FEDERALDEPOSIT INSURANCE CORPORATION WASHINGTON,D.C. ) ) In the Matter of ) ) REPUBLIC BANK & TRUST COMPANY ) ORDER TO CEASE AND DESIST LOUISVILLE, KENTUCKY, ) ) FDIC-08-308b (Insured State Nonmember Bank) ) )
EXHIBIT 10.62
FEDERAL DEPOSIT INSURANCE CORPORATION
WASHINGTON, D.C.
|
| ) |
|
| |||
|
| ) |
|
| |||
| In the Matter of | ) |
|
| |||
|
| ) |
| |||
| REPUBLIC BANK & TRUST COMPANY | ) | ORDER TO CEASE AND DESIST | |||
| LOUISVILLE, KENTUCKY, | ) |
| |||
|
| ) | FDIC-08-308b | |||
| (Insured State Nonmember Bank) | ) |
| |||
|
| ) |
|
| |||
Republic Bank & Trust Company, Louisville, Kentucky (“Bank”), having been advised of its right to a NOTICE OF CHARGES AND OF HEARING detailing the unsafe or unsound banking practices and violations of law or regulation alleged to have been committed by the Bank, and of its right to a hearing on the charges under section 8(b) of the Federal Deposit Insurance Act (“Act”), 12 U.S.C. § 1818(b), and having waived those rights, entered into a STIPULATION AND CONSENT TO THE ISSUANCE OF AN ORDER TO CEASE AND DESIST (“CONSENT AGREEMENT”) with counsel for the Federal Deposit Insurance Corporation (“FDIC”), dated February 20, 2009, whereby, solely for the purpose of this proceeding and without admitting or denying the charges of unsafe or unsound banking practices and violations of law or regulation, the Bank consented to the issuance of an ORDER TO CEASE AND DESIST (“ORDER”) by the FDIC.
The FDIC considered the matter and determined that it had reason to believe that the Bank had engaged in unsafe or unsound banking practices and had violated laws or regulations. The FDIC, therefore, accepted the CONSENT AGREEMENT and issued the following:
ORDER TO CEASE AND DESIST
IT IS HEREBY ORDERED, that the Bank, its institution-affiliated parties, as that term is defined in section 3(u) of the Act, 12 U.S.C. § 1813(u), successors, and assigns, cease and desist from the following unsafe or unsound banking practices and violations of law or regulations:
A. Operating with management whose policies and practices in the area of consumer compliance are detrimental to the Bank.
B. Operating with inadequate supervision over, and direction to, the active management of the Bank in the area of consumer compliance.
C. Operating with an ineffective compliance management system given the magnitude and complexity of the Bank’s third party relationships.
1
D. Violating federal consumer protection laws and regulations as set forth in the FDIC’s Compliance Report of Examination of the Bank as of May 27, 2008, (“Compliance Report”).
E. Failing to establish an effective process to monitor compliance with federal consumer protection laws, regulations, and policies.
F. Operating with inadequate policies and procedures given the magnitude and complexity of the Bank’s third party relationships.
G. Operating with an inadequate consumer compliance audit program.
H. Failing to provide adequate training to Bank employees, and failing to insure third parties, and employees of third parties are adequately trained.
I. Failing to appropriately manage third party risk.
IT IS FURTHER ORDERED, that the Bank, its institution-affiliated parties, successors, and assigns, take affirmative action as follows:
1. The Bank shall have and retain qualified Management. For purposes of this ORDER, Management is defined as any “senior executive officer” as defined in section 32 of the Act (“section 32”), 12 U.S.C. § 1831(i), and section 303.101(b) of the FDIC Rules and Regulations, 12 C.F.R. § 303.101(b), and any Bank officer with management responsibilities involved in the Bank’s Tax Refund Solutions (“TRS”) program or Compliance Department.
(a) Each member of Management shall have qualifications and experience commensurate with his or her duties and responsibilities at the Bank. Each member of Management shall be provided appropriate authority from the Bank’s board of directors to implement the provisions of this ORDER.
(b) The qualifications of Management shall be assessed on its ability to:
(i) comply with the requirements of this ORDER;
(ii) operate the Bank in a safe and sound manner;
(iii) comply with applicable laws and regulations; and
(iv) develop, implement and administer a satisfactory Compliance Management System, as described in Financial Institution Letter 10-2007, “Compliance Examination Handbook, Heading II Compliance Examinations-Compliance Management System,” (“CMS Guidance”);
(v) appropriately assess, measure, monitor and control third party risks.
2
2. (a) From the effective date of this ORDER, the board of directors shall increase its participation in the affairs of the Bank, assuming full responsibility for the approval of sound policies and objectives and for the supervision of all of the Bank’s consumer compliance activities including the Bank’s TRS program, consistent with the role and expertise commonly expected for directors of banks of comparable size and risk profile.
