Each depositor insured to at least $250,000 per insured bank



Home > Regulation & Examinations > Bank Examinations > FDIC Enforcement Decisions and Orders




FDIC Enforcement Decisions and Orders

ED&O Home | Search Form | Text Search | ED&O Help


{{10-31-99 p.C-4622}}
   [11,556] In the Matter of First Alliance Bank and Trust Company, Manchester, New Hampshire, Docket No. 98-066b (9-28-98)

   A cease and desist order was issued, based on findings by the FDIC that it had reason to believe that respondent had engaged in unsafe and unsound practices. (This order was terminated by order of the FDIC dated 8-27-99; see ¶16,240.)

   [.1] Management—Qualifications Specified
   [.2] Loan Loss Reserve—Establishment of or Increase Required
   [.3] Capital—Increase Required
   [.4] Profit Plan—Preparation of Plan Required
   [.5] Funds Management and Liquidity—Preparation or Revision of Funds Management Policy Required
   [.6] Strategic Plan—Preparation of Required
{{11-30-98 p.C-4623}}
   [.7] Investments and Investment Policy—Investment Policy Preparation or Revision Required
   [.8] Bank Operations—Internal Routine and Control Procedures— Establish
   [.9] Violations of Law—Correction of Violations Required
   [.10] Year 2000 Plan—Preparation of Required
   [.11] Dividends—Dividends Restricted
   [.12] Shareholders—Disclosure of Cease and Desist Order Required

In the Matter of

FIRST ALLIANCE BANK
and TRUST COMPANY

MANCHESTER, NEW HAMPSHIRE
(Insured State Nonmember Bank)
ORDER TO CEASE
AND DESIST

FDIC-98-066b

   First Alliance Bank and Trust Company, Manchester, New Hampshire ("Bank"), having been advised of its right to a Notice of Charges and of Hearing detailing the unsafe or unsound banking practices and violations of law and/or regulations alleged to have been committed by the Bank and of its right to a hearing on such alleged charges under section 8(b)(1) of the Federal Deposit Insurance Act ("Act"), 12 U.S.C. § 1818(b)(1), and having waived those rights, entered into a STIPULATION AND CONSENT TO THE ISSUANCE OF AN ORDER TO CEASE AND DESIST ("CONSENT AGREEMENT") with counsel for the Federal Deposit Insurance Corporation ("FDIC"), dated September 23, 1998, whereby solely for the purpose of this proceeding and without admitting or denying any unsafe or unsound banking practices or violations of law and/or regulations, the Bank consented to the issuance of an ORDER TO CEASE AND DESIST ("ORDER") by the FDIC.
   The FDIC considered the matter and determined that it had reason to believe that the Bank had engaged in unsafe or unsound banking practices and had violated laws and/or regulations. The FDIC, therefore, accepted the CONSENT AGREEMENT and issued the following:

ORDER TO CEASE AND DESIST

   IT IS HEREBY ORDERED that the Bank and its institution-affiliated parties, as that term is defined in section 3(u) of the Act, 12 U.S.C. § 1813(u), cease and desist from, the following unsafe or unsound banking practices and violations of law and/or regulations:
   (a) operating with management whose policies and practices are detrimental to the Bank and jeopardize the safety of its deposits, including, but not limited, policies and practices with respect to Bank Information Systems (as that term is defined in paragraph (i) below);
   (b) engaging in violations of applicable laws and regulations;
   (c) engaging in practices which produce inadequate operating income;
   (d) engaging in policies and practices that deplete the Bank's capital at a hazardous rate and threaten to reduce the Bank's capital position to an unacceptable level;
   (e) failing to provide adequate supervision and direction over the affairs of the Bank to prevent unsafe or unsound practices and violations of law and/or regulations;
   (f) failing to submit Reports of Condition and Income in accordance with prevailing instructions;
   (g) operating with inadequate liquidity;
   (h) operating without proper internal routine and controls and risk management policies and procedures;
   (i) operating with a Board of Directors which has failed to provide adequate supervision and direction to prevent unsafe and unsound practices with respect to the Bank's electronic information systems and other automated systems that are used by the Bank, or upon which the Bank depends for the conduct of its business ("Bank Information Systems"); and
   (j) failing to take appropriate measures to ensure that the Bank Information Systems are able to perform correctly all automated processing operations, including interactions and interdependencies with other {{11-30-98 p.C-4624}}automated systems, involving dates later than December 31, 1999 ("Year 2000 compliant").
   IT IS FURTHER ORDERED that the Bank and its institution-affiliated parties take affirmative action as follows:

