Attached files
| file | filename |
|---|---|
| 8-K - 8-K - MIDSOUTH BANCORP INC | midsouth-form8xkxconsentor.htm |
| EX-99.2 - EXHIBIT 99.2 - MIDSOUTH BANCORP INC | ex992stipulationandconsent.htm |
UNITED STATES OF AMERICA DEPARTMENT OF THE TREASURY COMPTROLLER OF THE CURRENCY
AA-SO-2018-62CONSENT ORDER
WHEREAS, the Comptroller of the Currency of the United States of America
("Comptroller"), through his national bank examiners and other staff of the Office of the Comptroller of the Currency ("OCC"), has supervisory authority over and has conducted an examination of MidSouth Bank, National Association, Lafayette, Louisiana ("Bank"). WHEREAS, the Bank, by and through its duly elected and acting Board of Directors ("Board"), has executed a Stipulation and Consent to the Issuance of a Consent Order, dated October 25, 201 8, that is accepted by the Comptroller ("Stipulation").
WHEREAS, by this Stipulation, which is incorporated herein by reference, the Bank has consented to the issuance of this Consent Cease and Desist Order ("Order") by the Comptroller.
NOW THEREFORE, pursuant to the authority vested in the OCC by Section 8(b) of the Federal Deposit Insurance Act, as amended, 12 U.S.C. 181 8(b), the Comptroller hereby orders
that:
ARTICLE I
COMPTROLLER'S FINDINGS
The Comptroller finds, and the Bank neither admits nor denies, the following:
(l) The OCC's examination findings from 2018 establish that the Bank has failed to adopt and implement a compliance program that adequately covered the required Bank Secrecy Act/
Anti-Money Laundering ("BSA/AML") program elements. These deficiencies have resulted in a BSA/AML compliance program violation under 12 U.S.C. 181 8(s) and its implementing regulation, 12 C.F.R. SS 21.21 (BSA/AML compliance program).
(2) Some of the critical deficiencies in the elements of the Bank's BSA/AML compliance program that resulted in a violation of 12 C.F.R. SS 21 .21 , included the following: (a) The Bank had an inadequate system of internal controls and a weak
BSA/staffing function;
(b) | The Bank had systemic deficiencies in their transaction monitoring system, which resulted in monitoring gaps. These systemic deficiencies resulted in alert and investigation backlogs; and |
(c) | The Bank had systemic deficiencies in their customer due diligence ("CDD"), enhanced due diligence ("EDD"), and customer risk rating processes. |
ARTICLE Il
COMPLIANCE COMMITTEE
(l ) Within thirty (30) days of the effective date of this Order, the Board shall appoint a Compliance Committee of at least three (3) directors, of which no more than one ( l ) shall be an employee of the Bank or any of its affiliates (as the term "affiliate" is defined in 12 U.S.C.
371 c(b)(l)), or a family member of any such person. Upon appointment, the names of the members of the Compliance Committee and, in the event of a change of the membership, the name of any new member shall be submitted in writing to the Assistant Deputy Comptroller.The Compliance Committee shall be responsible for monitoring and coordinating the Bank's adherence to the provision of this Order.
(2)The Compliance Committee shall meet at least monthly.
(3)Within sixty (60) days of this Order, and by the end of each calendar quarter thereafter, the Compliance Committee shall submit a written progress report to the Board setting forth in detail:
(a) | a description of the action needed to achieve full compliance with each |
2
Article of this Order;
(b) | actions taken to comply with each Article of this Order; and |
(c) | the results and status of those actions. |
(4)The Board shall forward a copy of the Compliance Committee's report, with any additional comments by the Board, to the Assistant Deputy Comptroller within ten (10) days of receiving such report.
(5)The Board shall ensure that the Bank has sufficient processes, personnel, resources, and control systems to effectively implement and adhere to all provisions of this Order, and that Bank personnel have sufficient training and authority to execute their duties and responsibilities under this Order.
ARTICLE Ill
BSA OFFICER AND PERSONNEL
(l) Within ninety (90) days of the effective date of this Order, the Board shall submit for review and supervisory non-objection by the Assistant Deputy Comptroller the name, resume, and such other information as the Assistant Deputy Comptroller may request, of a qualified individual or individuals to serve as full-time BSA Officer. The Assistant Deputy
3
Comptroller shall have the power to disapprove the appointment of the proposed new BSA Officer. The requirement to submit information and the prior disapproval provisions of this paragraph ( l ) are based on the authority of 12 U.S.C. SS 1 81 8(b)(6)(E) and do not require the Assistant Deputy Comptroller to complete his review and act on any such information within ninety (90) days. The lack of disapproval of such individual shall not constitute an approval or endorsement of the proposed BSA Officer.
