Exhibit 99.1
UNITED STATES OF AMERICA
BEFORE THE
BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM
WASHINGTON, D.C.
| | | | | | |
| In the Matter of | | | | | | |
| | | | | Docket Nos. | | 14-023-B-HC |
| | | | | | | 14-023-B-SMB |
| FULTON FINANCIAL CORPORATION | | | | | | |
| Lancaster, Pennsylvania | | | | Cease and Desist Order Issued
Upon Consent Pursuant to the
Federal Deposit Insurance Act, as
amended |
| and | | | | | | |
| | | | |
| LAFAYETTE AMBASSADOR BANK | | | | | | |
| Bethlehem, Pennsylvania | | | | | | |
WHEREAS, Fulton Financial Corporation, Lancaster, Pennsylvania (“FFC”), a registered bank holding company, owns and controls Lafayette Ambassador Bank, Bethlehem, Pennsylvania (the “Bank”), a state-chartered bank that is a member of the Federal Reserve System, five other banks (collectively, the “Subsidiary Banks”), and various nonbank subsidiaries;
WHEREAS, FFC has adopted a firmwide compliance program for its Subsidiary Banks, designed to ensure compliance with all applicable laws, rules, and regulations relating to anti-money laundering (“AML”), including compliance with the Bank Secrecy Act (“BSA”) (31 U.S.C. § 5311et seq.); the rules and regulations issued thereunder by the U.S. Department of Treasury (31 C.F.R. Chapter X); and the AML regulations issued by the appropriate federal supervisors for FFC and each of the Subsidiary Banks (collectively, “BSA/AML Requirements”);
WHEREAS, as part of the firmwide compliance program, FFC performs various services for the Subsidiary Banks regarding compliance with the BSA/AML Requirements, including, but not limited to, monitoring and reporting of suspicious activity, high risk customer identifications, currency transaction reporting and exemptions, training, policies, procedures, and risk assessments;
WHEREAS, the most recent inspection of FFC conducted by the Federal Reserve Bank of Philadelphia (the “Reserve Bank”) identified deficiencies in FFC’s firmwide compliance program with respect to compliance with the BSA/AML Requirements;
WHEREAS, the most recent examination of the Bank conducted by the Reserve Bank identified deficiencies in the Bank’s internal controls, customer due diligence procedures, and transaction monitoring processes with respect to compliance with the BSA/AML Requirements;
WHEREAS, FFC, the Bank, the Board of Governors, and the Reserve Bank have the common goals that the Bank operates in compliance with all applicable BSA/AML Requirements, that FFC, on a firmwide basis implements an effective compliance risk management program for BSA/AML compliance that is commensurate with the Subsidiary Banks’ compliance risk profiles, and that any services that FFC performs for the Subsidiary Banks regarding compliance with BSA/AML Requirements meet regulatory expectations;
WHEREAS, FFC, the Bank, and the Board of Governors have mutually agreed to enter into this consent Cease and Desist Order (the “Order”); and
WHEREAS, on July 15 and 16, 2014, the boards of directors of FFC and the Bank, respectively, adopted resolutions authorizing and directing E. Philip Wenger and Gerald A. Nau to enter into this Order on behalf of FFC and the Bank, respectively, and consenting to compliance with each and every applicable provision of this Order by FFC and the Bank, and
2
waiving any and all rights that FFC and the Bank may have pursuant to section 8 of the Federal Deposit Insurance Act, as amended (the “FDI Act”) (12 U.S.C. § 1818), including, but not limited to: (i) the issuance of a notice of charges on any and all matters set forth in this Order; (ii) a hearing for the purpose of taking evidence on any matters set forth in this Order; (iii) judicial review of this Order; and (iv) challenge or contest, in any manner, the basis, issuance, validity, terms, effectiveness or enforceability of this Order or any provision hereof.
NOW, THEREFORE, it is hereby ordered that, before the filing of any notices, or taking of any testimony or adjudication of or finding on any issues of fact or law herein, and solely for the purpose of settling this matter without a formal proceeding being filed and without the necessity for protracted or extended hearings or testimony, pursuant to sections 8(b)(1) and (3) of the FDI Act (12 U.S.C. §§ 1818(b)(1) and 1818(b)(3)), FFC, the Bank, and their institution-affiliated parties, as defined in sections 3(u) and 8(b)(4) of the FDI Act (12 U.S.C. §§ 1813(u) and 1818(b)(4)), shall cease and desist and take affirmative action as follows:
Source of Strength
1. The board of directors of FFC shall take appropriate steps to fully utilize FFC’s financial and managerial resources, pursuant to section 38A of the FDI Act (12 U.S.C. § 183lo-l) and section 225.4(a) of Regulation Y of the Board of Governors (12 C.F.R. § 225.4(a)), to serve as a source of strength to each of the Subsidiary Banks, including, but not limited to, taking steps to ensure that the Bank complies with this Order and any other supervisory action taken by the Bank’s federal or state regulators and that the Subsidiary Banks comply with any supervisory action taken by their respective federal or state regulators.