   [.1] 1. (a) Within sixty (60) days from the effective date of this ORDER, the Bank shall have and retain qualified management. At a minimum, such management shall include a Chief Executive Officer with proven ability in managing a bank of comparable size. Such person shall be provided the necessary written authority to implement the provisions of this ORDER. The qualifications of Bank management shall be assessed on its ability to:

    (i) comply with the requirements of this ORDER;
    (ii) ascertain that the Bank Information Systems are fully Year 2000 compliant and are appropriately tested to demonstrate such compliance;
    (iii) operate the Bank in a safe and sound manner;
    (iv) comply with applicable laws and regulations; and
    (v) restore all aspects of the Bank to a safe and sound condition.
   (b) Within thirty (30) days from the effective date of this ORDER, the Bank shall designate an executive officer as the Bank's Year 2000 Officer. The Year 2000 Officer shall possess the experience and qualifications necessary to provide appropriate oversight over the Bank's efforts to bring the Bank Information Systems into Year 2000 compliance. The Year 2000 Officer shall be provided the necessary written authority to implement the provisions of this ORDER relating to Year 2000 compliance.
   (c) The Year 2000 Officer shall have the authority to appoint additional Bank personnel to assist in complying with the provisions in this ORDER relating to Year 2000 compliance.
   (d) As long as this ORDER remains in effect, the Bank shall notify the Regional Director of the Division of Supervision for the FDIC's Boston Regional Office ("Regional Director") and the Banking Commissioner for the State of New Hampshire ("Commissioner") in writing of any changes in management, any vacancy in the Year 2000 Officer position, and/or any change in the identity of the Year 2000 Officer. Such notification/s shall be in addition to any application and prior approval requirements established by section 32 of the Act, 12 U.S.C. § 1831i, and implementing regulations; shall include the names and qualifications of any replacement personnel; and shall be provided at least ten (10) days prior to any individual assuming the new position.
   (e) Within ninety (90) days from the effective date of this ORDER, the Board of Directors shall develop a written analysis and assessment of the Bank's management and staffing needs ("management plan"), which shall include, at a minimum:
    (i) identification of both the type and number of officer positions needed to manage and supervise properly the affairs of the Bank;
    (ii) identification and establishment of such Bank committees as are needed to provide guidance and oversight to active management;
    (iii) evaluation of each Bank officer and staff member to determine whether these individuals possess the ability, experience and other qualifications required to perform present and anticipated duties, including adherence to the Bank's established policies and practices, and maintenance of the Bank in a safe and sound condition; and
    (iv) a plan of action to recruit and hire any additional or replacement personnel with the requisite ability, experience and other qualifications, which the Board of Directors determines are necessary to fill Bank officer or staff member positions consistent with the Board's analysis, evaluation and assessment as provided in paragraphs 1(e)(i) and 1(e)(iii) of this ORDER.
   (f) The written management plan shall be submitted to the Regional Director and the Commissioner for review and comment within ninety (90) days from the effective date of this ORDER. No sooner than thirty (30) days, but under no circumstances more than sixty (60) days after such submission, the Board of Directors shall approve the written management plan, taking into consideration any regulatory comments, and such approval shall be recorded in the minutes of the Board of Directors. Subsequent modifications to the written management plan may be made only after giving the Regional Director and the Commissioner written notice of the proposed modification, and after consideration of any responsive comments sub- {{11-30-98 p.C-4625}}mitted by the Regional Director and/or the Commissioner within thirty (30) days from their receipt of the notice of proposed modification. No such modification shall become effective until approved by the Board of Directors, and such approval shall be recorded in the minutes of the Board of Directors. The Bank, its directors, officers and employees shall implement and follow the written management plan and/or any subsequent modification thereto.
   (g) (i) The written management plan shall also include the requirement that the Board of Directors of the Bank, or a committee thereof not less than a majority of whose members are independent with respect to the Bank, provide supervision over lending, investment and operating policies of the Bank sufficient to ensure that the Bank complies with the provisions of this ORDER.
   (ii) At the next meeting of the shareholders of the Bank, and at each succeeding meeting of the shareholders at which Bank directors are to be elected, the members of the Board of Directors who are also shareholders shall nominate and support the election of candidates to the Board of Directors who are independent with respect to the Bank, in such number as is necessary to cause a majority of the Board of Directors to be and to remain independent with respect to the Bank.
   (iii) For purposes of this ORDER, an individual who is "independent with respect to the Bank" shall be any individual (1) who is not an officer of the Bank and who does not own, directly or indirectly, more than five (5.0) percent of the outstanding shares of the Bank, (2) who is not related by blood, marriage or common financial interest to an officer of the Bank or to any stockholder owning, directly or indirectly, more than five (5.0) percent of the Bank's outstanding shares, and (3) who is not indebted to the Bank, directly or indirectly (including the indebtedness of any entity in which the individual has a substantial financial interest), in an amount exceeding five (5.0) percent of the Bank's total equity capital and allowance for loan and lease losses.
   (h) The Bank's Board of Directors shall meet at least monthly. The board shall prepare in advance and shall follow a detailed written agenda at each meeting, which shall include consideration of actions of any committees. A chronological file of all written agendas shall be maintained. Notwithstanding the foregoing, the Board shall not be precluded from considering matters other than those contained in the agenda. Detailed written minutes of all Board meetings shall be maintained and recorded on a timely basis.

