OCC’s September Enforcement Actions Put the Spotlight on Bank Staff Misconduct

Key Takeaways

• No Institutional Penalties: The OCC issued no new enforcement actions against banks in September 2025.
• Five Prohibition Orders: Former employees of TD Bank, Wells Fargo, and PNC Bank were permanently banned for fraud, theft, and misappropriation.
• PPP Loan Fraud: Two cases involved abuse of COVID-era Payment Protection Program loans, totaling over $220,000.
• ATM Thefts: Two former Wells Fargo employees stole more than $40,000 from branch ATMs.
• Terminated Orders: Cease-and-desist orders against Gateway Bank (2020) and Vast Bank (2023) were lifted after compliance improvements.

Deep Dive

The Office of the Comptroller of the Currency (OCC) ended summer with a pointed reminder that accountability in banking isn’t confined to the boardroom. In its September 2025 enforcement actions, the regulator issued no new penalties against institutions but handed out prohibition orders to five former bank employees for fraud, theft, and misappropriation of funds.

These lifetime bans from banking mark the OCC’s most serious sanction against individuals, underscoring that misconduct at the teller window or call center can carry consequences as severe as failures in the C-suite.

Fraud and Misappropriation at the Front Lines

Several of the cases stemmed from abuse of the federal government’s COVID-era relief programs. Armando De Leon, a former TD Bank branch manager in Hialeah, Florida, was found to have submitted fraudulent Payment Protection Program applications, collecting more than $80,000 for himself. At PNC Bank’s Royal Palm, Florida branch, former teller Gerald E. Milligan II used falsified documentation to obtain a $141,530 PPP loan, also for personal gain.

Other enforcement actions targeted outright theft. Carolyn H. Hicks, once an assistant manager at a Wells Fargo branch in Georgia, misappropriated around $25,000 from an ATM. In New Jersey, former Wells Fargo teller Walther Riano-Vanegas stole $15,670 from two ATMs. Meanwhile, Charron Meadows, a former team manager at TD Bank’s New Jersey call center, siphoned off at least $150,000.

Though modest in size compared to headline-grabbing corporate fraud, these cases strike at customer trust and underscore the regulator’s push to reinforce ethical standards across all layers of banking.

Old Cases Closed

Alongside the prohibition orders, the OCC announced the termination of two longstanding cease-and-desist orders. Gateway Bank in Oakland, California, saw the lifting of a 2020 order tied to weaknesses in oversight, consumer compliance, and Bank Secrecy Act/anti-money laundering controls. Vast Bank in Tulsa, Oklahoma, had its 2023 order terminated after addressing deficiencies ranging from capital planning and liquidity management to IT controls and custody account oversight.

The OCC’s September actions highlight a dual approach: closing out past orders once compliance is demonstrated while cracking down on individuals whose misconduct undermines institutional integrity. Even as regulators push banks to strengthen governance and controls, they remain equally focused on deterring bad actors at the employee level.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.