Federal Deposit
Insurance Corporation

[¶12,295] In the Matter of California Oaks State Bank, Thousand Oaks, California, Docket No. 04-220b (9-24-04).

A cease and desist order was issued, based on findings by the FDIC that it had reason to believe that respondent was engaged in unsafe and unsound practices. (This order was terminated by order of the FDIC dated 8-10-05; see ¶16,435.)

[.1] Management—Qualifications Specified

[.2] Capital—Tier 1 Capital Increase/Maintain

[.3] Violations of Law—Corrections of Violations Required

[.4] Bank Operations—Internal Routine and Controls, Correction of Weaknesses Required

[.5] Dividends—Dividends Restricted

[.6] Cease and Desist Orders—Preparation or Revision of Funds Management Policy Required

[.7] Loan Policy—Preparation or Revision of Policy Required

[.8] Bank Secrecy Act—Compliance

[.9] Bank Secrecy Act—Compliance—Audit

[.10] Bank Secrecy Act—Policy Required

[.11] Bank Secrecy Act—Compliance Program

[.12] Customer Due Diligence Program—Establishment Required

[.13] Bank Secrecy Act—Internal Data Processing Reports

[.14] Bank Secrecy Act—Audit Committee

[.15] Suspicious Activity Report—Policy Required

[.16] Suspicious Activity Report—Controls to Detect Check Kiting Suspects

[.17] Suspicious Activity Report—Filing of Required

[.18] Suspicious Activity Report—Tracking System Required

[.19] Suspicious Activity Report—Policies and Procedures to Advise Board of Directors Required

[.20] Progress Report—Written Report Required

[.21] Shareholders—Disclosure of Cease and Desist Order Required
{{11-30-04 p.12295.2}

In the Matter of
CALIFORNIA OAKS STATE BANK
THOUSAND OAKS, CALIFORNIA
(Insured State Nonmember Bank)
ORDER TO CEASE AND DESIST

FDIC-04-220b

California Oaks State Bank, Thousand Oaks, California ("Bank"), having been advised of its right to a Notice of Charges and of Hearing detailing the unsafe or unsound banking practices and violations of law and/or regulations alleged to have been committed by the Bank and of its right to a hearing on the alleged charges under section 8(b)(1) of the Federal Deposit Insurance Act ("Act"), 12 U.S.C. §1818(b)(1), and having waived those rights, entered into a STIPULATION AND CONSENT TO THE ISSUANCE OF AN ORDER TO CEASE AND DESIST ("CONSENT AGREEMENT") with counsel for the Federal Deposit Insurance Corporation ("FDIC"), dated September 21, 2004, whereby solely for the purpose of this proceeding and without admitting or denying the alleged charges of unsafe or unsound banking practices and violations of law and/or regulations, the Bank consented to the issuance of an ORDER TO CEASE AND DESIST ("ORDER") by the FDIC.

The FDIC considered the matter and determined that it had reason to believe that the Bank had engaged in unsafe or unsound banking practices and had committed violations of law and/or regulations. The FDIC, therefore, accepted the CONSENT AGREEMENT and issued the following:

ORDER TO CEASE AND DESIST

IT IS HEREBY ORDERED that the Bank, its institution-affiliated parties, as that term is defined in section 3(u) of the Act, 12 U.S.C. §1813(u), and its successors and assigns cease and desist from the following unsafe and unsound banking practices and violations of law and/or regulation:

(a) operating with management whose policies and practices are detrimental to the Bank and jeopardize the safety of its deposits;

(b) operating with a board of directors which has failed to provide adequate supervision over and direction to the active management of the Bank;

(c) operating with inadequate capital in relation to the operating losses experienced by the Bank;

(d) operating in violation of Part 326.8, 12 C.F.R. §326.8, and Part 353, 12 C.F.R. §353, of the FDIC's Rules and Regulations; operating in violation of 31 C.F.R. §103.18 and 31 C.F.R. §103.27 of the Treasury Department's Regulations; and operating in contravention of the Joint Policy Statement on Interest Rate Risk;

(e) operating with inadequate internal routine and controls policies; and

(f) operating with inadequate provisions and policies for funds management.

