Each depositor insured to at least $250,000 per insured bank



Home > Regulation & Examinations > Bank Examinations > FDIC Enforcement Decisions and Orders



FDIC Enforcement Decisions and Orders

ED&O Home | Search Form | Text Search | ED&O Help


{{01-31-05 p.C-12318.1}}

[12,318] In the Matter of Farmers Bank, Hamburg, Arkansas, Docket No. 04-252B (11-3-04).

A cease and desist order was issued, based on findings by the FDIC that it had reason to believe that respondent was engaged in unsafe and unsound practices.

[.1] Management—Qualifications Specified

[.2] Bank Secrecy Act— Compliance Program

[.3] Bank Secrecy Act—Staffing Requirements

[.4] Compliance Program—Written Compliance Plan Required

[.5] Bank Operations—Data Processing Center

[.6] Information Technology Plan—Weekly Report Required

[.7] Information Technology Plan—Minimum Requirements

[.8] Security Controls—Information Security Program

[.9] Bank Operations—Review Computer User Access Levels

[.10] Suspicious Activity Report—Implement Policy

[.11] Disaster Recovery Plan—Required

[.12] Profit Plan—Preparation of Plan Required

[.13] Strategic Plan—Preparation of Required

[.14] Violations of Law—Corrections of Violations Required

[.15] Dividends—Dividends Restricted

[.16] Shareholders—Disclosure of Cease and Desist Order Required

[.17] Progress Report—Written Report Required
{{01-31-05 p.C-12318.2}}

In the Matter of:
FARMERS BANK
HAMBURG, ARKANSAS
(Insured State Nonmember Bank)
ORDER TO CEASE AND DESIST

FDIC 04-252B

The Farmers Bank, Hamburg, Arkansas ("Bank"), through its board of directors, having been advised of its right to the issuance and service of a NOTICE OF CHARGES AND OF HEARING detailing the unsafe or unsound banking practices and violations of law or regulations alleged to have been committed by the Bank and of its right to a hearing on the alleged charges under section 8(b) of the Federal Deposit Insurance Act ("Act"), 12 U.S.C. §1818(b) and having waived those rights, entered into a STIPULATION AND CONSENT TO THE ISSUANCE OF AN ORDER TO CEASE AND DESIST ("CONSENT AGREEMENT") with counsel for the Federal Deposit Insurance Corporation ("FDIC") dated November 3, 2004, whereby, solely for the purpose of this proceeding and without admitting or denying the alleged charges of unsafe or unsound banking practices and violations of law or regulations, the Bank consented to the issuance of an ORDER TO CEASE AND DESIST ("ORDER") by the FDIC.

The FDIC considered the matter and determined that it had reason to believe that the Bank had engaged in unsafe or unsound banking practices and had violated laws or regulations. The FDIC, therefore, accepted the CONSENT AGREEMENT and issued the following:

ORDER TO CEASE AND DESIST

IT IS ORDERED, that the Bank, its institution-affiliated parties, as that term is defined in section 3(u) of the Act, 12 U.S.C. §1813(u), and its successors and assigns, cease and desist from the following unsafe or unsound banking practices and violations of laws or regulations.

    (a) Operating the Bank without adequate supervision and direction by the Bank's board of directors over the management of the Bank to prevent unsafe and unsound banking practices and violations of laws or regulations;

    (b) Operating the Bank in violation of applicable Federal and State laws and regulations, including violations of the Bank Secrecy Act, 12 U.S.C. § 1951 - 1959 and 31 U.S.C. 5311-5332 ("BSA"); the FDIC's Bank Secrecy Act Compliance Regulations, 12 C.F.R. Part 326; Financial Recordkeeping Regulations, 31 C.F.R. Part 103; Section 39 of the Act, 12 U.S.C. §1831p and in contravention of Appendix B to the FDIC Standards for Safety and Soundness, 12 C.F.R. Part 364, Appendix B;

    (c) Operating the Bank without an adequate information technology program, to meet the needs and requirements of the Bank; and

    (d) Operating the Bank with inadequate earnings to fund growth and augment capital.

IT IS FURTHER ORDERED, that the Bank, its institution-affiliated parties and its successors and assigns take affirmative action as follows:

[.1] 1. (a) Within 30 days after the effective date of this ORDER, the Bank shall have and maintain sufficient qualified management and staff to manage the day-to-day operations of the Bank. Such person(s) shall include person(s) who are knowledgeable or have expertise in the areas of: Information Technology; the Bank Secrecy Act, and compliance therewith; and meeting the goals set out in the Bank's profit and strategic plans. Such person(s) shall be provided the necessary written authority to implement the provisions of this ORDER. Bank management, including its board of directors, shall be assessed on its ability to:

    (i) Comply with the requirements of this ORDER;

    (ii) Operate the Bank in a safe and sound manner;

    (iii) Comply with applicable laws and regulations; and

    (iv) Maintain all aspects of the Bank in a safe and sound condition, including asset quality, capital adequacy, earnings, and management effectiveness.

