FEDERAL DEPOSIT INSURANCE CORPORATION WASHINGTON, D.C. )In the Matter of))UNITY BANK)CLINTON, NEW JERSEY)CONSENT ORDER))FDIC-20-0014b(INSURED STATE NONMEMBER BANK))))

The Federal Deposit Insurance Corporation (FDIC) is the appropriate Federal banking agency for Unity Bank, Clinton, New Jersey (Bank), under section 3(q) of the Federal Deposit Insurance Act (Act), 12 U.S.C. § 1813(q).

The Bank, by and through its duly elected and acting board of directors (Board), has executed a STIPULATION AND CONSENT TO THE ISSUANCE OF A CONSENT ORDER (CONSENT AGREEMENT), dated July 6, 2020, that is accepted by the FDIC. With the CONSENT AGREEMENT, the Bank has consented, without admitting or denying any charges of unsafe or unsound banking practices or violations of law or regulation relating to, among other things, weaknesses in the Bank’s Bank Secrecy Act/Anti-Money Laundering Compliance Program (BSA/AML Compliance Program), to the issuance of this CONSENT ORDER (ORDER) by the FDIC.

Having determined that the requirements for issuance of an order under section 8(b) of the Act, 12 U.S.C. § 1818(b), have been satisfied, the FDIC hereby orders that:

1.     The Board must increase its supervision and direction of the Bank’s BSA/AML Compliance Program, consistent with the role and expertise expected for directors of banks of comparable size and

risk, and assume full responsibility for the approval and implementation of sound BSA/AML policies, procedures, and processes reasonably designed to assure and monitor the Bank’s compliance with the Bank Secrecy Act, 31 U.S.C. § 5311 et seq., 12 U.S.C. § 1829b, 12 U.S.C. §§ 1951-1959 and 12 U.S.C. § 1818(s), and its implementing regulations, 31 C.F.R. chapter X, 12 C.F.R. § 326.8 and 12 C.F.R. part 353 (collectively, the BSA). The Board must ensure complete and timely compliance with this ORDER.

2.     The Bank must review and improve its written BSA/AML Compliance Program and ensure that it is reasonably designed to assure and monitor the Bank’s compliance with the BSA. At a minimum, the BSA/AML Compliance Program must address the BSA-related deficiencies and weaknesses identified in the October 21, 2019 FDIC Report of Examination (2019 ROE) transmitted to the Bank on February 26, 2020, meet the requirements of this ORDER, and include procedures for monitoring performance and for periodically reviewing and revising the BSA/AML Compliance Program to ensure that it is and continues to be reasonably designed to assure and monitor the Bank’s compliance with the BSA.

(a)    BSA Risk Assessment: Within 90 days from the effective date of this ORDER, the Bank must:

(i)    review and improve its BSA risk assessment (Risk Assessment) to accurately reflect the Bank’s risk profile related to money laundering, terrorist financing, and other illicit activity (Risk Profile) and develop appropriate risk-mitigating strategies for identified risks after reviewing its products, services, customers, entities, transactions, system alerts, and geographic footprint and conducting a detailed qualitative and quantitative analysis of the risk within each identified category; and

(ii)    establish appropriate written policies, procedures, and processes regarding Risk Assessments that require, at a minimum, the periodic reassessment of the Bank’s Risk Profile and satisfactory documentation of the resulting Risk Assessment.

(b)    System of BSA Internal Controls: Within 180 days from the effective date of this ORDER, the Bank must review, improve, and validate its system of internal controls to ensure that it is

reasonably designed to assure and monitor compliance with the BSA (BSA Internal Controls) taking into consideration the Risk Assessment; the Risk Profile; the Bank’s size, structure, and complexity; and the deficiencies and weaknesses identified in the 2019 ROE. At a minimum, such system of BSA Internal Controls must include written policies, procedures, and processes addressing the following areas:

(i)    Suspicious Activity Monitoring and Reporting: The Bank must:

(A)    review and improve its policies, procedures, processes, and systems for monitoring, detecting, and reporting suspicious activity conducted within or through the Bank and ensure the timely, accurate, and complete filing of suspicious activity reports (SARs) with an appropriate level of documentation and support for Bank management’s decisions to file or not to file a SAR. These policies, procedures, processes, and systems should ensure that all relevant areas of the Bank are monitored for suspicious activity, including cash transactions, monetary instruments, ACH and ATM transactions, and international and domestic wire transfers; and

(B)    conduct a comprehensive review and validation of all systems the Bank utilizes to monitor, detect, and report suspicious activity and develop policies, procedures, and processes requiring the periodic review and validation of these systems based on the Bank’s current Risk Profile. Decisions to adjust or not adjust system parameters as a result of the reviews should be supported through a well-documented analysis with appropriate information.

