Exhibit 99.2
UNITED STATES OF AMERICA
DEPARTMENT OF THE TREASURY
OFFICE OF THE COMPTROLLER OF THE CURRENCY
IN THE MATTER OF )
NARA BANK, N. A. )
LOS ANGELES, CALIFORNIA )
CONSENT ORDER
The Comptroller of the Currency of the United States of America
(Comptroller), through his National Bank Examiner, has examined Nara Bank, N.A.,
Los Angeles, California (Bank) and his findings are contained in the Report of
Examination, dated as of June 30, 2001 (ROE).
The Bank, by and through its duly elected and acting Board of Directors
(Board), has executed a "Stipulation and Consent to the Issuance of a Consent
Order," dated February 20, 2002, that is accepted by the Comptroller. By this
Stipulation and Consent, which is incorporated by reference the same as if fully
set forth, the Bank has consented to the issuance of this Consent Order (Order)
by the Comptroller.
Pursuant to the authority vested in him by the Federal Deposit
Insurance Act, as amended, 12 U.S.C. Section 1818, the Comptroller hereby orders
that:
ARTICLE I
COMPLIANCE COMMITTEE
(1) Within thirty (30) days, the Board shall appoint a Compliance
Committee of at least three (3) directors, of which no more than one (1) shall
be an employee of the Bank or any of its affiliates (as the term "affiliate" is
defined in 12 U.S.C. Section 371c(b)(1)), or a family member of any such person.
Upon appointment, the names of the members of the Compliance
Committee shall be submitted in writing to the Assistant Deputy Comptroller. The
Compliance Committee shall be responsible for monitoring and coordinating the
Bank's adherence to the provisions of this Order.
(2) The Compliance Committee shall meet at least monthly beginning
thirty (30) days after the effective date of this Order.
(3) Within thirty (30) days of the appointment of the Committee and
every calendar quarter thereafter, the Compliance Committee shall submit a
written progress report to the Board setting forth in detail:
(a) actions taken to comply with each Article of this Order; and
(b) the results of those actions.
(4) The Board shall forward a copy of the Compliance Committee's report,
with any additional comments by the Board, to the Assistant Deputy Comptroller.
ARTICLE II
INTERNAL CONTROLS
(1) Within sixty (60) days, the Board shall develop, implement, and
thereafter ensure Bank adherence to a written program of policies and procedures
to ensure compliance with the Bank Secrecy Act, as amended (31 U.S.C. Sections
5311 - 5330), the regulations promulgated thereunder at 31 C.F.R. Part 103 and
12 C.F.R. Part 21, Subparts B and C, as amended (hereinafter collectively
referred to as the "Bank Secrecy Act" or the "BSA"), and the rules and
regulations of the Office of Foreign Assets Control (OFAC). At a minimum, this
written program shall establish:
2
(a) a system of internal controls and independent testing and
auditing to ensure ongoing compliance with the Bank Secrecy Act;
(b) operating procedures for the opening of new accounts and
supervising of existing accounts, with particular emphasis on
identifying and monitoring high-risk accounts;
(c) controls and procedures to ensure that all suspicious and large
currency transactions are identified and reported; procedures
should be comprehensive as to all points of cash entry and exit;
(d) procedures to ensure that records are maintained on monetary
instrument transactions and funds transfers, as required by the
Bank Secrecy Act;
(e) comprehensive procedures and management information systems to
identify and report to appropriate management personnel:
(i) frequent or large volume cash deposits or wire transfers
or book entry transfers to or from offshore or domestic
entities or individuals;
(ii) wire transfers or book entry transfers that are
deposited into several accounts;
(iii) receipt and disbursement of wire transfers or book entry
transfers without an apparent business reason;
(iv) receipt and disbursement of wire transfers or book entry
transfers when they are inconsistent with the customer's
business;
(v) receipt and disbursement of currency and monetary
instruments when they are inconsistent with the
customer's business; and
3
(vi) bank accounts opened in the name of a casa de cambio
(money exchange house) or any "financial institution" as
defined in 31 C.F.R. Section 103.11(n) (bank,
broker/dealer, currency dealer or exchanger, issuer or
seller or redeemer of traveler's checks or money orders,
transmitter of funds, telegraph company, casino, etc.);
(f) comprehensive guidelines and procedures to identify and report
both the shipment and receipt of currency or monetary
instruments via common couriers, which guidelines should
specifically detail procedures that will cover and address
improperly labeled courier pouches containing monetary
instruments, as well as related procedures for reporting and
filing Suspicious Activity Reports for such pouches;
(g) comprehensive guidelines, procedures and systems for compliance
with the rules and regulations of the OFAC;
(h) policies and procedures to identify and address unique or
special risks posed by particular branches of the Bank due to
the type or volume of business activity conducted there; and
(i) a qualified BSA compliance officer who has day-to-day
responsibilities for managing all aspects of the BSA compliance
program and who will be responsible for filing Currency
Transaction Reports (CTRs), Reports of International
Transportation of Currency or Monetary Instruments (CMIRs), and
Reports of Foreign Bank and Financial Accounts (FBARs). The BSA
compliance officer shall report directly to the Board of
4
Directors. The Board of Directors and senior management shall
ensure that the BSA compliance officer has sufficient authority
and resources to effectively administer a comprehensive BSA
compliance program at each and every location at which the Bank
does business.