IT IS FURTHER ORDERED, that the Bank, its institution-affiliated parties, and its successors and assigns, take affirmative action as follows:

[.1] 1. The Bank shall have and retain qualified management.

(a) Each member of management shall have qualifications and experience commensurate with his or her duties and responsibilities at the Bank. Management shall include a chief executive officer with proven ability in managing a Bank of comparable size, improving earnings, and other matters needing particular attention. Management shall also include a Senior Lending Officer with significant appropriate lending, collection, and loan supervision experience; and a Chief Financial Officer with proven ability in supervising internal operations, providing sound internal controls, and insuring reliability of all financial reporting in a bank of comparable size. Each member of management shall be provided appropriate written authority from the Bank's board of directors to implement the provisions of this ORDER.

(b) The qualifications of management shall be assessed on its ability to:

(i) comply with the requirements of this ORDER;

(ii) operate the Bank in a safe and sound manner;

(iii) comply with applicable laws and regulations; and

(iv) restore all aspects of the Bank to a safe and sound condition, including asset quality, capital adequacy, earnings, management effectiveness, liquidity, and sensitivity to market risk.

(c) During the life of this ORDER, the

Bank shall notify the Regional Director of the FDIC's San Francisco Regional Office ("Regional Director") and the Commissioner, Department of Financial Institutions for the State of California ("Commissioner") in writing when it proposes to add any individual to the Bank's board of directors or employ any individual as a senior executive officer. The notification must be received at least 30 days before such addition or employment is intended to become effective and should include a description of the background and experience of the individual or individuals to be added or employed.

[.2] 2. (a) During the life of this ORDER, the Bank shall maintain Tier 1 capital in such an amount as to equal or exceed seven and a half (7.5) percent of the Bank's total assets.

b) Any increase in Tier 1 capital necessary to meet the requirements of Paragraph 2 of this ORDER may be accomplished by the following:

(i) the sale of common stock; or

(ii) the sale of noncumulative perpetual preferred stock; or

(iii) any other means acceptable to the Regional Director and the Commissioner; or

(iv) any combination of the above means.

Any increase in Tier 1 capital necessary to meet the requirements of Paragraph 2 of this ORDER may not be accomplished through a deduction from the Bank's allowance for loan and lease losses.

(c) If all or part of the increase in Tier 1 capital required by Paragraph 2 of this ORDER is accomplished by the sale of new securities, the board of directors shall forthwith take all necessary steps to adopt and implement a plan for the sale of such additional securities, including the voting of any shares owned or proxies held or controlled by them in favor of the plan. Should the implementation of the plan involve a public distribution of the Bank's securities (including a distribution limited only to the Bank's existing shareholders), the Bank shall prepare materials fully describing the securities being offered, including an accurate description of the financial condition of the Bank and the circumstances giving rise to the offering, and any other material disclosures necessary to comply with the Federal securities laws. Prior to the implementation of the plan and, in any event, not less than fifteen (15) days prior to the dissemination of such materials, the plan and any materials used in the sale of the securities shall be submitted to the FDIC, Accounting and Securities Section, Washington, D.C. 20429, for review. Any changes requested to be made in the plan or materials by the FDIC shall be made prior to their dissemination. If the increase in Tier 1 capital is provided by the sale of noncumulative perpetual preferred stock, then all terms and conditions of the issue, including but not limited to those terms and conditions relative to interest rate and convertibility factor, shall be presented to the Regional Director and the Commissioner for prior approval.

(d) In complying with the provisions of Paragraph 2 of this ORDER, the Bank shall provide to any subscriber and/or purchaser of the Bank's securities, a written notice of any planned or existing development or other changes which are materially different from the information reflected in any offering materials used in connection with the sale of Bank securities. The written notice required by this paragraph shall be furnished within ten (10) days from the date such material development or change was planned or occurred, whichever is earlier, and shall be furnished to every subscriber and/or purchaser of the Bank's securities who received or was tendered the information contained in the Bank's original offering materials.