(ii)    Customer Due Diligence: The Bank must review and improve its customer due diligence (CDD) policies, procedures, and processes for new and existing customers to:

(A)be consistent with the Bank’s Risk Profile and Risk Assessment, with increased focus on customers identified in the Bank’s Customer Risk Profile, as defined below, as posing heightened risk of money laundering, terrorist financing, or other illicit activities;

(B)establish specific staff responsibilities, including who is responsible for reviewing or approving changes to a customer’s risk rating or profile;

(C)ensure that the Bank possesses sufficient customer information to implement an effective suspicious activity monitoring system;

(D)document analysis associated with the due diligence process, including guidance for resolving issues when insufficient or inaccurate information is obtained;

(E)maintain current customer information;

(F)    operate in conjunction with the Bank’s Customer Identification Program (CIP);

(G)    enable the Bank to reasonably predict the types of transactions in which a customer is likely to engage; and

(H)    provide for:

i.     a risk assessment of the customer base through an appropriate risk-rating system to ensure that the risk level of the Bank’s customers is accurately identified based on the potential for money laundering, terrorist financing, or other illicit activity posed by the customer’s activities, with consideration given to the purpose of the account, the anticipated type and volume of account activity, types of products and services offered, and locations and markets served by the customer (Customer Risk Profile);

ii.    an appropriate level of ongoing monitoring commensurate with the risk level of a Customer Risk Profile to ensure that the Bank can reasonably detect suspicious activity and accurately determine which customers are higher risk and require additional due diligence (risk-based customer due diligence or RBCDD);

iii.    a process to obtain and analyze a sufficient level of customer information at account opening to establish and support the risk ratings assigned in the Bank’s Customer Risk Profiles;

iv.    a process to document and satisfactorily support the CDD analysis; and

v.    processes to reasonably ensure the timely identification and accurate reporting of known or suspected criminal activity, as required by the suspicious activity reporting provisions of part 353 of the FDIC’s Rules and Regulations, 12 C.F.R. part 353.

(iii)    Risk-Based Customer Due Diligence: The Bank must review and improve policies, procedures, and processes to conduct RBCDD necessary for those categories of customers the Bank has reason to believe pose a heightened risk of money laundering, terrorist financing, or other illicit activities. The RBCDD policies, procedures, and processes adopted should, at a minimum:

(A)    consider the customer’s business activity, ownership structure, anticipated or actual volume, and types of transactions;

(B)    operate in conjunction with its CIP and CDD policies, procedures, and processes;

(C)    determine the appropriate frequency for conducting ongoing reviews, based on customer risk level;

(D)    determine the appropriate documentation necessary to conduct and support ongoing reviews and analyses in order to reasonably understand the normal and expected transactions of the customer;

(E)    reasonably ensure the timely identification and accurate and complete reporting of known or suspected criminal activity against or involving the Bank to law enforcement and supervisory authorities, as required by the suspicious activity reporting provisions of part 353 of the FDIC’s Rules and Regulations, 12 C.F.R. part 353;

(F)    provide for the development of a high-risk customer list noting entities with multiple accounts and assignment of one risk rating across related accounts (High-Risk Customer List); and

(G)    ensure the BSA Internal Controls operate in conjunction with each other and are consistent with account/transaction monitoring, including arranging for the dissemination of a High-Risk Customer List to appropriate departments within the Bank.

