Home > Regulation & Examinations > Bank Examinations > FDIC Enforcement Decisions and Orders
FDIC Enforcement Decisions and Orders
A cease and desist order was issued, based on findings by the FDIC that it had reason to believe that respondent was engaged in unsafe and unsound practices.
[.1] ManagementQualifications Specified
[.2] Bank Secrecy ActCompliance
[.3] Bank Secrecy ActCompliance Officer Required
[.4] Customer Due Diligence ProgramEstablishment Required
[.5] Bank Secrecy ActReview of High Risk Accounts Required
[.6] Information Technology PlanImplementation of Required
[.7] Strategic PlanPreparation of Required
[.8] Profit PlanPreparation of Plan Required
[.9] Bank Secrecy ActComplianceAudit
[.10] Violations of LawCorrection of Violations Required
[.11] Progress ReportWritten Report Required
In the Matter of
GREAT EASTERN BANK OF FLORIDA, MIAMI, FLORIDA ("Bank"), having been advised of its right to a NOTICE OF CHARGES AND OF HEARING detailing the unsafe or unsound banking practices and violations of laws, rules, and/or regulations alleged to have been committed by the Bank and of its right to a hearing on the alleged charges under section 8(b)(1) of the Federal Deposit Insurance Act ("Act"), 12 U.S.C. §1818(b)(1), and having waived those rights, entered into a STIPULATION AND CONSENT TO THE ISSUANCE OF AN ORDER TO CEASE AND DESIST ("CONSENT AGREEMENT") with a representative of the Legal Division of the Federal Deposit Insurance Corporation ("FDIC") and the Director ("Director") of the Florida Office of Financial Regulation ("OFR") dated April 26, 2006. The Director may issue an order to cease and desist pursuant to Fla. Stat. §655.033 (2005). Whereby, solely for the purpose of this proceeding and without admitting or denying any of the alleged charges of unsafe or unsound banking practices and violations of laws, rules, and/or regulations, the Bank consented to the issuance of an ORDER TO CEASE AND DESIST ("ORDER") by the FDIC and the Director.
The FDIC and the Director considered the matter and determined that there is reason to believe that the Bank has engaged in unsafe or unsound banking practices and has committed violations of laws, rules, and/or regulations. The FDIC and the Director, therefore, accepted the CONSENT AGREEMENT and issued the following:
ORDER TO CEASE AND DESIST
IT IS HEREBY ORDERED, that the Bank, its Bank-affiliated parties, as such term is defined in section 3(u) of the Act, 12 U.S.C. §1813(u), and its successors and assigns cease and desist from the following unsafe or unsound banking practices and violations of law, rules and/or regulations:
(a) operating without effective Board of Directors ("Board") oversight and executive management supervision to prevent unsafe or unsound banking practices and violations of law, rules and regulations including, but not limited to, the Bank Secrecy Act ("BSA"), subchapter II of Chapter 53 of Title 31 of the United States Code, and its implementing rules issued by the U.S. Department of Treasury, 31 C.F.R. Part 103; and the FDIC's BSA compliance regulations, 12 C.F.R. §326.8 and the FDIC's suspicious activity report regulations, 12 C.F.R. Part 353 ("Part 353") and Florida's Anti-Money Laundering Act Fla. Stat §655.50 (2005) (collectively, "BSA Rules");
(b) operating without effective Board and executive management supervision of the Information Technology ("IT") area to ensure compliance with rules and regulations and to prevent potential losses;
(c) operating with an inadequate strategic plan;
(d) operating with an inadequate profit plan;
(e) operating with an inadequate audit program to ensure ongoing compliance with the BSA Rules;
(f) operating in violation of law, rules, and regulations as identified on pages 13 and 14 of the FDIC Report of Examination of the Bank dated December 12, 2005 ("Report");
(g) operating with an ineffective system of internal controls to ensure ongoing compliance with the BSA Rules;
(h) operating with an ineffective training program for appropriate Bank personnel to ensure compliance with the BSA Rules;
(i) operating without effective coordinating and monitoring procedures by a designated individual responsible for ensuring day-to-day compliance with the BSA Rules;
(j) operating without an effective system of independent testing for compliance with the BSA Rules; and
(k) operating with an ineffective customer identification program ("CIP"). CIP is the collective reference to section 103.121 of the Rules and Regulations of the Department of the Treasury, 31 C.F.R. §103.121.
