UNITED STATES OF AMERICA Before The OFFICE OFTHRIFT SUPERVISION

EX-10.1 2 a07-23131_1ex10d1.htm EX-10.1

Exhibit 10.1

UNITED STATES OF AMERICA

Before The

OFFICE OF THRIFT SUPERVISION

)

 

 

 

In the Matter of

)

Order No.:

SF-07-004

 

 

 

)

 

 

 

DOWNEY SAVINGS

)

Issuance Date:

August 30, 2007

 

 

   AND LOAN ASSOCIATION, F.A.,

)

 

 

 

Newport Beach, California.

)

 

 

 

 

)

 

 

 

OTS Docket No.: 06189

)

 

 

 

 

)

 

 

 

 

CONSENT ORDER TO
CEASE AND DESIST FOR AFFIRMATIVE RELIEF

WHEREAS, Downey Savings and Loan Association, F.A., Newport Beach, California, OTS Docket No. 06189 (Institution), has executed a Stipulation and Consent to the Issuance of an Order to Cease and Desist for Affirmative Relief (Stipulation); and

WHEREAS, the Institution, by executing the Stipulation, has consented and agreed to the issuance of this Consent Order to Cease and Desist for Affirmative Relief (C&D Order) by the Office of Thrift Supervision (OTS), pursuant to Sections 8(b) of the Federal Deposit Insurance Act (FDIA), 12 U.S.C. § 1818(b); and

WHEREAS, the Director of the OTS has delegated to the Regional Directors of the OTS the authority to issue consent orders on behalf of the OTS pursuant to provisions of Section 8 of the FDIA, 12 U.S.C. § 1818.




NOW, THEREFORE, IT IS ORDERED THAT:

I.                                         ORDER TO CEASE AND DESIST

A.                                   The Institution and its directors, officers, employees, and agents shall cease and desist from any action (alone or with another or others) for or toward causing, bringing about, participating in, counseling, or aiding and abetting any violation of:

(1)                                  the Currency and Foreign Transactions Reporting Act, as amended by the USA PATRIOT Act and other laws (the Bank Secrecy Act or BSA), 31 U.S.C. §§ 5311 et seq., and the related BSA regulations issued by the U. S. Department of the Treasury, 31 C.F.R. Part 103, and the OTS, 12 C.F.R. § 563.177 (collectively with the aforementioned laws and regulations, the BSA Laws and Regulations); and

 (2)                               the OTS regulations governing suspicious activity reports (SARs) set forth in 12 C.F.R. § 563.180 (the SAR Regulation).

II.                                     CORRECTIVE PROVISIONS

A.                                    Anti-Money Laundering/Bank Secrecy Act Compliance Program

The Board shall strengthen the Institution’s written program for compliance with the BSA Laws and Regulations, the SAR Regulation, and the guidance set forth in the Federal Financial Institutions Examination Council’s (FFIEC) Bank Secrecy Act/Anti-Money Laundering Examination Manual (BSA Examination Manual).  The Institution’s written program referenced in the previous sentence shall hereinafter be referred to as the BSA Compliance Program.  The Board shall, at a minimum, take the following actions:

(1)                                  Within forty-five (45) days after the Effective Date of this C&D Order, the Board shall retain a qualified independent outside third party (Consultant) with knowledge of the BSA Laws and Regulations and the SAR Regulation and with experience in compliance

2




with the requirements imposed by such laws and regulations to conduct a comprehensive review and assessment (BSA Review) of the Institution’s BSA Compliance Program for compliance with the BSA Laws and Regulations, the SAR Regulation, and the guidance set forth in the BSA Examination Manual.  At least ten (10) days before the deadline for retaining the Consultant and prior to signing a binding engagement agreement with the Consultant, the Institution shall submit the Consultant’s name and curriculum vitae to the OTS for its non-objection.  The BSA Review required by this Paragraph IIA shall be completed and the Consultant shall deliver a final, written report (BSA Report) to the OTS and the Board within ninety (90) days after the date of the Institution’s engagement letter with the Consultant.

