FEDERALDEPOSIT INSURANCE CORPORATION WASHINGTON, D.C.
Exhibit 10.1
FEDERAL DEPOSIT INSURANCE CORPORATION
WASHINGTON, D.C.
In the Matter of
FIRST COMMUNITY BANK LEXINGTON, SOUTH CAROLINA
(Insured State Nonmember Bank)
| ) ) ) ) ) ) ) ) |
CONSENT ORDER
FDIC-14-0431b
|
The Federal Deposit Insurance Corporation (“FDIC”) is the appropriate Federal banking agency for First Community Bank, Lexington, South Carolina (“Bank”), under section 3(q) of the Federal Deposit Insurance Act (“Act”), 12 U.S.C. § 1813(q).
The Bank, by and through its duly elected and acting Board of Directors (“Board”), has executed a “STIPULATION AND CONSENT TO THE ISSUANCE OF A CONSENT ORDER” (“CONSENT AGREEMENT”), dated February 17, 2015, that is accepted by the FDIC. With the CONSENT AGREEMENT, the Bank has consented, without admitting or denying any charges of unsafe or unsound banking practices or violations of law or regulation related to weaknesses in the Bank’s compliance with the Bank Secrecy Act, 31 U.S.C. § 5311 et seq., 12 U.S.C. § 1829b, and 12 U.S.C. §§ 1951-1959, and its implementing regulations, 31 C.F.R. Chapter X and 12 C.F.R. Part 353, and 12 U.S.C. § 1818(s), and its implementing regulation, 12 C.F.R. § 326.8 (collectively referred to as “BSA”), to the issuance of this Consent Order (“ORDER”) by the FDIC.
Having determined that the requirements for issuance of an order under section 8(b) of the Act, 12 U.S.C. § 1818(b), have been satisfied, the FDIC hereby orders that:
BOARD SUPERVISION
1. (a) As of the effective date of this ORDER, the Board shall increase its supervision and direction of the Bank’s BSA Compliance Program, assuming full responsibility for the approval of sound BSA policies, procedures and processes, consistent with the role and expertise commonly expected for directors of banks of comparable size. This participation shall include meetings to be held no less frequently than monthly at which, at a minimum, the following areas shall be reviewed and approved: internal control reviews including management’s responses; high-risk deposit accounts; BSA risk rating; BSA staffing; BSA training; BSA compliance; and compliance with this ORDER. Board meeting minutes shall document these reviews and approvals, including the names of any dissenting directors.
(b) Within 30 days from the effective date of this ORDER, the Board shall establish a Board committee (“Directors’ Committee”), consisting of at least five members, to oversee the Bank’s compliance with the ORDER. At least two of the members of the Directors’ Committee shall be directors not employed in any capacity by the Bank other than as a director. The Directors’ Committee shall formulate and review monthly reports detailing the Bank’s actions with respect to compliance with this ORDER. The Directors’ Committee shall present a report detailing the Bank’s adherence to this ORDER to the Board at each regularly scheduled Board meeting. Such report shall be recorded in the appropriate minutes of the Board’s meetings and shall be retained in the Bank’s records. Establishment of this committee does not in any way diminish the responsibility of the entire Board to ensure compliance with the provisions of this ORDER.
MANAGEMENT
2. The Board shall have and retain management qualified to oversee all aspects of the Bank’s operations, including the Bank’s BSA Compliance Program, as defined below. Management shall ensure compliance with all applicable BSA laws and regulations. Each member of management shall have the qualifications and experience commensurate with his or her duties and responsibilities related to BSA compliance.
