Skip Header

Federal Deposit
Insurance Corporation

Each depositor insured to at least $250,000 per insured bank


 Home > Regulation & Examinations > Bank Examinations > FDIC Enforcement Decisions and Orders




FDIC Enforcement Decisions and Orders



ED&O Home | Search Form | ED&O Help


{{05-31-05 p.12381.1}}

[12,381] In the Matter of American State Bank, Tulsa, Oklahoma, Docket No. 04-245b (3-23-05).

A cease and desist order was issued, based on findings by the FDIC that it had reason to believe that respondent was engaged in unsafe and unsound practices.

[.1] Management—Qualifications Specified

[.2] Board of Directors—Outside Directors Added to Board

[.3] Capital Plan—Minimum Requirements Specified

[.4] Dividends—Dividends Restricted

[.5] Profit Plan—Preparation of Plan Required

[.6] Strategic Plan—Preparation of Required

[.7] Violations of Law—Corrections of Violations Required

[.8] Customer Identification Program—Requirements Specified

[.9] Customer Identification Program—Compliance with BSA Required

[.10] Customer Identification Program—Independent Testing Required

[.11] Asset/Liability Management—Form Monitoring Committee (ALCO)

[.12] Bank Operations—Internal Routine and Controls, Correction of Weaknesses Required

[.13] Assets—Charge-off or Collection

[.14] Loans—Extensions of Credit—To Borrowers with Existing Adversely Classified Credit

[.15] Board of Directors—Review Loan Policy

[.16] Technical Exceptions—Correction of Technical Exceptions Required

[.17] Reports of Condition and Income—Review Required

[.18] Security Controls—Improvement Requirement

[.19] Gramm-Leach-Bliley Act (GLBA)—Compliance Required
{{05-31-05 p.12381.2}}

[.20] Audit—Program Required

[.21] Bank Operations—Adequate Staffing Required

[.22] Bank Operations—Data Processing Center

[.23] Bank Operations—Backup and Offsite Storage Procedures Required

[.24] Bank Operations—Monitoring System and Review Procedures Required

[.25] Board of Directors—Committee to Review Compliance Program Required

[.26] Progress Report—Written Report Required

In the Matter of
AMERICAN STATE BANK
TULSA, OKLAHOMA
(Insured State Nonmember Bank)
ORDER TO CEASE AND DESIST

FDIC-04-245b
OSBD-04-C&D-1

American State Bank, Tulsa, Oklahoma ("Bank"), through its board of directors, having been advised of its right to the issuance and service of a NOTICE OF CHARGES AND OF HEARING detailing the unsafe or unsound banking practices and violations of law and/or regulations alleged to have been committed by the Bank and of its right to a hearing on the alleged charges under section 8(b) of the Federal Deposit Insurance Act ("FDI Act"), 12 U.S.C. §1818(b) and section 204(B) of the Oklahoma Banking Code ("Oklahoma Code"), Okla. Stat. tit. 6, §204(B), and the provisions of the Oklahoma Administrative Procedures Act, Okla. Stat. tit. 75, §250 et seq., and having waived those rights, entered into a STIPULATION AND CONSENT TO THE ISSUANCE OF AN ORDER TO CEASE AND DESIST ("CONSENT AGREEMENT") with counsel for the Federal Deposit Insurance Corporation ("FDIC") and a representative of the Oklahoma State Banking Department ("State") dated March 23, 2005, whereby, solely for the purpose of this proceeding and without admitting or denying the alleged charges of unsafe or unsound banking practices and violations of law and/or regulations, the Bank consented to the issuance of an ORDER TO CEASE AND DESIST ("ORDER") by the FDIC and the State.