(2)                                  The Board shall ensure that the engagement agreement with the Consultant for the BSA review requires the preparation and submission of the BSA Report to the Board and to the OTS and that the BSA Report:  (a) set forth the scope of the BSA Review; (b) contain a detailed analysis and discussion of the BSA Compliance Program’s adequacy and effectiveness, including the adequacy of resources available or devoted to the BSA Compliance Program and training of personnel with BSA responsibilities; (c) specifically identify and describe all weaknesses or deficiencies in the BSA Compliance Program, including failure of the BSA Compliance Program to comply with the BSA Laws and Regulations, SAR Regulation, and the guidance set forth in the BSA Examination Manual; and (d) contain specific recommendations regarding appropriate corrective and remedial actions and steps to be taken to correct identified weaknesses or deficiencies.

(3)                                  The Board shall review and discuss the BSA Report at the next regularly scheduled board meeting following its completion.  Within thirty (30) days from the date of

3




that meeting or by its next regularly scheduled Board meeting, if later, the Board shall amend and revise its BSA Compliance Program and adopt such other corrective actions as are necessary and appropriate to address all weaknesses and deficiencies identified in the BSA Report.    The Board’s review, discussions, consideration, and adoption of corrective actions shall be fully documented and detailed in the Board meeting minutes.  The revised BSA Compliance Program shall include implementation deadlines for each of its components, all of which shall be implemented no later than sixty (60) days after the Board adopts the BSA Compliance Program, provided that implementation of a manual process during such time period shall be deemed to be sufficient hereunder until an automated process is fully implemented.

(4)                                  The revised BSA Compliance Program shall include:  (a) specific written methodologies for assigning risk levels (Risk Assignment Methodology) to the Institution’s customers and accounts; and (b) appropriate ongoing due diligence levels, oversight and monitoring requirements, and recordkeeping and documentation requirements based upon the risk level assigned to the customer or account in accordance with the Institution’s Risk Assignment Methodology, for all accounts, including enhanced due diligence levels and oversight, monitoring and documentation requirements for accounts that present a heightened risk of conduct of potentially unlawful activities or transactions (Higher Risk Accounts).

(5)                                  The revised BSA Compliance Program shall strengthen and improve the annual independent testing of the Institution’s compliance with the BSA Laws and Regulations and the SAR Regulation and shall ensure that the independent test comprehensively reviews the Institution’s BSA risk-assessment.  The BSA Policy shall require the independent test to be completed by the third calendar quarter of 2008 and then

4




annually thereafter.  The Board shall ensure that the scope of the independent test considers and incorporates, as appropriate for the size and complexity of the Institution, the examination procedures set forth in the BSA Examination Manual.

(6)                                  The revised BSA Compliance Program shall amend the Institution’s customer identification policies and procedures (CIP Policy) and ensure that they are adequate and effective to ensure the Institution’s compliance with applicable laws, regulations, and regulatory guidance.  The CIP Policy shall have adequate and effective due diligence procedures and customer profiles for customer groups with heightened BSA and AML risk, as identified by the Institution, including, non-U.S. resident accounts, commercial and business accounts, customers with significant wire transfer activity, and customers generating multiple CTR filings within any 12-month period (“higher risk customers”).  The CIP Policy shall comply with the requirements in 31 C.F.R. § 103.121 and contain specific account opening procedures and documentation requirements to ensure the Institution appropriately identifies all account owners, including beneficial owners when appropriate.  The BSA Compliance Program shall require management to maintain documentation of the Institution’s compliance with the CIP Policy, which documentation shall be in a format usable for third party review.  With respect to higher risk customers who became customers on or after October 1, 2003 and are customers as of the date of this Order, it shall be deemed to be sufficient hereunder for the Institution to collect required customer information and add that information to an electronic database maintained by the Institution at such times as the customer may enter an Institution branch office or contact the Institution by telephone and in either case perform an account-related transaction.

