Exhibit 99.2
FEDERAL DEPOSIT INSURANCE CORPORATION
WASHINGTON, D.C.
HAWAII DIVISION OF FINANCIAL INSTITUTIONS
HONOLULU, HAWAII
| ) | |
| ) | |
In the Matter of | ) | |
| ) | ORDER TO |
CENTRAL PACIFIC BANK | ) | CEASE AND DESIST |
HONOLULU, HAWAII | ) | |
| ) | Docket No. FDIC-06-205b |
(INSURED STATE NONMEMBER BANK) | ) | |
| ) | |
| ) | |
Central Pacific Bank, Honolulu, Hawaii (“Bank”), having been advised of its right to a Notice of Charges and of Hearing detailing the unsafe or unsound banking practices and violations of law and/or regulations alleged to have been committed by the Bank and of its right to a hearing on the alleged charges under section 8(b)(1) of the Federal Deposit Insurance Act (“Act”), 12 U.S.C. § 1818(b)(1) and Hawaii Revised Statutes § 412:2-303, and having waived those rights, entered into a STIPULATION AND CONSENT TO THE ISSUANCE OF AN ORDER TO CEASE AND DESIST (“CONSENT AGREEMENT”) with counsel for the Federal Deposit Insurance Corporation (“FDIC”) and counsel for the State of Hawaii Division of Financial Institutions (“DFI”), dated November 29th, 2006, whereby solely for the purpose of this proceeding and without admitting or denying the alleged charges of unsafe or unsound banking practices and violations of law and/or regulations, the Bank consented to the issuance of an ORDER TO CEASE AND DESIST (“ORDER”) by the FDIC and the DFI.
The FDIC and the DFI considered the matter and determined that they had reason to believe that the Bank had engaged in unsafe or unsound banking practices and had committed violations of law and/or regulations. The FDIC and the DFI, therefore, accepted the CONSENT AGREEMENT and issued the following:
ORDER TO CEASE AND DESIST
IT IS HEREBY ORDERED, that the Bank, its institution-affiliated parties, as that term is defined in section 3(u) of the Act, 12 U.S.C. § 1813(u), and its successors and assigns cease and desist from the following unsafe and unsound banking practices and violations of law and/or regulation.
(a) operating in violation of section 326.8(b)(1), 326.8(c)(1), 326.8(c)(2), 326.8(c)(3), and 326.8(c)(4) of the FDIC Rules and Regulations, 12 C.F.R. § 326.8(b)(1), § 326.8(c)(1), § 326.8(c)(2), § 326.8(c)(3), and § 326.8(c)(4), as more fully described on page 11 in the Joint FDIC and DFI Report of Examination dated August 8, 2006; and
(b) operating in violation of section 353.3 of the FDIC Rules and Regulations, 12 C.F.R. § 353.3, as more fully described on pages 12 through 13 in the Joint FDIC and DFI Report of Examination dated August 8, 2006.
IT IS FURTHER ORDERED, that the Bank, its institution-affiliated parties, and its successors and assigns, take affirmative action as follows:
1. Within 90 days of the effective date of this ORDER, the Bank shall comply in all material respects with the Bank Secrecy Act (“BSA”) and its rules and regulations.
(a) Effective immediately, the Bank shall designate a competent BSA Officer with delegated authority and resources to implement and enforce BSA policies and procedures to
2
ensure compliance in all material respects with the Bank Secrecy Act and its rules and regulations. The Board shall approve a detailed job description for the BSA Officer, and submit a copy of said job description by December 31, 2006, to the Regional Director of the FDIC’s San Francisco Regional Office (“Regional Director”) and the Commissioner of Financial Institutions (“Commissioner”) of the Division of Financial Institutions for the State of Hawaii for comment.
(b) Within 15 days of the effective date of this ORDER, the Bank shall develop, adopt, and implement a written project plan and timetable designed to ensure compliance with all provisions of this ORDER. The plan shall be in a form and manner acceptable to the Regional Director and the Commissioner, as determined at subsequent examinations and/or visitations.
(c) Within 30 days, the Bank shall identify all members of the BSA compliance team and ensure that staffing and resources are sufficient based on a written assessment that considers, at a minimum, the institution’s size and growth plans, geographies served, products and services offered, and customers and entities served.