The FDIC and the State considered the matter and determined that they had reason to believe that the Bank has engaged in unsafe or unsound banking practices and has violated laws and/or regulations. The FDIC and the State, therefore, accepted the CONSENT AGREEMENT and issued the following:

ORDER TO CEASE AND DESIST

IT IS ORDERED, that the Bank, institution-affiliated parties, as that term is defined in section 3(u) of the FDI Act, 12 U.S.C. §1813(u), of the Bank and its successors and assigns cease and desist from the following unsafe or unsound banking practices and violations of law and/or regulations:

    (a) Operating the Bank with management whose policies and procedures are detrimental to the Bank and jeopardize the safety of its deposits;

    (b) Operating the Bank without adequate supervision and direction by the Bank's board of directors over the management of the Bank to prevent unsafe and unsound banking practices and violations of law or regulations;

    (c) Operating the Bank with an inadequate level of capital protection for the kind and quality of assets held by the Bank;

    (d) Operating the Bank with inadequate earnings to fund growth, support dividend payments, and augment capital;

    (e) Operating the Bank in violation of applicable Federal and State laws and regulations;

    (f) Operating the Bank without adequate liquidity or proper regard for funds management in light of the Bank's asset and liability mix;

    (g) Operating the Bank with an excessive level of interest rate risk;

    (h) Operating the Bank with inadequate internal control policies or procedures;

    (i) Operating the Bank with inadequate policies and procedures to ensure compliance


{{05-31-05 p.12381.3}}

    with the requirements of the Bank Secrecy Act;

    (j) Operating the Bank with an excessive level of adversely classified assets;

    (k) Operating the Bank with inadequate written loan policies and procedures;

    (l) Failing to accurately reflect the condition of the Bank in published statements and Consolidated Reports of Condition and Income; and

    (m) Operating the Bank with inadequate information technology ("IT") policies and procedures to ensure IT security, operational controls, audit functions, and staffing.

IT IS FURTHER ORDERED, that the Bank, its institution-affiliated parties, and its successors and assigns take affirmative action as follows:

[.1] 1. Within 90 days after the effective date of this ORDER, the Bank shall have and retain qualified management. Each member of management shall possess qualifications and experience commensurate with his or her duties and responsibilities. Such management at a minimum shall include a chief executive officer and a cashier/operations officer with a demonstrated ability in managing a bank of comparable size and condition. Such persons shall be provided the necessary written authority to implement the provisions of this ORDER. The qualifications of management shall be evaluated on their ability to:

    (a) Comply with the requirements of this ORDER;

    (b) Operate the Bank in a safe and sound manner;

    (c) Comply with applicable laws and regulations; and

    (d) Restore all aspects of the Bank to a safe and sound condition, including improvement of asset quality, capital adequacy, earnings, management effectiveness, asset/liability management, liquidity, and sensitivity to market risk.

[.2] 2. Within 120 days after the effective date of this ORDER, the Bank shall submit a plan to increase the number of directors so that a majority of the Bank's board of directors is composed of independent directors. The Bank's board of directors should be composed of a minimum of five directors at all times. For purposes of this ORDER, a person who is an "independent director" shall be an individual:

    (a) Who is not an officer of the Bank;

    (b) Who does not own more than five percent of the outstanding shares of the Bank;

    (c) Who is not related by blood or marriage to an officer or director of the Bank or to any shareholder owning more than five percent of the Bank's outstanding shares, and who does not otherwise share a common financial interest with such officer, director or shareholder; and

    (d) Who is not indebted to the Bank directly or indirectly by blood, marriage, or common financial interest, including the indebtedness of any entity in which the individual has a substantial financial interest in an amount exceeding five percent of the Bank's total Tier 1 Capital and Allowance for Loan and Lease Losses (For the purposes of this ORDER, the terms "Tier 1 Capital" and "Allowance for Loan and Lease Losses" shall be as defined in Part 325 of the FDIC's Rules and Regulations and as specified in paragraph three of this ORDER; or

    (e) Who is deemed to be an "independent director" for purposes of this ORDER by the Regional Director of the FDIC's Dallas Regional Office or his designee ("Regional Director"), and the Commissioner for the Oklahoma State Banking Department ("Commissioner").

While this ORDER is in effect, the Bank shall notify the Regional Director and the Commissioner in writing of any changes in any of the Bank's directors or senior executive officers. For purposes of this ORDER, the term "senior executive officer" shall be as defined in section 303.101(b) of the FDIC Rules and Regulations, 12 C.F.R. §303.101(b). Prior to the addition of any individual to the board of directors or the employment of any individual as a senior executive officer, the Bank shall comply with the requirements of section 32 of the Act, 12 U.S.C. §1831i, and Subpart F of Part 303 of the FDIC Rules and Regulations, 12 C.F.R. §§ 303.100–303.103.