5




The BSA Compliance Program shall also require management to perform an annual assessment of the adequacy and effectiveness of the CIP Policy for the Institution and for each branch, including an assessment of the adequacy and reliability of data and information obtained and maintained by the Institution and each individual branch, and identify any deficiencies, weaknesses or noncompliance with the CIP Policy or applicable laws, regulations and regulatory guidance.  Management shall incorporate the CIP Policy assessment in its ongoing branch compliance review process, beginning in October 2007.  Management shall complete its assessment within ninety (90) days after the end of each calendar year, beginning with calendar year 2008, and shall provide a copy of its assessment to the Board for review at the next regularly scheduled board meeting following completion of the assessment.

(7)                                  The revised BSA Compliance Program shall include specific policies and procedures to ensure the Institution’s accurate, complete, and timely filing of SARs with appropriate regulatory agencies and law enforcement authorities in compliance with applicable law and regulation, including the SAR Regulation.  The policies and procedures shall, at a minimum, include:  (a) establishing detailed policies, procedures, and guidelines, including documentation and reporting requirements; (b) providing a review process and reporting procedures that include the involvement of the Institution’s BSA Officer (or a well-trained employee who reports to, and is directly supervised by, the BSA Officer) for any transactions identified as unusual or suspicious; and (c) establishing specific procedures and requirements to ensure that all branch offices and personnel appropriately identify transactions that may require a SAR filing and fully comply with the review process and reporting guidelines for such transactions.

6




(8)                                  The revised BSA Compliance Program shall include an effective AML/Suspicious Activity Monitoring program commensurate with the Institution’s overall BSA/AML risk profile.  The AML/Suspicious Activity Monitoring program shall, at a minimum, include policies and procedures that establish:  (a) AML detection procedures for all monetary activities including wires, ACH, ATM, internet banking, and lending activities; (b)  policies and procedures for maintaining records in a usable format for third-party review; (c) procedures for identification and monitoring of non-bank financial institutions, high cash activity accounts, and higher risk accounts identified through the Institution’s Risk Assignment Methodology; (d) policies and procedures for periodic account activity monitoring; and (e) policies and procedures for internal investigations, monitoring and reporting of suspicious activities.

(9)                                  The Board shall ensure that management fully and timely implements the revised BSA Compliance Program and shall ensure that the Institution, its management, and its staff adhere to the revised BSA Compliance Program.

(10)                            The Board shall conduct a comprehensive review of the Institution’s BSA Compliance Program not less than annually to assess its adequacy and effectiveness at ensuring the Institution’s compliance with applicable BSA Laws and Regulations, SAR Regulation, and the guidance contained in the BSA Examination Manual in consideration of the Institution’s operations, activities, size, and complexity.  The first comprehensive review shall be completed no later than one (1) year after the Board adopts the revised BSA Compliance Program.  The Board may retain an experienced and knowledgeable consultant to assist in such review.  The Board shall promptly adopt and implement such revisions and amendments as are necessary to address any weaknesses or deficiencies and ensure the

7




adequacy and effectiveness of the BSA Compliance Program and the Institution’s continued compliance with applicable laws and regulations.  The Board shall direct management to fully implement and ensure management and staff adheres to any corrective actions or changes made by the Board.  The Board shall institute procedures and steps to ensure management’s full and timely completion of all Board-adopted corrective actions.

(11)                            Within ninety (90) days after the Effective Date of this C&D Order, the Board shall ensure that management completes a review of the Institution’s customers to accurately identify and appropriately categorize all higher-risk accounts under the Institution’s Risk Assignment Methodology.  Management shall ensure that all required documentation has been provided and that appropriate action is taken to correct any deficiencies within forty-five (45) days from the time any deficiency is discovered.  Thereafter, management shall ensure that such accounts are subjected to the appropriate monitoring and oversight monitoring requirements established by the Board. With respect to higher risk customers who became customers on or after October 1, 2003 and are customers as of the date of this Order, it shall be deemed to be sufficient hereunder for the Institution to collect required customer information and add that information to an electronic database maintained by the Institution at such times as the customer may enter an Institution branch office or contact the Institution by telephone and in either case perform an account-related transaction.

