Exhibit 99.1
UNITED STATES OF AMERICA
DEPARTMENT OF THE TREASURY
COMPTROLLER OF THE CURRENCY
In the Matter of: | ) |
TCF National Bank | ) |
Sioux Falls, South Dakota | ) |
CONSENT ORDER
The Comptroller of the Currency of the United States of America (“Comptroller”), through his National Bank Examiner, has supervisory authority over TCF National Bank, Sioux Falls, South Dakota (“Bank”).
The Bank, by and through its duly elected and acting Board of Directors (“Board”), has executed a “Stipulation and Consent to the Issuance of a Consent Order,” dated July 20, 2010, that is accepted by the Comptroller. By this Stipulation and Consent, which is incorporated by reference, the Bank has consented to the issuance of this Consent Order by the Comptroller.
Pursuant to the authority vested in it by the Federal Deposit Insurance Act, as amended, 12 U.S.C. § 1818, the Bank hereby consents that:
ARTICLE I
COMPLIANCE COMMITTEE
(1) Within thirty (30) days of the date of this Consent Order, a Compliance Committee shall be appointed by the Bank’s holding company, TCF Financial Corporation. This Committee will include at least three (3) outside directors of the holding company. Upon appointment, the names of the members of the Compliance Committee and, in the event of a change of the membership, the name of any new member shall be submitted in writing to the Assistant Deputy Comptroller. The Compliance Committee shall be responsible for monitoring and coordinating the Bank’s adherence to the provisions of this Consent Order.
(2) The Board shall remain responsible for the Bank’s adherence to the provisions of this Consent Order. The appointment of a Compliance Committee by the Bank’s holding company shall not in any way affect or relieve the Board’s responsibility in that regard.
(3) The Compliance Committee shall meet at least monthly.
(4) Within sixty (60) days of the date of this Consent Order and quarterly thereafter, the Compliance Committee shall submit a written progress report to the Board setting forth in detail:
(a) a description of the actions taken and/or needed to comply with each Article of this Consent Order; and
(b) the results and status of those actions.
The Board shall forward a copy of the Compliance Committee’s report, including a written discussion of actions they have or will take in response to the report, to the Assistant Deputy Comptroller within ten (10) days of receiving such report. All submissions to the Assistant Deputy Comptroller required to be made pursuant to this Consent Order shall be addressed to:
Assistant Deputy Comptroller
Office of the Comptroller of the Currency
Midsize Bank Supervision
One Financial Place
440 South LaSalle Street, Suite 2700
Chicago, IL 60605
2
ARTICLE II
BANK SECRECY ACT (“BSA”) RISK ASSESSMENT
(1) Within thirty (30) days of the date of this Consent Order, the Bank shall review, update, and implement a written, institution-wide, ongoing BSA Risk Assessment that accurately identifies the BSA/AML risks posed to the Bank after consideration of all pertinent information. The Risk Assessment shall reflect a comprehensive analysis of the Bank’s vulnerabilities to money laundering and financial crimes activity and provide strategies to control risk and limit any identified vulnerabilities. The Risk Assessment methodology shall follow the risk assessment expectations and logic set forth in the 2010 FFIEC Bank Secrecy Act/Anti-Money Laundering Examination Manual and shall include:
(a) the identification of activities and other elements that pose BSA risk to the Bank, including the Bank’s: (i) products and services; (ii) customers and entities; (iii) transactions; (iv) countries or geographic locations; and (v) methods that the Bank uses to interact with its customers (collectively, the “specific risk categories”);
(b) a detailed analysis of all pertinent data obtained regarding the specific risk categories, including but not necessarily limited to: (i) volumes and types of transactions and services by country or geographic location, and (ii) numbers of customers that typically pose higher BSA/AML risk, both by type of risk and by geographic location), so as to permit the Bank to revise or develop, as necessary, and implement appropriate policies, processes, and procedures to monitor and mitigate the Bank’s BSA/AML risks within those risk categories. The analysis to be conducted shall include an
3
evaluation of all relevant information obtained through the Bank’s Customer Identification Program (CIP) and Customer Due Diligence Program (CDD);
(c) an assessment of BSA/AML risk both individually within the Bank’s business lines and on a consolidated basis across all Bank activities and legal entities, so as to permit the Bank to accurately identify BSA/AML risks and risk categories within and across specific lines of business and product categories;
(d) a provision requiring that the BSA/AML Risk Assessment be updated at least every twelve (12) months so as to identify and respond to changes in the Bank’s risk profile (such as when new products or services are introduced, existing products or services change, high-risk customers open or close accounts, or the Bank expands through mergers or acquisitions);
(e) a provision requiring maintenance of appropriate documentation, including customer due diligence information, so as to be able to support the BSA Risk Assessment’s conclusions;
(f) a provision requiring testing to confirm the reasonableness of the BSA/AML Risk Assessment which may be undertaken after the thirty (30) day period stated above. The written results of the testing shall be completed not more than one hundred fifty (150) days after the effective date of this Consent Order; and
(g) An assessment of the length of time that it takes to determine customer risk ratings at account opening or changes in customer risk ratings.
