Federal Deposit
Insurance Corporation

[¶12,508] In the Matter of Citizens Bank of Newburg, Rolla, Missouri, Docket No. 05-239b (1-4-06).

A cease and desist order was issued, based on findings by the FDIC that it had reason to believe that respondent was engaged in unsafe and unsound practices.

[.1] Bank Secrecy Act—Compliance Officer Required

[.2] Risk Management—Plan Required

[.3] Bank Secrecy Act—Compliance Program—Written Plan Required

[.4] Bank Operations—OFAC Compliance Program Required

[.5] Bank Secrecy Act—Compliance Program—Independent Testing Required

[.6] Suspicious Activity Report—Policy Required

[.7] Bank Operations—Training Program Required

[.8] Violations of Law—Correction of Violations Required

[.9] Shareholders—Disclosure of Cease and Desist Order Required

[.10] Progress Report—Written Report Required

In the Matter of
CITIZENS BANK OF NEWBURG
ROLLA, MISSOURI
(Insured State Nonmember Bank)
ORDER TO CEASE AND DESIST

FDIC-05-239b

Citizens Bank of Newburg, Rolla, Missouri ("Bank"), having been advised of its right to a NOTICE OF CHARGES AND OF HEARING detailing the unsafe or unsound banking practices and violations of law and regulations alleged to have been committed by the Bank, and of its right to a hearing on such charges under section 8(b) of the Federal Deposit Insurance Act ("Act"), 12 U.S.C. §1818(b), and having waived those rights, entered into a STIPULATION AND CONSENT TO THE ISSUANCE OF AN ORDER TO CEASE AND DESIST ("CONSENT AGREEMENT") dated December 22, 2005, with counsel for the Federal Deposit Insurance Corporation ("FDIC"), whereby, solely for the purpose of this proceeding and without admitting or denying any unsafe or unsound banking practices or violations of law or regulations, the Bank consented to the issuance of an ORDER TO CEASE AND DESIST ("ORDER") by the FDIC.

The FDIC considered the matter and determined that it has reason to believe that the Bank has engaged in unsafe and unsound banking practices and violations of law and regulations. The FDIC, therefore, accepts the CONSENT AGREEMENT and issues the following:

ORDER TO CEASE AND DESIST

IT IS HEREBY ORDERED that the Bank, its institution-affiliated parties, as that term is defined in section 3(u) of the Act, 12 U.S.C. §1813(u), and its successors and assigns, cease and desist from the following unsafe or unsound banking practices and violations of law and regulations:

A. operating the Bank without effective supervision by the board of directors and executive management to prevent unsafe or unsound practices and violations of the Bank Secrecy Act, 12 U.S.C. §1829b, 12 U.S.C. §§1951–1959, and 31 U.S.C. §5311–5330, and regulations implementing the Bank Secrecy Act, including 12 C.F.R. Part 326, Subpart B, and 31 C.F.R. Part 103 (hereafter collectively, "Bank Secrecy Act" or "BSA");

B. operating the Bank without an effective system of internal controls to ensure ongoing compliance with the Bank Secrecy Act, including adequate information and communications systems to monitor and ensure compliance with recordkeeping requirements for monetary instrument sales and suspicious activity reporting;

C. operating the Bank without an effective system of independent testing for compliance with the Bank Secrecy Act;

D. operating the Bank without an adequate Bank Secrecy Act training program

for appropriate Bank personnel and the Bank's board of directors;

E. operating the Bank without effective policies, procedures, and internal controls to ensure compliance with the rules and regulations of the Office of Foreign Asset Control ("OFAC") of the U.S. Department of the Treasury, 31 C.F.R. Part 500, and outstanding OFAC guidance;

F. failing to develop and implement an adequate system for detecting suspicious activity; and

G. failing to develop and continually administer a Bank Secrecy Act compliance program as required by section 326.8(b) of the FDIC's Rules and Regulations, 12 C.F.R. §326.8.