[.3] 3. (a) Within 30 days after the effective date of this ORDER, the Bank shall submit a written plan to the Regional Director and the Commissioner to achieve by no later than March 30, 2005, and to maintain thereafter, Tier 1 capital equal to or greater than eight percent of the Bank's adjusted average total assets after establishing an adequate allowance for loan and lease losses
{{05-31-05 p.12381.4}}

as required herein ("Plan"). After the Regional Director and the Commissioner respond to the Plan, the Bank's board of directors shall adopt the Plan, including any modifications or amendments requested by the Regional Director and the Commissioner. To the extent measures detailed in the Plan have not been previously initiated, the Bank shall immediately initiate such measures.

(b) Should the Bank's Tier 1 capital ratio fall below eight percent at any time after March 30, 2005, and while this ORDER is in effect, the Bank shall notify the Regional Director and the Commissioner within 30 days. The Bank will also present to the Regional Director and the Commissioner a plan to increase the Tier 1 capital of the Bank or to take other measures to bring the ratio to eight percent ("Supplemental Plan"). After the Regional Director and the Commissioner respond to the Supplemental Plan, the board of directors of the Bank shall adopt the Supplemental Plan, including any modifications or amendments requested by the Regional Director and the Commissioner.

Thereafter, to the extent such measures have not previously been initiated, the Bank shall immediately initiate measures detailed in the Supplemental Plan, to increase its Tier 1 capital by an amount sufficient to bring the ratio to eight percent within 30 days after the Regional Director and the Commissioner respond to the Supplemental Plan. Such increase in Tier 1 capital and any increase in Tier 1 capital necessary to meet the ratio required by this ORDER may be accomplished by:

    (i) The sale of securities in the form of common stock; or

    (ii) The direct contribution of cash subsequent to August 9, 2004, by the directors and/or shareholders of the Bank or by the Bank's holding company; or

    (iii) Receipt of an income tax refund or the capitalization subsequent to August 9, 2004 of a bona fide tax refund certified as being accurate by a certified public accounting firm; or

    (iv) Any other method approved by the Regional Director and the Commissioner.

(c) If all or part of the increase in Tier 1 capital required by this ORDER is to be accomplished by the sale of new securities, the Bank's board of directors shall adopt and implement a plan for the sale of such additional securities, including soliciting proxies and the voting of any shares or proxies owned or controlled by them in favor of the plan. Should the implementation of the plan involve a public distribution of the Bank's securities (including a distribution limited only to the Bank's existing shareholders), the Bank shall prepare offering materials fully describing the securities being offered, including an accurate description of the financial condition of the Bank and the circumstances giving rise to the offering, and any other material disclosures necessary to comply with Federal securities laws. Prior to the implementation of the plan, and in any event, not less than 20 days prior to the dissemination of such materials, the plan and any materials used in the sale of the securities shall be submitted to the FDIC, Registration, Disclosure and Securities Operation Unit, Washington, D.C. 20429, and the State for review. Any changes requested to be made in the plan or the materials by the FDIC shall be made prior to their dissemination. If the increase in Tier 1 capital is to be provided by the sale of noncumulative perpetual preferred stock, then all terms and conditions of the issue shall be presented to the Regional Director and the State for prior approval.

(d) In complying with the provisions of this ORDER and until such time as any such public offering is terminated, the Bank shall provide to any subscriber and/or purchaser of the Bank's securities written notice of any planned or existing development or other change which is materially different from the information reflected in any offering materials used in connection with the sale of the Bank's securities. The written notice required by this paragraph shall be furnished within 10 days after the date such material development or change was planned or occurred, whichever is earlier, and shall be furnished to every purchaser and/or subscriber who received or was tendered the information contained in the Bank's original offering materials.

(e) In addition to the requirements of subparagraphs (a) and (e), the Bank shall comply with the FDIC's Statement of Policy on Risk-Based Capital found in Appendix A to Part 325 of the FDIC Rules and Regulations, 12 C.F.R. Part 325, App. A.