(e) For the purpose of this ORDER, the terms "Tier 1 capital" and "total assets" shall have the meanings ascribed to them in Part 325 of the FDIC Rules and Regulations, 12 C.F.R. §§325.2(t) and 325.2(v).

[.3] 3. Within 60 days from the effective date of this ORDER, the Bank shall to the extent possible, eliminate and/or correct all violations of law, and contraventions of policy which are more fully set out on pages 24–31 in the FDIC's Visitation Report dated June 30, 2003, and pages 22–31 in the FDIC's Report of Examination dated April 26, 2004. In addition, the Bank shall take all necessary steps to ensure future compliance with all applicable laws and regulations, and shall adhere to all applicable policy statements.

[.4] 4. Within 30 days from the effective date of this ORDER, the Bank shall revise and implement the policy for the operation of the Bank in such a manner as to provide adequate internal routine and control policies consistent with safe and sound banking
{{11-30-04 p.12295.4}

practices specifically addressing the procedures for reconciling the due from accounts and processing legal requests. Such policy and its implementation shall be satisfactory to the Regional Director and the Commissioner as determined at subsequent examinations and/or visitations.

[.5] 5. The Bank shall not pay cash dividends without the prior written consent of the Regional Director and the Commissioner.

[.6] 6. Within 60 days from the effective date of this Order the Bank shall revise, adopt, and implement a written funds management policy. At a minimum this policy shall address the deficiencies and contain the recommendations on pages 15–16 of the FDIC's Examination Report dated April 26, 2004. Such funds management policy shall be satisfactory to the Regional Director and the Commissioner as determined at subsequent examinations and/or visitations.

[.7] 7. Within 60 days from the effective date of this Order the Bank shall revise, adopt, and implement a written loan policy. This policy shall also address the deficiencies described in the recommendations on pages 14–15 of the FDIC's Examination Report dated April 26, 2004. Such policy shall be satisfactory to the Regional Director and the Commissioner as determined at subsequent examinations and/or visitations.

[.8] 8. Within 90 days from the effective date of this ORDER, the Bank shall comply in all material respects with the Bank Secrecy Act ("BSA") and its rules and regulations, Part 353 of the FDIC's Rules and Regulations, 31 C.F.R. §103.18, and 31 C.F.R. §103.27 of the U.S. Treasury Rules and Regulations.

[.9] 9. Within 90 days from the effective date of this ORDER, the Bank shall perform, either directly or through a consultant, an analysis to determine appropriate staffing for the BSA function in accordance with the Bank's risk profile. Such assessment shall include factors such as the current size of the institution, planned growth levels, geographic distribution, and high-risk customers and services. Based on this assessment, management must provide sufficient personnel resources and expertise to effectively conduct, coordinate, and monitor day-to-day compliance with BSA, as determined at subsequent examinations and/or visitations.

[.10] 10. Within 90 days from the effective date of this ORDER, the Bank shall revise, adopt and implement its BSA Policy to include provisions which implement the requirements of Paragraphs 11 through 19 of this ORDER. The Bank's board of directors and management shall fully implement the provisions of the revised BSA Policy. The revised BSA Policy, and its implementation, shall be in a form and manner acceptable to the Regional Director and the Commissioner as determined at subsequent examinations and/or visitations of the Bank.

[.11] 11. Within 90 days, the Bank shall develop, adopt, and implement a written compliance program, as required by the applicable provisions of section 326.8 of the FDIC's Rules and Regulations, 12 C.F.R. §326.8, designed to, among other things, ensure and maintain compliance by the Bank with the BSA and the rules and regulations issued pursuant thereto. The program shall ensure that clear and comprehensive BSA compliance reports are provided to the Bank's board of directors on a monthly basis. Such program and its implementation shall be in a manner acceptable to the Regional Director and the Commissioner as determined at subsequent examinations and/or visitations of the Bank. At a minimum, the program shall:

(a) Establish a system of internal controls to ensure BSA compliance and the rules and regulations issued pursuant thereto, including policies and procedures to detect and monitor all transactions to ensure that they are not being conducted for illegitimate purposes and that there is full compliance with all applicable laws and regulations.