IT IS FURTHER ORDERED, that the Bank, its institution-affiliated
parties, and its
successors and assigns take affirmative action as follows:
[.1] 1. Within ninety (90) days from the effective date of this ORDER, the Bank shall have qualified management, including a chief executive officer and an appropriate number and type of senior officers, with the requisite knowledge, skills, ability, and experience, giving consideration to the size and complexity of the Bank, to operate the Bank in a safe and sound manner, and in compliance with applicable laws, rules and regulations, and to restore the Bank to a satisfactory financial condition and BSA compliance. Each member of management shall be provided appropriate warrant authority from the Bank's Board to implement the provisions of this ORDER.
(a) Immediately and periodically during the life of this ORDER, but no less frequently than annually, management shall be assessed on its ability to comply with the requirements of this ORDER, all applicable State and Federal laws, rules and regulations, FDIC and FFIEC policy statements, and the Bank's approved policies and procedures.
(b) Each member of management shall have the qualifications and experience commensurate with his or her duties and responsibilities at the Bank. At a minimum management shall include:
(i) a chief executive officer with proven ability in managing a bank of comparable size and in effectively implementing lending, investment, and operating policies in accordance with sound banking practices; and
(ii) a chief financial officer with a significant amount of appropriate experience in managing the financial and financial reporting aspects of a bank of similar size and complexity in accordance with sound banking practices; and
(iii) a chief operations officer with a significant amount of appropriate experience in managing the operations aspects of a bank of similar size and complexity in accordance with sound banking practices.
(c) During the life of this ORDER, the Bank shall notify the Regional Director of the FDIC's Atlanta Regional Office, Division of Supervision and Consumer Protection ("Regional Director") and the Director (collectively, "Supervisory Authorities"), in writing, of any resignations and/or terminations of any members of its Board and/or any of its senior officer(s) within fifteen (15) days of the event. The Bank shall also establish procedures to ensure compliance with section 32 of the Act, 12 U.S.C. §1831i and Subpart F of Part 303 of the FDIC's FDIC Rules and Regulations, 12 C.F.R. §§ 303.100 through 303.103, and Fla, Stat. §655.0385(1) (2005). In addition, the Bank shall notify the Supervisory Authorities in writing when it proposes to add any individual to the Bank's Board or employ any individual as a senior executive officer. The notification must be received by the Regional Director at least thirty (30) days before such addition or employment is intended to become effective and should include a description of the background and experience of the individual(s) to be added or employed. The notification must be received by the Director of the OFR at least sixty (60) days before such addition or employment is intended to become effective and should include a description of the background and experience of the individual(s) to be added or employed. If the Regional Director or the Director issues a notice of disapproval pursuant to section 32 of the Act, 12 U.S.C. §1831i, or Fla. Stat. §655.0385(2) (2005), with respect to any proposed individual, then such individual may not be added or employed by the Bank.
