AGREEMENT BY AND BETWEEN Sterling Bank and Trust, FSB Southfield, Michigan and The Office of the Comptroller of the Currency
AGREEMENT BY AND BETWEEN
Sterling Bank and Trust, FSB
Southfield, Michigan
and
The Office of the Comptroller of the Currency
Sterling Bank and Trust, FSB, Southfield, Michigan (“Bank”) and the Office of the Comptroller of the Currency (“OCC”) wish to assure the safety and soundness of the Bank and its compliance with laws and regulations.
The Comptroller of the Currency (“Comptroller”) has found unsafe or unsound practices relating to the Bank’s credit administration and violations of law relating to certain aspects of the Bank’s Bank Secrecy Act/Anti-Money Laundering (“BSA/AML”) compliance program.
Therefore, the OCC, through the duly authorized representative of the Comptroller, and the Bank, through its duly elected and acting Board of Directors (“Board”), hereby agree that the Bank shall operate at all times in compliance with the following:
ARTICLE I
JURISDICTION
(1) The Bank is an “insured depository institution” as that term is defined in 12 U.S.C. § 1813(c)(2).
(2) The Bank is a Federal savings association within the meaning of 12 U.S.C. § 1813(q)(1)(C), and is chartered and examined by the OCC. See 12 U.S.C. §§ 1461 et seq., 5412(b)(2)(B).
(3) The OCC is the “appropriate Federal banking agency” as that term is defined in 12 U.S.C. § 1813(q).
ARTICLE II
COMPLIANCE COMMITTEE
(1) Within sixty (60) days of the date of this Agreement, the Board shall appoint a Compliance Committee of at least three (3) members of which a majority shall be directors who are not employees or officers of the Bank or any of its subsidiaries or affiliates. The Board shall submit in writing to the Assistant Deputy Comptroller the names of the members of the Compliance Committee within ten (10) days of their appointment. In the event of a change of the membership, the Board shall submit in writing to the Assistant Deputy Comptroller within ten (10) days the name of any new or resigning committee member. The Compliance Committee shall monitor and oversee the Bank’s compliance with the provisions of this Agreement. The Compliance Committee shall meet at least quarterly and maintain minutes of its meetings.
(2) By September 30, 2019, and thereafter within thirty (30) days after the end of each quarter, the Compliance Committee shall submit to the Board a written progress report setting forth in detail:
(a) a description of the corrective actions needed to achieve compliance with each Article of this Agreement;
(b) the specific corrective actions undertaken to comply with each Article of this Agreement;
(c) the results and status of the corrective actions; and
(d) how each violation of law identified in the Report of Examination dated as of March 31, 2018 or subsequently discovered is being or has been corrected during the reporting period.
(3) Upon receiving each written progress report, the Board shall forward a copy of the report, with any additional comments by the Board, to the Assistant Deputy Comptroller within ten (10) days of the first Board meeting following the Board’s receipt of such report, unless additional time is granted in writing by the Assistant Deputy Comptroller.