| 2 |
BSA COMPLIANCE PROGRAM
3. Within 90 days from the effective date of this ORDER, the Bank shall review and revise its written BSA Compliance Program, including policies and procedures, which fully meets all applicable requirements of 12 C.F.R § 326.8, addresses the deficiencies and recommendations contained in the Report of Examination dated September 2, 2014 (“Report”), and which is designed to, among other things, ensure and maintain full compliance with the BSA. The BSA Compliance Program will also ensure and maintain full compliance with all anti-money laundering (“AML”) laws, regulations, and rules and those relating to the Office of Foreign Asset Control (“OFAC”). The Bank shall submit the BSA Compliance Program to the Regional Director of the FDIC’s Atlanta Regional Office (“Regional Director”) for non-objection or comment. Within 30 days of receipt of the Regional Director’s non-objection or comments and after incorporation and adoption of all comments, the Board shall approve the BSA Compliance Program, which approval shall be recorded in the minutes of the Board meeting. Within 30 days of such Board approval, the Bank shall implement and fully comply with the BSA Compliance Program in a manner acceptable to the Regional Director, as determined at subsequent examinations or visitations of the Bank. The BSA Compliance Program shall be tailored to address the risk profile of the Bank identified in the Bank’s BSA risk assessment required by paragraph 4 of this ORDER.
RISK ASSESSMENT
4. Within 60 days from the effective date of the ORDER, the Bank shall revise its annual Risk Assessment to address the deficiencies noted in the Report and thereafter shall conduct a Risk Assessment no less than annually. The Board shall review and approve the Risk Assessment and forward it to the Regional Director with the progress report required by this ORDER that is next due following the Board’s approval. The Risk Assessment shall weigh all relevant factors, including identification and measurement of the specific risk characteristics of the Bank’s products, services, customers, affiliates, and geographic locations, with analysis of the major risk categories including privately-owned automatic teller machines (“ATMs”), and certain other high-risk customers identified in the Report. The Risk Assessment shall address all pertinent risk factors that affect the overall BSA/AML risk profile of the Bank, including the deficiencies and recommendations contained in the Report, and ensure that risk ratings are accurate and well supported by qualitative and quantitative data.
| 3 |
INTERNAL CONTROLS
5. (a) Based on the results of the Risk Assessment, within 90 days from the effective date of the ORDER, the Bank shall develop a revised system of internal controls designed to ensure full compliance with the BSA (“BSA Internal Controls”) taking into account its size and risk profile and addressing the deficiencies and recommendations contained in the Report, including implementation of provisions for program continuity despite changes in personnel.
(b) At a minimum, the BSA Internal Controls shall include policies, procedures, and processes addressing the following areas:
(i) Suspicious Activity Monitoring and Reporting: Taking into account its size and risk profile, the Bank shall develop, adopt, and implement policies, procedures, processes, and systems, including automated software monitoring systems, for monitoring, detecting, and reporting suspicious activity being conducted in all areas within or through the Bank. The Bank shall monitor all relevant areas of the Bank for suspicious activity, including, but not limited to: cash transactions, international and domestic wire transfers, ACH and ATM transactions, privately owned ATMs, and certain other high-risk customers identified in the Report. The Bank shall cause the timely, accurate, and complete filing of Suspicious Activity Reports (“SARs”). The Bank shall require the appropriate level of documentation and support for management’s decision to file or not to file a SAR, as required by law.
| 4 |
(ii) Currency Transaction Reports (“CTR”): The Bank shall review and enhance its CTR policies, procedures, and processes to insure the completion of annual exempt person reviews.