3
Board Oversight
2. Within 60 days of this Order, FFC’s board of directors shall submit to the Reserve Bank a written plan acceptable to the Reserve Bank to strengthen board oversight of FFC’s compliance risk management program with regard to services that FFC performs for the Subsidiary Banks regarding compliance with the BSA/AML Requirements. The plan shall describe the actions that the board of directors or an officially designated committee thereof will take to improve FFC’s compliance risk management with regard to the BSA/AML Requirements. The plan shall, at a minimum, address, consider, and include:
(a) funding for qualified and trained personnel, systems, and other resources needed to operate a compliance risk management program with regard to the BSA/AML Requirements that is commensurate with the compliance risk profile of the organization and that fully addresses the organization’s compliance risks on a timely and effective basis;
(b) measures to ensure adherence to approved compliance policies, procedures and standards; and
(c) steps to improve the information and reports that will be regularly reviewed by the board of directors and its committees in their oversight of the services that FFC performs for the Subsidiary Banks regarding compliance with the BSA/AML Requirements, including risk assessments, and the status and results of measures taken, or to be taken, by senior officers to remediate outstanding compliance issues.
BSA/AML Compliance Program Review
3. Within 30 days of this Order, FFC shall retain an independent third party acceptable to the Reserve Bank to : (i) conduct a comprehensive review of the effectiveness of the BSA/AML compliance program adopted by FFC under which FFC performs services for the
4
Subsidiary Banks regarding compliance with the BSA/AML Requirements (the “BSA/AML Review”) and (ii) prepare a written report of findings, conclusions, and recommendations (the ‘‘BSA/AML Report”).
4. Within 10 days of the engagement of the independent third party, but prior to the BSA/AML Review, FFC shall submit to the Reserve Bank for approval an engagement letter that provides, at a minimum, for the independent third party to:
(a) conduct a comprehensive assessment of FFC’s BSA/AML compliance program, policies, and procedures;
(b) complete the BSA/AML Review within 60 days of the Reserve Bank’s approval of the engagement letter;
(c) provide to the Reserve Bank a copy of the BSA/AML Report at the same time that the report is provided to FFC; and
(d) commit that any and all interim reports, drafts, workpapers, or other supporting materials associated with the BSA/AML Review will be made available to the Reserve Bank upon request.
Firmwide BSA/AML Compliance Program
5. Within 60 days of completion of the BSA/AML Review described in paragraph 4 hereof, FFC shall submit to the Reserve Bank a revised written firmwide BSA/AML compliance program acceptable to the Reserve Bank that describes the specific actions that will be taken, including timelines for completion, to ensure that the services that FFC performs for the Subsidiary Banks regarding compliance with applicable BSA/AML Requirements meets regulatory expectations. The revised program shall, at a minimum, include:
5
(a) management of the program by a qualified compliance officer, who is supported by adequate numbers of qualified and trained personnel and adequate resources, and is responsible for implementing and maintaining a program that is commensurate with the organization’s size and risk profile, and periodic re-evaluation of resources and staffing needs;
(b) internal controls designed to ensure compliance by the Subsidiary Banks with the BSA/AML Requirements, including, but not limited to, currency transaction reporting (including ATM deposits) and currency transaction reporting exemption procedures consistent with sections 1010.311 and 1020.311 of Chapter X of the U.S. Department of the Treasury’s regulations (31 C.F.R. §§ 1010.311 and 1020.311);
(c) written policies, procedures, and compliance risk management standards;
(d) a comprehensive BSA/AML risk assessment process;
(e) enhanced training for all appropriate affiliate personnel that perform BSA/AML compliance-related services for the Subsidiary Banks that is effective in all aspects of the BSA/AML Requirements, and internal policies and procedures; and
(f) independent testing for compliance with the BSA/AML Requirements services that FFC performs for the Subsidiary Banks;
Bank BSA/AML Compliance Program
6. Within 90 days of this Order, the Bank shall submit to the Reserve Bank a written revised program acceptable to the Reserve Bank for compliance with the BSA/AML Requirements. The program shall include provisions for updates on an ongoing basis, as necessary, to incorporate amendments to the BSA and the rules and regulations issued thereunder. At a minimum, the revised program shall include:
6
(a) management of the program by a qualified compliance officer, who is supported by adequate numbers of qualified and trained personnel and adequate resources, and is responsible for implementing and maintaining a program that is commensurate with the organization’s size and risk profile, and periodic re-evaluation of resources and staffing needs;