ARTICLE III
CUSTOMER DUE DILIGENCE AND ENHANCED DUE DILIGENCE
(1) Within one hundred and eighty (180) days of the date of this Agreement, the Board shall submit to the Assistant Deputy Comptroller, for a prior written determination of no supervisory objection, a revised customer due diligence and enhanced due diligence program to ensure appropriate collection and analysis of customer information when opening new accounts, when renewing or modifying existing accounts for customers, and when the Bank obtains event-driven information indicating that it would be prudent to obtain updated information. The program must be adequate to ensure that the Bank understands the nature of its customer relationships and develops an accurate customer risk profile, and shall ensure the Bank operates in accordance with applicable law. At a minimum, the revisions must include:
(a) policies and procedures to ensure the Bank conducts sufficient due diligence on related account parties;
(b) policies and procedures to ensure customer due diligence questionnaires are completed for required account types and appropriately imported and maintained in the Bank’s suspicious activity monitoring system;
(c) policies and procedures to outline which account types are exempt from the requirement to complete a customer due diligence questionnaire, with a documented rationale for the exemption;
(d) a revised customer risk rating methodology to ensure weighting criteria is effective in identifying high-risk customers and correlates to customer risk ratings in the Bank’s suspicious activity monitoring system;
(e) revised policies and procedures with respect to account closures that:
(i) outline reasons for account closure that would result in a customer not being able to re-establish a relationship with the Bank;
(ii) establish effective procedures for closing a customer relationship for BSA reasons;
(iii) implement appropriate and effective controls to require that a customer whose relationship was closed cannot be re-established without appropriate elevated levels of approval; and
(iv) require that the elevated risk associated with reopening of any account closed for BSA reasons is documented and reflected in the customer’s risk rating;
(f) policies and procedures to require that enhanced due diligence searches are conducted consistently according to the Bank’s processes and are appropriately documented, with any known or potential negative news fully investigated and rationale for false positives appropriately documented;
(g) ongoing due diligence reviews for moderate- and high-risk customers; and
(h) a secondary quality assurance review process conducted by the BSA Officer or his/her designee that includes, but is not limited to the following:
(i) enhanced due diligence reviews, conducted periodically for all high-risk customers and their related accounts, to determine whether account activity is consistent with the customer’s expected activity and the stated purpose of the account, and, as appropriate, documentation provided is validated;
(ii) periodic reviews of a sample of lending questionnaires for customers rated low- and moderate-risk to ensure lending staff are completing the questionnaire appropriately; and
(iii) customer risk ratings in the Bank’s suspicious activity monitoring system.
(2) No later than the next Board meeting following the receipt of the Assistant Deputy Comptroller’s written determination of no supervisory objection, the Board shall adopt, and management shall immediately implement and thereafter ensure adherence to the revised program.
ARTICLE IV
SUSPICIOUS ACTIVITY MONITORING
(1) Within ninety (90) days of the date of this Agreement, the Board shall submit to the Assistant Deputy Comptroller, for a prior written determination of no supervisory objection, a revised suspicious activity monitoring program to ensure, pursuant to 12 C.F.R. § 163.180, the timely and appropriate identification and review of suspicious transaction activity, disposition of
suspicious activity alerts, and filing of Suspicious Activity Reports (“SARs”). This program shall ensure the Bank operates in accordance with applicable law, including 12 C.F.R. § 163.180. At a minimum, the revisions must include:
(a) effective processes and staff to ensure identification, investigation, monitoring, and reporting of suspicious activity, which shall include implementing and adhering to a process to improve monitoring for the lending activities as specified in the Report of Examination dated as of March 31, 2018;
(b) an enhanced written BSA/AML risk assessment that timely and accurately identifies the BSA/AML risks posed to the Bank, and that includes:
(i) detailed analysis of BSA/AML risks in all products and services, and assignment of an inherent and residual risk to each;
(ii) detailed analysis of the effectiveness of the Bank’s risk management processes, including its system of internal controls, and identification of any gaps or weaknesses when determining residual risk; and
(iii) revised scoring for low-, moderate-, and high-risk to ensure risk ratings are appropriately stratified;
(c) revised policies and procedures to require business line referrals of suspicious activity to the BSA department and ensure that internal referral processes are consistently followed. The policies and procedures shall include requirements for:
(i) consistent documentation and tracking of business line referrals, with a case created for each referral in the Bank’s suspicious activity monitoring system; and
(ii) training for all employees, including quality control personnel and fraud investigators, regarding the internal process for referring suspicious activity; and
(d) a sufficient secondary quality assurance review process to ensure that disposition of suspicious activity alerts and SAR decision-making and filing are working effectively.
(2) No later than the next Board meeting following the receipt of the Assistant Deputy Comptroller’s written determination of no supervisory objection, the Board shall adopt, and management shall immediately implement and thereafter ensure adherence to the revised program.