(b) Provide for independent testing of compliance with the BSA, all applicable rules and regulations related to the BSA, and the reporting of suspicious transactions required to be reported pursuant to Part 353 of the FDIC's Rules and Regulations, 12 C.F.R. Part 353. The independent testing shall be conducted on an annual basis in compliance with the procedures described in the FDIC's "Guidelines for Monitoring Bank Secrecy Act Compliance." The testing, at a minimum, shall include the following:

(i) a testing of the Bank's internal procedures of monitoring the BSA;

(ii) a sampling of large currency transactions

followed by a review of the Currency Transaction Report filings;

(iii) a test of the validity and reasonableness of the customer exemptions granted by the Bank;

(iv) a test of the Bank's recordkeeping system for compliance with the BSA; and

(v) documentation of the scope of the testing procedures performed and the findings of the testing.

Written reports shall be prepared which document the testing results and provide recommendations for improvement. Such reports shall be presented to the Bank's board of directors.

(c) Ensure that the Bank's BSA compliance program is managed by a qualified officer who shall have responsibility for all BSA compliance and related matters, including, without limitation:

(i) the identification of timely, accurate, and complete reporting to law enforcement and supervisory authorities of unusual or suspicious activity or known or suspected criminal activity perpetuated against or involving the Bank; and

(ii) monitoring the Bank's compliance and ensuring that full and complete corrective action is taken with respect to previously identified apparent violations and deficiencies.

(d) Provide and document training by competent staff and/or independent contractors of all board members and all appropriate personnel, including, without limitation, tellers, customer service representatives, lending officers, private and personal banking officers and all other customer contact personnel, in all aspects of regulatory and internal policies and procedures related to the BSA, with a specific concentration on accurate recordkeeping, form completion and the detection and reporting of known and/or suspected criminal activity. Training shall be updated on a regular basis to ensure that all personnel are provided with the most current and up-to-date information.

[.12] 12. Within 180 days of the effective date of this ORDER, the Bank shall develop, adopt, and implement a written customer due diligence program. Such program and its implementation shall be in a manner acceptable to the Regional Director and the Commissioner as determined at subsequent examinations and/or visitations of the Bank. At a minimum the customer due diligence program shall provide for the following:

(a) A risk focused assessment of the customer base of the Bank to determine the appropriate level of enhanced due diligence necessary for those categories of customers that the Bank has reason to believe pose a heightened risk of illicit activities at or through the Bank.

(b) For those customers whose transactions require enhanced due diligence, procedures to:

(i) determine the appropriate documentation necessary to confirm the identity and business activities of the customer;

(ii) understand the normal and expected transactions of the customer; and

(iii) reasonably ensure the identification and timely, accurate and complete reporting of known or suspected criminal activity against or involving the Bank to law enforcement and supervisory authorities, as required by the suspicious reporting provisions of Part 353 of the FDIC's Rules and Regulations, 12 C.F.R. Part 353.

[.13] 13. Within 90 days of the effective date of this ORDER, the Bank shall develop or have developed internal data processing reports for BSA monitoring and Suspicious Activity Reporting and Currency Transaction Report reporting. Such data processing report must be tested for accuracy and completeness at least annually through independent testing. In addition, such reports must capture appropriate activity at all branches and departments of the Bank. Documentation of the testing of these internal data processing reports must be provided to the board and documented in the board meeting minutes. Such documentation must also be available for examiners upon request.