   [.2] 2. (a) The Bank shall maintain its allowance for loan and lease losses ("Reserve") in accordance with the prevailing requirements of the Instructions for the Reports of Condition and Income ("Instructions").
   (b) Prior to the submission of any Report of Condition or Report of Income required to be filed by the Bank after the effective date of this ORDER, the Board of Directors of the Bank shall: (1) review the adequacy of the Bank's Reserve, (2) provide for an adequate Reserve, and (3) accurately report the Reserve in any such Report of Condition and Income. The minutes of the Board meeting at which such review is undertaken shall indicate the results of the review, including any increases in the Reserve, and the basis for determining the amount of allowance provided.

       [.3] 3. (a) (i) The Bank shall continue to maintain its Tier 1 leverage capital ratio at or in excess of eight (8.0) percent of the Bank's total assets as calculated herein while this ORDER is in effect.
    (ii) By October 30, 1998, the Bank shall develop a Capital Plan which will be submitted to the Regional Director and the Commissioner for approval. The Capital Plan should address both internal and external sources of capital augmentation, including capital infusions, retention of earnings, restrictions of asset growth and asset sales.
    (iii) For purposes of this ORDER, the terms "Tier 1 capital" and "total assets" shall have the meanings ascribed to them in Part 325 of the FDIC's Rules and Regulations, 12 C.F.R. Part 325.
   (b) In calculating the Bank's Tier 1 leverage capital ratio under paragraph 3(a) initially, the Bank shall first comply fully with paragraph 2(a) of this ORDER. Thereafter, such ratio and its component parts shall be determined only after the Bank has made such additions to its Reserve so as to bring the Reserve into compliance with the prevailing requirements of the Instructions and charged off any losses iden- {{11-30-98 p.C-4626}}tified subsequent to the Joint FDIC/State Examination of the Bank dated on April 20, 1998 ("Examination").
   (c) Any increase in the Tier 1 leverage capital ratio made by the Bank in order to meet the requirements of paragraph 3(a) of this ORDER may be accomplished by:
    (i) the sale of new offerings of common stock or perpetual preferred stock;
    (ii) the direct contribution of cash by the directors of the Bank;
    (iii) the collection in cash of assets previously charged off;
    (iv) any combination of the above means; or
    (v) any other means acceptable to the Regional Director and the Commissioner.
   If the Tier 1 leverage capital ratio specified in paragraph 3(a)(i) declines below eight (8.0) percent, the Bank, within thirty (30) days after the date on which said ratio so declined, shall submit a written plan to the Regional Director and the Commissioner for increasing such ratio up to or in excess of eight (8.0) percent within sixty (60) days after the written plan is implemented.
   Thereafter, the Bank shall continue to maintain its Tier 1 leverage capital ratio at or in excess of such level as calculated herein while this ORDER is in effect. Upon approval by the Regional Director and the Commissioner, the Bank shall immediately implement the written plan.
   (e) In addition to the requirements of paragraphs 3(a)-(d), the Bank shall comply with the FDIC's Statement of Policy on RiskBased Capital found in Appendix A to Part 325 of the FDIC's Rules and Regulations, 12 C.F.R. Part 325, App. A.