IT IS FURTHER ORDERED that the Bank, its institution-affiliated parties, and its successors and assigns, take affirmative action as follows:

BSA OFFICER AND BSA REPORTING

[.1] 1. (a) Within 15 days from the effective date of this ORDER, the Bank shall designate a qualified officer ("BSA Officer") responsible for managing, coordinating and monitoring the Bank's BSA and OFAC compliance programs. The BSA Officer shall have the responsibility and necessary authority to ensure the Bank's compliance with the BSA and OFAC rules and regulations and related matters, including, without limitation, the identification of timely, accurate and complete reporting to law enforcement and supervisory authorities of required currency transactions reports and reports regarding unusual or suspicious activity or known or suspected criminal activity perpetrated against or involving the Bank.

(b) Within 60 days from the effective date of this ORDER, the BSA Officer shall review all high-risk accounts and high-risk transactions, including but not limited to a review of the Bank's large currency transaction reports, cash purchases of monetary instruments, wire transfer activity, and foreign exchange services for the period July 1, 2004, through December 31, 2005, and shall prepare and file any additional CTRs and Suspicious Activity Reports ("SARs") necessary based upon the review. Documentation supporting any determination made pursuant to this paragraph shall be retained in the Bank's records for such period of time as may be required by any applicable rules or regulations.

(c) Upon completion of the reviews required pursuant to the paragraphs above, the Bank shall submit the findings of the reviews and copies of any additional SARs and CTRs filed to the FDIC's Kansas City Regional Office ("Regional Office") and the Commissioner of the Missouri Division of Finance ("Commissioner") (collectively "Supervisory Authorities").

BSA/AML AND OFAC RISK ASSESSMENTS

[.2] 2. (a) Within 30 days from the effective date of this ORDER, the Bank shall perform a comprehensive assessment of the vulnerability of its banking operations to attempts to launder money, finance terrorism, or conduct other criminal activities ("BSA/Anti-Money Laundering ("AML") risk assessment"). The BSA/AML risk assessment may be performed by qualified Bank personnel or an independent contractor/consultant acceptable to the Supervisory Authorities. The BSA/AML risk assessment shall weigh all relevant factors, including identification and measurement of the specific risk characteristics of the Bank's products, services, customers, transactions, and geographic locations.

(b) Within 30 days from the effective date of this ORDER, the Bank shall perform a comprehensive assessment of its OFAC risk profile ("OFAC risk assessment"). The OFAC risk assessment may be performed by qualified Bank personnel or an independent contractor/consultant acceptable to the Supervisory Authorities. The OFAC risk assessment shall consider the Bank's specific product lines, customer base, nature of transactions, and identification of high-risk areas for OFAC transactions.

(c) The Bank shall review and update its BSA/AML risk assessment and its OFAC risk assessment at least annually.

(d) The initial BSA/AML and OFAC risk assessments and subsequent updates shall be reported to and reviewed by the Bank's board of directors, which shall be recorded in the minutes of the board of directors.

BSA/AML COMPLIANCE PROGRAM

[.3] 3. (a) Within 60 days from the effective date of this ORDER, the Bank shall develop, adopt, and implement a revised, written BSA/AML compliance program designed to ensure compliance with the BSA, including the provisions of the Uniting and
{{03-31-06 p.12508.3}}

Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001, Pub. L. No. 107-56, 115 Stat. 272 (2001) ("USA PATRIOT Act"). The BSA/AML compliance program shall be tailored to address the risk profile of the Bank identified in the BSA/AML risk assessment required by paragraph 2 above. The BSA/AML compliance program shall address all requirements of section 326.8 of the FDIC Rules and Regulations, 12 C.F.R. §326.8. Additionally, it shall:

(i) provide for BSA training of all appropriate Bank employees and the Bank's board of directors;

(ii) detail the scope and manner of independent testing of the Bank's BSA/AML compliance program and require such testing on a regular basis;

(iii) provide for an effective system of internal controls to ensure ongoing compliance with the BSA, including, at a minimum, steps designed to:

(A) ensure that all required reports are completed accurately and in a timely manner; and

(B) verify that accurate records are maintained to comply with recordkeeping requirements regarding loans, deposits, wire transfers, and monetary instrument sales;

(iv) define recordkeeping requirements regarding the wire transfer function and Bank procedures regarding international wire transfer activity; and

(v) establish policies and procedures to identify and monitor higher risk accounts.