B.                                    Suspicious Activity Reports

The Board shall ensure that management conducts a review of the Institution’s higher risk account transactions consistent with the requirements adopted by the Board pursuant to this C&D Order.  The review shall cover the twelve (12)-month period preceding the issuance date of this C&D Order and shall identify all transactions and activity for which the

8




filing of a SAR is required.  The Board shall direct Management to immediately prepare and file any SAR with the appropriate regulatory agencies and law enforcement authorities on any transactions or activities for which a SAR was required but not filed.  Management shall prepare a report detailing its review including, at a minimum, a list of all transactions and activity for which the filing of a SAR was required, the relevant date(s) of the transactions or activity, a brief description of the facts and circumstances requiring a SAR to be filed, and the date that each SAR was actually filed with appropriate regulatory and law enforcement authorities.  Management shall complete its review and report within forty-five (45) days of the Board’s adoption of the Revised BSA Compliance Program.  A copy of management’s report and the Board meeting minutes reflecting the Board’s review of the report shall be provided to the Regional Director within ten (10) days from the date the Board approves the minutes of its meeting.

C.                                    BSA Training

Within thirty (30) days after revision of the BSA Compliance Program as required by Section II(A) of this C&D Order, management shall develop, and the Board shall review and adopt, and thereafter ensure that the Institution adheres to, a comprehensive training program (BSA Training Program) for the Board and for all appropriate audit, operational, and supervisory personnel to ensure awareness of their responsibility for:  (i) compliance with the requirements of the BSA Laws and Regulations and the SAR Regulation; (ii) the BSA and AML risks inherent to their departments and products; and (iii) any changes to the Institution’s BSA Compliance Program required by this C&D Order, the BSA Review, the annual BSA Compliance Program review, annual independent tests of the Institution’s BSA Compliance Program, OTS examinations, and amendments to the BSA Laws and

9




Regulations and the SAR Regulation.  The BSA Training Program shall include requirements for mandatory attendance, the frequency of training, specialized training procedures for certain departments of the Institution based upon the particular operations and risk presented by such departments, and procedures and timing for updating the BSA Training Program and materials based upon violations, deficiencies, and weaknesses identified.  The Institution shall maintain documentation of attendance at all BSA training required under this paragraph.

D.                                    Internal Audit and Controls

Within thirty (30) days after revision of the BSA Compliance Program as required by Section II(A) of this C&D Order, or by the time of its next regular meeting, if later, the Board shall review and amend the Institution’s written policies and procedures regarding internal audit and controls to strengthen and improve the Board’s review and oversight of audit results and controls (Internal Audit and Control Policy). The Internal Audit and Control Policy shall provide for the maintenance of an internal audit function independent of the Institution’s compliance function and the BSA Officer and his or her supporting staff, that will, on at least an annual basis, comprehensively review and assess the adequacy and effectiveness of the Institution’s BSA compliance program, consistent with the requirements of the BSA Laws and Regulations (BSA Audit).  If the Board obtains an independent consultant to perform a comprehensive review under Section IIA(10) and conducts independent testing each year in accordance with Section IIA(5), this annual requirement shall not apply.

The BSA Audit shall include adequate levels of transactional testing to corroborate audit findings, procedures for documenting completion of appropriate corrective actions by

10




management, and reassessment of any department, operation, branch, or area identified as having less than adequate BSA compliance within six months following the completion of each BSA Audit.  Within thirty (30) days after the completion of the BSA Audit or by the time of its next regular meeting, if later, the Board shall review the results of each BSA Audit, adopt appropriate corrective actions and timeframes to address identified weaknesses, require management to fully implement the corrective actions adopted by the Board, and ensure the timely completion of all required corrective actions.  The Board’s review, discussions, and required corrective actions shall be fully detailed in appropriate Board meeting minutes.  A copy of the BSA Audit procedures, scope, and findings, and the relevant meeting minutes detailing the Board’s review, shall be provided to the Regional Director within ten (10) days after the Board’s review of the BSA Audit findings and the approval of its meeting minutes.