   (f) If all or part of any increase in capital made by the Bank in order to meet the requirements of this paragraph 3 involves an offering, other than an offering deemed not to be a public securities offering pursuant to 17 C.F.R. § 230.506 as currently in effect or as hereafter amended, of the Bank's securities (including a distribution limited only to the Bank's existing shareholders), the Bank shall prepare detailed offering materials fully describing the securities being offered, including an accurate description of the financial condition of the Bank and of this ORDER as well as the circumstances giving rise to the offering, and any other material disclosures necessary to comply with the Federal securities laws. Prior to the sale of the securities, and, in any event not less than twenty (20) days prior to the dissemination of such materials, the materials used in the sale of the securities shall be submitted to the
   FDIC
   Registration and Disclosure Section
   550 17th Street, N.W.
   Washington, D.C. 20429
for review. Any changes requested to be made in the materials by the FDIC shall be made prior to their dissemination.
   (g) In complying with the provisions of paragraph 3(f) of this ORDER, the Bank shall provide to any subscriber and/or purchaser of Bank stock, written notice of any planned or existing development or other change which is materially different from the information reflected in any offering materials used in connection with the sale of Bank securities. The written notice required by this paragraph 3(g) shall be furnished within ten (10) calendar days from the date such material development or change was planned or occurred, whichever is earlier, to every purchaser and/or subscriber of Bank stock who received or was tendered the information contained in the Bank's original offering materials.
   (h) The Bank's Board of Directors shall maintain in its minutes a written record of all actions taken by the Bank to comply with the capital requirements of paragraphs 3(a) through 3(g) of this ORDER, including, at a minimum, any action to increase its Tier 1 capital by each of the methods specified in paragraphs 3(c)(i) through 3(c)(v) of this ORDER.

   [.4] 4. (a) Within ninety (90) days from the effective date of this ORDER, the Bank shall develop a written profit plan consisting of goals and strategies for improving the earnings of the Bank, which written profit plan shall include, at a minimum:

    (i) identification of the major areas in, and means by, which the Board of Directors will seek to improve the Bank's operating performance;
    (ii) realistic and comprehensive budgets;
    (iii) a budget review process to monitor the income and expenses of the Bank to compare actual figures with budgetary projections; and
    (iv) a description of the operating assumptions that form the basis for, and adequately support, major projected income and expense components.
{{11-30-98 p.C-4627}}
   (b) The written profit plan shall be submitted to the Regional Director and the Commissioner for review and comment within ninety (90) days from the effective date of this ORDER. No sooner than thirty (30) days, but under no circumstances more than sixty (60) days after such submission, the Board of Directors shall approve the written profit plan, taking into consideration any regulatory comments, and such approval shall be recorded in the minutes of the Board of Directors. Subsequent modifications to the written profit plan may be made only after giving the Regional Director and the Commissioner written notice of the proposed modification, and after consideration of any responsive comments submitted by the Regional Director and/or the Commissioner within thirty (30) days from their receipt of the notice of proposed modification. No such modification shall become effective until approved by the Board of Directors, and such approval shall be recorded in the minutes of the Board of Directors. The Bank, its directors, officers, and employees shall follow the written profit plan and/or any subsequent modification thereto.