ARTICLE V
LOOKBACK
(1) Within ninety (90) days of the date of this Agreement, the Board shall submit to the Assistant Deputy Comptroller, for a prior written determination of no supervisory objection, the name, qualifications, and terms of engagement of a proposed independent, third-party consultant to review and provide a written report on the Bank’s suspicious activity monitoring (“Lookback”). Refer to OCC Bulletin 2013-33, “Use and Review of Independent Consultants in Enforcement Actions: Guidance for Bankers” for guidance. The specific requirements of the Lookback have been communicated separately to the Bank in a Supervisory Letter dated June 14, 2019.
(2) Upon completion of the Lookback, the written findings (“Lookback Report”) shall be reported to the Board, and the independent consultant shall provide a copy of the written findings, supporting materials, and work papers directly to the Assistant Deputy Comptroller. The Lookback Report shall contain a list of customers recommended to the Bank for further review, any SARs that the Bank should file or existing SARs that the Bank should modify to comply with the requirements of 12 C.F.R. § 163.180, a list of customers and customer relationships that represent excessive risk for BSA/AML compliance, and a conclusion about the effectiveness of the Bank’s suspicious activity monitoring. The Lookback Report shall also, among other things, describe:
(a) the methodologies and tools used in conducting the review;
(b) the process followed for investigating customers and customer activities;
(c) a summary of the number and types of customers and customer relationships reviewed;
(d) the number of customers and customer relationships requiring additional investigation; and
(e) the number of customers the independent consultant recommended to the Bank for further review, SAR filings, or modifications to existing SAR filings, including the number of customers where the Bank determined not to file a SAR.
(3) The Bank shall determine whether to file SARs, in accordance with 12 C.F.R. § 163.180, for any previously unreported suspicious activity identified during the Lookback. The Bank shall provide all of its supporting materials and work papers associated with the Lookback to the OCC.
(4) If the results of the Lookback reflect a systemic failure on behalf of the Bank to file SARs in accordance with 12 C.F.R. § 163.180, the OCC, at its sole discretion, may expand the Lookback. If an expanded Lookback is deemed appropriate by the OCC, the expanded Lookback shall be completed in accordance with the requirements of this Article.
ARTICLE VI
MODEL RISK MANAGEMENT
(1) Within one hundred and eighty (180) days of the date of this Agreement, the Board shall submit to the Assistant Deputy Comptroller, for a prior written determination of no supervisory objection, revised policies and procedures to ensure effective BSA/AML model risk management for its automated suspicious activity monitoring system. Refer to OCC Bulletin 2011-12, “Sound Practices for Model Risk Management” for guidance. The policies and procedures shall ensure the Bank’s BSA/AML model risk management and validation are consistent with safe and sound practices and ensure effective implementation of all corrective actions in the Report of Examination dated as of March 31, 2018. At a minimum, the revisions must ensure:
(a) periodic testing and tuning of existing parameters, with sufficient documentation supporting their appropriateness given the Bank’s products, services, and geographic markets, or supporting that the parameters need to be changed;
(b) dual controls over rule adjustments and behavioral reviews, to ensure that changes are appropriate and that all changes are documented, including identification of the individuals making and approving any changes;
(c) tuning of the suspicious activity monitoring system to customize customer settings in order to more accurately capture suspicious activity specific to each customer;
(d) review of current wire transfer configurations to determine if they are appropriate to monitor for suspicious activity. The Bank must:
(i) document and maintain supporting rationale for funds transfer configurations;
(ii) conduct a detailed analysis to identify gaps within the model to monitor suspicious activity within funds transfers, relative to the risks of the loan products and customer base; and
(iii) if the Bank’s suspicious activity monitoring system is unable to appropriately monitor for suspicious activity for wire transfers, the Bank must implement manual reports and processes to address this gap; and
(e) within one hundred and twenty (120) days of the implementation date of the revised policies and procedures, an independent validation of the model used in the suspicious activity monitoring system conducted by a qualified, independent third party. As part of this validation, appropriate and qualified individuals must conduct outcomes analysis, to include the following:
(i) integrity of data inputs from all products, services, and transactions, to include international and domestic wires; and
(ii) evaluation of the appropriateness of thresholds in criteria used to identify potential suspicious activity.