[.14] 14. Within 45 days of the effective date of this ORDER, the Board's audit committee shall oversee the Bank's compliance with the BSA and Parts 326 and 353 of the FDIC's Rules and Regulations. The committee shall receive reports from the qualified officer appointed in paragraph 11 regarding compliance with the BSA and Parts 326 and 353, at least monthly, and shall report to the Bank's board of directors at every meeting .

[.15] 15. Within 90 days of the effective date of this ORDER, the Bank shall develop, adopt, and implement written procedures to comprehensively capture wire transfer activity and monetary instrument purchase
{{11-30-04 p.12295.6}

activity and monitor such activity for potential suspicious or unusual activity. The program should be computerized and must include adequate processes to ensure the capture of multiple transactions performed at any and all departments capable of conducting such activity, both individually and in aggregate. The procedures, and their implementation shall be in a form and manner acceptable to the Regional Director and the Commissioner as determined at subsequent examinations and/or visitations of the Bank.

[.16] 16. Within 45 days of the effective date of this ORDER, the Bank shall develop, adopt, and implement procedures and reports to detect check kiting suspects. The Bank shall ensure that all appropriate staff are aware of the procedures and their responsibilities in implementing these procedures. In addition, these procedures should be incorporated in the BSA Policy. The procedures, and their implementation shall be in a form and manner acceptable to the Regional Director and the Commissioner as determined at subsequent examinations and/or visitations of the Bank.

[.17] 17. Within 45 days of the effective date of this ORDER, the Bank shall establish policies and procedures to ensure that Suspicious Activity Reports are filed within 30 days of identifying a suspect or unusual and suspicious activity (or a total of 60 days if a suspect is unknown or once per quarter for ongoing transactions). Such a program must also ensure that detailed narrative description of the activity is included in the SAR filing. The policies and procedures, and their implementation, shall be in a form and manner acceptable to the Regional Director and the Commissioner as determined at subsequent examinations and/or visitations of the Bank.

[.18] 18. Within 45 days of the effective date of this ORDER, the Bank shall develop an effective system for tracking the Suspicious Activity Reports it has filed, including at a minimum, the date the Suspicious Activity was filed, dates of activity, amounts of current and prior reported suspicious activity, information on all named suspects, suspects' account numbers, and a brief synopsis of the suspicious activity identified.

[.19] 19. Within 45 days of the effective date of this ORDER, the Bank shall establish and implement policies and procedures to advise the Bank's board of directors of Significant Suspicious Activity Reports. At a minimum, the Board of Directors shall be advised in detail of all Suspicious Activity Reports involving employees, contractors, officers and directors. The policies and procedures shall also include guidelines to determine what Suspicious Activity Reports are significant.

[.20] 20. Within 30 days of the end of the first quarter following the effective date of this ORDER, and within thirty (30) days of the end of each quarter thereafter, the Bank shall furnish written progress reports to the Regional Director and the Commissioner detailing the form and manner of any actions taken to secure compliance with this ORDER, the results thereof. Such reports shall include a copy of the Bank's Report of Condition and the Bank's Report of Income. Such reports may be discontinued when the corrections required by this ORDER have been accomplished and the Regional Director and the Commissioner have released the Bank in writing from making further reports.

[.21] 21. Following the effective date of this ORDER, the Bank shall send to its shareholders or otherwise furnish a description of this ORDER in conjunction with the Bank's next shareholder communication and also in conjunction with its notice or proxy statement preceding the Bank's next shareholder meeting. The description shall fully describe the ORDER in all material respects. The description and any accompanying communication, statement, or notice shall be sent to the FDIC, Accounting and Securities Section, Washington, D.C. 20429, at least fifteen (15) days prior to dissemination to shareholders. Any changes requested to be made by the FDIC shall be made prior to dissemination of the description, communication, notice, or statement.

This ORDER shall become effective ten (10) days from the date of its issuance.

The provisions of this ORDER shall remain effective and enforceable except to the extent that, and until such time as, any provisions of this ORDER shall have been modified, terminated, suspended, or set aside by the FDIC.

Pursuant to delegated authority.

Dated at San Francisco, California, this 24th day of September, 2004.