(f) For the purposes of this ORDER, all terms relating to Tier 1 capital shall be calculated
{{05-31-05 p.12381.5}}

according to the methodology set forth in the report of examination.

[.4] 4. As of the effective date of this ORDER, the Bank shall not declare or pay any cash dividends without the prior written consent of the Regional Director and the Commissioner.

[.5] 5. (a) Within 60 days after the effective date of this ORDER, the Bank shall formulate and submit to the Regional Director and the Commissioner for review and comment a written profit plan and a realistic, comprehensive budget for all categories of income and expense for calendar year 2005; thereafter, a profit plan shall be submitted, no later than January 31st, for each calendar year that this ORDER remains in effect. The plan(s) required by this paragraph shall contain formal goals and strategies, be consistent with sound banking practice, reduce discretionary expenses, improve the Bank's overall earnings (net interest income), and shall contain a description of the operating assumptions that form the basis for major projected income and expense components.

(b) Within 30 days from the end of each calendar quarter following completion of the profit plan(s) and budget(s) required by this paragraph, the Bank's board of directors shall evaluate the Bank's actual performance in relation to the plan and budget, record the results of the evaluation, and note any actions taken by the Bank in the minutes of the board of directors' meeting at which such evaluation is undertaken.

[.6] 6. (a) Within 60 days after the effective date of this ORDER, the Bank shall formulate and adopt a comprehensive strategic plan. The plan required by this paragraph shall contain an assessment of the Bank's current financial condition and market area, and a description of the operating assumptions forming the basis for major projected income and expense components.

(b) The written strategic plan shall address, at a minimum:

    (i) Strategies for pricing policies and asset/liability management;

    (ii) Plans for sustaining adequate liquidity, including back-up lines of credit to meet any unanticipated deposit withdrawals;

    (iii) Goals for reducing problem loans;

    (iv) Plans for attracting and retaining qualified individuals to fill vacancies in the management and operations functions;

    (v) Financial goals, including pro forma statements for asset growth, capital adequacy, and earnings;

    (vi) Formulation of a mission statement and the development of a strategy to carry out that mission.

(c) The Bank shall submit the strategic plan to the Regional Director and the Commissioner for review and comment. After consideration of all such comments, the Bank shall approve the plan, which approval shall be recorded in the Bank's board of directors' minutes. Thereafter, the Bank shall implement and follow the strategic plan.

(d) Within 30 days from the end of each calendar quarter following the effective date of this ORDER, the Bank's board of directors shall evaluate the Bank's performance in relation to the strategic plan required by this paragraph and record the results of the evaluation, and any actions taken by the Bank, in the Bank's board of directors' minutes when such evaluation is undertaken.

(e) The strategic plan required by this ORDER shall be revised and submitted to the Regional Director and the Commissioner for review and comment 30 days after the end of each calendar year for which this ORDER is in effect. Within 30 days of receipt of all such comments from the Regional Director and the Commissioner and after consideration of all such comments, the Bank shall approve the revised plan, which approval shall be recorded in the Bank's board of directors' minutes. Thereafter, the Bank shall implement the revised plan.

[.7] 7. Within 90 days after the effective date of this ORDER, the Bank shall eliminate and/or correct all violations of law and regulations set forth in the FDIC August 9, 2004 Report of Examination of the Bank, ("Report of Examination"). In addition, the Bank shall implement procedures to ensure future compliance with applicable laws and regulations as set forth herein.

[.8] 8. Within 60 days after the effective date of this ORDER, the Bank shall implement a Customer Identification Program that meets all the requirements set forth in section 103.121 of the Treasury Department's financial recordkeeping regulations, 31 C.F.R. §103.121.

[.9] 9. Within 60 days after the effective date of this ORDER, the Bank shall implement
{{05-31-05 p.12381.6}}

a system of internal controls to ensure ongoing compliance with the Bank Secrecy Act ("BSA"). The system of internal controls shall ensure the Bank's compliance with applicable laws and regulations, the Bank's continued administration of its BSA Program, Customer Identification Program, and Office of Foreign Asset Control ("OFAC") regulations as detailed in the FDIC's Financial Institution Letter FIL-79-2003.