(b) a system of internal controls designed to ensure compliance by the Bank with applicable BSA/AML Requirements, including, but not limited to, currency transaction reporting and currency transaction reporting exemption procedures consistent with sections 1010.311 and 1020.311 of Chapter X of the U.S. Department of the Treasury’s regulations (31 C.F.R. §§ 1010.311 and 1020.311);
(c) written policies, procedures, and compliance risk management standards;
(d) a comprehensive BSA/AML risk assessment process;
(e) enhanced training for Bank personnel that is effective in all aspects of the BSA/AML Requirements, and internal policies and procedures;
(f) independent testing for compliance with the BSA/AML Requirements; and
(g) measures to ensure that BSA/AML compliance services outsourced by the Bank to third-parties, including affiliates, are performed to meet regulatory requirements;
Customer Due Diligence
7. Within 90 days of this Order, the Bank shall submit to the Reserve Bank a written revised program acceptable to the Reserve Bank for conducting appropriate levels of customer due diligence by the Bank. At a minimum, the program shall include:
7
(a) policies, procedures, and controls to ensure that the Bank collects, analyzes, and retains complete and accurate customer information for all account holders on a timely basis;
(b) a plan, with timelines, to remediate deficient due diligence for existing customer accounts;
(c) a methodology for assigning timely risk ratings to account holders that considers factors such as type of customer, type of product services, and geographic location;
(d) a risk-focused assessment of the Bank’s customer base to:
(i) identify the categories of customers whose transactions and banking activities are routine and usual; and
(ii) determine the appropriate level of enhanced due diligence necessary for those categories of customers that pose a heightened risk of conducting potentially illicit activities at or through the Bank;
(e) for each customer whose transactions require enhanced due diligence, procedures to:
(i) determine the appropriate documentation necessary to verify the identity and business activities of the customer; and
(ii) understand the normal and expected transactions of the customer;
(f) procedures to ensure periodic reviews and evaluations are conducted and documented for all account holders; and
(g) measures to ensure that customer due diligence services that are outsourced to third-parties, including affiliates, are performed to meet regulatory expectations.
8
Suspicious Activity Monitoring and Reporting
8. Within 90 days of this Order, FFC shall submit, for the monitoring and reporting services it performs for the Subsidiary Banks, to the Reserve Bank a written program acceptable to the Reserve Bank to reasonably ensure the identification and timely, accurate, and complete reporting of all known or suspected violations of law or suspicious transactions to law enforcement and supervisory authorities, as required by applicable suspicious activity reporting laws and regulations. At a minimum, the program shall include:
(a) the scope and frequency of transaction monitoring;
(b) policies regarding the level and type of due diligence required when reviewing suspicious account activity; and
(c) maintenance of sufficient documentation with respect to the review and analysis of suspicious activity, including the resolution and escalation of concerns.
9. Within 90 days of this Order, the Bank shall separately submit to the Reserve Bank a written program acceptable to the Reserve Bank to reasonably ensure the identification and timely, accurate, and complete reporting of all known or suspected violations of law or suspicious transactions to law enforcement and supervisory authorities, as required by applicable suspicious activity reporting laws and regulations. At a minimum, the program shall include:
(a) the elements set forth in paragraphs 8(a) through (c) of this Order; and
(b) measures to ensure that transaction monitoring and suspicious activity reporting functions that are outsourced to third-parties, including affiliates, are performed to meet regulatory requirements.
9
Transaction Review
10. (a) Within 30 days of this Order, the Bank shall engage an independent third party, acceptable to the Reserve Bank, to conduct a review of account and transaction activity associated with any high risk customer accounts conducted at, by, or through the Bank from January 1, 2014 to June 30, 2014 to determine whether suspicious activity involving high risk customer accounts or transactions at, by, or through the Bank was properly identified and reported in accordance with applicable suspicious activity reporting regulations (the “Transaction Review”) and to prepare a written report detailing the independent third party’s findings (the “Transaction Review Report”). For each covered customer, the Transaction Review may commence as soon as the Bank has completed the remediation of the covered customer’s account in accordance with the revised remediation program required by paragraph 7 of this Order.