(d) To facilitate having and retaining qualified management, the Board shall in no more than sixty (60) days from the effective date of this ORDER, develop a written analysis and assessment of the Bank's management and staffing needs ("Management Plan") which shall include, at a minimum:
(i) identification of the type and number of officer positions needed to manage and supervise the affairs of the Bank, detailing any vacancies or additional needs and giving appropriate consideration to the size and complexity of the Bank;
(ii) evaluation of the current and past performance of all existing Bank officers, including executive officers and staff members, indicating whether the individuals are competent and qualified to perform present and anticipated duties, adhere to the Bank's established policies and practices, and operate the Bank in a safe and sound manner;
(iii) establish a plan to terminate, rotate, or reassign officers and staff as necessary, as well as recruit and retain qualified personnel
consistent with the needs identified in the Management Plan;
(iv) contain a current organizational chart that identifies all existing and proposed staff and officer positions, delineates related lines of authority and accountability, and establishes a written plan for addressing any identified needs; and
(v) shall establish a Board committee ("Directors' Committee"), consisting of at least five (5) members, responsible for ensuring compliance with the ORDER, overseeing corrective measures with respect to the ORDER, and reporting to the Board. More than fifty (50) percent of the members of the Directors' Committee shall be independent directors as defined herein. The Directors' Committee shall monitor compliance with this ORDER and, within thirty (30) days from the effective date of this ORDER, and every thirty (30) days thereafter, shall submit a written report detailing the Bank's compliance with this ORDER ("Compliance Report") to the Board, for review and consideration during its regularly scheduled meeting. The Compliance Report and any discussion related to the Compliance Report or the ORDER shall be incorporated into the minutes of the meeting of the Board. Nothing contained herein shall diminish the responsibility of the entire Board to ensure compliance with the provisions of this ORDER.
(c) An "independent director" shall be a member of the Board who
(i) is not employed in any capacity by the Bank, any of its subsidiaries, or affiliated organizations, other than as a director;
(ii) does not own or control more than (10) percent of the outstanding shares of the Bank or its parent company;
(iii) is not related by blood or marriage to an officer or director of the Bank or its affiliates, or to any shareholder owning more than ten (10) percent of the outstanding shares of the Bank or its parent company, and who does not otherwise share a common financial interest with such officer, director or shareholder; and
(iv) is not indebted, directly or indirectly, to the Bank or any of its affiliates, including the indebtedness of any entity in which the individual has a substantial financial interest, in an amount exceeding five (5) percent of the Bank's total Tier 1 capital and allowance for loan and lease losses.
(f) The Management Plan and any subsequent modification thereto shall be submitted to the Supervisory Authorities for review and comment. No more than 30 days from the receipt of any comment from the Supervisory Authorities, and after consideration of such comment, the Board shall approve the Management Plan and/or any subsequent modification thereto, which approval shall be recorded in the minutes of the Board. Thereafter, the Bank and its institution-affiliated parties shall implement the Management Plan and/or any subsequent modification.
BSA COMPLIANCE PLAN
[.2] (a) Within ninety (90) days from the effective date of this ORDER, the Bank shall develop and implement a written plan for the continued administration of a program reasonably designed to ensure and maintain compliance with the BSA Rules and the CIP ("Compliance Plan"). The Bank shall submit the Compliance Plan to the Supervisory Authorities for review and comment. Upon receipt of comments from the Supervisory Authorities, if any, the Board shall review, approve, and implement the Compliance Plan. The Board's review and approval shall be recorded in the minutes where the review and approval take place. The Bank's Compliance Plan shall ensure the Bank's future compliance with the BSA Rules. At a minimum, the Compliance Plan shall include the following:
(i) procedures for the Bank's CIP and account opening procedures;
(ii) policies and procedures with respect to high-risk accounts and customers, including the adequacy of methods for identifying and conducting due diligence on high-risk accounts and customers at account opening and thereafter, and for monitoring high-risk client relationships on a transaction basis as well as by account and customer;
(iii) policies, procedures, and systems for identifying, evaluating, monitoring, investigating and reporting suspicious activity, particularly including transactions involving high-risk customers or accounts, and/or high-risk jurisdictions, and the appropriateness of the Bank's criteria for designating an account as high-risk and assessing
the Bank's procedures and systems for identifying and monitoring customer transactions in accordance with the BSA Rules;
(iv) policies and procedures regarding the identification and reporting of cash transactions;
(v) policies and procedures with respect to wire transfer recordkeeping requirements;
(vi) policies and procedures for transactions involving non-customers, including, but not limited to, wire transfer services, traveler's check services, and foreign exchange services;
(vii) independent annual testing for compliance with the BSA in accordance with the procedures described in section 326.8 of the FDIC's Rules and Regulations, 12 C.F.R. §326.8; and
(viii) establishment and documentation of training on a regular and on-going basis for management and Bank personnel on all relevant aspects of laws, rules, regulations, and Bank policies and procedures relating to the BSA Rules, with a specific concentration on the currency and monetary instruments reporting requirements and the reporting requirements associated with Suspicious Activity Reports ("SARs") and Currency Transaction Report ("CTRs").