(b) While this ORDER is in effect, the Bank shall notify the Regional Director of the Dallas Region-Memphis Area Office ("Regional Director") and the Commissioner of the Arkansas Bank Department ("Commissioner") in writing of any changes in any of the Bank's directors or Senior Executive Officers. For purposes of this ORDER, "Senior Executive Officer" is defined as in Section 303.101(b) of the FDIC Rules and Regulations, 12 C.F.R. §303.101(b).
{{01-31-05 p.C-12318.3}}

Prior to the addition of any individual to the board of directors or the employment of any individual as a Senior Executive Officer, the Bank shall comply with the requirements of Section 32 of the Act, 12 U.S.C. §1831i, and Subpart F of Part 303 of the FDIC Rules and Regulations, 12 C.F.R. § 303.100 - 303.103.

[.2] 2. (a) Within 60 days from the effective date of this ORDER, the Bank shall provide for an acceptable written BSA Compliance Program. The BSA Compliance Program shall be submitted to the Regional Director and Commissioner for review and comment. No more than 30 days after the receipt of any comment from the Regional Director and Commissioner, the board of directors shall approve the BSA Compliance Plan. Such approval shall be recorded in the minutes of the board of director's meeting. The BSA Compliance Program shall be implemented immediately.

(b) The BSA Compliance Program shall be designed to assure on-going compliance with 31 CFR Part 103 (Financial Recordkeeping), 13 CFR §326.8 (Bank Secrecy Act Compliance), 12 CFR Part 353 (Suspicious Activity Reports), and the guidance set forth in Financial Institution Letter 29-96 (May 14, 1996).

(c) The BSA Compliance Program, shall provide for an effective system of internal controls to assure ongoing compliance with the BSA. The system of internal controls shall include, at a minimum:

    (i) Identify reportable transactions and gather the information necessary to properly complete the required reporting forms;

    (ii) Ensure that all required reports are accurate, proper, complete, and timely filed;

    (iii) Ensure that customer exemptions are properly granted and documented; and

    (iv) Provide for separation of duties to ensure personnel completing required reports are not responsible for filing them.

(d) The board of directors shall appoint a Bank official who meets the qualifications set forth in Financial Institution Letter 29-96 (May 14, 1996), to coordinate and monitor the Bank's compliance with the BSA. This individual shall have the authority to make and enforce policies to ensure compliance with the BSA.

(e) The Bank shall implement a training program covering 31 C.F.R. Section 103, for all appropriate personnel. This training shall be completed within 90 days from the effective date of this ORDER. Employees receiving the training shall include, but not be limited to all current or new employees employed by the Bank as tellers, new accounts personnel, lending personnel, bookkeeping personnel and wire transfer personnel. The training program shall also ensure that senior Bank management and the board of directors are informed of any changes to, or developments in, the BSA and the Bank's responsibility thereunder.

(f) Within 90 days of the effective date of this ORDER and at least annually thereafter, the Bank shall independently test the BSA Compliance Program to ensure proper controls are in place to comply with the requirements of 31 C.F.R. Part 103, 12 CFR §326.8, and 12 CFR Part 353. The independent test shall be completed by a qualified person or entity independent of the Bank's BSA Compliance Program. The independent testing program shall, at a minimum:

    (i) Test the Bank's internal procedures for monitoring compliance with the BSA, including interviews of employees who handle cash transactions;

    (ii) Sample the large currency transactions followed by a review of the currency transaction report filings;

    (iii) Test the validity and reasonableness of the customer exemptions granted by the Bank;

    (iv) Test the Bank's recordkeeping system to ensure compliance with 31 C.F.R. Part 103 and 12 C.F.R. Part 353; and

    (v) Document the scope of the testing procedures performed and the findings of the test.

(g) The results of each independent test as well as any apparent exceptions noted during the testing shall be presented to the board of directors. The board shall record the steps taken to correct any exceptions noted and address any recommendations made during each independent test in the minutes of its meetings.

[.3] 3. Within 90 days from the effective date of this ORDER, the Bank shall complete an independent review of the staff responsible for ensuring the Bank's compliance with the BSA. The review shall be conducted by a qualified party with the requisite
{{01-31-05 p.C-12318.4}}

ability to perform such an analysis, and a written report shall be presented to the Bank's board of directors. The written report shall be submitted to the Regional Director and Commissioner for review and comment.

[.4] 4. (a) Within 60 days from the effective date of this ORDER, the Bank shall provide for, and document, an adequate system designed to detect and report any known or suspected criminal violations committed or attempted against the Bank or involving a transaction(s) through the Bank involving or aggregating $5,000 or more.