4
(2) The Board shall ensure that the Bank has processes, personnel, and control systems to implement and adhere to the program developed pursuant to this Article.
ARTICLE III
CUSTOMER DUE DILIGENCE
(1) Within one hundred eighty (180) days of the date of this Consent Order, the Board shall ensure that Bank management reviews and updates its risk-based processes to obtain and analyze appropriate customer due diligence information at the time of account opening, and effectively uses this information to monitor for, and investigate, suspicious or unusual activity, that includes:
(a) risk-based policy requirements regarding the identification of customers and the scope of due diligence information to be collected and documented;
(b) for high-risk accounts, Bank management shall conduct and document its analyses of enhanced due diligence gathered to facilitate ongoing monitoring efforts including expectations for customer activities that are supported and periodically reviewed for reasonableness and are used as part of the ongoing monitoring process;
(c) periodic evaluations of employee knowledge of, and adherence to, Bank policies and procedures for identifying customers and for gathering, analyzing, and documenting due diligence in order to determine whether additional or enhanced training should be conducted; and
5
(d) procedures to address cases where there is on-going suspicious activity to ensure appropriate management review and determination of whether the customer relationship should be continued.
(2) Once updated, the above due diligence processes shall be implemented and a copy of the description of the processes shall be promptly submitted to the Assistant Deputy Comptroller for a written determination of no supervisory objection.
ARTICLE IV
BANK SECRECY ACT INTERNAL CONTROLS
(1) Within one hundred eighty (180) days of the date of this Consent Order, in response to the risks assessed in Article II, the Board shall cause the Bank to revise and enhance, and thereafter ensure Bank adherence to a written program of policies and procedures to provide for compliance with the BSA, as amended (31 U.S.C. §§ 5311 et seq.), the regulations promulgated thereunder at 31 C.F.R. Part 103, as amended, 12 C.F.R. Part 21, Subparts B and C, and the rules and regulations of the Office of Foreign Assets Control (“OFAC”) (collectively referred to as the “Bank Secrecy Act” or “BSA”). This program shall include the following:
(a) enhanced policies and procedures for timely identification and monitoring of transactions that pose greater than normal risk for compliance with the Bank Secrecy Act.;
(b) enhanced policies and procedures for timely investigation and resolution of transactions that have been identified as posing greater than normal risk for compliance with the Bank Secrecy Act; and
6
(c) enhanced policies and procedures for recording, maintaining, and recalling information about transactions that pose greater than normal risk for compliance with the Bank Secrecy Act.
(2) The BSA program shall include policies and procedures for maintenance of accurate systems for all Bank areas to produce and aggregate periodic reports designed to identify unusual or suspicious activity, including patterns of activity, to monitor and evaluate unusual or suspicious activity on a consolidated basis, and to maintain accurate information needed to produce these reports, to include at a minimum:
(a) periodic reports covering one day, a number of days, and monthly reports that differentiate transactions that pose a greater than normal risk for compliance with the BSA;
(b) periodic reports of all high-risk accounts that are newly-established, renewed or modified; and
(c) other periodic reports deemed necessary or appropriate by the BSA Officer or the Bank.
(3) The BSA program shall include policies and procedures to provide for the application of appropriate thresholds for monitoring all types of transactions, accounts, customers, products, services, and geographic areas that pose greater than normal risk for compliance with the Bank Secrecy Act. At a minimum, this written program shall establish:
(a) meaningful thresholds for filtering accounts and customers for further monitoring, review, and analyses; and
(b) periodic testing and monitoring of thresholds for their appropriateness to the Bank’s customer base, products, services, and geographic area.