2 Within 90 days of the effective date of this ORDER, the Bank shall correct all violations of law cited on pages 11 through 13 and the BSA deficiencies cited on pages 15 through 19 in the Joint FDIC and DFI Report of Examination dated August 8, 2006. In addition, the Bank shall take all necessary steps to ensure future compliance with all applicable laws and regulations.
3. Within 90 days of the effective date of this ORDER, the Bank shall develop, adopt and implement a written compliance program, as required by the applicable provisions of section 326.8(b)(1) of the FDIC’s Rules and Regulations,
12 C.F.R. § 326.8(b)(1), designed to,
3
among other things, ensure and maintain compliance by the Bank with the BSA and the rules and regulations issued pursuant thereto. The program shall ensure that clear and comprehensive BSA compliance reports are provided to the Bank’s Board of Directors on a monthly basis. Such program and its implementation shall be in a manner acceptable to the Regional Director and the Commissioner as determined at subsequent examinations and/or visitations of the Bank. At a minimum, the program shall:
(a) Establish a system of internal controls to ensure compliance with the BSA and the rules and regulations issued pursuant thereto, including policies and procedures to detect and monitor all suspicious transactions to ensure that there is full compliance with all applicable laws and regulations.
(b) Provide for independent testing of compliance with the BSA, all applicable rules and regulations related to the BSA, and the reporting of suspicious transactions required to be reported pursuant to Part 353 of the FDIC’s Rules and Regulations, 12 C.F.R. Part 353. The independent testing shall be conducted on at lease an annual basis and in accordance with the procedures described in the Federal Financial Institutions Examination Council (“FFIEC”) Bank Secrecy Act/Anti-Money Laundering (“BSA/AML”) Examination Manual 2006. Written reports shall be prepared that document the testing results and provide recommendations for improvement. Such reports shall be presented to the Bank’s Board of Directors.
(c) Ensure that the Bank’s BSA compliance program is managed by a qualified officer who shall have adequate resources and responsibility to ensure compliance with the BSA and related matters.
4
(d) Provide and document training by competent staff and/or independent contractors of all board members and all appropriate personnel, including, without limitation, tellers, customer service representatives, lending officers, private and personal banking officers and all other customer contact personnel, in all aspects of regulatory and internal policies and procedures related to the BSA, with a specific concentration on accurate recordkeeping, form completion and the detection and reporting of known and/or suspected criminal activity. Training shall be updated on a regular basis to ensure that all personnel are provided with the most current and up to date information.
4. Within 30 days of the effective date of this ORDER, the Bank shall develop, adopt and implement an effective written customer due diligence (“CDD”) program. Such program and its implementation shall be in a manner acceptable to the Regional Director and the Commissioner as determined at subsequent examinations and/or visitations of the Bank. At a minimum, the CDD program shall provide for the following:
(a) A risk focused assessment of the customer base of the Bank to determine the appropriate level of enhanced due diligence necessary for those categories of customers that the Bank has reason to believe pose a heightened risk of illicit activities at or through the Bank.
(b) For those customers whose transactions require enhanced due diligence, procedures to:
(i) determine the appropriate documentation necessary to confirm the identity and business activities of the customer;
(ii) understand the normal and expected transactions of the customer; and
5
(iii) reasonably ensure the identification and timely, accurate and complete reporting of suspicious activity against or involving the Bank to law enforcement and supervisory authorities, as required by the suspicious activity reporting provisions of Part 353 of the FDIC’s Rules and Regulations, 12 C.F.R. Part 353.
(c) The bank shall review its CDD process and ensure that information gathered at account opening is sufficient for the proper operation of the automated Suspicious Activity Monitoring (“SAM”) system referenced in Provision 5 of this ORDER.
5. Within 180 days of the effective date of this ORDER, the Bank shall select a suspicious activity software vendor and application, test the software, and implement a fully functioning, automated SAM system. The program shall, at a minimum, analyze cash transactions over an established threshold based on the Bank’s risk-assessment, wire transfers, foreign exchange services and the cash purchase of monetary instruments. The Bank shall also perform a comprehensive, written risk-based analysis to determine whether other banking products and services, such as loans, automated clearing house (“ACH”) payments, and electronic banking activity, should be incorporated in the SAM system.