(b) This system shall ensure the Bank's compliance with Part 353 of the FDIC Rules and Regulations, 12 C.R.F. Part 353. A description of the system devised by the Bank shall be submitted to the Regional Director and Commissioner for review and comment.

[.5] 5. Within 60 days of the effective date of the ORDER, the Bank shall acquire, install and test the requisite software and hardware to ensure the continuity of the Bank's core processing operations and the integrity of its financial records. In addition, the Bank shall enter into appropriate vendor support contracts to ensure adequate and ongoing support of its core applications.

[.6] 6. Within 10 days of the effective date of this ORDER, the board of directors shall take all action necessary to ensure that it receives regular, weekly, written reports on the status of the Bank's Information Technology ("IT") conversion activities including, but not limited to, its acquisition of new software and/or hardware and full, successful, conversion to a software platform that is adequately supported by vendors. The weekly report shall be submitted to the Regional Director and Commissioner, and shall be submitted until such time as the Regional Director and Commissioner determine that all major IT conversion issues, including those related to the Bank's IT servicers, applications software, and vendor support contracts have been resolved.

[.7] 7. Within 60 days of the effective date of the ORDER, the Board shall fully implement a written IT audit program, which shall at a minimum accomplish the following:

    (i) Undertaking an annual IT audit with a scope that is appropriate for the size, complexity, and profile of the Bank;

    (ii) Selecting a qualified firm or individual who has the knowledge, expertise and capability to perform sound IT audits;

    (iii) Tracking and monitoring audit and examination findings and submitting regular, written, reports to the board of directors; and

    (iv) Appointing a knowledgeable individual or firm to act as the Bank's internal auditor, who is charged with providing regular, written reports to the board of directors.

[.8] 8. Within 90 days of the effective date of this ORDER, the Bank shall develop and implement an Information Security Program which meets all the requirements of section 39 of the Act, 12 U.S.C. §1831p, and complies with Appendix B to Part 364 of the FDIC Rules and Regulations, 12 C.F.R. Part 364, Appendix B. The Bank's Information Security Program shall be approved by the board of directors and be submitted to the Regional Director and Commissioner for review and comment and, at a minimum include the following:

    (i) Perform a formal risk assessment of potential internal and external threats that could result in unauthorized access to customer information or systems;

    (ii) Manage and control risks to customer information by considering whether security measures and controls are appropriate;

    (iii) Ensure that staff is trained to implement the Bank's Information Security Program;

    (iv) Regularly test the key controls, systems and procedures of the Information Security Program. Tests shall be conducted or reviewed by independent third parties or staff independent of those that develop or maintain the security programs; and

    (v) Ensure that each Bank service provider is contractually required to implement appropriate measures to meet the objectives of the guidelines of Part 364, Appendix B.

[.9] 9. Within 60 days of the effective date of this ORDER, and quarterly after that, the Bank shall conduct an in-depth review of computer user access levels to ensure user access is restricted only to the level needed to perform their assigned duties while ensuring adequate separation of duties. The results of this review shall be presented to the
{{01-31-05 p.C-12318.5}}

board of directors and shall be recorded in the minutes of the board of directors' meeting.

[.10] 10. Within 60 days of the effective date of this ORDER, the board of directors will designate a knowledgeable and independent staff member, and fully implement procedures, to ensure a daily review of the: activity reports, exception reports, security logs, file maintenance activity, automatic transfer activity (including failed sign on attempts, and attempts at unauthorized access by unauthorized users) is conducted and that discrepancies and suspicious activities are reported to Bank management and the board of directors.

[.11] 11. Within 90 days of the effective date of this ORDER, the Board shall implement a Disaster Recovery/Business Continuity Plan that fully provides for the Bank's continuing operations during and after emergencies and disasters. The Disaster Recovery/Business Continuity Plan shall include a provision requiring that the Plan be tested no less than every twelve months, in accordance with recommended testing guidelines set forth in the Federal Financial Institutions Examination Council's "Business and Contingency Planning," IT Examination Handbook (March 2003).

[.12] 12. (a) Within 90 days after the effective date of this ORDER for 2005, and within the first 30 days of each calendar year thereafter, the board of directors shall develop or revise a written Profit Plan consisting of goals and strategies for improving the earnings of the Bank for each calendar year. The written Profit Plan shall include, at a minimum:

    (i) Identification of the major areas in, and means by, which the board of directors will seek to improve the Bank's operating performance including target levels for total assets and asset mix deemed necessary to safely and soundly reach profitability;

    (ii) Realistic and comprehensive budgets, which specifically address: legal expenses, retirement expenses, IT related expenses and salaries;

    (iii) budget review process to monitor the income and expenses of the Bank to compare actual figures with budgetary projections, with a report to the Bank's board of directors on not less than a monthly basis; and

    (iv) A description of the operating assumptions that form the basis for and support major projected income and expense components.

