than litigation, but they remain binding and public
Informal vs Formal: The Core Distinction
The single most important distinction in enforcement is informal versus formal.
Informal actions are supervisory tools used when problems are meaningful but the institution is generally cooperative and capable of self-correction. They are not public and are not independently enforceable in court, though failure to comply typically leads to escalation. They put the bank on notice and create a documented expectation of correction.
Formal actions are authorized by statute, are generally public, and are legally enforceable. Violating a formal action can lead to additional penalties. Formal actions appear in the regulator's public enforcement databases, which means customers, counterparties, and the market can see them.
The move from informal to formal is the line that changes everything about how an institution should respond, because formal actions carry legal weight and reputational exposure. Our explainer on what an FDIC consent order means covers the most common formal action in depth.
The Enforcement Ladder
Enforcement actions escalate roughly in this order, though regulators can start at any rung depending on severity.
Informal Actions
Board Resolution. A formal commitment adopted by the bank's board to take specific corrective steps. The lightest tool, used for limited issues.
Memorandum of Understanding (MOU). A documented agreement between the bank and its regulator describing the problems and the corrective actions the bank will take. An MOU is more serious than a board resolution but remains informal and non-public. It often follows an exam that downgraded a rating or surfaced significant weaknesses.
Formal Actions
Written Agreement. A formal, enforceable agreement (the Federal Reserve commonly uses this term). It is public and binding, sitting at the entry point of formal enforcement.
Consent Order. A formal order the bank agrees to, typically "without admitting or denying" the findings. The bank consents to specific, enforceable requirements: remediation, governance changes, capital or growth conditions, and reporting. Consent orders are the workhorse of formal enforcement because they avoid litigation while binding the bank.
Cease-and-Desist (C&D) Order. An order directing the bank to stop specified unsafe or unsound practices or violations and to take affirmative corrective action. A C&D can be entered by consent or, if contested, after an administrative proceeding.
Civil Money Penalty (CMP). A monetary fine assessed for violations or noncompliance. CMPs can accompany other formal actions and are tiered by the severity and culpability involved.
Severe actions. In the most serious cases, regulators can pursue removal and prohibition orders against individuals, or, ultimately, termination of deposit insurance or charter.
The statutory basis for much of this sits in 12 U.S.C. § 1818, the primary federal enforcement provision for insured depository institutions.
How Findings Become Enforcement
Enforcement rarely appears from nowhere. It usually follows a chain that starts at the examination.
- Examination findings (MRAs and, for the Federal Reserve, MRIAs) identify deficiencies
- Unaddressed or recurring findings signal that supervision alone isn't working
- Informal action (MOU) formalizes the expectation when findings persist or severity rises
- Formal action (consent order, written agreement) follows when informal measures fail or the issue is serious enough to warrant public, enforceable terms
The mechanism that drives escalation is most often recurrence and inaction. A finding that the bank fails to correct, or corrects superficially so it returns, is the classic path from MRA to MRIA to enforcement. We cover that dynamic in why banks get repeat exam findings and the supervisory finding hierarchy in MRA vs MRIA.
The takeaway for compliance officers: the cheapest place to stop this chain is at the finding stage, with real root-cause remediation and verified closure, long before enforcement is on the table.
Responding to an Enforcement Action
Whether the action is informal or formal, the response discipline is similar, with formal actions demanding more rigor and board involvement:
- Understand every requirement. Enforcement actions contain specific articles or provisions, each an obligation with its own deadline. Map them.
- Assign ownership. Each provision needs a named owner accountable for completion and evidence.
- Build a remediation plan with dates. Regulators expect a credible plan and progress reporting, often on a defined cadence. Our corrective action plan template provides a structure.
- Document board oversight. Boards are expected to actively oversee remediation of formal actions.
- Evidence and report. Closure of each provision requires proof, and you report progress to the regulator until the action is terminated.
An enforcement action is not lifted until the regulator is satisfied each requirement is met and sustained. That makes provision-level tracking and evidence the core of getting out from under one.
Getting out of an enforcement action is a provision-by-provision tracking and evidence exercise. See how Canarie maps each enforcement requirement to owners, actions, and proof →
Frequently Asked Questions
What is the difference between informal and formal enforcement actions?
Informal actions, such as board resolutions and memoranda of understanding, are non-public and not directly enforceable in court, used for less severe issues. Formal actions, such as written agreements, consent orders, and cease-and-desist orders, are public, legally enforceable, and can carry civil money penalties, signaling serious supervisory concern.
What is a consent order for a bank?
A consent order is a formal, public, legally enforceable action that a bank agrees to, typically without admitting or denying the regulator's findings. The bank consents to specific requirements such as remediation steps, governance changes, capital or growth conditions, and progress reporting until the regulator terminates the order.
What is the difference between an MOU and a consent order?
A memorandum of understanding is an informal, non-public agreement describing problems and corrective actions, used for meaningful but less severe issues. A consent order is a formal, public, legally enforceable action used for more serious matters. The MOU is lower on the enforcement ladder and is not directly enforceable in court.
What is a cease-and-desist order?
A cease-and-desist order is a formal action directing a bank to stop specified unsafe, unsound, or unlawful practices and to take affirmative corrective steps. It can be entered by consent or, if contested, after an administrative proceeding, and it is public and legally enforceable.
Are bank enforcement actions public?
Formal enforcement actions, including written agreements, consent orders, and cease-and-desist orders, are generally public and appear in the regulators' enforcement databases. Informal actions, such as board resolutions and memoranda of understanding, are not public. Civil money penalties associated with formal actions are also disclosed.
Track Your Way Out of Enforcement
An enforcement action is a list of binding requirements with deadlines, and the regulator won't lift it until each one is met and sustained with evidence. The institutions that exit fastest are the ones that treat every provision as a tracked obligation with a named owner and documented proof of closure.
Canarie maps each enforcement provision to an owner, a corrective action, and the evidence that proves it's resolved, with the progress reporting regulators expect built in.
See how Canarie manages enforcement remediation to closure →