(iii) Customer Due Diligence: The Bank shall review and enhance its customer due diligence (“CDD”) policies, procedures, and processes for new and existing customers (“CDD Program”):
(A) the CDD Program shall be consistent with guidance for CDD set forth in the Federal Financial Institutions Examination Council’s Bank Secrecy Act/Anti-Money Laundering Examination Manual (http://www.ffiec.gov/bsa_aml_infobase/default.htm) (“BSA Manual”);
(B) the CDD Program shall operate in conjunction with the Bank’s Customer Identification Program (“CIP”); and
(C) At a minimum, the CDD Program shall include:
(1) a risk rating system to assess the Bank’s customer base to ensure that the risk level of each customer is accurately identified based on the potential for money laundering or other illicit activity posed by the customer’s activities. Each risk rating assessment shall take into account the purpose of the account, the anticipated type and volume of account activity, types of products and services offered, and locations and markets served by the customer;
(2) policies and procedures with respect to high-risk accounts and customers, including a formal visitation program for all high-risk customers, periodic update of risk grades based on changes in risk factors, and a process for obtaining higher-level approvals for accounts and transactions where appropriate;
| 5 |
(3) an appropriate level of ongoing monitoring commensurate with the customer’s risk level to ensure that the Bank can reasonably detect suspicious activity and accurately determine whether the customer requires enhanced due diligence (“EDD”);
(4) a sufficient level of customer information at account opening and appropriate analysis of that information to assist and support the risk rating assigned;
(5) procedures for documenting and supporting the risk analysis conducted under the CDD process, including procedures for validating risk ratings assigned at account opening and resolving issues in the event insufficient or inaccurate information is obtained; and
(6) procedures to reasonably ensure the timely identification and accurate reporting of known or suspected criminal activity, as required by 12 C.F.R. Part 353 (“Part 353”).
(iv) Enhanced Due Diligence: The Bank shall establish EDD policies, procedures, and processes to conduct EDD necessary for those categories of customers that the Bank has reason to believe pose a heightened risk of suspicious activity (“EDD Program”), including, but not limited to, high-risk accounts:
(A) the EDD program shall be consistent with the guidance for EDD set forth in the BSA Manual;
(B) the EDD Program shall operate in conjunction with the Bank’s CIP and CDD policies, procedures and processes; and
(C) At a minimum, the EDD Program shall include:
(1) procedures to determine the frequency of ongoing reviews based on customer risk level;
| 6 |
(2) procedures to determine the appropriate documentation necessary to conduct and support ongoing reviews and analyses in order to reasonably understand the customer’s normal and expected transactions; and
(3) procedures to reasonably ensure the timely identification and accurate reporting to law enforcement and the Regional Director of known or suspected criminal activity against or involving the Bank, as required by Part 353.
(v) The Bank shall conduct EDD for those privately owned ATMs and certain other high-risk customers identified in the Report rated as higher-risk to include the following:
(A) risk-based reviews of all business lines of each higher-risk privately owned ATMs and certain other high-risk customers identified in the Report;
(B) monitoring of business-to-business check payees and makers for recurring or unusual transactions; and
(C) quarterly and annual EDD reviews which incorporate the improvements identified as necessary or recommended in the Report.
(vi) The policies, procedures, and processes that comprise the Bank’s BSA Internal Controls shall operate in conjunction with each other and shall be consistent with the guidance for account/transaction monitoring and reporting set forth in the BSA Manual, including dissemination of the high-risk customer list to appropriate departments within the Bank.
(vii) Required Reporting: The Bank’s BSA Internal Controls shall provide for periodic reports that address the following areas of activity: high-volume wire transfer accounts, privately owned ATMs, certain other high-risk customers identified in the Report, and activity by risk code. The reports shall also include tracking data to ensure appropriate CIP information is obtained, site visitations are conducted, and monitoring and SAR reporting systems procedures are being implemented in a timely manner. Such reports shall be provided to the Board prior to each Board meeting.
| 7 |
(c) The BSA Internal Controls shall be submitted to the Regional Director for comment. Within 30 days of receipt of the Regional Director’s comments and after incorporation and adoption of all comments, the Board shall approve the BSA Internal Controls, which approval shall be recorded in the minutes of the Board meeting. Thereafter, the Bank shall implement and fully comply with the BSA Internal Controls.
BSA TRAINING
6. (a) The Bank shall take all steps necessary, consistent with sound banking practices, to ensure that all appropriate personnel are aware of, and can comply with, the requirements of the BSA applicable to the individual’s specific responsibilities to assure the Bank’s compliance with the BSA.