(b) The BSA/AML compliance program (and any subsequent modification) shall be submitted to the Supervisory Authorities for review and comment. No more than 30 days after receipt of any comments from the Supervisory Authorities, and after consideration of such comments, the board of directors shall approve the BSA/AML compliance program (or any subsequent modification), which approval shall be recorded in the minutes of the board of directors. Thereafter, the Bank and its institution-affiliated parties shall implement and follow the BSA/AML compliance program (or any properly approved subsequent modification).

OFAC COMPLIANCE PROGRAM

[.4] 4. (a) Within 60 days from the effective date of this ORDER, the Bank shall develop, adopt and implement a revised, written program and procedures to ensure compliance with outstanding OFAC sanctions ("OFAC compliance program"). The OFAC compliance program shall be tailored to address the OFAC risk profile of the Bank identified in the OFAC risk assessment required by paragraph 2 above. The OFAC compliance program shall address all requirements of applicable OFAC guidance, including:

(i) identifying and monitoring high-risk areas;

(ii) providing for appropriate internal controls for screening and reporting;

(iii) establishing independent testing for compliance;

(iv) designating a bank employee or employees as responsible for OFAC compliance; and

(v) creating training programs for the board of directors and appropriate personnel in all relevant areas of the bank.

(b) The OFAC compliance program (and any subsequent modification) shall be submitted to the Supervisory Authorities for review and comment. No more than 30 days after receipt of any comments from the Supervisory Authorities, and after consideration of such comments, the board of directors shall approve the OFAC compliance program (or any subsequent modification), which approval shall be recorded in the minutes of the board of directors. Thereafter, the Bank and its institution-affiliated parties shall implement and follow the OFAC compliance program (or any properly approved subsequent modification).

INDEPENDENT TESTING

[.5] 5. (a) Within 90 days, the Bank shall independently test its revised BSA/AML and OFAC compliance programs to ensure proper controls are in place and are effective. Independent testing shall be completed on a periodic basis by a qualified individual or entity independent of the Bank's BSA and OFAC compliance programs. The independent testing shall be conducted in compliance with the FDIC's "Guidelines for Monitoring Bank Secrecy Act Compliance" and shall include:

(i) an evaluation of the overall integrity and effectiveness of the BSA/AML compliance

program, including policies, procedures, and processes;

(ii) a review of the Bank's BSA/AML risk assessment for reasonableness given the bank's risk profile (products, services, customers, and geographic locations);

(iii) an appropriate transaction testing to verify the Bank's adherence to the BSA recordkeeping and reporting requirements, including SARs, CTRs, CTR exemptions, and CIP;

(iv) an evaluation of management's efforts to resolve violations and deficiencies noted in previous audits and regulatory examinations, including progress in addressing outstanding supervisory actions, if applicable;

(v) a review of staff training for adequacy, accuracy, and completeness;

(vi) a review of the effectiveness of the suspicious activity monitoring systems (manual, automated, or a combination) used for the BSA compliance and related reports may include, but are not limited to:

(A) suspicious activity monitoring reports;

(B) large currency aggregation reports;

(C) monetary instrument records;

(D) funds transfer records;

(E) nonsufficient funds (NSF) reports;

(F) large balance fluctuation reports; and

(G) account relationship reports; and

(b) An assessment of the overall process for identifying and reporting suspicious activity, including a review of filed or prepared SARs to determine their accuracy, timeliness, completeness, and effectiveness of the Bank's policy.

(c) The independent auditor shall document the audit scope, procedures performed, transaction testing completed, and findings of the review. All audit documentation and workpapers shall be retained and made available for examiner review. Any violations, policy or procedure exceptions, or other deficiencies noted during the independent testing should be included in an audit report and reported to the board of directors or a designated committee in a timely manner and the board shall record the steps taken to correct any exceptions noted and/or address any recommendations in the minutes of the board of directors' meeting.