(b) Within sixty (60) days from the date of adoption by the Board of the Compliance Plan, the Bank shall arrange for an independent test and sampling of the Bank's Compliance Plan to ensure the Bank's ongoing compliance. A copy of the independent test results shall be provided promptly to the Supervisory Authorities.
(c) The independent testing shall, at a minimum:
(i) test the Bank's internal procedures for monitoring compliance with the BSA Rules, including interviews of employees who handle cash transactions;
(ii) sample large currency transactions followed by a review of the CTR filings;
(iii) test the validity and reasonableness of the customer exemptions granted by the Bank;
(iv) test the Bank's recordkeeping system for compliance with the BSA Rules; and
(v) document the scope of the testing procedures performed and the findings of the testing.
The results of each independent test as well as any apparent exceptions noted during the testing shall be presented to the Board. The Board shall record the steps taken to correct any exceptions noted and address any recommendations made during each independent test in the minutes of the meeting.
[.3] 3. Within thirty (30) days from the effective date of the ORDER, the Board shall designate a qualified officer responsible for managing, coordinating, and monitoring the Bank's BSA compliance program ("BSA Officer"). The BSA Officer shall have the responsibility and necessary authority to ensure the Bank's compliance with the BSA Rules and related matters, including, without limitation, the identification of timely, accurate and complete reporting to law enforcement and supervisory authorities of unusual or suspicious activity, or known or suspected criminal activity perpetrated against or involving the Bank. The BSA Officer shall report directly to the Board or the Directors' Committee Directors' Committee established by the Board pursuant to paragraph 1 of this ORDER. The Board shall ensure the BSA Officer has the necessary authority to implement all aspects of the Compliance Plan. The BSA Officer shall provide monthly comprehensive written reports to the Directors' Committee regarding the Bank's adherence to the Compliance Plan and this ORDER.
DUE DILIGENCE PROGRAM
[.4] 4. Within sixty (60) days from the effective date of this ORDER, the Bank shall develop, adopt, and implement a written customer due diligence program ("Due Diligence Program"), which shall provide for a risk focused assessment of the Bank's customer base to determine the appropriate level of Enhanced Due Diligence ("EDD") necessary for those categories of customers that the Bank has reason to believe pose a heightened risk of illicit activities at the Bank.
(a) The Due Diligence Program shall provide for, at a minimum:
(i) time limits for Bank personnel to respond to account activity exceptions;
(ii) time limits for determining if exceptions require a SAR; and
(iii) identification of customers requiring
site visitations and frequency of visitations;
(b) The EDD shall include the following procedures:
(i) determine the appropriate documentation necessary to confirm the identity and business activity of the customer;
(ii) understand the normal and expected transactions of the customer; and
(iii) reasonably ensure the identification and timely, accurate, and complete reporting of known or suspected criminal activity against or involving the Bank to law enforcement and the Supervisory Authorities, as required by the suspicious activity reporting provisions of Part 353.