6. Within 30 days of the ORDER, and until the automated software solutions required by Provision 5 is launched and fully tested, a robust manual SAM system shall be implemented.
(a) The manual system shall utilize any relevant available automated tools, such as spreadsheets, to facilitate the review of multiple transaction types and transactions over extended periods of time.
(b) The program shall consider large cash transactions, wire transfers, foreign exchange services, and the cash purchase of monetary instruments.
6
(c) The program shall include a centralized review function and not operate separate BSA functions as silos.
(d) The program shall be reasonably designed to detect:
(i) structured transactions, and
(ii) transactions that have no business or apparent lawful purpose, or are not customary for a particular customer, and for which the Bank is not aware of any reasonable explanation for the transaction after examining available facts, including background and possible purpose of the transaction.
7. Within 45 days of the effective date of the ORDER, the Bank shall develop an acceptable plan to use its robust manual SAM system established under Provision 6 to review all high-risk accounts and high-risk transactions (“Transaction Review”) for the six-month period immediately proceeding the effective date of this ORDER (“Transaction Review Period”). Such plan shall be submitted to the Regional Director and Commissioner for review and approval prior to implementation.
(a) The Bank shall prepare and file any additional Currency Transaction Reports (“CTRs”) and Suspicious Activity Reports (“SARs”) necessary based upon the Transaction Review.
(b) The Bank shall submit a detailed evaluation of the Transaction Review to the Regional Director and Commissioner. After reviewing the results, the Regional Director and the Commissioner may extend the Transaction Reivew Period if necessary.
8. Within 45 days of the effective date of this ORDER, the Bank shall establish and implement policies and procedures to advise the Bank’s of Directors of significant SARs.
7
At a minimum, the Board of Directors shall be advised in detail of all SARs involving institution-affiliated parties, potential terrorist activity, continuing suspicious activity, large structured transactions, and transactions without a known business purpose involving large dollar amounts. The policies and procedures shall also include guidelines to determine what SARs are considered significant.
9. Within 30 days of the effective date of this ORDER, the Bank shall modify existing systems or institute new systems to ensure that all cash transactions are considered in the CTR requirements or reporting system. The Bank shall further contact the Internal Revenue Service’s Detroit Computing Center for a backfilling determination of CTRs that were not filed due to inadequate systems.
10. By December 31, 2006, relevant BSA training shall be provided by competent staff to all appropriate personnel, including the Board of Directors.
11. On or before the 20th day of each month following the effective date of this ORDER, the Bank shall furnish written progress reports to the Regional Director and the Commissioner detailing the form and manner of any actions taken to secure compliance with this ORDER and the results thereof. Such reports may be discontinued when the corrections required by this ORDER have been accomplished and the Regional Director and the Commissioner have released the Bank in writing from making further reports.
12. Following the effective date of this ORDER, the Bank shall send to its parent holding company or otherwise furnish a description of this ORDER in conjunction with the Bank’s next communication with such parent holding company. The description shall fully describe the ORDER in all material respects.
8
This ORDER shall become effective upon the date of its issuance by the FDIC and the DFI. The provisions of this ORDER shall remain effective and enforceable except to the extent that, and until such time as, any provisions of this ORDER shall have been modified, terminated, suspended, or set aside by the FDIC and the DFI.
Dated at Honolulu, Hawaii, for the San Francisco Regional Office, this 29 day of November, 2006.
| | Federal Deposit Insurance Corporation |
| | Pursuant to delegated authority. |
| | |
| | |
| | /s/ John F. Carter | |
| By: | John F. Carter |
| | Regional Director |
| | Division of Supervision and Consumer Protection |
| | San Francisco Region |
| | Federal Deposit Insurance Corporation |
| | |
| | |
| | Division of Financial Institutions, State of Hawaii |
| | |
| | |
| | /s/ D.B.Griffin III | |
| By: | D.B.Griffin III |
| | Commissioner of Financial Institutions |
| | Division of Financial Institutions |
| | Department of Commerce and Consumer Affairs |
| | State of Hawaii |
9