(b) Based on the Reserve Bank’s evaluation of the results of the Transaction Review, the Reserve Bank may direct the Bank to engage the independent third party to conduct a review of the types of transactions described in paragraph 10(a) for additional time periods.
11. Within 10 days of the engagement of the independent third party, but prior to the commencement of the Transaction Review, the Bank shall submit to the Reserve Bank for approval an engagement letter that sets forth:
(a) the scope of the Transaction Review;
(b) the methodology for conducting the Transaction Review;
(c) the expertise and resources to be dedicated to the Transaction Review;
(d) the anticipated date of completion of the Transaction Review and the Transaction Review Report; and
10
(e) a commitment that supporting material associated with the Transaction Review will be made available to the Reserve Bank upon request.
12. The Bank shall provide to the Reserve Bank a copy of the Transaction Review Report at the same time that the report is provided to the Bank.
13. Throughout the Transaction Review, the Bank shall ensure that all matters or transactions required to be reported that have not previously been reported are reported in accordance with applicable rules and regulations.
Progress Reports
14. Within 30 days after the end of each calendar quarter following the date of this Order, the boards of directors of FFC and the Bank, or an authorized committee thereof, shall each submit to the Reserve Bank, written progress reports detailing the form and manner of all actions taken to secure compliance with this Order, a timetable and schedule to implement specific remedial actions to be taken, and the results thereof.
Approval and Implementation of Plan and Programs
15. (a) FFC and the Bank, as applicable, shall submit the written plan and programs that are acceptable to the Reserve Bank within the applicable time periods set forth in paragraphs 2, 5, 6, 7, 8, and 9 of this Order. Independent third parties acceptable to the Reserve Bank shall be retained by FFC and the Bank, as applicable, within the time periods set forth in paragraphs 3 and 10(a) of this Order. Engagement letters acceptable to the Reserve Bank shall be submitted within the time periods set forth in paragraphs 4 and 11 of this Order.
(b) Within 10 days of approval by the Reserve Bank, FFC and the Bank, as applicable, shall adopt the approved plan and programs. Upon adoption, FFC and the Bank, as
11
applicable, shall promptly implement the approved plan and programs, and thereafter fully comply with them.
(c) During the term of this Order, the approved plan, programs and engagement letters shall not be amended or rescinded without the prior written approval of the Reserve Bank.
Communications
16. All communications regarding this Order shall be sent to:
| | (a) | Mr. Christopher C. Henderson |
Assistant Vice President
Federal Reserve Bank of Philadelphia
Ten Independence Mall
Philadelphia, Pennsylvania 19106
Chairman, Chief Executive Officer
and President
Fulton Financial Corporation
One Penn Square
Lancaster, Pennsylvania 17604
Chairman and Chief Executive Officer
Lafayette Ambassador Bank
360 Northampton Street
Bethlehem, Pennsylvania 18402
Miscellaneous
17. Notwithstanding any provision of this Order to the contrary, the Reserve Bank may, in its sole discretion, grant written extensions of time to FFC and the Bank to comply with any provision of this Order.
18. The provisions of this Order shall be binding on FFC and the Bank, and each of their institution-affiliated parties, in their capacities as such, and their successors and assigns.
12
19. Each provision of this Order shall remain effective and enforceable until stayed, modified, terminated, or suspended in writing by the Reserve Bank.
20. The provisions of this Order shall not bar, estop, or otherwise prevent the Board of Governors, the Reserve Bank, or any other federal or state agency from taking any other action affecting FFC, the Bank, any of their subsidiaries, or any of their current or former institution-affiliated parties and their successors and assigns.
By order of the Board of Governors of the Federal Reserve System effective this 4th day of September, 2014.
| | | | | | | | |
| FULTON FINANCIAL CORPORATION | | | | BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM |
| | | | |
| By: | | /s/ E. Philip Wenger | | | | By: | | /s/ Robert deV. Frierson |
| | E. Philip Wenger | | | | | | Robert deV. Frierson |
| | Chairman, | | | | | | Secretary of the Board |
| | Chief Executive Officer, and President | | | | | |
| | |
| LAFAYETTE AMBASSADOR BANK |
| |
| By: | | /s/ Gerald A. Nau |
| | Gerald A. Nau |
| | Chairman and |
| | Chief Executive Officer |
13