7
(4) The BSA program shall include expanded account-opening procedures for all accounts that pose greater than normal risk for compliance with the BSA by requiring:
(a) identification of all account owners and beneficial owners in compliance with applicable rules, regulations, and regulatory guidance;
(b) documentation for all deposit account customers that pose greater than normal risk for compliance with the BSA consistent with that required by the FFIEC BSA/AML Examination Manual (Rev. April 29, 2010) addressing enhanced due diligence for higher risk customers; and
(c) any other due diligence required by this Consent order, the BSA Officer, or the Bank.
(5) The Bank shall obtain the information required in the preceding paragraph (4) of this Article before renewing or modifying an existing customer’s account within the scope of the preceding paragraph (4).
(6) The Bank shall have a policy for not opening an account or allowing the use of an account while verifying a customer’s due diligence information and for closing an account and filing SARs if the Bank does not receive the information required by paragraphs (4) and (5) of this Article by the date the information is due or if the Bank is not able to form a reasonable belief that it knows the true identify of a customer.
(7) The Bank shall have a policy and an effective process in place to prevent the reopening of accounts for customers who had accounts closed previously for BSA/AML concerns.
8
(8) The Bank shall review staffing levels in the Bank’s BSA department and ensure that the Bank has processes, personnel, and control systems to implement and adhere to the program developed pursuant to this Article.
ARTICLE V
BANK SECRECY ACT INDEPENDENT TESTING
(1) The Board shall ensure appropriate oversight of the BSA independent testing function. This includes ensuring appropriate scope (whether independent testing is performed by the holding company audit staff or an independent third party), timing, reporting and the reliability of reports, and sufficiency of follow-up testing. Within sixty (60) days of the date of this Consent Order, the Board, or a designated committee of the Board, shall review and evaluate the level of service and ability of the independent testing function for BSA matters currently being provided by any independent testing staff, including:
(a) the Board’s expectations of how its independent testing staff can and must assist in ensuring the Bank’s compliance with OFAC and the Bank Secrecy Act;
(b) an assessment of prior reports and management’s response to those reports, and any recommended changes;
(c) an evaluation of the independent testing tools, including technology, available; and
(d) establishing an annual independent testing plan using a risk based approach sufficient to achieve these objectives.
9
(2) The Board, or a designated committee of the Board, shall ensure that immediate actions are undertaken to remedy deficiencies cited in reports, and that appropriate staff maintain a written record describing those actions.
(3) The Board, or a designated committee of the Board, shall evaluate the reports of any party providing independent testing services to the Bank, and shall assess the impact on the Bank of any deficiencies cited in such reports, and shall remedy any deficiencies identified.
(4) Within ninety (90) days of the date of this Consent Order, the Bank shall revise and implement its BSA independent testing program to ensure compliance with the Bank Secrecy Act in all areas of the Bank, including scope, testing, and documentation sufficient to:
(a) detect irregularities in the Bank’s operations;
(b) determine the Bank’s level of compliance with all applicable laws, rules and regulations;
(c) evaluate the Bank’s adherence to established policies and procedures;
(d) perform an appropriate level of testing to support the audit findings; and
(e) ensure adequate audit coverage in all areas;
(5) The Board, or a designated committee of the Board, shall ensure that the Bank has processes, personnel, and control systems to ensure implementation of, and adherence to, the program developed pursuant to this Article.
(6) Upon adoption, the program shall be implemented and a copy of the independent testing program shall be promptly submitted to the Assistant Deputy Comptroller for a written determination of no supervisory objection.
10
ARTICLE VI
SUSPICIOUS ACTIVITY REPORTS
(1) Within sixty (60) days, the Bank shall review and revise, where appropriate, the Bank’s written program establishing a system of internal controls and processes to ensure compliance with the requirements to file Suspicious Activity Reports (SARs) set forth in 12 C.F.R. § 21.11, as amended. At a minimum, this written program shall include:
(a) procedures for identifying and reporting known or suspected violations of Federal law, violations of the Bank Secrecy Act, or suspicious transactions related to money laundering activity, including suspicious activity relating to the opening of new accounts, the monitoring of current accounts, and the transfer of funds through the Bank; and
(b) procedures to ensure SARs are filed within the timeframes specified in the regulations and FinCEN’s published guidance, and procedures to ensure follow-up SARs are filed every ninety (90) days in cases where suspicious activity is on-going.
