Each depositor insured to at least $250,000 per insured bank



Home > Regulation & Examinations > Bank Examinations > FDIC Enforcement Decisions and Orders




FDIC Enforcement Decisions and Orders

ED&O Home | Search Form | Text Search | ED&O Help


{{5-31-99 p.C-4686}}
   [11,596] In the Matter of Pacific Thrift and Loan Company, Woodland Hills, California, FDIC Docket No. 99-021b (3-1-99)

   A cease and desist order was issued, based on findings by the FDIC that it had reason to believe that respondent had engaged in unsafe and unsound practices.

   [.1] Year 2000 Plan—Year 2000 Officer—Qualifications Specified
   [.2] Year 2000 Plan—Preparation Required
   [.3] Year 2000 Plan—Remediation Contingency Plan Required
   [.4] Year 2000 Plan—Business Resumption Contingency Plan Required
   [.5] Year 2000 Plan—Mission Critical Systems Tested
{{5-31-99 p.C-4687}}
   [.6] Year 2000 Plan—Future Testing and Verification Required
   [.7] Year 2000 Plan—Diligence Reviews
   [.8] Year 2000 Plan—Periodic Audits
In the Matter of
PACIFIC THRIFT AND LOAN
COMPANY

WOODLAND HILLS, CALIFORNIA
(Insured State Nonmember Institution)
ORDER TO
CEASE AND DESIST

FDIC-99-021b

   Pacific Thrift and Loan Company, Woodland Hills, California ("Institution"), having been advised of its right to a Notice of Charges and of Hearing detailing the unsafe or unsound banking practices alleged to have been committed by the Institution and of its right to a hearing on the alleged charges under Section 8(b)(1) of the Federal Deposit Insurance Act ("Act"), 12 U.S.C. §1818(b) (1), and having waived those rights, entered into a STIPULATION AND CONSENT TO THE ISSUANCE OF AN ORDER TO CEASE AND DESIST ("CONSENT AGREEMENT") with legal counsel for the Federal Deposit Insurance Corporation ("FDIC"), dated February 24, 1999, whereby, solely for the purpose of this proceeding and without admitting or denying the alleged charges of unsafe or unsound banking practices, the Institution consented to the issuance of an ORDER TO CEASE AND DESIST ("ORDER") by the FDIC.
   The FDIC considered the matter and determined that it had reason to believe that the Institution had engaged in unsafe or unsound banking practices. The FDIC, therefore, accepted the CONSENT AGREEMENT and issued the following:

ORDER TO CEASE AND DESIST

   IT IS HEREBY ORDERED that the Institution, its institution-affiliated parties as that term is defined in Section 3(u) of the Act, 12 U.S.C. §1813(u), and its successors and assigns, cease and desist from the following unsafe and unsound banking practices.
   (a) operating with a Board of Directors which has failed to provide adequate supervision and direction to prevent unsafe and unsound practices with respect to the Institution's electronic information systems and other automated systems that are used by the Institution, or upon which the Institution depends for the conduct of its business ("Bank Information Systems"); and
   (b) failing to take appropriate measures to ensure that the Bank Information Systems are Year 2000 ready as defined in the Interagency Guidelines Establishing Year 2000 Safety and Soundness Standards (the "Guidelines") published in the Federal Register on October 15, 1998 and the FFIEC guidance papers referred to therein (the "FFIEC Guidance").
   IT IS FURTHER ORDERED, that the Institution, its institution-affiliated parties, and its successors and assigns, take affirmative action as follows:

   [.1]1. (a) Within 30 days from the effective date of this ORDER, the Institution shall retain the services of qualified management. The qualification of the Institution's management shall be assessed on its ability to:

       (i) comply with the requirements of this ORDER; and
       (ii) ascertain that the Bank Information Systems are Year 2000 ready and are appropriately tested to demonstrate such readiness.
   (b) Within 15 days of the effective date of this ORDER, the Institution shall designate an executive officer as the Institution's Year 2000 Officer. The Year 2000 Officer, or any consultant retained by the Institution who reports directly to the Year 2000 Officer, shall possess the experience and qualifications necessary to achieve Year 2000 readiness and prepare the Institution for contingencies that may arise relating to the Year 2000. The Year 2000 Officer shall be provided the necessary written authority to implement the provisions of this ORDER relating to Year 2000 readiness.
   (c) The Year 2000 Officer shall have the authority to appoint additional personnel to assist in complying with the provisions in this ORDER relating to Year 2000 readiness.
   (d) As long as this ORDER remains in effect, the Institution shall notify the Regional Director of the FDIC's Regional Office ("Regional Director") in writing of any vacancy in the Year 2000 position or change {{5-31-99 p.C-4688}}in the person filling the position. Such notification shall include the names and qualifications of any replacement personnel and shall be provided at least 10 days prior to any individual assuming the new position.