[.10] 10. Within 60 days after the effective date of this ORDER, the Bank will implement a system of independent testing for compliance with the BSA. The review will encompass testing of the Bank's Customer Identification Program, OFAC compliance procedures, and other applicable provisions set forth in the Title III, §314 USA PATRIOT ACT and implemented by the Treasury Department's financial recordkeeping regulations at 31 C.F.R. Part 103 and the FDIC's regulations at 12 C.F.R. §326.8 and 12 C.F.R. Part 353. The testing shall be performed at least annually and shall be conducted by either (i) Bank personnel independent of the BSA function or (ii) a qualified outside party with the requisite ability to perform such testing and analysis. The Bank shall prepare a written report documenting the scope of the testing procedures performed and the findings of the testing results and recommendations. The report should be presented to the Bank's board of directors, and the board shall record the steps taken to correct any exceptions noted and/or address any recommendations made during the independent test in the board's minutes.

[.11] 11. Within 60 days after the effective date of this ORDER, the Bank shall appoint members to an Asset/Liability Committee ("ALCO"). The ALCO shall take an active role in monitoring the Bank's interest rate risk and liquidity, and report monthly to the board of directors. At a minimum the ALCO shall:

    (a) Design measures to control the nature and amount of interest rate risk the Bank takes, including those that specify risk limits and define lines of responsibilities and authority for managing risk;

    (b) Implement a system for identifying and measuring interest rate risk;

    (c) Develop and implement a system of formal procedures for monitoring and reporting risk exposures;

    (d) Implement a system of internal controls, review, and audit of the asset/liability and funds management procedures, to ensure the integrity of the overall risk management process;

    (e) Establish limitations on the total loan to total assets ratio; further, the Bank's total loan to total assets ratio shall be monitored on a monthly basis and maintained at a level consistent with safe and sound banking practices;

    (f) Establish a reasonable range for its net non-core funding ratio as computed in the Uniform Bank Performance Report;

    (g) Establish a minimum liquidity ratio and define how the ratio is to be calculated; and

    (h) Establish contingency plans by identifying alternative courses of action designed to meet the Bank's liquidity needs.

[.12] 12. Within 60 days after the effective date of this ORDER, the Bank's board of directors shall revise its internal control program to address the internal control deficiencies detailed on pages 43 through 45 of the Report of Examination. Further, within 180 days, the Bank shall engage an external audit of its financial statements to be performed by an independent public accounting firm acceptable to the Regional Director and the Commissioner.

[.13] 13. (a) Within 30 days after the effective date of this ORDER, the Bank shall, to the extent that it has not previously done so, eliminate from its books, by charge-off or collection, all assets or portions of assets classified Loss in the Report of Examination. Reduction of these assets through proceeds of loans made by the Bank shall not be considered "collection" for the purpose of this paragraph.

(b) Within 60 days after the effective date of this ORDER, the Bank shall submit a written plan to the Regional Director and the Commissioner to reduce the remaining assets classified Substandard in the Report of Examination. The plan shall address each asset and related borrowers so classified with a balance of $30,000 or greater and provide the following:

    (i) The name under which the asset is carried on the books of the Bank;

    (ii) Type of asset;


{{05-31-05 p.12381.7}}

    (iii) Actions to be taken in order to reduce the classified asset; and

    (iv) Timeframes for accomplishing the proposed actions.

The plan shall be formulated to facilitate quarterly reductions in the volume of the adversely classified assets reflected in the Report of Examination, so that by June 30, 2005, the level of such volume of adversely classified assets shall not exceed 50 percent of Tier 1 capital plus the allowance for loan and lease losses.

(c) Within 30 days after the Regional Director and the Commissioner respond to the plan, the Bank shall resubmit the plan, if necessary, to include any modifications or amendments requested by the Regional Director and the Commissioner. Within 30 days after receiving written notice from the Regional Director and the Commissioner that the plan is acceptable, the Bank's board of directors shall adopt it. The Bank shall then immediately initiate measures detailed in the plan to the extent such measures have not been initiated.

