Federal Deposit
Insurance Corporation

   A cease and desist order was issued, based on findings by the FDIC that it had reason to believe that respondent had engaged in unsafe and unsound practices. (This order was terminated by order of the FDIC dated 2-4-00; see ¶16,252)

   [.1] Bank Secrecy Act—Compliance Program—"Knowing Your Customer" Policies
   [.2] Bank Secrecy Act—Compliance—Directors' Committee to Oversee
   [.3] Bank Operation—Education Plan, Compliance With Law and Regs
   [.4] Currency Transactions—Internal Review Procedure
   [.5] Bank Secrecy Act—Compliance—Audit
   [.6] Violations of Law—Correction of Violations Required
   [.7] Shareholders—Disclosure of Cease and Desist Order Required

In the Matter of
GREAT EASTERN BANK OF
FLORIDA
MIAMI,FLORIDA
(Insured State Nonmember Bank)
ORDER TO CEASE AND DESIST
FDIC-98-079b
   Great Eastern Bank of Florida, Miami, Florida ("Bank"), having been advised of its right to a written Notice of Charges and of Hearing detailing unsafe or unsound banking practices and violations of applicable laws and regulations alleged to have been committed by the Bank and of its right to a hearing regarding such alleged charges under section 8(b)(1) of the Federal Deposit Insurance Act ("Act") 12 U.S.C. Section 1818(b)(1), and having waived those rights, entered into a STIPULATION AND CONSENT TO THE ISSUANCE OF AN ORDER TO CEASE AND DESIST ("CONSENT AGREEMENT") with a representative of the Legal Division of the Federal DepositInsurance Corporation ("FDIC"), dated August 28, 1998. Whereby solely for the purpose of this proceeding and without admitting or denying any of the alleged charges of unsafe or unsound banking practices and alleged violations of applicable laws and regulations, the Bank has consented to the issuance of an ORDER TO CEASE AND DESIST ("ORDER") by the FDIC.
   The FDIC considered the matter and determined that it had reason to believe that the Bank had engaged in unsafe or unsound banking practices and had committed violations of applicable laws and regulations.
   The FDIC, therefore, accepted the CONSENT AGREEMENT and issued the following:

   IT IS HEREBY ORDERED, that the Bank, its institution-affiliated parties, as such term is defined in section 3(u) of the Act, 12 U.S.C. Section 1813(u), and its successors and assigns cease and desist from the following unsafe or unsound banking practices and violations of laws and regulations:
   A. Operating the Bank without effective Board of Directors and executive management supervision to prevent unsafe or unsound {{10-31-98 p.C-4605}}practices and violations of laws and regulations related to the Bank Secrecy Act and its implementing regulations at 12 C.F.R. Part 326 and 31 C.F.R. Part 103 (hereinafter, "Bank Secrecy Act"); and Part 353 of the FDIC Rules and Regulations, [12 C.F.R. Part 353];
   B. Failing to assure accurate and timely filing of Suspicious Activity Reports, pursuant to Section 353.3(a) of FDIC's Rules and Regulations [12 C.F.R. Section 353.3(a)];
   C. Operating the Bank with an ineffective system of internal controls to assure ongoing compliance with the Bank Secrecy Act and Part 353;
   D. Operating the Bank with an ineffective system of independent testing for compliance with the Bank Secrecy Act and Part 353;
   E. Operating the Bank with an ineffective training program for appropriate Bank personnel to assure compliance with the Bank Secrecy Act and Part 353;
   F. Operating the Bank with ineffective coordinating and monitoring procedures by a single, designated, responsible individual to assure compliance with the Bank Secrecy Act and Part 353;
   G. Failing to implement an effective "Know Your Customer" policy and procedure; and
   H. Engaging in violations of applicable Federal laws and regulations as more fully described on pages 19 through 22 of the FDIC Report of Visitation of the Bank as of January 6, 1998 ("ROV").
   IT IS FURTHER ORDERED that the Bank, its institution-affiliated parties, and its successors and assigns take affirmative action as follows:

   [.1] 1. Within sixty (60) days from the effective date of this ORDER, the Bank shall develop and implement a written plan of action regarding the Bank's Bank Secrecy Act ("BSA") Compliance Program and "Know Your Customer" ("KYC") Policies and Procedure (collectively, "Action Plan"). The Bank shall submit the Action Plan to the Regional Director of the FDIC's Atlanta Regional Office, Division of Supervision (the "Regional Director") and to the Comptroller of the State of Florida ("Comptroller") for review. Upon receipt of the FDIC's and the Comptroller's comments, if any, the Bank's Board of Directors shall review and approve the Action Plan. After the Bank's Board of Directors has approved the Action Plan, the review and approval shall be recorded in the minutes of the Bank's Board of Directors. Thereafter, the Bank and its successors and assigns shall implement the written Action Plan. At a minimum, the Action Plan shall:

   (a) Require a system of internal controls sufficient to assure the Bank's compliance with BSA, its KYC policies and procedures, and Part 353 and establish a plan for implementing such internal controls;
   (b) Require a system of adequate independent testing for the Bank's compliance with BSA, Part 353 and the FDIC's Rules and Regulations, and the Bank's KYC policies and procedures, and establish a plan for implementing such independent testing;
   (c) Require an appropriate training program for the Bank to assure that appropriate personnel are trained to comply with BSA, Part 353, and the Bank's KYC policies and procedures and establish a plan to implement such training;
   (d) Designate a senior Bank official responsible for coordinating and monitoring day-to-day compliance with BSA, Part 353, and the Bank's KYC policies and procedures.