(c)    Independent Testing: Within 240 days from the effective date of this ORDER, and periodically thereafter based on the Bank’s current Risk Profile, independent testing for compliance with the BSA must be conducted by either a qualified outside party with the requisite ability to perform such testing and analysis or by Bank personnel who are independent of the BSA function and who have the requisite ability to perform such testing and analysis. The scope of the testing procedures performed and the test findings must be satisfactorily documented. The results of each independent test, as well as any apparent exceptions noted during the testing, must be presented to the Board. The Board must document the steps taken to correct any exceptions noted, address any recommendations made during each independent test, and record its actions in the minutes of the Board meetings.

The independent testing must, at a minimum, include:

(i)    an evaluation of the overall adequacy and effectiveness of the BSA/AML Compliance Program, including policies, procedures, and processes;

(ii)    a review of the Bank’s Risk Assessment;

(iii)    appropriate risk-based transaction testing to verify the Bank’s adherence to the BSA (e.g., CIP, CDD, and RBCDD programs; SARs; Currency Transaction Reports (CTR) and CTR exemptions; and information sharing requests);

(iv)    an evaluation of Bank management’s efforts to resolve apparent violations and deficiencies noted in previous audits and regulatory examinations;

(v)    a review of staff training for adequacy, accuracy, and completeness;

(vi)    a review of the effectiveness of the suspicious activity monitoring systems used for compliance with the BSA;

(vii)    an assessment of the effectiveness of the Bank’s policy and the overall process for identifying and reporting suspicious activity, including a review of SAR-related documentation to determine its accuracy, timeliness, completeness; and

(viii)    an assessment of the integrity and accuracy of management information systems used in the BSA/AML Compliance Program.

(d)    BSA Officer and Resources: Within 90 days from the effective date of this ORDER, the Bank must ensure that its designated BSA Officer has sufficient authority and resources (monetary, physical, and personnel) to effectively administer the BSA/AML Compliance Program. At a minimum, the Bank must:

(i)perform a review of its BSA-related resources (monetary, physical, and staffing) and analyze whether current resource levels are adequate and appropriate, and develop policies, procedures, and processes requiring the periodic, not less than annually, review of these resources. The review should also include, at a minimum, consideration of the Bank’s current size and growth plans, geographic areas served, products and services offered, changes in the BSA, the Risk Assessment, the Risk Profile, and the deficiencies and weaknesses identified in the 2019 ROE;

(ii)ensure an adequate level of BSA-related resources, including staffing, to implement the BSA/AML Compliance Program and ensure compliance with the BSA;

(iii)delegate sufficient authority to its designated BSA Officer to effectively coordinate, monitor, and ensure compliance with the BSA; and

(iv)develop policies, procedures, and processes requiring the BSA Officer to report directly to the Board or the Compliance Committee established under paragraph 5 of this ORDER with regard to matters related to the BSA.

(e)    Training: The Bank must take all necessary steps, consistent with sound banking practices, to ensure that all appropriate personnel are aware of, and can comply with, the requirements of

the BSA applicable to the individual’s specific responsibilities to assure the Bank’s compliance with the BSA. Within 180 days from the effective date of this ORDER, the Bank must develop, adopt, and implement effective training programs designed for the Board, Bank management, and staff and their specific compliance responsibilities on all relevant aspects of laws, regulations, and Bank policies, procedures, and processes relating to the BSA (Training Program). The Training Program must ensure that all appropriate personnel are aware of, and can comply with, the requirements of the BSA on an ongoing basis and, at a minimum, include:

(i)    an overview of the BSA for new staff along with specific training designed for their specific duties and responsibilities upon hiring;

(ii)    training on the Bank’s BSA/AML policies, procedures, and processes along with new rules and requirements as they arise for appropriate personnel designed to address their specific duties and responsibilities;

(iii)    a requirement that the Bank fully document the training of each employee, including the designated BSA Officer(s), with respect to BSA/AML policies, procedures, and processes; and

(iv)    a requirement that training in these areas be conducted at least annually.

3.     Within 60 days from the effective date of this ORDER, the Bank must review and analyze its compliance with the regulations issued by the Office of Foreign Assets Control (OFAC) and take all necessary action to ensure timely and complete compliance with the OFAC regulations.

4.    (a)     Within 60 days from the effective date of this ORDER, the Bank must engage a qualified firm acceptable to the Deputy Regional Director of the FDIC New York Regional Office and the

Commissioner of the New Jersey Department of Banking and Insurance (Commissioner) to conduct a review of all accounts and transaction activity for the time period beginning January 1, 2019, through the effective date of this ORDER to determine whether reportable transactions and suspicious activity involving any accounts or transactions within or through the Bank were properly identified and reported in accordance with the applicable reporting requirements (Initial Look Back Review).