(2) Upon completion, a copy of this program shall be submitted to the
Assistant Deputy Comptroller for review. In the event the Assistant Deputy
Comptroller recommends changes to the program, the Board shall immediately
incorporate those changes.
(3) The Board shall ensure that the Bank has processes, personnel, and
control systems to ensure implementation of, and adherence to, the program
developed pursuant to this Article.
ARTICLE III
COMPLIANCE AND REPORTING
(1) Within forty-five (45) days, the Board shall ensure that the Bank
and BSA Officer:
(a) conduct reviews of the individuals, companies and
accounts listed in all subpoenas received at all
locations, including the New York branches, within the
past twelve (12) months, and establish a uniform process
for logging in subpoena requests, certifying that an
independent review of the bank records has been
conducted for persons and accounts named in the
subpoenas, and stating what additional action, if any,
the bank took;
(b) implement a process to promptly identify and report
transactions with persons named on the FBI's "Control
List;"
5
(c) review all cash transactions in excess of $4,999 for all
accounts starting from April 1, 2001, to ensure that
structuring is not occurring and going unreported;
(d) review future letters of credit associated with import
and export transactions and, if vessels are involved,
check vessel names against the OFAC list;
(e) review and revise the list of nonresident alien accounts
to ensure that it is accurate; and
(f) establish procedures whereby the BSA officer provides
the Board with a compliance report on at least a
quarterly basis that includes, at a minimum, new issues
identified, corrective action required, Suspicious
Activity Reports filed, training conducted, and changes
in the laws and regulations.
ARTICLE IV
AUDIT FUNCTION
(1) Within forty-five (45) days, the Board shall review and evaluate the
service and ability of the audit function currently being provided by its
internal and external auditors. Such an assessment should include the Board's
expectations of how the internal and external auditors can better assist in
ensuring the Bank's compliance with the Bank Secrecy Act, Suspicious Activity
Report procedures, and the rules and regulations of the OFAC.
(2) Within thirty (30) days after the Board has completed its review in
paragraph (1) of this Article, the Board shall expand the Bank's existing audit
function to include:
6
(a) development of a program to test the adequacy of
internal controls designed to ensure compliance with the
provisions of the Bank Secrecy Act;
(b) prompt management response and follow-up to all audit
exceptions or other recommendations of the Bank's
internal and external auditors; and
(c) a risk-based approach to Bank Secrecy Act compliance
that includes transactional testing and verification of
data for higher risk accounts or geographic areas of
specific concern.
(3) Within thirty (30) days, the Board shall retain the services of a
qualified independent consultant to develop findings, observations and
recommendations on the Bank's internal controls, including the audit function,
addressing compliance with the Bank Secrecy Act and the rules and regulations of
the OFAC, including related regulatory reporting on those subjects.
ARTICLE V
TRAINING
(1) Within thirty (30) days, the Board shall develop, implement, and
thereafter ensure Bank adherence to a comprehensive training program for all
appropriate operational and supervisory personnel to ensure their awareness of,
and compliance with, the requirements of the Bank Secrecy Act and the OFAC,
including the currency reporting and monetary instrument and funds transfer
recordkeeping requirements, and the reporting requirements for Suspicious
Activity Reports.
7
(2) The Bank's training program shall identify unique or special risks
posed by particular branches due to the type or volume of business activity
conducted there and shall specifically address those risks when training
employees from those locations.
(3) The Bank's training program shall identify and address any need to
provide training to employees in languages other than English and shall ensure
that all appropriate operational and supervisory employees who do not speak
fluent English have a thorough understanding of the requirements of the Bank
Secrecy Act.
(4) The Board shall ensure that the Bank has the resources and personnel
to ensure implementation of, and adherence to, the comprehensive training
program developed pursuant to this Article.
ARTICLE VI
SUSPICIOUS ACTIVITY REPORTS
(1) The Board shall file Suspicious Activity Reports on all suspicious
transactions and, within thirty (30) days, develop, implement, and thereafter
ensure Bank adherence to a written program to establish a system of internal
controls and processes to ensure compliance with the requirements to file
Suspicious Activity Reports set forth in 12 C.F.R. Section 21.11, as amended. At
a minimum, this written program shall establish procedures for identifying,
monitoring and reporting suspicious activity, known or suspected violations of
Federal law, violations of the Bank Secrecy Act, or suspicious transactions,
including suspicious activity relating to the opening of new accounts, the
monitoring of current accounts, and the transfer of funds through the Bank.
8
(2) Upon completion, a copy of this program shall be submitted to the
Assistant Deputy Comptroller for review. In the event the Assistant Deputy
Comptroller recommends changes to the program, the Board shall immediately
incorporate those changes into the program.
