Each depositor insured to at least $250,000 per insured bank



Home > Regulation & Examinations > Bank Examinations > FDIC Enforcement Decisions and Orders




FDIC Enforcement Decisions and Orders

ED&O Home | Search Form | Text Search | ED&O Help


{{3-31-00 p.C-4804}}
   [11,658] In the Matter of Jasper Banking Company, Jasper, Georgia, Docket No. 99-105b (9-30-99)

   A cease and desist order was issued, based on findings by the FDIC that it had reason to believe that respondent had engaged in unsafe and unsound practices. (This order was terminated by order of the FDIC dated 1-26-00; see ¶16,251)

   [.1] Year 2000 Plan—Year 2000 Officer
   [.2] Year 2000 Plan—Problem Assessment
   [.3] Year 2000 Plan—Remediation Contingency Plan Required
{{12-31-99 p.C-4805}}
   [.4] Year 2000 Plan—Mission Critical Systems Tested
   [.5] Year 2000 Plan—Mission Critical Systems Fully Compliant—Written Statement Required
   [.6] Year 2000 Plan—New or Modified Systems Previously Verified as Year 2000 Compliant
   [.7] Year 2000 Plan—Noncompliance Risk—Written Assessment Required
   [.8] Year 2000 Plan—Customer Awareness Program Required
   [.9] Year 2000 Plan—Audit Policies Amended to Include Plan
   [.10] Year 2000 Plan—Implementation Failure—Customer Release
   [.11] Year 2000 Plan—Status Reports Required
   [.12] Shareholders—Disclosure of Cease and Desist Order Required

In the Matter of

JASPER BANKING COMPANY
JASPER, GEORGIA
(Insured State Nonmember Bank)
ORDER TO CEASE
AND DESIST

FDIC-99-105b

   The Jasper Banking Company, Jasper, Georgia ("Bank"), having been advised of its right to a Notice of Charges and of Hearing detailing the unsafe or unsound banking practices alleged to have been committed by the Bank and of its right to a hearing on the alleged charges under Section 8(b)(1) of the Federal Deposit Insurance Act ("Act"), 12 U.S.C. § 1818(b)(1), and having waived those rights, entered into a STIPULATION AND CONSENT TO THE ISSUANCE OF AN ORDER TO CEASE AND DESIST ("CONSENT AGREEMENT") with legal counsel for the Federal Deposit Insurance Corporation ("FDIC"), dated September 23, 1999, whereby solely for the purpose of this proceeding and without admitting or denying the alleged charges of unsafe or unsound banking practices, the Bank consented to the issuance of an ORDER TO CEASE AND DESIST ("ORDER") by the FDIC.
   The FDIC considered the matter and determined that it had reason to believe that the Bank had engaged in unsafe or unsound banking practices. The FDIC, therefore, accepted the CONSENT AGREEMENT and issued the following:

ORDER TO CEASE AND DESIST

   IT IS HEREBY ORDERED that the Bank, its directors, officers, employees, agents, and other institution-affiliated parties as that term is defined in Section 3(u) of the Act, 12 U.S.C. § 1813(u), and its successors and assigns cease and desist from the following unsafe and unsound banking practices:
   A. Operating with a board of directors which has failed to provide adequate supervision and direction to prevent unsafe and unsound practices with respect to the Bank's electronic information systems and other automated systems that are used by the Bank, or upon which the Bank depends for the conduct of its business ("Bank Information Systems");
   B. Failing to take appropriate measures to ensure that the Bank Information Systems are Year 2000 ready as defined in the Interagency Guidelines Establishing Year 2000 Safety and Soundness Standards published in the Federal Register on October 15, 1998 and the FFIEC guidance papers referred to therein (collectively referred to in this ORDER as "FFIEC Guidelines") and are able to perform correctly all automated processing operations, including interactions and interdependencies with other automated systems, involving dates later than December 31, 1999;
   C. Failing to adequately test all systems to ensure that the changes made to the Bank Information Systems function correctly, currently and after December 31, 1999;
   IT IS FURTHER ORDERED, that the Bank, its institution-affiliated parties, and its successors and assigns, take affirmative action as follows:

Year 2000 Officer

   [.1] 1. (a) No later than the effective date of this ORDER, the Bank shall designate an executive officer as the Bank's Year 2000 Officer. The Year 2000 Officer shall possess the experience and qualifications necessary {{12-31-99 p.C-4806}}to provide appropriate oversight over the Bank's efforts to bring the Bank Information Systems into Year 2000 compliance. The Year 2000 Officer shall be provided the necessary written authority to implement the provisions of this ORDER relating to Year 2000 compliance.
   (b) The Year 2000 Officer shall have the authority to appoint additional Bank personnel to assist in complying with the provisions in this ORDER relating to Year 2000 compliance.
   (c) As long as this ORDER remains in effect, the Bank shall notify the Regional Director of the FDIC's Atlanta Regional Office ("Regional Director") and the Commissioner of the Georgia Department of Banking and Finance ("Commissioner") in writing of any vacancy in the position, or change in the identity, of the Year 2000 Officer. Such notification shall be in addition to any application and prior approval requirements established by section 32 of the Act, 12 U.S.C. § 1831i, and implementing regulations; shall include the names and qualifications of any replacement personnel; and shall be provided at least 10 days prior to any individual assuming the new position.

Assessment

   [.2] 2. No later than the effective date of this ORDER, the Bank shall update the written assessment of the extent of the actual and potential Year 2000 problems that are posed by the Bank Information Systems. The Bank shall amend its plan for achieving Year 2000 readiness as appropriate based on this written assessment. The Bank's written assessment shall be reviewed and approved by the Bank's board of directors, and such review and approval shall be recorded in the minutes of the Bank's board of directors meeting. Immediately thereafter, a copy of such written assessment and the amended Year 2000 Plan shall be provided to the Regional Director and the Commissioner. Such assessment shall:

       (a) Identify all information systems hardware, operating systems software, application software, data files, automated teller machines, telecommunications technologies, environmental systems, and other automated systems that are used by the Bank;
       (b) Identify all interdependencies between the Bank Information Systems and those of its service providers, software vendors, other entities with which the Bank regularly exchanges data electronically, and material Bank customers;
       (c) Conduct due diligence of the Bank's service providers, any service provider that is used by the Bank's service providers, and software vendors, in accordance with the FFIEC Guidelines, to determine such service provider's or software vendor's awareness of, and ability to correct, any Year 2000 compliance problems;
       (d) Evaluate the effect of implementation of the Year 2000 Plan on data exchange between the Bank and its service providers and other entities with which the Bank regularly exchanges data; and,
       (e) Address each of the potential Year 2000 problem issues that are identified in the FFIEC Guidelines.

Contingency Plan

   [.3] 3. Within 15 days of the effective date of this ORDER, the Bank shall develop a Remediation Contingency Plan, in accordance with the FFIEC Guidelines. The Remediation Contingency Plan shall set forth the Bank's alternate plans to assure continuity of operations in the event the Bank must retain Year 2000 compliant replacement Mission Critical Systems (as described in the FFIEC Guidelines), service providers or software vendors, or obtain Year 2000 compliant replacement computer hardware or software from alternate sources. Such Remediation Contingency Plan shall be provided to the Regional Director and the Commissioner for their review and comment. The Bank's board of directors shall review any comments from the FDIC and the Georgia Department of Banking and Finance and shall amend the Remediation Contingency Plan as needed. The Remediation Contingency Plan shall be immediately implemented on any aspect of the Bank Information Systems that cannot be proven to be fully Year 2000 compliant.

Validation

   [.4] 4. No later than the effective date of this ORDER, the Bank shall complete a validation process of the renovation made to make the bank's systems Year 2000 ready, which shall include comprehensive testing of all internal Mission Critical Systems to ascertain that all such systems are in fact fully Year 2000 compliant. The Bank's Year 2000 compliance validation process shall be conducted in accordance with the FFIEC {{12-31-99 p.C-4807}}Guidelines. Testing of the Bank Information Systems shall include:

       (i) Testing of all changes to hardware and software that occur in the renovation phase of the Bank's Year 2000 Plan;
       (ii) Testing of all aspects of interconnectivity and interoperation of the Bank Information Systems with other systems; and
       (iii) Determinations by internal and external users that at the completion of the renovation phase of the Bank's Year 2000 Plan, the internal Mission Critical Systems are fully Year 2000 compliant.
Test results should be provided to serviced bank customers for their review and to support their requirements for adequate testing. Testing performed should incorporate all banks for which data servicing is performed.

Implementation

   [.5] 5. No later than the effective date of this ORDER, the Bank shall have in place internal Mission Critical Systems that are fully Year 2000 compliant. Such implementation shall include a written determination by the Bank that the internal Mission Critical Systems have been tested successfully to determine that such systems are fully Year 2000 compliant. A copy of such written determination shall be provided to the Regional Director and the Commissioner.