(2) Upon completion, a copy of this program shall be submitted to the Assistant Deputy Comptroller for review. In the event the Assistant Deputy Comptroller recommends changes to the program, the Bank shall immediately incorporate those changes into the program.
(3) The Board shall ensure that the Bank has processes, personnel (including adequate staffing for the Bank’s SAR investigations), and control systems to ensure implementation of and adherence to the program developed pursuant to this Article.
11
ARTICLE VII
ACCOUNT/TRANSACTION ACTIVITY REVIEW
(1) Within sixty (60) days, the Bank shall submit to the Assistant Deputy Comptroller for a written determination of no supervisory objection, a written plan to review account and transaction activity occurring at the Bank since November 3, 2008 to the date of this Consent Order to determine whether suspicious activity was timely identified by the Bank, and if appropriate to do so, was then reported by the Bank in accordance with 12 C.F.R. § 21.11, as amended. The plan shall be risk-based, including the risks identified in the Risk Assessment performed pursuant to Article II, and shall identify the sampling, software screening or analytical techniques the Bank will use to identify transactions that pose (or posed) greater than normal risk for compliance with the Bank Secrecy Act, including at a minimum, deposit accounts, loan transactions, wire transactions, Western Union fund transfers, monetary instrument transactions, and cash transactions (including structuring). In the event the Assistant Deputy Comptroller provides written comments, the Board shall immediately make the necessary revisions to the plan and resubmit the plan to the Assistant Deputy Comptroller. Should the initial look-back identify previously unidentified suspicious activity, the OCC, at its sole discretion, may expand the timeframes and require a longer look-back period.
(2) Within one hundred twenty days (120) days of receiving a written determination of no objection from the Assistant Deputy Comptroller, the Bank shall complete the account and transaction review in accordance with the plan submitted pursuant to paragraph (1) of this Article. Upon completion of this review, the written findings shall be reported to the Board, with a copy to the Assistant Deputy Comptroller. The Bank shall file SARs, in accordance
12
with 12 C.F.R. § 21.11, for any previously unreported suspicious activity identified during this review.
(3) If an additional account and transaction review is deemed necessary by the Assistant Deputy Comptroller, the Bank shall complete the additional review in accordance with Paragraphs (1) and (2) of this Article.
(4) The Board shall ensure that the Bank has processes, personnel, and control systems to ensure implementation of and adherence to the provisions of this Article.
ARTICLE VIII
CLOSING
(1) Although the Board is by this Consent Order required to submit certain proposed actions and programs for the review or prior written determination of no supervisory objection of the Assistant Deputy Comptroller, the Board has the ultimate responsibility for proper and sound management of the Bank.
(2) It is expressly and clearly understood that if, at any time, the Comptroller deems it appropriate in fulfilling the responsibilities placed upon it by the several laws of the United States of America to undertake any action affecting the Bank, nothing in this Consent Order shall in any way inhibit, estop, bar or otherwise prevent the Comptroller from so doing.
(3) Any time limitations imposed by this Consent Order shall begin to run from the effective date of this Consent Order. Such time limitations may be extended in writing by the Assistant Deputy Comptroller for good cause upon written application by the Bank.
(4) The provisions of this Consent Order are effective upon issuance of this Consent Order by the Comptroller, through his authorized representative whose hand appears
13
below, and shall remain effective and enforceable, except to the extent that, and until such time as, any provisions of this Consent Order shall have been amended, suspended, waived, or terminated in writing by the Comptroller.
(5) This Consent Order is intended to be, and shall be construed to be, a final order issued pursuant to 12 U.S.C. § 1818(b), and expressly does not form, and may not be construed to form, a contract binding on the Comptroller or the United States.
(6) References to the “Bank” in this Consent Order shall mean that the Board, acting on behalf of the Bank, has the ultimate responsibility to ensure that the actions required are taken.
The terms of this Consent Order, including this paragraph, are not subject to amendment or modification by any extraneous expression, prior agreements or prior arrangements between the parties, whether oral or written.
IT IS SO ORDERED, this 20th day of July, 2010.
/s/ William D. Haas | |
William D. Haas | |
Deputy Comptroller | |
Midsize Bank Supervision | |
14
