Federal Deposit
Insurance Corporation

[¶12,586] In the Matter of MCNB Bank and Trust Co., Welch, West Virginia, Docket No. 06-029b (5-3-06).

A cease and desist order was issued, based on findings by the FDIC that it had reason to believe that respondent was engaged in unsafe and unsound practices.

[.1] Audit—Written Policy Required

[.2] Violations of Law—Correction of Violations Required

[.3] Bank Secrecy Act—Compliance Program—Written Plan Required

[.4] Bank Secrecy Act—Compliance Officer Required

[.5] Bank Secrecy Act—Compliance—Board of Directors to Oversee

[.6] Customer Due Diligence Program—Establishment Required

[.7] Progress Report—Written Report Required

[.8] Shareholders—Disclosure of Cease and Desist Order Required

In the Matter of
MCNB BANK AND TRUST CO.
WELCH, WEST VIRGINIA
(Insured State Nonmember Bank)
ORDER TO CEASE AND DESIST

FDIC-06-029b

MCNB BANK AND TRUST COMPANY, WELCH, WEST VIRGINIA ("Bank"), having been advised of its right to a NOTICE OF CHARGES AND OF HEARING detailing the unsafe or unsound banking practices and violations of law, and/or regulations alleged to have been committed by the Bank and of its right to a hearing on the alleged charges under section 8(b)(1) of the Federal Deposit Insurance Act ("Act"), 12 U.S.C. §1818(b)(1), and having waived those rights, entered into a STIPULATION AND CONSENT TO THE ISSUANCE OF AN ORDER TO CEASE AND DESIST ("CONSENT AGREEMENT") with a representative of the Legal Division of the Federal Deposit Insurance Corporation ("FDIC") and the Commissioner for the West Virginia Division of Banking ("Commissioner") dated May 1, 2006. The Commissioner may issue an order to cease and desist pursuant to W. Va. Code §31A-2-4a (2005). Solely for the purpose of this proceeding and without admitting or denying the alleged charges of unsafe or unsound banking practices and violations of law, rules, and/or regulations, the Bank consented to the issuance of an ORDER TO CEASE AND DESIST ("ORDER") by the FDIC and the Commissioner.

The FDIC and the Commissioner considered the matter and determined that there is reason to believe that the Bank had engaged in unsafe or unsound banking practices and had committed violations of law and/or regulations. The FDIC and the Commissioner, therefore, accepted the CONSENT AGREEMENT and issued the following:

ORDER TO CEASE AND DESIST

IT IS HEREBY ORDERED, that the Bank, its institution-affiliated parties, as such term is defined in section 3(u) of the Act, 12 U.S.C. §1813(u), and its successors and assigns cease and desist from the following unsafe or unsound banking practices and violations of law, rules, and/or regulations:

(a) operating the Bank without effective Board of Directors ("Board") oversight and executive management supervision to prevent unsafe or unsound banking practices and violations of laws and regulations of the Bank Secrecy Act ("BSA"), subchapter II of Chapter 53 of Title 31 of the United States Code, and its implementing rules and regulations issued by the U.S. Department of Treasury, 31 C.F.R. Part 103; the FDIC's BSA compliance regulations, 12 C.F.R. §326.8 and the FDIC's suspicious activity report regulations, 12 C.F.R. Part 353 ("Part 353") (collectively, "BSA Rules");

(b) operating the Bank with an inadequate audit program to assure on-going compliance with the BSA Rules;

(c) operating in violation of law, rules, and/or regulations as identified on pages 6 through 9 of the Joint Visitation Report of the Bank dated October 31, 2005 ("Report");

(d) operating the Bank with an ineffective system of internal controls to ensure ongoing compliance with the BSA Rules;

(e) operating the Bank with an ineffective system of independent testing for compliance with the BSA Rules;

(f) operating the Bank with an ineffective training program for appropriate Bank personnel to ensure compliance with the BSA Rules;

(g) operating the Bank without effective coordinating and monitoring procedures by a designated individual responsible for ensuring day-to-day compliance with the BSA Rules;

IT IS FURTHER ORDERED, that the Bank, its institution-affiliated parties, and its successors and assigns take affirmative action as follows:

AUDITS

[.1] 1. Within sixty (60) days from the effective date of this ORDER, the Bank shall adopt and implement a comprehensive written audit program, which shall include quarterly and thorough reviews of the Bank's compliance with the BSA Rules and OFAC requirements. The Bank's internal auditor, or independent consultant approved by the FDIC and the Commissioner, shall make written quarterly reports of audit findings directly to the Board or a committee of the Board. The minutes of the meetings of the Board or committee of the Board shall reflect consideration of these reports and describe any action taken as a result of the audit findings.