III.                                 COMPLIANCE WITH ORDER

A.                                   The policies, procedures, corrective actions, plans, programs, reviews, and systems required by this C&D Order to address the issues raised by this C&D Order (collectively, Policies and Procedures) shall conform to all applicable statutes, regulations, and OTS policy and guidance.  The Board shall submit copies of all Policies and Procedures required by this C&D Order to the Regional Director within the timeframes specified or, in the event a timeframe is not specified, within thirty (30) days after adoption by the Board and its approval of the meeting minutes. The Board shall revise such Policies and Procedures as required by the Regional Director within thirty (30) days of receipt of written comments from the Regional Director or at its next regular meeting, if later.  The Policies and Procedures, as modified consistent with the written comments of the Regional Director, shall be

11




incorporated into this C&D Order and any deviation from such Policies and Procedures shall be a violation of this C&D Order.

B.                                     The Board shall require management to fully and timely implement the corrective actions and amendments and revisions to Institution policies and procedures adopted by the Board in accordance with the terms and requirements of each of the provisions of this C&D Order.  The Board shall institute such procedures and steps, including documentation requirements, as are necessary to ensure management’s full and timely completion of all Board adopted corrective actions and implementation and adherence to amendments or revisions to Institution policies by management and staff.  Management shall prepare and submit to the Board each month a report regarding the completion status of all corrective actions adopted by the Board.

IV.                                DEFINITIONS

All technical words or terms used in this C&D Order for which meanings are not specified or otherwise provided by the provisions of this C&D Order shall, insofar as applicable, have meanings as defined in Chapter V of Title 12 of the Code of Federal Regulations, the HOLA, the BSA, the FDIA, OTS Memoranda, or other published OTS guidance.  Any such technical words or terms used in this C&D Order and undefined in said Code of Federal Regulations, the HOLA, the FDIA, OTS Memoranda, or other published regulatory guidance shall have meanings that are in accordance with the best custom and usage in the savings and loan industry.

V.                                    SUCCESSOR STATUTES, REGULATIONS, GUIDANCE, AMENDMENTS

Reference in this C&D Order to provisions of statutes, regulations, OTS Memoranda, and other published regulatory guidance shall be deemed to include references to all

12




amendments to such provisions as have been made as of the Effective Date and references to successor provisions as they become applicable.

VI.                                NO VIOLATIONS AUTHORIZED; OTS NOT RESTRICTED

Nothing in this C&D Order or the Stipulation shall be construed as:  (a) allowing the Institution to violate any law, rule, regulation, or policy statement to which it is subject, or (b) restricting or estopping the OTS from taking any action(s) that it believes are appropriate in fulfilling the responsibilities placed upon it by law including, without limitation, any type of supervisory, enforcement or other action that the OTS determines to be appropriate, arising                 out of matters described in Reports of Examination, or based on other matters.

VII.                            TIME LIMITS; EFFECT OF HEADINGS; SEPARABILITY CLAUSE; STIPULATION INCORPORATED

A.                                   Time limitations for compliance with the terms of this C&D Order run from the Effective Date, unless otherwise noted.

B.                                     The section and paragraph headings herein are for convenience only and shall not affect the construction hereof.

C.                                     In case any provision in this C&D Order is ruled to be invalid, illegal or unenforceable by the decision of any court of competent jurisdiction, the validity, legality and enforceability of the remaining provisions hereof shall not in any way be affected or impaired thereby, unless the Regional Director in his or her sole discretion determines otherwise.

D.                                    The Stipulation is made a part hereof and is incorporated herein by this reference.

13




VIII.                        EFFECTIVE DATE; DURATION

This C&D Order is and shall become effective on the date it is issued, i.e., the Effective Date as shown on the first page hereof.  This C&D Order (including the related Stipulation) shall remain in effect until terminated, modified or suspended, in writing by the OTS, acting through its Director, Regional Director or other authorized representative.

 

OFFICE OF THRIFT SUPERVISION

 

 

 

 

 

By:

/s/ Michael E. Finn

 

 

 

Michael E. Finn

 

 

Regional Director

 

 

West Region

 

14