(2)The Board shall ensure that the BSA Officer has sufficient executive authority, time, and resources to fulfill the duties and responsibilities of the position and ensure compliance with the requirements of the Bank Secrecy Act, as amended (31 U.S.C. 531 1 et seq.), the regulations promulgated thereunder at 31 C.F.R. Part 1020, as amended, 12 C.F.R. Part 21 , Subparts B and C,
the rules and regulations of the Office of Foreign Assets Control ("OFAC") (collectively referred to as the "Bank Secrecy Act" or "BSA").
(3)If the BSA Officer position is vacated, the Board shall identify and provide written notice to the Assistant Deputy Comptroller of a new BSA Officer within ninety (90) days of the date of such vacancy and follow the process for supervisory nonobjection in paragraph ( l ).
(4)Within ninety (90) days of this Order, the Board shall ensure that the Bank's BSA
Department maintains sufficient personnel with the requisite expertise, training, skills, and authority. The Board shall ensure that the Bank implements any changes that are needed regarding the Bank's BSA Officer and supporting staff, including the responsibilities, authority, structure, independence, competencies, or capabilities.
(5)The Board shall periodically (no less than annually) review the adequacy of the Bank's BSA Officer and supporting staff, and shall document its determination(s) in writing. The review shall evaluate and consider, as appropriate, the effectiveness of the Bank's BSA/AML
4
compliance program, as well as the leadership, knowledge, training, and skills of the BSA
Officer and staff.
ARTICLE IV
BANK SECRECY ACT INTERNAL CONTROLS
( l ) Within ninety (90) days of the effective date of this Order, the Board shall review, revise, and thereafter ensure the Bank's adherence to a written program of policies and procedures to provide for compliance with the Bank Secrecy Act and the appropriate identification and monitoring of transactions that pose greater than normal risk for compliance with the BSA. This program shall include the following:
(a) | updating the Bank's BSA/AML risk assessment to cover the risks associated with current, or subsequently proposed, Bank products, services, customers, entities, and geographies served, and including the dollar volume, number, and countries associated with the Bank products, services, customers and transactions; |
(b) | identification of current customers and accounts exhibiting high risk characteristics for money laundering, terrorist financing, or other illicit activity; |
(c) | an evaluation of existing internal controls to mitigate the identified risks, taking into account weaknesses noted in the Report of Examination ("ROE") dated March 5, 201 8, audit dated September 29, 2017, or any outstanding or subsequent audit findings or ROE; |
(d) | policies and procedures to provide for the noaintenance of integrated, accurate systems to monitor cash, monetary instruments, wire transfers, automated clearing house transactions, internal transfer transactions, etc., for all types of transactions, accounts, customers, products, services, and geographic areas; procedures to perform mapping of the BSA/AML m |
5
onitoring systems to ensure all accounts and transactions are captured for suspicious activity monitoring;
(0 procedures to ensure the usage of appropriate thresholds in the Bank's automated monitoring systems to filter accounts and customers for further monitoring, review, and analysis, including:
an analysis of the filtering thresholds established by the Bank;(ii) | periodic testing and monitoring of thresholds for their appropriateness to the Bank's customer base, products, services, and geographic areas; |
(iii) | a requirement that any changes to thresholds are approved at the senior management level and periodically reported to the Board; and |
(iv) | a requirement that documentation of any changes to the thresholds is maintained and available to auditors and examiners. |
a requirement for independent third party validation of the models used for the BSA/AML monitoring systems in order to ensure that all accounts and transactions are captured and that the systems are adequate to detect potentially suspicious activity;(h) well-defined policies and procedures for investigating and responding to transactions that have been identified as posing greater than normal risk for compliance with the Bank Secrecy Act, including timely, well documented disposition of alerts generated by automated monitoring systems; 
adequate controls and procedures to ensure the accurate and timely filing of currency transaction reports ("CTRs") and suspicious activity reports
adequate controls and procedures to ensure the accurate and timely filing of currency transaction reports ("CTRs") and suspicious activity reports("SARs"); 
an independent audit program designed to ensure compliance with the Bank Secrecy Act that covers all areas of the Bank and
an independent audit program designed to ensure compliance with the Bank Secrecy Act that covers all areas of the Bank and 6
includes an appropriate scope, risk-based testing, and retention of underlying documentation; and
(k) enhanced reporting to the Board on the Bank's BSA/AML compliance program, including but not limited to SAR activity, status reports on the
Bank's BSA/AML compliance program, activities by the Bank's BSA/AML compliance program, and actions taken to remediate any weaknesses identified by the OCC or the independent audit function.