   [.3] 3. (a) Within thirty (30) days from the effective date of this order, the Bank shall establish and implement monitoring and reporting procedures for Suspicious Activity Reports ("SARs") and Currency Transaction {{10-31-98 p.C-4606}}
   Reports ("CTRs") to ensure that all appropriate bank employees are aware of the proce dures and their responsibilities in implementing the procedures;
   (b) Within sixty (60) days from the effective date of this Order, the Bank shall review each SAR and CTR filed by the Bank in 1997 and 1998 for inaccuracies and/or incompleteness. After such review is completed, the Bank shall contact the Financial Crimes Enforcement Network of the Department of the Treasury regarding refiling of inaccurate and/or incomplete SARs and CTRs and provide requested written material to complete the file information on any inaccurate and/or incomplete SAR or CTR;
   (c) Within sixty (60) days from the effective date of this Order, the Bank shall review the suspicious activities noted in the ROV on pages 6 through 16, and determine whether a SAR should be filed. Documentation supporting the determination shall be retained in the records of the Bank. If the Bank determines a SAR shall be filed, it shall follow its procedures with respect to the filing and retention of documentation.

   [.4] 4. Within sixty (60) days from the effective date of this order, the Bank shall establish and implement a system for identifying, verifying, monitoring, and determining the appropriateness of accounts with frequent cash and wire transfer deposits and withdrawals.
   5. Within thirty (30) days from the effective date of this order, the Bank shall establish and implement a procedure for monitoring currency exchanges.
   6. (a) Within sixty (60) days from the effective date of this order, the Bank shall revise its current KYC policy. The Bank shall establish revised procedures for identifying and verifying in each deposit account that is expected to have frequent cash or wire transfer activity, the type and dollar volume of transactions that the Bank anticipates will occur within defined time periods. The Bank shall implement all aspects of such KYC policy and procedure.
   (b) Within sixty (60) days from the effective date of this Order, the Bank shall develop and implement internal control procedures requiring regular periodic comparison of actual activity in each account identified in 6(a) above against expected or anticipated activity. Such internal control procedures shall include procedures for identifying and documenting significant variances between anticipated and actual activity and for reporting variances to Bank management and, when appropriate, the filing of SARS.

   [.5] 7. Within thirty (30) days from the effective date of this ORDER, the Bank shall amend its audit policies, procedures, and practices, both with regard to internal audits and with regard to external audits, so that the Bank's compliance with the BSA, Part 353, and the Bank's KYC policies and procedures become subject to periodic review as part of the Bank's routine auditing. As long as this Order shall remain in effect, the Bank's internal and external audits shall include reviews of these areas, with significant exceptions reported directly to the Bank's Board of Directors.

   [.6] 8. Within sixty (60) days from the effective date of this ORDER, the Bank shall take all necessary steps, consistent with sound banking practices, to eliminate or correct all violations of law and regulations committed by the Bank, as described on pages 19 through 22 of the ROV. In addition, the Bank shall adopt appropriate procedures to ensure the Bank's future compliance with the Bank Secrecy Act and Part 353 of the FDIC Rules and Regulations.

   [.7] 9. Following the effective date of this ORDER, the Bank shall send to its shareholders or otherwise furnish a description of this ORDER (i) in conjunction with the Bank's next written shareholder communication; and (ii) in conjunction with its notice or proxy statement preceding the Bank's next shareholder meeting. The description shall fully describe this ORDER in all material respects. The description and any accompanying communication, statement or notice shall be sent to the FDIC, Registration and Disclosure Section, 550 17th Street, Washington, D.C. 20429, and to the Comptroller, for review at least twenty (20) days prior to dissemination to shareholders. Any changes requested to be made by the FDIC or the Comptroller shall be made prior to dissemination of the description, communication, notice or statement.
   10. Within ninety (90) days from the effective date of this ORDER, and within thirty (30) days following the end of each calendar quarter while this ORDER is in effect, the Bank shall furnish written progress reports to the Regional Director and to the Comptroller detailing the form and manner of all actions taken to secure compliance with this ORDER and the results of such actions. Such {{5-31-05 p.C-4607}}reports may be discontinued when the corrections required by this ORDER have been accomplished and the Regional Director and the Comptroller have released the Bank in writing from making further reports. All progress reports and other written responses to this ORDER shall be reviewed by the Board of Directors of the Bank and made a part of the minutes of the appropriate board meeting.
   11. The effective date of this ORDER shall be ten (10) days from the date of its issuance. This Order shall be binding upon the Bank, its institution-affiliated parties, and its successors and assigns. Further, the provisions of this ORDER shall remain effective and enforceable except to the extent that, and until such time as, any provisions of this ORDER shall have been modified, terminated, suspended, or set aside by the FDIC.
   Pursuant to delegated authority.
   Dated this 28th day of August, 1998.