(b) Within 60 days from the effective date of this ORDER, the Bank shall develop, adopt, and implement effective training programs designed for the Board, management, and staff and their specific compliance responsibilities on all relevant aspects of laws, regulations, and Bank policies, procedures and processes relating to the BSA (“Training Program”). The Training Program shall ensure that all appropriate personnel are aware of, and can comply with, the requirements of the BSA on an ongoing basis, including as they relate to high-risk accounts, products, and services. The Training Program shall, at a minimum, include:
(i) an overview of the BSA for new staff along with specific training designed for their specific duties and responsibilities upon hiring;
(ii) training on the Bank’s BSA, AML, and OFAC policies, procedures, and processes along with new rules and requirements as they arise for appropriate personnel designed to address their specific duties and responsibilities;
| 8 |
(iii) a requirement that the Bank fully document the training of each employee with respect to the BSA, AML, and OFAC policies, procedures, and processes; and
(iv) a requirement that training be conducted no less frequently than annually.
BSA STAFF
7. (a) Within 30 days from the effective date of the ORDER, the Bank shall assess its BSA staffing needs to ensure adequate and appropriate BSA staffing resources are in place at all times. Within 60 days from the effective of the ORDER, the Bank shall develop and implement a written plan of action to develop existing personnel or recruit and hire additional or replacement personnel with the requisite ability, experience, and other qualifications necessary to ensure BSA compliance (“BSA Staffing Plan”) and the Board shall review and approve the BSA Staffing Plan. The BSA Staffing Plan shall include, at a minimum, consideration of the Bank’s size and growth plans, geographical areas served, high-risk accounts, products and services offered, and changes in the BSA/AML and OFAC practices, procedures, rules, and regulations.
(b) Periodically thereafter, but no less often than annually, the Bank shall assess its BSA staffing needs to ensure adequate and appropriate BSA staffing resources are in place at all times and provide for continuity for the BSA area.
INDEPENDENT TESTING
8. The Bank shall maintain independent testing programs for compliance with the BSA, AML, and OFAC rules and regulations, to be performed on no less than an annual basis. The scope of the testing to be performed shall be in writing and reviewed and approved by the Board. Testing results and recommendations for improvement shall be in writing and shall be approved by the Board within 60 days of completion. Testing procedures shall be consistent with the guidance for independent testing set forth in the BSA Manual.
| 9 |
REPORTS
9. The Bank shall ensure that all required reports including CTRs, SARs, and any other similar or related reports required by law or regulation are completed accurately and properly filed within required timeframes.
VIOLATIONS OF LAW AND/OR REGULATION
10. Within 90 days from the effective date of this ORDER, the Bank will eliminate and/or correct all violations of laws and/or regulations noted in the Report and shall adopt and implement appropriate procedures to ensure future compliance with all such applicable federal and state laws and/or regulations.
PROGRESS REPORTS
11. Within 30 days from the end of the first quarter following the effective date of this ORDER, and within 30 days from the end of each quarter thereafter, the Bank shall furnish written progress reports to the Regional Director detailing the form and manner of any actions taken to secure compliance with this ORDER and the results thereof. Such reports may be discontinued when the corrections required by this ORDER have been accomplished and the Regional Director has released the Bank in writing from making further reports. All progress reports and other written responses to this ORDER shall be reviewed by the Board and made a part of the appropriate Board meeting minutes.
DISCLOSURE TO SHAREHOLDERS
12. Within 30 days from the effective date of this ORDER, the Bank shall send a copy of this ORDER to its parent holding company.
| 10 |
OTHER ACTIONS
The provisions of this ORDER shall not bar, stop, or otherwise prevent the FDIC or any other federal or state agency or department from taking any other action against the Bank or any of the Bank’s current or former institution-affiliated parties.
This ORDER shall be effective on the date of issuance.
The provisions of this ORDER shall be binding upon the Bank, its institution-affiliated parties, and any successors and assigns thereof.
The provisions of this ORDER shall remain effective and enforceable except to the extent that and until such time as any provision has been modified, terminated, suspended, or set aside by the Regional Director in writing.
Issued Pursuant to Delegated Authority.
Dated: February 18, 2015
By:
/s/ Michael J. Dean
Michael J. Dean
Regional Director
Division of Risk Management Supervision
Federal Deposit Insurance Corporation
| 11 |
