On October 31, 2025, the Federal Deposit Insurance Corporation (FDIC) released its list of enforcement decisions and orders for the month of September 2025. Of the 13 enforcement actions identified, more than half alleged that institution-affiliated parties (IAPs) engaged in conduct the FDIC determined to be unsafe or unsound banking practices. The October 2025 enforcement decisions and orders, published November 28, 2025, included two similar actions, underscoring the value of having a capable response team ready to act when misconduct occurs.
This article reviews recent enforcement actions against banks and highlights the critical roles that should be represented in a well-structured investigative group, ensuring institutions can respond quickly to detect, assess, and remediate insider misconduct effectively.
Cases of Unsafe and Unsound Banking Practices by IAPs
Some examples of unsafe and unsound banking practices the FDIC identified in its recent press releases include the following fact patterns:
- Over a nine-month period, a bank teller made unauthorized personal transactions using funds from customer accounts, causing a loss to the bank of nearly $186,000.
- During a six-month period, a bank employee stole over $24,000 from four customers by cashing 16 fraudulent checks.
- Over the span of one year, a bank’s vice president and loan officer originated two unsecured loans. The employee then attempted to secure the loans by disbursing the loan proceeds to checking accounts and placing deposit holds on the disbursed funds. Without securing additional collateral, the employee then repeatedly released the deposit holds securing the loan proceeds, causing a loss to the bank.
- During a 10-year period, a bank’s chief operating officer misappropriated bank funds by making unauthorized transactions through the bank’s Automated Clearing House (ACH) account at the Federal Reserve Bank (FRB) to pay for her personal expenses. The employee concealed the misconduct by deleting transactions from the bank’s ACH files and creating fictitious reconcilements with altered FRB account statements.
- A bank employee authorized more than 25 withdrawals in one month from customer accounts to multiple unauthorized individuals, causing the bank to suffer a $255,000 loss. The employee ultimately pled guilty to bank fraud and aggravated identity theft in 2025.
- For nearly one year, an employee ordered unauthorized debit and credit cards through the accounts of five elderly or deceased customers and stole funds through nearly 200 cash withdrawals and point-of-sale transactions.
- A bank teller misappropriated customer funds by processing unauthorized over-the-counter withdrawals and cashing unauthorized “Not on Us” checks and then providing proceeds to third-party impersonators. The employee processed at least 18 unauthorized transactions during a two-month period, resulting in a loss to the bank of nearly $40,000.
The Cross-Functional Team
The issues in these actions demonstrate how insider misconduct can escalate if not addressed promptly. A well-prepared response team enables banks to move quickly from detection to resolution, limiting financial losses and reputational damage. While the composition of such a team may vary by institution, the following roles are pivotal in ensuring investigations are thorough and coordinated:
- Chief human resources officer (CHRO) or equivalent and/or ethics officer: These individuals are typically responsible for investigating the matter and initiating termination proceedings if warranted.
- Chief risk officer (CRO) or equivalent and insurance team (if applicable): The CRO generally supports the investigation and keeps the board and senior management informed. If losses trigger insurance claims, the insurance team may also play a role in managing that process.
- Chief legal officer (CLO) or general counsel (GC): The CLO or GC can advise whether the investigation should be conducted at their instruction to preserve attorney-client privilege and confidentiality of the results. They also determine if non-disclosure agreements are necessary.
- Bank Secrecy Act (BSA) officer: The BSA officer is responsible for determining whether insider abuse may constitute a criminal violation, which would require the filing of a Suspicious Activity Report (SAR) under federal law. This decision is risk-based and typically made in consultation with the CLO/GC, CRO, human resources department, and legal and/or risk management teams.
- Bank security officer: The bank security officer is designated as required by the Bank Protection Act (12 U.S.C. § 1882) to oversee security measures and assist in investigating potential unsafe or unsound banking practices.
- Additional stakeholders: The bank may also need to include additional stakeholders such as their chief compliance officer, information security, branch or loan operations, and other relevant departments, as applicable, to ensure comprehensive identification and investigation of misconduct.
The board and senior management must be informed of the matter to determine potential financial loss to the bank, consumer harm, and the actions needed to resolve and remediate the issue.
These enforcement decisions and orders serve as a reminder that an effective response team is fundamental for mitigating risk and restoring trust after an incident.
Frost Brown Todd represents a wide variety of financial institutions and is available to help you navigate key legislative changes and emerging compliance considerations. If your organization has questions or would like guidance on this topic, please contact the authors or any attorney with Frost Brown Todd’s Regional & Community Banks or Consumer Financial Services & Consumer Protection teams.
Banking On It
Delivering timely and practical commentary on the legal and regulatory challenges impacting financial institutions, our Banking On It blog covers a wide range of topics, from consumer finance and loan originations to workouts and regulatory enforcement trends. Our goal is to keep you informed and prepared for what’s ahead.