   [.5] 5. (a) Within thirty (30) days from the effective date of this ORDER, the Bank shall develop a written funds management policy which shall include, at a minimum:

    (i) the Bank's liquidity needs and plans for insuring that such needs are met on an ongoing basis;
    (ii) goals and strategies for managing and/or improving the Bank's interest rate risk exposure;
    (iii) monitoring of the interest rate sensitivity of present investments and deposits and projections of the types of investments and deposits to improve such liquidity position; and
    (iv) coordination of the Bank's loan, investment, operating, and budget and profit planning policies with the written funds management policy.
   (b) The written funds management policy shall be submitted to the Regional Director and the Commissioner for review and comment within thirty (30) days from the effective date of this ORDER. No sooner than thirty (30) days, but under no circumstances more than sixty (60) days after such submission, the Board of Directors shall approve the written funds management policy, taking into consideration any regulatory comments, and such approval shall be recorded in the minutes of the Board of Directors. Subsequent modifications to the written funds management policy may be made only after giving the Regional Director and the Commissioner written notice of the proposed modification, and after consideration of any responsive comments submitted by the Regional Director and/or the Commissioner within thirty (30) days from their receipt of the notice of proposed modification. No such modification shall become effective until approved by the Board of Directors, and such approval shall be recorded in the minutes of the Board of Directors. The Bank, its directors, officers, and employees shall follow the written funds management policy and/or any subsequent modification thereto.

   [.6] 6. (a) Within ninety (90) days from the effective date of this ORDER, the Bank shall develop a comprehensive strategic plan which shall address basic business concepts of the Bank's strengths, weaknesses, opportunities, and threats. The plan should also address lines of business and strategies.
   (b) The strategic plan shall be submitted to the Regional Director and the Commissioner for review and comment within ninety (90) days from the effective date of this ORDER. No sooner than thirty (30) days, but under no circumstances more than sixty (60) days after such submission, the Board of Directors shall approve the strategic plan, taking into consideration any regulatory comments, and such approval shall be recorded in the minutes of the Board of Directors. Subsequent material modifications to the strategic plan, i.e. new lines of business, may be made only after giving the Regional Director and the Commissioner written notice of the proposed modification, and after consideration of any responsive comments submitted by the Regional Director and/or the Commissioner within thirty (30) days from their receipt of the notice of proposed modification. No such modification shall become effective until approved by the Board of Directors, and such approval shall be recorded in the minutes of the Board of Directors. The Bank, its directors, officers, and employees shall follow the strategic plan and/or any subsequent modification thereto.

   [.7] 7. Within thirty (30) days from the effective date of this ORDER, the Bank shall review its written investment policy and shall {{11-30-98 p.C-4628}}record the results of such review in the Board of Director's minutes. Thereafter, the Bank, its directors, officers, and employees shall follow the written investment policy and/or any subsequent modification thereto.

   [.8] 8. Within thirty (30) days from the effective date of this ORDER, the Bank shall establish a system of internal controls and risk management practices.
   9. Within thirty (30) days from the effective date of this ORDER, the Bank shall correct all noted deficiencies in the areas of wire transfer, Bank Secrecy Act, electronic banking, and information systems.

   [.9] 10. Within sixty (60) days from the effective date of this ORDER, the Bank shall eliminate and/or correct all violations of law and regulations committed by the Bank as described on pages 36 through 39 of the Examination.
   11. Within thirty (30) days from the effective date of this ORDER, the Bank shall establish and maintain an accurate general ledger system.

   [.10] 12. (a) Within forty-five (45) days from the effective date of this ORDER, the Bank shall develop and adopt a plan which details how the Bank shall assess, renovate, and test all Bank Information Systems to establish that they are fully Year 2000 compliant ("Year 2000 Plan"). At a minimum, the Bank's Year 2000 Plan shall contain provisions to address all of the requirements of this ORDER and shall be in accordance with the Federal Financial Institutions Examination Council's ("FFIEC's") May 5, 1997, Interagency Statement on Year 2000 Project Management Awareness and all other statements and guidelines by the FFIEC regarding Year 2000 readiness and contingency planning ("FFIEC issuances").
   (b) The Year 2000 Plan shall be reviewed and approved by the Bank's Board of Directors prior to adoption, and such review and approval shall be recorded in the minutes of the Bank's Board of Directors meeting. Immediately following the adoption of the Bank's Year 2000 Plan, the Bank shall submit a copy of the plan to the Regional Director and the Commissioner. The Bank's Board of Directors shall consider any comments on the Year 2000 Plan from the FDIC or the Commissioner, and shall amend the Year 2000 Plan as necessary.
   (c) Thereafter, the Bank shall implement the Year 2000 Plan.
   13. No later than sixty (60) days from the effective date of this ORDER, and in accordance with the FFIEC issuances, the Bank shall perform a review of the extent of the Bank's Year 2000 noncompliance and the need for the Bank Information Systems to be fully Year 2000 compliant. In performing this review, the Bank shall consult with: Bank personnel; electronic information systems service providers or providers of services to the Bank that involve embedded microprocessors or telecommunications links; software vendors; other entities with which the Bank regularly exchanges data electronically; and material Bank customers, including loan customers, deposit customers, and capital markets counterparties, and all customers whose own Year 2000 compliance status may pose a risk to the Bank, in accordance with the FFIEC issuances.
   14. Within sixty (60) days of the effective date of this ORDER, the Bank shall develop a written assessment of the extent of the actual and potential Year 2000 problems that are posed by the Bank Information Systems. The Bank shall amend its Year 2000 Plan as appropriate based on this written assessment. The Bank's written assessment shall be reviewed and approved by the Bank's Board of Directors, and such review and approval shall be recorded in the minutes of the Bank's Board of Directors meeting. Immediately thereafter, a copy of such written assessment and the amended Year 2000 Plan shall be provided to the Regional Director and to the Commissioner. Such assessment shall:

    (a) Identify all information systems hardware, operating systems software, application software, data files, automated teller machines, telecommunications technologies, environmental systems, and other automated systems that are used by the Bank;
    (b) Identify all interdependencies between the Bank Information Systems and those of its service providers, software vendors, other entities with which the Bank regularly exchanges data electronically, and material Bank customers;
    (c) Conduct due diligence of the Bank's service providers, any service provider that is used by the Bank's service providers, and software vendors, in accordance with the FFIEC issuances, to determine such service provider's or software vendor's awareness of, and ability to correct, any Year 2000 compliance problems;
    {{11-30-98 p.C-4629}}
    (d) Evaluate the effect of implementation of the Year 2000 Plan on data exchange between the Bank and its service providers and other entities with which the Bank regularly exchanges data;
    (e) Establish priorities for renovation, validation, and implementation of Bank Information Systems which are most critical to the Bank's operations, as discussed in the FFIEC issuances ("Internal Mission Critical Systems");
    (f) Identify the resources that will be needed to correct any Year 2000 problems that are identified in the Bank Information Systems, and establish a budget and time frames for correcting such problems;
    (g) Evaluate the potential Year 2000 problems that mergers & acquisitions, major systems development, and corporate alliances may have on existing Bank Information Systems and the potential Year 2000 compliance issues that may arise from acquired systems; and
    (h) Address each of the potential Year 2000 problem issues that are identified in the FFIEC issuances.
   15. Within one hundred and twenty (120) days from the effective date of this ORDER, the Bank shall renovate the Bank Information Systems, to the extent that such renovation is necessary to correct all Year 2000 compliance deficiencies that are identified in the assessment phase of the Bank's Year 2000 Plan. Such renovation shall be conducted in accordance with the FFIEC issuances, and give priority to Internal Mission Critical Systems.
   16. (a) Within one hundred and twenty (120) days of the effective date of this ORDER, the Bank shall develop a Remediation Contingency Plan, in accordance with the FFIEC issuances. The Remediation Contingency Plan shall set forth the Bank's alternate plans to assure continuity of operations in the event the Bank must retain Year 2000 compliant replacement Internal Mission Critical Systems, service providers or software vendors, or obtain Year 2000 compliant replacement computer hardware or software from alternate sources. Such Remediation Contingency Plan shall be provided to the Regional Director and the Commissioner for their review and comment. The Bank's Board of Directors shall review any comments from the FDIC or the Commissioner and shall amend the Remediation Contingency Plan as necessary.
   (b) Within one hundred and twenty (120) days of the effective date of this ORDER, the Bank shall develop a Business Resumption Contingency Plan, in accordance with the FFIEC issuances. The Business Resumption Contingency Plan shall set forth the Bank's plans to mitigate risks associated with the failure of its systems at critical dates. The Business Resumption Contingency Plan shall include identification of the Bank's core business processes and a specific recovery plan for the possible failure of each core business process. The Bank shall provided a copy of the Business Resumption Contingency Plan to the Regional Director and the Commissioner for their review and comment. The Bank's Board of Directors shall review any comments from the FDIC or the Commissioner and shall amend the Business Resumption Contingency Plan as necessary.
   17. (a) No later than November 1, 1998, the Bank shall commence a validation process of the renovation made pursuant to Paragraph 15, which shall include comprehensive testing of all Internal Mission Critical Systems to ascertain that all such systems are in fact fully Year 2000 compliant. The Bank's Year 2000 compliance validation process shall be conducted in accordance with the FFIEC issuances. Testing of the Bank Information Systems shall include:
    (i) Testing of all changes to hardware and software that occur in the renovation phase of the Bank's Year 2000 Plan;
    (ii) Testing of all aspects of interconnectivity and interoperation of the Bank Information Systems with other systems; and
    (iii) Determinations by internal and external users that at the completion of the renovation phase of the Bank's Year 2000 Plan, the Internal Mission Critical Systems are fully Year 2000 compliant.
   (b) Following the renovation of the Bank Information Systems, to the extent that any aspect of the Bank Information systems cannot be proven to be fully Year 2000 compliant as of March 31, 1999, the validation phase of the Bank's Year 2000 Plan shall include the identification in writing of all such systems and of the nature of such systems' failure to be fully Year 2000 compliant. Such written identification shall be re- {{11-30-98 p.C-4630}}viewed by the Bank's Board of Directors by no later than April 30, 1999, and such review shall be recorded in the minutes of the Bank's Board of Directors meeting. Within thirty (30) days thereafter, the Bank shall implement the relevant portions of its Remediation Contingency Plan to replace any Internal Mission Critical System so identified as not having been proven to be Year 2000 compliant by June 30, 1999.