(b) The Bank’s board of directors shall allocate resources to the compliance area that are:
(i) Commensurate with the level of complexity of the Bank’s operations to ensure the establishment and implementation of a Compliance Management System that complies with the CMS Guidance, including procedures ensuring the Bank’s compliance with applicable federal consumer protection laws, regulations, and policies(“Consumer Law”)and the Bank’s ability to appropriately assess, measure, monitor and control third party risk, and
(ii) Sufficient to ensure the Bank’s timely compliance with the provisions of this ORDER.
(c) Within 60 days from the effective date of this ORDER, the Bank’s board of directors shall have in place a procedure that will provide for monitoring of the Bank’s compliance with this ORDER.
(i) The procedure shall include, but not be limited to, monthly meetings to be held by a Committee designated by the Bank’s board of directors, consisting of members of the board who will be charged with oversight of the Bank’s compliance with this Order, and which, at a minimum, the following areas shall be reviewed and approved: Compliance Program, (defined in the CMS Guidance) monitoring reports, audit reports, compliance program policies, management of third party risk, and compliance with this ORDER. The Committee shall report to the board at each board meeting held while this Order is in effect. The Committee and Board minutes shall document these reviews and approvals, including the names of any dissenting directors. Establishment of a Committee does not diminish the responsibility of the board of directors for ensuring compliance with the provisions of this ORDER.
(ii) All progress reports required by this Order, and other written responses to this ORDER shall be reviewed and signed by each member of the board, and such reviews shall be recorded in the minutes of the applicable meeting of the board of directors.
3
3. (a) Within 120 days from the effective date of this Order the board of directors shall ensure that Management establishes and implements a Compliance Management System that complies with the CMS Guidance. At a minimum the Compliance Management System should address the Bank’s compliance with Consumer Law, and the assessment, measuring, monitoring, and controlling of third party risk.
(b) The Compliance Management System required by this paragraph shall be acceptable to the Regional Director of the FDIC’s Chicago Regional Office, (“Regional Director”)as determined at subsequent visitations or examinations.
4. (a) Within 90 days from the effective date of this ORDER, the Bank shall develop changes to the Bank’s training program, related to Consumer Law for all Bank personnel, including senior management and the board of directors, commensurate with their individual job functions and duties, and submit the program to the Regional Director for review and comment.
(b) Within 30 days from the receipt of any such comments from the Regional Director and after adoption of any recommended changes, the Bank shall approve the program, which approval shall be recorded in the minutes of the board of directors’ meeting. Thereafter, the Bank shall implement the program.
(c) Within 90 days from the effective date of this Order the board of directors shall ensure that Management develops changes to the Bank’s training program for all “Electronic Refund Originators” (“ERO’s”), used by the Bank in its “Refund Anticipation Loan” (“RAL”) business and the employees and contractors of the ERO’s as described below. The revised training program shall be submitted to the Regional Director for review and comment.
At a minimum the program shall ensure that comprehensive training is provided to all ERO’s, and ERO employees or contractors who offer to, or discuss potential tax refund services or RALs with the public, or who have access to customer information, in the Equal Credit Opportunity Act (“ECOA”),and Regulation B which implements the ECOA, the Truth In Lending Act (“TILA”), and Regulation Z which implements the TILA, the Truth In Savings Act (“TISA”), and Regulation DD which implements the TISA, the Electronic Fund Transfer Act (“EFT”), and Regulation E which implements the EFT, and Part 332 of the FDIC’s Rules and Regulations dealing with Privacy of Consumer Financial Information.
(d) Within 30 days from the receipt of any such comments from the Regional Director and after adoption of any recommended changes, the Bank shall approve the program, which approval shall be recorded in the minutes of the board of directors’ meeting. Thereafter, the Bank shall implement the revised program.
5. Within 90 days from the effective date of this ORDER, the board of directors shall ensure that Management revises the Bank’s Compliance Policy, and submits the revised Compliance Policy to the Regional Director for review and comment. At a minimum, this Policy shall:
4
(a) Require the adoption of a comprehensive Compliance Program as set forth in the CMS Guidance, which will be reviewed and approved annually by the board; and
(b) Require the development of internal monitoring procedures to ensure that:
(i) The Bank’s actual practices reflect the Compliance Policy;
(ii) All Consumer Law is being followed; and
(iii) The risk posed by the Bank’s use of third parties in providing its RAL business is appropriately assessed, measured, monitored and controlled.
6. (a) Within 30 days from the effective date of this ORDER, the Bank shall submit to the Regional Director for review and comment the engagement letter and scope of the external audit required by this paragraph.
(b) Within 90 days of receipt of any comments by the Regional Director, and after incorporating any changes to the scope of the audit or engagement letter required by the Regional Director the board of directors shall ensure that Management has an external audit conducted of its TRS program, including the RAL business, to ensure compliance with Consumer Law, and of the Bank’s compliance with HMDA. The audit shall at a minimum:
(i) Define a comprehensive scope, which at a minimum shall address the deficiencies and compliance risks in the Bank’s RAL business, and HMDA compliance as detailed in the Compliance Report;
(ii) Identify the number of transactions sampled by category or product type;
(iii) Identify deficiencies;
(iv) Provide descriptions of or suggestions for corrective actions and time frames for correction; and
(v) Establish follow-up procedures to verify that corrective actions were implemented and effective.