The Bank shall submit the written audit program to the Regional Director of the FDIC's Atlanta Regional Office ("Regional Director") and the Commissioner (collectively "Supervisory Authorities") for review and comment. Upon receipt of comments from the Supervisory Authorities, if any, the Board shall approve and implement the audit program. The audit program and its implementation shall be in a form and manner acceptable to the Supervisory Authorities as determined at subsequent examinations and/or visitations.

VIOLATIONS OF LAW AND REGULATIONS

[.2] 2. Within sixty (60) days from the effective date of this ORDER, the Bank shall eliminate and/or correct all violations of law and/or regulations, which are more fully set out on pages 6 through 9 of the Report. In addition, the Bank shall take all necessary steps to ensure future compliance with all applicable laws and regulations.

BSA COMPLIANCE PLAN

[.3] 3. Within sixty (60) days from the effective date of this ORDER, the Bank shall develop and implement a written plan for the continued administration of a program reasonably designed to ensure and maintain compliance with the BSA Rules and the OFAC requirements ("Compliance Plan"). The Bank shall submit the Compliance Plan to the Supervisory Authorities for review and comment. Upon receipt of comments from the Supervisory Authorities, if any, the Board shall review, approve and implement the Compliance Plan. The Board's review and approval shall be recorded in the minutes of the meeting where the review and approval take place. At a minimum, the Compliance Plan shall:

(a) provide for a system of internal controls sufficient to comply in all material respects with the BSA Rules and OFAC requirements and establish a plan for implementing such internal controls. The internal controls shall include, at a minimum:

(i) procedures for the CIP and account opening procedures;

(ii) the Due Diligence Program required by paragraph 6 of this ORDER;

(iii) policies and procedures regarding the identification and reporting of cash transactions;

(iv) policies and procedures with respect to wire transfer recordkeeping requirements; and

(v) policies and procedures for transactions involving non-customers, including but not limited to, wire transfer services, traveler's checks, and foreign exchange services;

(b) provide for independent testing for compliance by the Bank with the BSA Rules and OFAC requirements to be conducted by an outside party on an annual basis and establish a plan for implementing such testing. The independent testing shall, at a minimum:

(i) test the Bank's internal procedures for monitoring compliance with the BSA Rules and OFAC requirements, including interviews of employees who handle cash transactions;

(ii) sample large currency transactions

followed by a review of the Currency Transaction Report ("CTR") filings;

(iii) test the validity and reasonableness of the customer exemptions granted by the Bank;

(iv) test the Bank's recordkeeping system for compliance with the BSA Rules and OFAC requirements; and

(v) document the scope of the testing procedures performed and the findings of the testing.

The Board shall require a written report documenting the testing results and providing recommendations for improvement. The Board minutes shall record the Board's consideration of the written report and the steps taken to correct any exceptions noted and address any recommendations made during each independent test. A copy of the independent test results shall be promptly provided to the Supervisory Authorities upon receipt; and

(c) provide for a suitable training program to assure that the Board, all appropriate Bank personnel including, without limitation, tellers, customer service representatives, lending officers, private and personal banking officers, and all other customer contact personnel, receive and document regular on-going training in all aspects of regulatory and internal policies and procedures related to the BSA Rules, the CIP, and the OFAC requirements, with a specific concentration on the currency and monetary instruments reporting requirements and the reporting requirements associated with Suspicious Activity Reports ("SARs") and CTRs.