ARTICLE V
CUSTOMER DUE DILIGENCE AND ENHANCED DUE DILIGENCE/SUSPICOUS
ACTIVITY MONITORING
(l ) Within ninety (90) days of the effective date of this Order, the Board shall develop, implement, and thereafter ensure the Bank's adherence to appropriate policies and procedures for collecting customer due diligence ("CDD") and enhanced due diligence ("EDD") information when opening new accounts, when renewing or modifying existing accounts for customers, and when the Bank obtains event-driven information indicating that it would be prudent to obtain updated information. Such policies shall be in accordance with applicable law and guidance and be commensurate with the risk assessment conducted pursuant to Article
IV(l)(a). At a minimum, these policies and procedures must be adequate to ensure that the Bank understands the nature and purpose of its customer relationships, and shall include:
(a) | an appropriate methodology for assigning accurate risk levels to the Bank's customer base that assesses relevant factors including products, services, customers, entities, transactions, and geographic locations; |
7
(b) | procedures that comply with 3 1 C.F.R. SS 1020.220 for the opening of new accounts and that ensure that the required customer identification information is recorded in the bank's management information system |
("MIS");
(c) | specification of the EDD information that bank personnel must obtain for higher-risk accounts, which among other information shall include: |
purpose of the account; 
source of funds and wealth;
source of funds and wealth;(ii) | individuals with ownership or control over the account, such as beneficial owners, signatories, or guarantors; |
(iii) | occupation or type of business (of customer or other individuals with ownership or control over the account); |
(iv) | circumstances or situations when financial statements should be obtained; |
(v) | domicile (where the business is organized); |
(vi) | proximity of the customer's residence, place of employment, or place of business to the bank; |
(vii) | description of the customer's primary trade area and whether international transactions are expected to be routine; |
(viii) | description of the business operations, the anticipated volume of currency and total sales, and a list of major customers and suppliers; and |
(ix) | explanations for changes in account activity. |
(d) policies and procedures to ensure CDD includes ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to Inaintain and update customer information as defined in 3 1 C.F.R. 1020.210(b)(5); (e) periodic risk-based review to reaffirm risk ratings, no less than annually, on all higher-risk customers that include:
8
the name of the customer;(ii) | identification of account owners and beneficial owners in compliance with applicable rules, regulations, and regulatory guidance; |
(iii) | any other accounts maintained by the customer and, as applicable, its officers, directors, major shareholders, or partners; (iv) any related accounts of the customer at the Bank; (v) any action the Bank has taken on the account; |
(vi)the purpose and balance of the account; and
(vii)any unusual activity for each account or any significant deviations between actual activity compared to expected activity as set forth in the Bank's CDD and EDD file.
(f) | periodic assessments by the BSA Officer or his/her designee of the effectiveness of the Bank's CDD, EDD, and monitoring activities, including timely corrective action to address weaknesses identified in the assessments, in the Bank's audit, or in a ROE; |
(g) | guidance and standards regarding when to: not open an account, permit the use of an account while verifying a customer's identity or other risks, close an account when the Bank is not able to form a reasonable belief that it knows the true identify of a customer or if the Bank does not receive requested due diligence information, and file SARs based on suspicious activity identified; and |
(h) | establish appropriate linkage between EDD information and suspicious activity monitoring functions to ensure BSA Department staff appropriately use EDD information in suspicious activity investigations. |
(2)The BSA Officer or his/her designee(s) shall monitor accounts for high-risk customers/transactions, and any related accounts, to determine whether activity is consistent with the customer's business and the stated purpose of the account. In the event that monitoring indicates account activity is not in accordance with existing account information, the Bank must update the customer information.
9
(3)The Board shall ensure that the Bank develops and maintains a MIS program that compiles CDD and EDD information. The program shall be commensurate with the Bank's
10
BSA/AML risk profile, and shall provide appropriate staff throughout the Bank with automated ready access to CDD and EDD information.
(4)The Board shall ensure that the Bank develops a risk-based plan to apply the requirements in its updated CDD and EDD policies and procedures to its existing customers in proportion to the risks posed by the customers.