   [.6] 6. Beginning on the effective date of this ORDER, and for so long as this ORDER shall remain in effect, the Bank shall acquire or contract for the use of electronic information systems hardware, operating systems, and applications software only if such hardware, systems, and software have been successfully tested for Year 2000 compliance prior to use by the Bank. The Bank shall also ensure that any new Bank Information Systems and modifications to existing Bank Information Systems that have been previously verified as Year 2000 compliant are year 2000 compliant.

Material Customer Risk

   [.7] 7. Within 15 days of the effective date of this ORDER, and every 30 days thereafter, the Bank shall prepare a written assessment of the Bank's risk from Year 2000 noncompliance by the information systems of the Bank's material customers (as defined in the FFIEC Guidelines). The written assessment shall be in accordance with the FFIEC Guidelines. The Bank shall use this assessment in its quarterly analysis of the risk in its loan portfolio, the adequacy of its allowance for loan and lease losses, and its liquidity position. The Bank's board of directors shall review the assessment and such review shall be recorded in the minutes of the Bank's board of directors meeting. The Bank shall develop and implement appropriate risk controls to manage and mitigate the risks posed by the Year 2000 compliance status of its customers.

Customer Awareness

   [.8] 8. Within 15 days of the effective date of this ORDER, the Bank shall establish a customer awareness program. The program shall, at a minimum, include training for all employees, a prepared statement for customers, procedures for addressing customer inquiries, and procedures for educating customers on steps the Bank has taken to address the Year 2000 issue.

Audit

   [.9] 9. Within 15 days from the effective date of this ORDER, the Bank shall amend its internal and external audit policies to require periodic audits of the Bank's Year 2000 Plan and its implementation, in accordance with the FFIEC Guidelines. Thereafter, the Bank shall perform periodic audits of the Year 2000 Plan and its implementation. The Bank's board of directors shall review the results of the audits and such reviews shall be noted in the minutes of the board of directors meetings.

Legal Audit

   10. Within 15 days of the effective date of this ORDER, the bank shall conduct a review of their contracts and insurance policies to determine their responsibilities and potential liabilities for the Year 2000.

Customer Release

   [.10] 11. By October 15, 1999, if the Bank has not satisfied the validation and implementation provisions contained in paragraph 4 and paragraph 5 of this ORDER respectively, the Bank shall allow its serviced bank customers to be released from their contracts without any penalties or charges to the serviced bank customers.

Reporting

   [.11] 12. The Year 2000 Officer shall provide bi-weekly status reports to the Bank's {{12-31-99 p.C-4808}}board of directors. Such reports shall detail the Bank's progress in implementing the Year 2000 Plan. At a minimum, the reports shall include such information as described for quarterly board reports in the FFIEC Guidelines. The minutes of the board of directors meetings shall reflect the review of such reports and any material action taken by the board of directors to address any Year 2000 problems.

   [.12] 13. Following the effective date of this ORDER, the Bank shall send to its shareholders or otherwise furnish a description of this ORDER (i) in conjunction with the Bank's next shareholder communication and also (ii) in conjunction with its notice or proxy statement preceding the Bank's next shareholder meeting. The description shall fully describe this ORDER in all material respects. The description and any accompanying communication, statement or notice shall be sent to the FDIC, Registration and Disclosure Section, 550 17th Street, NW, Washington, D.C. 20429, and to the Commissioner, for review at least twenty (20) days prior to dissemination to shareholders. Any changes requested to be made by the FDIC or the Commissioner shall be made prior to dissemination of the description, communication, notice or statement.
   14. Within thirty (30) days from the effective date of this ORDER, and each month thereafter while this ORDER is in effect, the Bank shall furnish written progress reports to the Regional Director and to the Commissioner detailing the form and manner of all actions taken to secure compliance with this ORDER and the results of such actions. Such reports may be discontinued when the corrections required by this ORDER have been accomplished and the Regional Director and the Commissioner have released the Bank in writing from making further reports. All progress reports and other written responses to this ORDER shall be reviewed by the board of directors of the Bank and made a part of the minutes of the appropriate board meeting.
The provisions of this ORDER shall become effective ten (10) days from the date of its issuance and shall be binding upon the Bank, its institution-affiliated parties, and its successors and assigns. Further, the provisions of this ORDER shall remain effective and enforceable except to the extent that, and until such time as, any provisions of this ORDER shall have been modified, terminated, suspended, or set aside by the FDIC.
   Pursuant to delegated authority.
   Dated at Atlanta, Georgia, this 30th day of September, 1999.

ED&O Home | Search Form | Text Search | ED&O Help

Last Updated 6/6/2003 legal@fdic.gov