A risk consultant is meeting with the senior management of a midsize bank to discuss ways in which the bank can improve its management of financial crime and fraud risk. During the meeting, the consultant uses the example of USAA Bank to explain how weaknesses in controls and processes used to manage these risks can result in large losses as well as regulatory fines. Which of the following best explains the fine imposed by regulators on USAA Bank?