BSA OFFICER

[.4] 4. The Board shall have at all times a qualified individual responsible for managing, coordinating and monitoring the Bank's day-to-day compliance with the BSA Rules, the OFAC requirements, the CIP, and the Compliance Plan ("BSA Officer"). The BSA Officer shall report directly to the Board or to the committee established by the Board pursuant to paragraph 5 of this ORDER ("Directors' Committee"). The Board shall ensure the BSA Officer has the necessary authority to implement all aspects of the Compliance Plan. The BSA Officer shall provide monthly comprehensive written reports to the Directors Committee regarding the Bank's adherence to the Compliance Plan and this Order, including, without limitation, the identification of timely, accurate and complete reporting to law enforcement and supervisory authorities of unusual or suspicious activity or known or suspected criminal activity perpetrated against or involving the Bank.

DIRECTORS' COMMITTEE

[.5] 5. Within thirty (30) days from the effective date of this ORDER, the Board shall establish a Directors' Committee to oversee the Bank's compliance with the BSA Rules, OFAC requirements, the CIP and the Compliance Plan. At least two-thirds of the members of the Directors' Committee shall be independent, outside directors. The Directors' Committee shall review the comprehensive monthly reports from the BSA Officer regarding the Bank's compliance with the BSA Rules, OFAC requirements, the CIP, and the Compliance Plan. The Directors' Committee shall present a report regarding the Bank's compliance to the Board at each regularly scheduled meeting of the Board, which shall be recorded in the appropriate minutes of the Board meeting and retained in the Bank's records. Nothing herein contained shall be construed to diminish the responsibility of the entire Board to assure compliance with the provisions of the Compliance Plan.

DUE DILIGENCE PROGRAM

[.6] 6. Within one hundred twenty (120) days from the effective date of this ORDER, the Bank shall develop, adopt, and implement a written customer due diligence program ("Due Diligence Program"), which shall provide for a risk focused assessment of the Bank's customer base to determine the appropriate level of Enhanced Due Diligence ("EDD") necessary for those categories of customers that the Bank has reason to believe pose a heightened risk of illicit activities at the Bank.

(a) The Due Diligence Program shall provide for, at a minimum:

(i) time limits for Bank personnel to respond to account activity exceptions;

(ii) time limits for determining if exceptions require a SAR; and

(iii) identification of customers requiring site visitations and the frequency of visitations.

(b) The EDD shall include procedures to:

(i) determine the appropriate documentation

necessary to confirm the identity and business activity of the customer;

(ii) understand the normal and expected transactions of the customer; and

(iii) reasonably assure the identification and timely, accurate, and complete reporting of known or suspected criminal activity against or involving the Bank to law enforcement and the Supervisory Authorities, as required by the suspicious activity reporting provisions of Part 353.

PROGRESS REPORTS

[.7] 7. Within thirty (30) days from the end of the first quarter following the effective date of this ORDER, and within 30 days of the end of each quarter thereafter, the Bank shall furnish written progress reports to the Supervisory Authorities detailing the form and manner of any actions taken to secure compliance with this ORDER and the results thereof. Such reports may be discontinued when the corrections required by this ORDER have been accomplished and the Supervisory Authorities have released the Bank in writing from making further reports. All progress reports and other written responses to this ORDER shall be reviewed by the Board and made a part of the minutes of the appropriate Board meeting.

DISCLOSURE TO SHAREHOLDERS

[.8] 8. Following the effective date of this ORDER, the Bank shall send to its shareholders or otherwise furnish a description of this ORDER (i) in conjunction with the Bank's next shareholder communication; and (ii) in conjunction with its notice or proxy statement preceding the Bank's next shareholder meeting. The description shall fully describe the ORDER in all material respects. The description and any accompanying communication, statement, or notice shall be sent to the FDIC, Accounting and Securities Disclosure Section, Washington, D.C. 20429 and to the West Virginia Division of Banking, Building 3, Room 311, 1900 Kanawha Boulevard, East, Charleston, West Virginia 25305, to review at least twenty (20) days prior to dissemination to shareholders. Any changes requested to be made by the FDIC or the West Virginia Division of Banking shall be made prior to dissemination of the description, communication, notice, or statement.

This ORDER shall become effective 10 days from the date of its issuance. The provisions of this ORDER shall remain effective and enforceable except to the extent that, and until such time as, any provisions of this ORDER shall have been modified, terminated, suspended, or set aside in writing by the FDIC.

Pursuant to delegated authority.

Dated this 3rd day of May, 2006.