(b)    Within 180 days of receipt of the Deputy Regional Director’s and the Commissioner’s non-objections regarding the proposed engagement of the qualified firm, the firm must complete the Initial Look Back Review and the Bank must prepare and file any additional CTRs and SARs necessary based upon the review. Upon completion of the Initial Look Back Review, the Bank must immediately submit the findings of the review and copies of any additional SARs and CTRs filed to the Deputy Regional Director and the Commissioner.

(c)    The Deputy Regional Director and the Commissioner may, in their sole discretion after reviewing the results of the Initial Look Back Review, provide written notification (Additional Look Back Review Notification) to the Bank requiring the firm selected to do the Initial Look Back Review, or another qualified firm acceptable to the Deputy Regional Director and the Commissioner (Additional Look Back Review Firm), to review all accounts and transaction activity for additional time periods to determine whether reportable transactions and suspicious activity involving any accounts or transactions within or through the Bank were properly identified and reported in accordance with the applicable reporting requirements and in a manner consistent with the written notification sent to the Bank (Additional Look Back Review). The Additional Look Back Review Firm must complete the Additional Look Back Review and the Bank must prepare and file any additional CTRs and SARs necessary based upon the review within the timeframe established in the Additional Look Back Review Notification. Upon completion of the Additional Look Back Review, the Bank must immediately submit the findings of the review and copies of any additional SARs and CTRs filed to the Deputy Regional Director and the Commissioner.

5.     Within 30 days from the effective date of this ORDER, the Board must establish a directors’ BSA/AML compliance committee (Compliance Committee). A majority of the Compliance Committee members may not now or have previously been involved in the daily operations of the Bank. The Compliance Committee will have the responsibility of overseeing the Bank’s compliance with this ORDER, the BSA, and the Bank’s BSA/AML Compliance Program. The Compliance Committee must receive monthly reports from the BSA Officer regarding the Bank’s compliance with this ORDER, the BSA, and the Bank’s BSA/AML Compliance Program. The Compliance Committee must present a report to the Board at each regularly scheduled Board meeting regarding the Bank’s compliance with this ORDER, the BSA, and the Bank’s BSA/AML Compliance Program, and this report must be recorded in the appropriate minutes of the Board meeting and retained in the Bank’s records. The establishment of this Compliance Committee does not diminish the responsibility or liability of the entire Board to ensure timely compliance with the provisions of this ORDER.

 

6.     Within 240 days from the effective date of this ORDER, the Bank must take all steps necessary, consistent with other provisions of this ORDER and sound banking practices, to eliminate and correct any unsafe or unsound banking practices and any violations of law or regulation cited in the 2019 ROE. The Bank must take all steps necessary to ensure future compliance with all applicable laws and regulations.

7.     Within 30 days after the end of each calendar quarter following the effective date of this ORDER, the Bank must furnish to the Deputy Regional Director and the Commissioner written progress reports detailing the form, manner, and results of any actions taken to secure compliance with this ORDER. All progress reports and other written responses to this ORDER must be reviewed and approved by the Board and be made a part of the Board minutes.

8.     Within 30 days from the effective date of this ORDER, the Bank must provide either a copy of this ORDER or an accurate and complete description of all material aspects of the ORDER to its parent holding company.

9.     The provisions of this ORDER do not bar, estop, or otherwise prevent the FDIC or any other federal or state agency or department from taking any other action against the Bank or any of the Bank’s current or former institution-affiliated parties.

This ORDER is effective on the date of issuance and its provisions will remain effective and enforceable until such time as any provision is modified, terminated, suspended, or set aside in writing by the FDIC. The provisions of this ORDER are binding upon the Bank, its institution-affiliated parties, and any successors and assigns thereof.

Issued Under Delegated Authority.

Dated: July 8, 2020

/s/ Jessica A. Kaemingk

___________________________________                

By:    Jessica A. Kaemingk

Deputy Regional Director

New York Region

Federal Deposit Insurance Corporation