(d) For purposes of the plan, the reduction of the level of adversely classified assets as of August 9, 2004, to a specified percentage of Tier 1 capital plus the allowance for loan and lease losses may be accomplished by:

    (i) Charge-off;

    (ii) Collection;

    (iii) Sufficient improvement in the quality of adversely classified assets so as to warrant removing any adverse classification, as determined by the FDIC or the State; or

    (iv) Increase of Tier 1 capital.

(e) While this ORDER is in effect, the Bank shall eliminate from its books, by charge-off or collection, all assets or portions of assets classified Loss as determined at any future examination conducted by the FDIC or the State.

[.14] 14. (a) While this ORDER is in effect, the Bank shall not extend, directly or indirectly, any additional credit to or for the benefit of any borrower who has an extension of credit with the Bank that has been classified Loss, either in whole or in part, and is uncollected, or to any borrower who is already obligated in any manner to the Bank on any extension of credit, including any portion thereof, that has been charged off the books of the Bank and remains uncollected. The requirements of this paragraph shall not prohibit the Bank from renewing credit already extended to a borrower after full collection, in cash, of interest due from the borrower.

(b) While this ORDER is in effect, the Bank shall not extend, directly or indirectly, any additional credit to or for the benefit of any borrower whose extension of credit is classified Doubtful and/or Substandard, either in whole or in part, and is uncollected, unless:

    (i) All accrued and unpaid interest has been collected in full;

    (ii) The Bank's board of directors has signed a detailed written statement giving reasons why failure to extend such credit would be detrimental to the best interests of the Bank; and

    (iii) The statement has been placed in the appropriate loan file and included in the minutes of the applicable board of directors' meeting.

[.15] 15. Within 90 days after the effective date of this ORDER, and annually thereafter, the Bank's board of directors shall review the Bank's loan policy and procedures for effectiveness and, based on this review, shall make all necessary revisions to the policy in order to strengthen the Bank's lending procedures and abate additional loan deterioration. The initial revisions to the Bank's loan policy required by this paragraph, at a minimum shall:

    (a) Require that all extensions of credit originated or renewed by the Bank be supported by current credit information and collateral documentation. Credit information and collateral documentation shall include current financial information, prohibit and loss statements or copies of tax returns, and cash flow projections, and shall be maintained throughout the term of the loan;

    (b) Require loan committee review and monitoring of the status of repayment and collection of overdue and maturing loans, as well as loans classified "Substandard" in the Report of Examination;

    (c) Require the establishment and maintenance of a loan grading system and an appropriate internal loan watch list;

    (d) Establish standards for initiating collection efforts; and

    (e) Require that the extensions of credit to any of the Bank's executive officers, directors, or principal shareholders, or to


{{05-31-05 p.12381.8}}

    any related interest of such person, be thoroughly reviewed for compliance with all provisions of Regulation O, 12 C.F.R. §337.3 and 12 C.F.R. Part 215.

[.16] 16. Within 60 days after the effective date of this ORDER, the Bank shall correct the technical exceptions listed in the Report of Examination. The Bank shall implement procedures to correct the current technical exceptions and also to preclude documentation exceptions in the future.

[.17] 17. Within 30 days after the effective date of this ORDER, the Bank shall review Consolidated Reports of Condition and Income filed with the FDIC on and after June 30, 2004, and amend said reports if necessary to accurately reflect the financial condition of the Bank as of the date of each report.

[.18] 18. Within 90 days after the effective date of this ORDER, the Bank shall develop and formalize comprehensive policies and procedures to address security, and operational controls of the Bank's Information Technology ("IT") area. Formal policies should at a minimum address:

    (a) Operations;

    (b) User access security administration and periodic access level reviews;

    (c) Controls and monitoring of remote user activity;

    (d) Separation and segregation of duties and controls;

    (e) Management oversight and monitoring of automated activities; and

    (f) Audit of the main banking application activities, the Bank's local area network, microcomputers, wire transfer systems, and electronic banking applications.

