Home/Cases/Community Banks / Credit Unions/City National Bank

City National Bank

Los Angeles, CA 2022--2024 Community Banks / Credit Unions
OCC Unsafe Unsound Practices Operational Risk Bsa Aml Fair Lending Fiduciary Violations
Penalty
$65 million

Outcome

The OCC assessed a $65 million civil money penalty against City National Bank of Los Angeles in January 2024 for systemic deficiencies in risk management and internal controls including operational risk, compliance risk, fair lending, BSA/AML, and investment management, with a companion cease-and-desist order requiring comprehensive reforms.

Details

City National Bank — OCC $65 Million Penalty for Systemic Risk Management Failures (2024)

Outcome: The OCC assessed a $65 million civil money penalty against City National Bank, Los Angeles, California, on January 31, 2024, for unsafe or unsound practices constituting systemic deficiencies across multiple risk domains including operational risk, compliance risk, fair lending, BSA/AML, strategic risk, and investment management.

City National Bank, headquartered in Los Angeles and a wholly-owned subsidiary of Royal Bank of Canada, received one of the largest OCC civil money penalties issued against a bank in 2024. The OCC found that the bank had engaged in unsafe or unsound practices reflecting systemic breakdowns in its risk management framework, not isolated deficiencies in a single area. The bank failed to establish effective risk management and internal controls across operational risk event reporting, third-party risk management, fraud risk management, compliance risk management, fair lending, strategic risk management, investment management, and BSA/AML practices.

The violations included noncompliance with OCC's Heightened Standards guidelines under 12 CFR Part 30, Appendix D, which apply to certain large insured national banks and establish minimum standards for risk governance. The bank also violated the Bank Secrecy Act and 12 CFR Part 9 governing fiduciary activities. The breadth of the OCC's findings — spanning seven separate risk domains — indicated that the compliance failures had been systemic and long-standing rather than concentrated in any single department or product line.

In conjunction with the $65 million civil money penalty, the OCC issued a cease-and-desist order requiring City National to make broad and comprehensive reforms: create a compliance committee with board-level accountability, submit an initial corrective action plan, and provide ongoing progress reports to the OCC. The bank was required to address each of the identified risk domains with documented improvements in its strategic plan, operational risk management, internal controls, and compliance risk management.

Primary Source: OCC Press Release — $65 Million Penalty Against City National Bank (January 31, 2024)

How Crucible Prevents This

Crucible's quality-gate hook would catch systemic deficiencies in operational risk reporting before they compound into regulatory violations. The config-protection hook would prevent weakening of compliance risk thresholds. The instinct-observer would detect recurring patterns of internal control exceptions across multiple risk domains — the hallmark of the systemic failure found here.

Source: OCC Press Release — $65 Million Penalty Against City National Bank (January 31, 2024)

Don't let this happen to your organization. See how Crucible works.

See How Crucible Works