   18. By no later than June 30, 1999, the Bank shall have in place Internal Mission Critical Systems that are fully Year 2000 compliant. Such implementation shall include a written determination by the Bank that the Internal Mission Critical Systems have been tested successfully to determine that such systems are fully Year 2000 compliant. A copy of such written determination shall be provided to the Regional Director and to the Commissioner.
   19. Beginning on July 31, 1998, and for so long as this ORDER shall remain in effect, the Bank shall acquire or contract for the use of electronic information systems hardware, operating systems, and applications software only if such hardware, systems, and software have been successfully tested for Year 2000 compliance prior to use by the Bank. The Bank shall also ensure that any new Bank Information Systems and modifications to existing Bank Information Systems which have been previously verified as Year 2000 compliant are Year 2000 compliant.
   20. Within ninety (90) days from the effective date of this ORDER, and every ninety (90) days thereafter, the Bank shall prepare a written assessment of the Bank's risk from Year 2000 noncompliance by the Bank's material customers' information systems. The written assessment shall be in accordance with the FFIEC issuances. The Bank shall use this assessment in its quarterly analysis of the risk in its loan portfolio, the adequacy of its allowance for loan and lease losses, and its liquidity position. The assessment shall be reviewed by the Bank's Board of Directors, and such review shall be recorded in the minutes of the Bank's Board of Directors meeting. The Bank shall develop and implement appropriate risk controls to manage and mitigate the risks posed by their customers' Year 2000 compliance status.
   21. Within thirty (30) days from the effective date of this ORDER, the Bank shall adopt and implement standards for evaluating the risk posed by the Year 2000 compliance status of the electronic information systems of potential customers in accordance with the FFIEC issuances. The standards shall be reviewed and approved by the Bank's Board of Directors, and such review and approval shall be recorded in the minutes of the Bank's Board of Directors meeting.
   22. (a) Within thirty (30) days from the effective date of this ORDER, the Bank shall perform due diligence reviews to determine whether the Year 2000 compliance procedures of its service providers and software vendors, and the time frames for implementation of those procedures, are adequate. The Bank's due diligence reviews shall be conducted in accordance with the FFIEC issuances.
   (b) By December 31, 1998, the Bank shall implement an internal testing or verification process, in accordance with the FFIEC issuances, to establish that its service providers are Year 2000 compliant. Such testing shall be substantially completed by March 31, 1999. If a service provider is not Year 2000 compliant by June 30, 1999, the Bank shall immediately implement the relevant provisions of its Remediation Contingency Plan.
   (c) By November 1, 1998, the Bank shall implement an internal testing or verification process, in accordance with the FFIEC issuances, to establish that its software vendors are Year 2000 compliant. Such testing shall be substantially completed by December 31, 1998. If a software vendor is not Year 2000 compliant by March 31, 1999, the Bank shall immediately implement the relevant portions of its Remediation Contingency Plan.
   23. Within forty-five (45) days from the effective date of this ORDER, the Bank shall amend its internal and external audit policies to require periodic audits of the Bank's Year 2000 Plan and its implementation, in accordance with the FFIEC issuances. Thereafter, the Bank shall perform periodic audits of the Year 2000 Plan and its implementation. The results of the audits shall be reviewed by the Bank's Board of Directors, and such reviews shall be noted in the minutes of the Board of Directors meetings.
   24. (a) Within fifteen (15) days from the effective date of this ORDER, and thereafter for as long as this ORDER shall remain in effect, the Bank shall retain the services of a qualified electronic information systems ad- {{11-30-98 p.C-4631}}visor who is acceptable to the Regional Director and to the Commissioner. Such advisor shall participate directly in the creation, and in all phases of the implementation, of the Bank's Year 2000 Plan as described in Paragraphs 18 through 22 of this ORDER. Not less frequently than monthly, such advisor shall report to the Bank's Board of Directors regarding the status of the Bank's Year 2000 Plan. Such reports shall be recorded in the minutes of the Bank's Board of Directors meetings.
   (b) Within thirty (30) days from the effective date of this ORDER, the Bank shall retain the services of a qualified electronic information systems consultant who is acceptable to the Regional Director and to the Commissioner. Such consultant shall provide technical assistance to the Bank to ensure that (i) the Bank adequately assesses the testing results provided by its service providers to determine whether the Bank can rely on proxy test results, (ii) the Bank take adequate steps to eliminate any deficiencies in such proxy test results, and (iii) the Bank adequately test all systems and interfaces under its direct control.
   25. The Year 2000 Officer shall provide monthly status reports to the Bank's Board of Directors. Such reports shall detail the Bank's progress in implementing the Year 2000 Plan. At a minimum, the reports shall include such information as described for quarterly board reports in the FFIEC Safety and Soundness Guidelines Concerning The Year 2000 Business Risk dated December 17, 1997. The Bank shall submit copies of the monthly progress reports to the Regional Director and the Commissioner upon request. The minutes of the Board of Directors meetings shall reflect the review of such reports and any material action taken by the Board of Directors to address any Year 2000 problems.