SUSPICIOUS ACTIVITY REPORTS

[.6] 6. Within 30 days from the effective date of this ORDER, the Bank shall establish policies and procedures reasonably designed to identify and report suspicious activities ("SAR policies"). At a minimum, the SAR policies shall satisfy the requirements of Part 353 of the FDIC's Rules and Regulations, 12 C.F.R. Part 353, and shall be reasonably designed to identify misconduct from both internal and external sources. The Bank shall submit the SAR policies to the Supervisory Authorities for review and comment. Within 10 days of receipt of any comments from the Supervisory Authorities, and after consideration of such comments, the Bank shall approve the SAR policies, which approval shall be recorded in the minutes of the board of directors. Thereafter, the Bank shall implement and fully comply with the SAR policies. The SAR policies shall be reviewed, revised as appropriate, and approved by the board of directors on an annual basis, or more frequently as appropriate.

TRAINING PROGRAMS

[.7] 7. Within 60 days from the effective date of this ORDER, the Bank shall enhance and update its training program to provide for periodic training for Bank personnel and appropriate recordkeeping to document such training. The Bank's training program shall ensure that all appropriate Bank personnel have information and knowledge of, and can comply with, the requirements of the BSA, the financial recordkeeping regulations of the U.S. Department of the Treasury, USA PATRIOT Act, OFAC guidelines, and the Bank's policies and procedures relating to such laws, regulations, and guidelines. The Bank's training program shall also ensure that Bank management, including the BSA Officer and the board of directors, are fully informed of any changes or developments in these laws, regulations, and guidelines and the Bank's responsibility for full compliance therewith.

CORRECTION OF VIOLATIONS

[.8] 8. Within 60 days from the effective date of this ORDER, the Bank shall take all steps necessary, consistent with sound banking practices, to eliminate and/or correct the apparent violations of section 362.8(b)(1), section 326.8(c)(1), section 326.8(c)(2), section 326.8(c)(4) of the FDIC's regulations noted in the FDIC's Report of Examination dated September 1, 2005. In addition, within
{{03-31-06 p.12509.1}}

60 days from the effective date of this ORDER, the Bank shall adopt and implement appropriate procedures to ensure future compliance with all applicable laws, rules, and regulations.

DISCLOSURE TO SHAREHOLDERS

[.9] 9. Following the effective date of this ORDER, the Bank shall send, or otherwise furnish, to its shareholders a description of this ORDER (i) in conjunction with the Bank's next shareholder communication, and (ii) in conjunction with its notice or proxy statement preceding the Bank's next shareholder meeting. The description shall fully describe the ORDER in all material respects. The description and any accompanying communication, notice or statement shall be sent to the FDIC, Division of Supervision and Consumer Protection, Accounting and Securities Disclosure Section, 550 17th Street, N.W., Room F-6066, Washington, D.C. 20429, for review at least 20 days prior to dissemination to shareholders. Any requests for changes made by the FDIC shall be made prior to dissemination of the description, communication, notice or statement.

PROGRESS REPORTS

[.10] 10. Within 60 days from the effective date of this ORDER, the Bank shall furnish written progress reports to the Supervisory Authorities, signed by each member of the Bank's board of directors, detailing the form, manner, and results of any actions taken to secure compliance with this ORDER. Thereafter, the Bank shall submit progress reports when, and in the form and manner, requested by the Supervisory Authorities.

MISCELLANEOUS PROVISIONS

11. The effective date of this ORDER shall be 10 days after its issuance by the FDIC.

The provisions of this ORDER shall be binding upon the Bank, its institution-affiliated parties, and any successors and assigns thereof.

The provisions of this ORDER shall remain effective and enforceable except to the extent that, and until such time as, any provision has been modified, terminated, suspended, or set aside by the FDIC.

Issued Pursuant to Delegated Authority

Dated: January 4th, 2006