(b) Audit findings, deficiencies, and recommendations must be documented in a written report and provided to the board of directors within 30 days after completion of the external audit.
(c) Within 30 days of receipt of the external auditors’ written report the Board shall take action to address the audit findings, correct any deficiencies noted, and implement any recommendations or explain in a writing signed by all Board members why a particular recommendation has not been implemented.
(d) The contract or engagement letter with the external auditor, at a minimum, should include:
(i) A description of the work to be performed under the contract or engagement letter;
5
(ii) The responsibilities of the external auditor;
(iii) An identification of the professional standards covering the work to be performed;
(iv) Identification of the specific procedures to be used when carrying out the work to be performed;
(v) The time frame for completion of the work;
(vi) A provision for unrestricted examiner access to workpapers; and
(vii) A provision stating that the external auditor will present the findings of the audit directly to the Bank’s board of directors.
(e) After receipt of the external audit the board of directors shall cause Management to have, on a semi-annual basis, subsequent external audits. The subsequent audits shall comply with all of the provisions of this paragraph.
7. (a) Within 60 days from the effective date of this Order the board of directors shall ensure that Management develops, and submits to the Regional Director for review and comment, a Plan for its RAL business (“RAL Plan”) to appropriately assess, measure, monitor, and control third party risk, and ensure compliance with Consumer Law . The RAL Plan shall include at a minimum:
(i) A review of each aspect of the RAL business to assess and measure third party risk to the Bank, and provisions to update the review on an ongoing basis.
(ii) A comprehensive monitoring system for all ERO’s which contains at a minimum provisions to insure each ERO has adequately implemented the Bank’s RAL business including understanding the process of making a RAL loan, the application procedure, insuring the appropriate signatures are obtained from the RAL customers, and the ability to adequately comply with the appropriate Consumer Law.
(iii) Provisions for audits of a statistically significant number of active ERO’s under contract with the Bank on a recurring basis, to assess their overall knowledge of: (a) the RAL business; (b) compliance with Consumer Law; and (c) to determine if their location meets the Bank’s standards for physical security, data integrity, and customer privacy. In no event shall the number of ERO’s audited, including onsite audits, mystery shopping, and internal audits, in any given tax season be less than 10% of the total number of active ERO’s under contract for that season. An active ERO is an ERO who has at least one approved RAL by the last business day of January. In subsequent tax
6
seasons, the Bank shall plan its audits to ERO’s that are different from those previously visited for that type of audit.
(iv) Provisions to insure that the Bank has adequate measures in place to control its third party risk
(b) Within 30 days from the receipt of any such comments from the Regional Director and after adoption of any recommended changes, the Bank shall approve the RAL Plan, which approval shall be recorded in the minutes of the board of directors’ meeting. Thereafter, the Bank shall implement the RAL Plan.
8. Within 90 days from the effective date of this Order the board of directors shall ensure that Management develops, adopts and implements changes to the Bank’s internal audit program for the Bank’s RAL business. The audit shall include a full scope review of the Bank’s RAL business during and after the tax season.
9. Within 60 days of the effective date of this Order the Bank shall correct its HMDA Loan Application Registers for the years 2006 and 2007.
10. (a) Within 30 days of the date of this Order the Bank shall correct all violations of law or regulation contained in the Compliance Report.
(b) Within 30 days from the effective date of this ORDER, the Bank shall implement procedures to ensure future compliance with all Consumer Law.
11. Following the effective date of this ORDER, the Bank shall send to its shareholder, a copy of this ORDER:
(a) In conjunction with the Bank’s next shareholder communication; or
(b) In conjunction with its notice or proxy statement preceding the Bank’s next shareholder meeting.
(c) Any communication, notice, or statement accompanying the copy of the Order shall be sent to the FDIC Registration and Disclosure Section, 550 17th Street, N.W., Washington, D.C. 20429 for review at least 20 days prior to dissemination to shareholders.
(d) Any changes requested to be made by the FDIC shall be made prior to dissemination of the description, communication, notice, or statement.
12. Within 30 days from the end of the first calendar quarter following the effective date of this ORDER, and within 30 days after the end of each successive calendar quarter thereafter, the Bank shall furnish written progress reports to the Regional Director detailing the form and manner of any action taken to secure compliance with this ORDER and the results thereof.
The effective date of this ORDER shall be ten calendar days after the date of its issuance by the FDIC.
7
The provisions of this ORDER shall be binding upon the Bank, its institution-affiliated parties, successors, and assigns.
The provisions of this ORDER shall remain effective and enforceable except to the extent that, and until such time as, any provision of this ORDER shall have been modified, terminated, suspended, or set aside by the FDIC.
Pursuant to delegated authority.
Dated this 27 day of February, 2009.
|
| /s/ M. Anthony Lowe |
|
| M. Anthony Lowe |
|
| Regional Director |
|
| Division of Supervision and Consumer Protection |
8