(b) Such written Profit Plan and any subsequent modification thereto shall be submitted to the Regional Director and the Commissioner for review and comment. No more than 30 days after the receipt of any comment from the Regional Director and the Commissioner, the board of directors shall approve the written Profit Plan. Such approval shall be recorded in the minutes of the board of directors' meeting. Thereafter, the Bank, its directors, officers, and employees shall follow the written Profit Plan and any subsequent modification.

[.13] 13. (a) Within 90 days after the effective date of this ORDER, the Bank shall formulate and adopt a revised, comprehensive Strategic Plan. The Plan required by this paragraph shall contain an assessment of the Bank's current financial condition and operating assumptions, both with and without the inclusion of capital augmentation through a non-recurring recovery from the United States Department of Agriculture ("USDA"); its market area; and a description of the operating assumptions that form the basis for major projected income and expense components other than the potential recovery from the USDA.

(b) The written Strategic Plan shall address, at a minimum:

    (i) Formulation of a mission statement establishing the board's vision for the future of the Bank;

    (ii) Formulation of a comprehensive assessment of the Bank's competitive strengths and weaknesses, including identification of the Bank's primary competitive advantage;

    (iii) Formulation of written strategies for maximizing the Bank's primary competitive advantage and limiting the impact of competitive weaknesses;

    (iv) Goals for managing the Bank in the absence of a recovery from the USDA;

    (v) Plans for attracting and retaining qualified individuals to fill vacancies in the lending and operations functions;

    (vi) Plans for sustaining adequate liquidity, including back-up lines of credit


{{01-31-05 p.C-12319.1}}

    to meet any unanticipated deposit withdrawals; and

    (vii) Other financial goals, including realistic pro forma statements for asset growth, capital adequacy, and earnings.

(c) The Bank shall submit the Strategic Plan to the Regional Director and the Commissioner for review and comment. No more than 30 days after the receipt of any comment from the Regional Director and Commissioner, the board of directors shall approve the Strategic Plan. Such approval shall be recorded in the minutes of the board of directors' meeting. Thereafter, the Bank shall implement and follow the Strategic Plan.

(d) Within 30 days from the end of each calendar quarter following the effective date of this ORDER, the Bank's board of directors shall evaluate the Bank's performance in relation to the Strategic Plan required by this paragraph and record the results of the evaluation, and any actions taken by the Bank, in the minutes of the board of directors' meeting at which such evaluation is undertaken.

(e) The Strategic Plan required by this ORDER shall be revised and submitted to the Regional Director and the Commissioner for review and comment 30 days after the end of each calendar year for which this ORDER is in effect. Within 30 days of receipt of all such comments from the Regional Director, and the Commissioner, the Bank shall approve the revised Strategic Plan, and record such approval in the minutes of a board of directors' meeting. Thereafter, the Bank shall implement the revised plan.

[.14] 14. (a) Within 90 days after the effective date of this ORDER, the Bank shall eliminate and/or correct all violations of law and regulation noted in the Report of Examination.

(b) Within 90 days after the effective date of this ORDER, the Bank shall implement procedures to ensure future compliance with all applicable laws and regulations.

[.15] 15. While this ORDER is in effect, the Bank shall not declare or pay any cash dividends on its capital stock without the prior written approval of the Regional Director and Commissioner.

[.16] 16. Following the effective date of this ORDER, the Bank shall send to its shareholders or otherwise furnish a description of this ORDER, (i) in conjunction with the Bank's next shareholder communication, and also (ii) in conjunction with its notice or proxy statement preceding the Bank's next shareholder meeting. The description shall fully describe the ORDER in all material respects. The description and any accompanying communication, statement, or notice shall be sent to the FDIC, Accounting & Securities Unit, 550 17th Street, N.W., Room F-6043, Washington, D.C. 20429 for review at least 20 days prior to dissemination to shareholders. Any changes requested to be made by the FDIC shall be made prior to dissemination of the description, communication, notice, or statement.

[.17] 17. On the twentieth day of each quarter following the effective date of this ORDER, the Bank shall furnish written progress reports to the Regional Director and the Commissioner detailing the form and manner of any actions taken to secure compliance with this ORDER and the results thereof. Such reports may be discontinued when the corrections required by this ORDER have been accomplished and the Regional Director and Commissioner have released the Bank in writing from making further reports.

This ORDER shall be binding on the Bank, its institution-affiliated parties, successors and assigns.

This ORDER shall become effective ten (10) calendar days after issuance.

Date: November 3, 2004.



ED&O Home | Search Form | Text Search | ED&O Help






Last Updated 4/16/2005 legal@fdic.gov