   [.11] 26. The Bank shall not pay or declare any dividends without the prior written consent of the Regional Director and the Commissioner.

   [.12] 27. Following the effective date of this ORDER, the Bank shall send to its shareholders a description of this ORDER, (1) in conjunction with the Bank's next shareholder communication, and also (2) in conjunction with its notice or proxy statement preceding the Bank's next shareholder meeting. The description shall fully describe the ORDER in all material respects. The description and any accompanying communication, statement, or notice shall be sent to the FDIC, Registration and Disclosure Section, Washington, D.C. 20429, for review at least twenty (20) days prior to dissemination to shareholders. Any changes requested to be made by the FDIC shall be made prior to dissemination of the description, communication, notice, or statement.
   28. Within thirty (30) days from the effective date of this ORDER, and, thereafter, within thirty (30) days from the end of each calendar quarter, the Bank shall furnish written progress reports to the Regional Director and the Commissioner detailing the form and manner of any action taken to secure compliance with this ORDER and the results thereof. In addition, the Bank shall furnish such reports on request of either the Regional Director or the Commissioner. All progress reports and other written responses to this ORDER shall be reviewed by the Board of Directors of the Bank and made a part of the minutes of the Board meeting.
   This ORDER shall become effective ten (10) days from the date of its issuance.
   The provisions of this ORDER shall be binding upon the Bank and its institution-affiliated parties.
   This ORDER has been reviewed and concurred in by the Commissioner.
   The provisions of this ORDER shall remain effective and enforceable except to the extent that, and until such time as, any provisions of this ORDER shall have been modified, terminated, suspended, or set aside by the FDIC.
   Pursuant to delegated authority.
   Dated at Braintree, Massachusetts this 28th day of September, 1998.

ED&O Home | Search Form | Text Search | ED&O Help

Last Updated 6/6/2003 legal@fdic.gov