REVIEW OF HIGH-RISK ACCOUNTS AND TRANSACTIONS
[.5] (a) Within ninety (90) days from the effective date of the ORDER, the BSA Officer shall review all high-risk accounts and high-risk transactions, including but not limited to the Bank's large CTRs, cash purchases of monetary instruments, wire transfer activity, money service businesses, foreign correspondent banks, and foreign exchange services for the period July 1, 2004, to December 31, 2004, ("Initial Review") in order to determine which accounts merit an additional review. The BSA Officer shall prepare and file any additional CTRs and SARs necessary based upon the Initial Review. Within one hundred and twenty (120) days after the Initial Review, the BSA Officer shall review the account activity for the period January 1, 2005, to December 31, 2005, for: (1) those high risk accounts identified in the Initial Review as requiring the additional review and (2) any other accounts opened during the period January 1, 2005 to December 31, 2005, that are identified as high risk, and shall prepare and file any additional CTRs and SARs necessary based upon the review. In particular, this review shall include the entities identified on pages 9, 10, and 19 of the Report. Documentation supporting any determination made pursuant to this paragraph shall be retained in the Bank's records for such period of time as may be required by any applicable rules and regulations.
(b) Upon completion of the reviews required pursuant to the subparagraph above, the Bank shall submit the findings of the review and copies of any additional SARs and CTRs filed to the Regional Director and the OFR.
[.6] Within sixty (60) days from the effective date of this ORDER, the Bank shall develop and implement a written plan for the continued administration of the Bank's IT risk management practices and controls designed to, among other things, ensure and maintain proper Board and executive management oversight of the IT areas of the Bank ("IT Corrective Plan"). The Bank shall submit the IT Corrective Plan to the Supervisory Authorities for review and comment. Upon receipt of comments from the Supervisory Authorities, if any, the Board shall review and approve the IT Corrective Plan, which review and approval shall be recorded in the minutes. Thereafter, the Bank shall implement the IT Corrective Plan. At a minimum, the IT Corrective Plan shall:
(a) establish a formal IT audit program that provides comprehensive and ongoing audit coverage, the scope of which shall be based on a comprehensive risk assessment. The audit program shall include the areas recommended in the Audit Booklet of the Federal Financial Institutions Examination Council's Information Technology Examination Handbook dated August 2003. The audit program shall be implemented by individuals or third parties possessing sufficient experience and expertise in conducting such audits. All audit reports shall be submitted to the Board for review, which shall be noted in the minutes of the meeting of the Board.
(b) establish a tracking system for audit and examination exceptions that includes the source of the exception, corrective action promised, the person responsible for the corrective action, the date by which the corrective action is due, and internal auditor reporting at each Audit Committee meeting of all outstanding exceptions and exceptions cleared since the previous meeting; and
(c) institute procedures to ensure meeting the standards contained in
Part 364, Appendix B, of the FDIC's Rules and Regulations, 12 C.F.R.
Part 364, including the performance of a comprehensive information
security assessment, development of a corporate information security
policy, formal training for employees and management, annual audits for
adherence to the standards,
and regular review of the status of the IT audit program by the Board.
[.7] Within ninety (90) days from the effective date of this ORDER, the Bank shall prepare and submit to the Supervisory Authorities a written strategic/business plan covering the overall operation of the Bank. The plan shall be in a form and manner acceptable to the Supervisory Authorities as determined at subsequent examinations and/or visitations. At a minimum the plan shall cover three years and provide specific objectives for asset growth, loan portfolio and deposit mix, market focus, earnings projections, capital needs, and liquidity position.
[.8] (a) Within sixty (60) days from the effective date of this ORDER, and within the first 30 days of each calendar year thereafter, the Board shall develop and fully implement a written profit plan consisting of goals and strategies, consistent with sound banking practices, and taking into account the Bank's other written plans, policies, or other actions as required by this ORDER. The profit plan and any subsequent modification thereto shall be submitted to the Supervisory Authorities for review and comment. No more than 30 days after the receipt of any comment from the Regional Director or the OFR, the Board shall approve the profit plan which approval shall be recorded in the minutes of the meeting of the Board. Thereafter, the Bank, its directors, officers, and employees shall fully implement the profit plan and any subsequently approved modification. The written profit plan shall include, at a minimum:
(i) identification of the major areas in and means by which the board will seek to improve the Bank's operating performance;
(ii) specific goals to improve the net interest margin, increase interest income, reduce discretionary expenses, and improve and sustain earnings, as well as maintain adequate provisions to the allowance for loan and lease losses;
(iii) realistic and comprehensive budgets for all categories of income and expense items;
(iv) a description of the operating assumptions that form the basis for, and adequately support, material projected revenue and expense components;
(v) coordination of the Bank's loan, investment, funds management, and operating policies; strategic plan; and allowance for loan and lease loss methodology with the profit and budget planning;
(vi) a budget review process to monitor the revenue and expenses of the Bank whereby actual performance is compared against budgetary projections not less than quarterly; recording the results of the evaluation and any actions taken by the Bank in the minutes of the Board meeting at which such evaluation is undertaken; and
(vii) individual(s) responsible for implementing each of the goals and strategies of the profit plan.