ARTICLE VI
BANK SECRECY ACT TRAINING
(l ) Within ninety (90) days of this Order, the Board shall develop, implement, and thereafter ensure the Bank's adherence to a comprehensive training program for employees and directors to ensure their awareness of their responsibility for compliance with the requirements of the Bank Secrecy Act and OFAC; of the Bank's relevant policies, procedures, and processes; and of relevant examples of red flags for money laundering, terrorist financing, and suspicious activity. At a minimum, this comprehensive training program shall include:
(a) | appropriate strategies for mandatory attendance and accountability; |
(b) | the frequency of training; |
(c) | procedures and timing for updating training programs; |
(d) | the method of delivering training; and  documentation and retention of training materials. |
(2) The scope of the trainings shall align with the Bank's risk profile and the types of accounts in the Bank. Specific training requirements for each employee and director shall be tailored based on each individual's job responsibilities and role at the Bank, and the appropriate
Bank systems and tools.
I | l |
ARTICLE Vil
CLOSING
(l ) The Board has the ultimate responsibility for proper and sound management of the Bank as well as compliance with all provisions contained in this Order and with the requirements and timeframes for all plans and programs submitted pursuant to this Order even though the Bank, the Board, and or a Board committee is required to submit certain proposed actions, plans, reports or program for the OCC's review or prior written determination of no supervisory objection and even though Bank management and personnel are to be held accountable for executing their duties and responsibilities under or resulting from this Order.
(2)In each instance in which this Order imposes responsibilities upon the Board or a Board committee, it is intended that the Board or Board Committee shall:
(a) | Authorize, direct and adopt such actions on behalf of the Bank as may be necessary for the Bank to perform its obligations and undertakings under the terms of this Order; |
(b) | require appropriate, adequate, and timely reporting by Bank management of such actions directed by the Board to be taken under the terms of this |
Order;
(c) | follow-up on any noncompliance with such actions in a timely and appropriate manner; and |
(d) | require corrective action be taken in a timely manner of any noncompliance with such actions. |
(3)If, at any time, the Comptroller deems it appropriate in fulfilling the responsibilities placed upon him by the several laws of the United States of America to undertake any action affecting the Bank, nothing in this Order shall in any way inhibit, estop, bar, or otherwise prevent the Comptroller from so doing.
(4)Each citation, guidance, or issuance referenced in this Order includes any subsequent citations, guidance, or issuance that replaces, supersedes, amends, or revises the cited citation, regulation, or guidance.
12
(5)The provisions of this Order shall be effective upon issuance by the OCC, through the Comptroller's duly authorized representative, whose hand appears below, and shall remain effective and enforceable, except to the extent that, and until such time as, any provisions of this
Order are amended, suspended, waived, or terminated in writing by the OCC, through the
Comptroller's duly authorized representative.
(6)Except as otherwise expressly provided herein, any time limitations imposed by this Order shall begin to run from the effective date of this Order.
(7)If the Bank requires a suspension or waiver of any provision or an extension of any timeframe within this Order, the Board shall submit a written request to the Assistant Deputy Comptroller asking for relief. Any written requests submitted pursuant to this Article shall include a statement setting forth in detail, with relevant supporting documentation, the special facts and circumstances that support the Bank's request for a suspension or waiver of any provision or an extension of a timeframe within this Order. The OCC's decision concerning a request for suspension or waiver of any provision or an extension of any timeframe within this Order will be communicated to the Board in writing by the Assistant Deputy Comptroller and is final and not subject to further review.
(8)This Order is intended to be, and shall be construed to be, a final order issued pursuant to 12 U.S.C. 1 81 8(b), and expressly does not form, and may not be construed to form, a contract binding the Comptroller or the United States. Without limiting the foregoing, nothing in this Order shall affect any action against the Bank or its institution-affiliated parties (as defined by 12 U.S.C. 181 3(u)), by a bank regulatory agency, the United States Department of Justice, or any other law enforcement agency.
(9)It is expressly and clearly understood that if, at any time, the OCC, through the Comptroller's duly authorized representative, deems it appropriate to undertake any action affecting the Bank or its institution-affiliated parties, nothing in this Order shall in any way inhibit, estop, bar, or otherwise prevent the OCC from so doing.
(10)The terms of this Order, including this paragraph, are not subject to amendment or modification by any extraneous expression, prior agreements, or prior arrangements between the parties, whether oral or written.
( l l ) All reports or plans that the Bank or Board has agreed to submit to the Assistant
Deputy Comptroller pursuant to this Order shall be sent to:
Assistant Deputy Comptroller
Office of the Comptroller of the Currency
New Orleans Field Office
3838 N. Causeway Blvd., Suite 2890
Metairie, Louisiana 70002
13
14