[.19] 19. Within 90 days after the effective date of this ORDER, the Bank shall take the necessary steps to ensure the Bank is in compliance with the guidelines contained within Appendix B of Part 364 of the FDIC Rules and Regulations, 12 C.F.R. Part 364, as mandated by section 501(b) of the Gramm-Leach-Bliley Act.

[.20] 20. Within 120 days after the effective date of this ORDER, the Bank shall develop and formalize a comprehensive audit policy addressing the Bank's IT area. The policy shall provide for IT audits at least annually. The policy should, at a minimum, address:

    (a) Independence and qualifications of the internal and/or external auditors;

    (b) Audit frequency;

    (c) Scheduling of audit functions to be performed;

    (d) Follow-up and monitoring system for audit exceptions; and

    (e) Auditor reporting requirements to the Bank's board of directors.

[.21] 21. Within 60 days after the effective date of this ORDER, the Bank shall analyze the staffing needs of the data center, and take action to attain qualified personnel to fill the IT staff positions. The Bank shall provide new and existing employees adequate training to perform their assigned duties.

[.22] 22. Within 30 days after the effective date of this ORDER, the Bank will address all the physical, logical, and data security issues noted in the FDIC August 9, 2004 IT Separate Cover Report of Examination including: strengthening physical and logical access; improving system monitoring; and implementing virus protection to ensure system integrity and data confidentiality.

[.23] 23. Within 60 days after the effective date of this ORDER, the Bank will ensure that appropriate procedures are implemented to rotate the necessary files and documents to the offsite storage facility timely, so as to reduce the impact of a disaster on the Bank. These procedures will also provide for a listing of the items to be stored at the facility, and a periodic inventory to assure that the listed items are appropriately maintained. The Bank will maintain documentation to support the periodic inventory reviews.

[.24] 24. Within 90 days after the effective date of this ORDER, the Bank shall develop a sound oversight program for monitoring its IT vendors and servicers, to include the firewall servicer. The program shall include a methodology for maintaining a general understanding of the provider's information security program to effectively evaluate the ability to protect the Bank and customer data against risks associated with emerging technologies and computer networks.

[.25] 25. Within 30 days after the effective date of this ORDER, the Bank's board of directors shall establish a subcommittee of the board of directors charged with the responsibility of ensuring that the Bank complies
{{05-31-05 p.12382.1}}

with the provisions of this ORDER. The subcommittee shall report monthly to the entire board of directors of the Bank, and a copy of the report and any discussions related to the report or this ORDER shall be included in the Bank's board of directors' minutes. Nothing contained herein shall diminish the responsibility of the entire board of directors of the Bank to ensure compliance with the provisions of this ORDER.

[.26] 26. Within 30 days from the end of each calendar quarter following the effective date of this ORDER, the Bank shall furnish to the Regional Director and the Commissioner written progress reports signed by each member of the Bank's board of directors, detailing the actions taken to secure compliance with this ORDER and the results thereof. Such reports may be discontinued when the corrections required by this ORDER have been accomplished and the Regional Director and the Commissioner have released, in writing, the Bank from making further reports.

After the effective date of this ORDER, the Bank shall send a copy of this ORDER, or otherwise furnish a description of this ORDER, to its shareholders (1) in conjunction with the Bank's next shareholder communication, and also (2) in conjunction with its notice or proxy statement preceding the Bank's next shareholder meeting. The description shall fully describe the ORDER in all material respects. The description and any accompanying communication, statement, or notice shall be sent to the FDIC Accounting and Securities Disclosure Section, Washington, D.C. 20429, for review at least 20 days prior to dissemination to shareholders. Any changes requested by the FDIC shall be made prior to dissemination of the description, communication, notice, or statement.

This ORDER shall be binding upon the Bank, its successors and assigns, and all institution-affiliated parties of the Bank. The provisions of this ORDER shall remain effective and enforceable except to the extent that, and until such time as, any provision of this ORDER shall have been modified, terminated, superceded, or set aside by the FDIC and the Commissioner.

The effective date of this ORDER shall be ten (10) days after its issuance.

Pursuant to delegated authority. Dated this 23rd day of March, 2005.



ED&O Home | Search Form | ED&O Help






Last Updated 7/7/2005 legal@fdic.gov

Skip Footer back to content