[.9] 9. Within sixty (60) days from the effective date of this ORDER, the Bank shall adopt and implement a comprehensive written audit program, which shall include periodic and thorough reviews of the Bank's compliance with the BSA Rules with significant exceptions reported directly to the Board. The minutes of the meetings of the Board shall reflect consideration of these reports and describe any action taken as a result thereof.
The audit program and its implementation shall be approved by the Board and shall be in a form and manner acceptable to the Supervisory Authorities as determined at subsequent examinations and/or visitations. The Bank shall thereafter implement and enforce an effective system of internal and external audits, which includes a tracking and follow-up action matrix reviewed by the Board for audit exceptions.
VIOLATIONS OF LAW AND REGULATION
[.10] 10. Within the time periods identified in paragraphs 2 through 5 of this ORDER, the Bank shall take steps necessary, consistent with sound banking practices, to eliminate and/or correct all violations of laws, rules and regulations on pages 1314 in the Report and shall adopt and implement appropriate procedures to ensure future compliance with all applicable laws, rules, and regulations.
[.11] Within thirty (30) days from the end of the first calendar
quarter following the effective date of this ORDER, and within 30 days
of the end of each quarter thereafter, the Bank shall furnish written
progress reports to
the Supervisory Authorities detailing the form and manner of any actions taken to secure compliance with this ORDER and the results thereof. Such reports may be discontinued when the corrections required by this ORDER have been accomplished and the Supervisory Authorities have released the Bank in writing from making further reports. Such written progress reports shall provide cumulative detail of the Bank's progress toward achieving compliance with each provision of the ORDER, including at a minimum:
(i) description of the identified weaknesses and deficiencies;
(ii) provision(s) of the ORDER pertaining to each weakness or deficiency;
(iii) actions taken or in-process for addressing each deficiency;
(iv) results of the corrective actions taken;
(v) the Bank's status of compliance with each provision of the ORDER; and
(vi) appropriate supporting documentation.
All progress reports and other written responses to this ORDER shall be reviewed by the Board and made a part of the minutes of the appropriate Board meeting.
DISCLOSURE TO SHAREHOLDERS
[.12] Following the effective date of this ORDER, the Bank shall provide to its shareholders or otherwise furnish a description of this ORDER (i) in conjunction with the Bank's next shareholder communication, and (ii) in conjunction with its notice or proxy statement preceding the Bank's next shareholder meeting. The description shall fully describe the ORDER in all material respects. The description and any accompanying communication, statement, or notice shall be sent to the FDIC, Division of Supervision and Consumer Protection, Accounting and Securities Disclosure Section, 550 16th Street, N.W., Room F-6066, Washington, D.C. 20429 and to the OFR, 200 East Gaines Street, Tallahassee, Florida 32399-0371, to review at least twenty (20) days prior to dissemination to shareholders. Any changes requested to be made by the FDIC or the OFR shall be made prior to dissemination of the description, communication, notice, or statement.
This ORDER shall become effective 10 days from the date of its issuance. The provisions of this ORDER shall remain effective and enforceable except to the extent that, and until such time as, any provisions of this ORDER shall have been modified, terminated, suspended, or set aside in writing by the FDIC.
Pursuant to delegated authority.
Dated this 11th day of May, 2006.
|Last Updated firstname.lastname@example.org|