   [.2]2. (a) Within 15 days from the effective date of this ORDER, the Institution shall develop and adopt a plan for achieving Year 2000 readiness ("Year 2000 Plan"). At a minimum, the Institution's Year 2000 Plan shall contain provisions to address all of the requirements of this ORDER and shall be in accordance with the Guidelines and the FFIEC Guidance including, but not limited to, the FFIEC May 5, 1997, Interagency Statement on Year 2000 Project Management Awareness.
   (b) The Year 2000 Plan shall be reviewed and approved by the Institution's Board of Directors prior to adoption, and such review and approval shall be recorded in the minutes of the Institution's Board of Directors meeting. Immediately following the adoption of the Institution's Year 2000 Plan, the Institution shall submit a copy of the plan to the Regional Director. The Institution's Board of Directors shall consider any comments on the Year 2000 Plan from the FDIC, and shall amend the Year 2000 Plan as necessary.
   (c) Thereafter, the Institution shall implement the Year 2000 Plan.

   [.3] 3. By April 15, 1999, the Institution shall develop and implement a Remediation Contingency Plan in accordance with the Guidelines and the FFIEC Guidance. The Remediation Contingency Plan shall set forth the Institution's alternate plans to assure continuity of operations in the event the Institution must retain Year 2000 ready replacement mission-critical systems, alternate external third party suppliers, or obtain Year 2000 ready replacement computer hardware or software from alternate sources. Such Remediation Contingency Plan shall be provided to the Regional Director for his review and comment. The Institution's Board of Directors shall review any comments from the FDIC and shall amend the Remediation Contingency Plan as necessary.

   [.4] 4. By June 30, 1999, the Institution shall develop a Business Resumption Contingency Plan in accordance with the Guidelines and the FFIEC Guidance. The Business Resumption Contingency Plan shall set forth the Institution's plans to mitigate risks associated with the failure of its systems at critical dates. The Business Resumption Contingency Plan shall include identification of the Institution's core business processes and a specific recovery plan for the possible failure of each core business process. The Institution shall provide a copy of the Business Resumption Contingency Plan to the Regional Director for his review and comment. The Institution's Board of Directors shall review any comments from the FDIC and shall amend the Business Resumption Contingency Plan as necessary.

   [.5] 5. By no later than June 30, 1999, the Institution shall have in place mission-critical systems that are Year 2000 ready. Such implementation shall include a written determination by the Institution that the mission-critical systems have been tested successfully to determine that such systems are Year 2000 ready. A copy of such written determination shall be provided to the Regional Director.

   [.6] 6. Upon the effective date of this ORDER, and for so long as this ORDER shall remain in effect, the Institution shall acquire or contract for the use of electronic information systems hardware, operating systems, and applications software only if such hardware, systems, and software have been successfully tested for Year 2000 readiness prior to use by the Institution. The Institution shall also ensure that any new Bank Information Systems and modifications to existing Bank Information Systems which have been previously verified as Year 2000 ready are Year 2000 ready.

   [.7] 7. (a) Within 30 days from the effective date of this ORDER, the Institution shall perform due diligence reviews to determine whether the Year 2000 readiness procedures of its service providers and software vendors, and the time frames for implementation of those procedures, are adequate. The Institution's due diligence reviews shall be conducted in accordance with the Guidelines and the FFIEC Guidance.
   (b) By March 31, 1999, the Institution shall implement an internal testing or verification process in accordance with the Guidelines and the FFIEC Guidance to establish that its software vendors are Year 2000 ready. Such testing shall be completed by June 30, 1999. If a software vendor is not Year 2000 ready by June 30, 1999, the Institution shall immediately implement the relevant portions of its Remediation Contingency Plan.

   [.8] 8. Within 10 days from the effective date of this ORDER, the Institution shall {{5-31-99 p.C-4689}}amend its internal and external audit policies to require periodic audits of the Institution's Year 2000 Plan and its implementation, in accordance with the Guidelines and the FFIEC Guidance. Thereafter, the Institution shall perform periodic audits of the Year 2000 Plan and its implementation. The results of the audits shall be reviewed by the Institution's Board of Directors and such reviews shall be noted in the minutes of the Board of Directors meetings.
   9. The Year 2000 Officer shall provide monthly status reports to the Institution's Board of Directors. Such reports shall detail the Institution's progress in implementing the Year 2000 Plan. At a minimum, the reports shall include such information as described for quarterly board reports in the Guidelines and the FFIEC Guidance including, but not limited to, the FFIEC Safety and Soundness Guidelines Concerning The Year 2000 Business Risk dated December 17, 1997. The Institution shall submit copies of the monthly progress reports to the Regional Director. The minutes of the Board of Directors meetings shall reflect the review of such reports and any material action taken by the Board of Directors to address any Year 2000 problems.
   This ORDER shall become effective ten (10) days from the date of its issuance.
   The provisions of this ORDER shall remain effective and enforceable except to the extent that, and until such time as, any provisions of this ORDER shall have been modified, terminated, suspended, or set aside by the FDIC.
   Pursuant to delegated authority.
   Dated at San Francisco, California, this 1st day of March, 1999.

ED&O Home | Search Form | Text Search | ED&O Help

Last Updated 6/6/2003 legal@fdic.gov