(3) The Board shall ensure that the Bank has processes, personnel, and
control systems to ensure implementation of, and adherence to, the program
developed pursuant to this Article.
ARTICLE VII
VIOLATIONS OF LAW
(1) The Board shall immediately take all necessary steps to ensure that
Bank management corrects each violation of law, rule or regulation cited in the
ROE and in any subsequent Report of Examination. The quarterly progress reports
required by Article VIII of this Order shall include the date and manner in
which each correction has been effected during that reporting period.
(2) Within sixty (60) days, the Board shall adopt, implement, and
thereafter ensure Bank adherence to specific procedures to prevent future
violations as cited in the ROE and shall adopt, implement, and ensure Bank
adherence to general procedures addressing compliance management which
incorporate internal control systems and education of employees regarding laws,
rules and regulations applicable to their areas of responsibility.
(3) Within thirty (30) days of receipt of any subsequent Report of
Examination that cites violations of law, rule, or regulation, the Board shall
adopt, implement, and thereafter ensure Bank adherence to specific procedures to
prevent future violations as cited in the ROE and shall adopt, implement, and
ensure Bank adherence to general procedures addressing
9
compliance management that incorporate internal control systems and education of
employees regarding laws, rules and regulations applicable to their areas of
responsibility.
(4) Within thirty (30) days, the Board shall adopt, implement, and
thereafter ensure Bank adherence to specific procedures for incorporating the
requirements of all new legislation concerning the Bank Secrecy Act and OFAC
into the Bank's internal controls, including the audit function, and training
programs.
(5) Upon adoption, a copy of these procedures shall be promptly
forwarded to the Assistant Deputy Comptroller.
(6) The Board shall ensure that the Bank has policies, processes,
personnel, and control systems to ensure implementation of and adherence to the
procedures developed pursuant to this Article.
ARTICLE VIII
PROGRESS REPORTING - QUARTERLY
(1) The Board shall submit quarterly progress reports to the Assistant
Deputy Comptroller. These reports shall set forth in detail:
(a) actions taken since the prior progress report to comply
with each Article of the Order;
(b) results of those actions; and
(c) a description of the actions needed to achieve full
compliance with each Article of this Order.
10
(2) The progress reports should also include any actions initiated by
the Board and the Bank pursuant to the criticisms and comments in the ROE or in
any future Report of Examination.
(3) The first progress report shall be submitted for the period ending
March 31, 2002, and will be due within fifteen (15) days of that date.
Thereafter, progress reports will be due within fifteen (15) days after the end
of the next calendar quarter.
(4) The progress reports, as well as any other reports required by the
Order, shall be submitted to the:
Assistant Deputy Comptroller
Southern California - North Field Office
550 North Brand Boulevard, Suite 500
Glendale, California 91203-1900
ARTICLE IX
CLOSING
(1) Although the Board is by this Order required to submit certain
proposed actions and programs for the review and approval of the Assistant
Deputy Comptroller, the Board has the ultimate responsibility for proper and
sound management of the Bank.
(2) It is expressly and clearly understood that if, at any time, the
Comptroller deems it appropriate in fulfilling the responsibilities placed upon
him by the several laws of the United States of America to undertake any action
affecting the Bank, nothing in this Order shall in any way inhibit, estop, bar,
or otherwise prevent the Comptroller from so doing.
(3) Any time limitations imposed by this Order shall begin to run from
the effective date of this Order. Such time limitations may be extended in
writing by the Assistant Deputy Comptroller for good cause upon written
application by the Board.
11
(4) The provisions of this Order are effective upon issuance of this
Order by the Comptroller, through his authorized representative whose hand
appears below, and shall remain effective and enforceable, except to the extent
that, and until such time as, any provisions of this Order shall have been
amended, suspended, waived, or terminated in writing by the Comptroller.
(5) This Order is intended, and shall be construed to be an "order to
cease and desist" as contemplated by 12 U.S.C. Section 1818(b), and expressly
does not form and may not be construed to form a contract binding on the OCC or
the United States. Notwithstanding the absence of mutuality of obligation, or of
consideration, or of a contract, the OCC may enforce the terms of the Order
under its supervisory powers, including 12 U.S.C. Section 1818(b) and (i), and
not as a matter of contract law. The Bank expressly acknowledges that no OCC
officer or employee has statutory or other authority to bind the United States,
the U.S. Treasury Department, the OCC, or any other Federal bank regulatory
agency or entity, or any officer or employee of any of those entities to a
contract affecting the OCC's exercise of its supervisory responsibilities. The
terms of this Order, including this paragraph, are not subject to amendment or
modification by any extraneous expression, prior agreements or arrangements, or
negotiations between the parties, whether oral or written.
IT IS SO ORDERED, this 20th day of February, 2002.
/s/
- ------------------------------------------ ------------------------
P. L. Shriner Date
Assistant Deputy Comptroller
Southern California - North Field Office
12