(2) No later than the next Board meeting following the receipt of the Assistant Deputy Comptroller’s written determination of no supervisory objection, the Board shall adopt, and management shall immediately implement and thereafter ensure adherence to the revised policies and procedures.
ARTICLE VII
BSA STAFFING
(1) Within forty-five (45) days of the date of this Agreement, the Board shall ensure that the Bank’s BSA Department maintains sufficient personnel with the requisite expertise, training, and skills necessary to manage the Bank’s BSA/AML risk. Any needed enhancements in staffing in the interim must be addressed through the use of contractors until permanent staff is in place.
ARTICLE VIII
RESIDENTIAL REAL ESTATE LOAN UNDERWRITING
(1) Within ninety (90) days of the date of this Agreement, the Board shall submit to the Assistant Deputy Comptroller, for a prior written determination of no supervisory objection, revised policies and procedures to ensure effective controls over loan underwriting. Refer to the “Residential Real Estate” booklet of the Comptroller’s Handbook for guidance. The policies and procedures shall ensure the Bank operates in accordance with applicable law. At a minimum, the revisions must include:
(a) effective controls and processes to collect and verify employment and income;
(b) verification of borrowers’ ability to repay indebtedness in a timely manner;
(c) verification of borrowers’ income and cash flow information used in the Bank’s underwriting process for non-owner occupied properties;
(d) effective controls and verification procedures for the acceptance of gift letters, including proper execution and endorsement by both the donor and recipient; and
(e) effective oversight of exceptions identified by the Bank’s quality control function, including proper escalation and disposition of concerns raised by quality control to management or the BSA Officer.
(2) No later than the next Board meeting following the receipt of the Assistant Deputy Comptroller’s written determination of no supervisory objection, the Board shall adopt, and management shall immediately implement and thereafter ensure adherence to the revised policies and procedures.
ARTICLE IX
VIOLATIONS OF LAW
(1) The Board shall require and the Bank shall immediately take all necessary steps to correct each violation of law, rule, or regulation cited in the most recent Report of Examination or any subsequent Report of Examination, or brought to the Board or Bank’s attention in writing by management, regulators, auditors, loan review, or other third parties. Within thirty (30) days after the violation is cited or brought to the Board or Bank’s attention, Bank management shall provide to the Board and Compliance Committee a list of any violations that have not been corrected. This list shall also include an explanation of the actions taken to correct the violation,
the reason why the violation has not yet been corrected, and a plan to correct the violation by a specified date.
ARTICLE X
GENERAL BOARD RESPONSIBILITIES
(1) The Board shall ensure that the Bank has timely adopted and implemented all corrective actions required by this Agreement, and shall verify that the Bank adheres to the corrective actions and they are effective in addressing the Bank’s deficiencies that resulted in this Agreement.
(2) In each instance in which this Agreement imposes responsibilities upon the Board, it is intended to mean that the Board shall:
(a) authorize, direct, and adopt corrective actions on behalf of the Bank as may be necessary to perform the obligations and undertakings imposed on the Board by this Agreement;
(b) ensure that the Bank has sufficient processes, management, personnel, control systems, and corporate and risk governance to implement and adhere to all provisions of this Agreement;
(c) require that Bank management and personnel have sufficient training and authority to execute their duties and responsibilities pertaining to or resulting from this Agreement;
(d) hold Bank management and personnel accountable for executing their duties and responsibilities pertaining to or resulting from this Agreement;
(e) require appropriate, adequate, and timely reporting to the Board by Bank management of corrective actions directed by the Board to be taken under
the terms of this Agreement; and
(f) address any noncompliance with corrective actions in a timely and appropriate manner.
ARTICLE XI
OTHER PROVISIONS
(1) Regarding the effect of this Agreement, and unless the OCC informs the Bank otherwise in writing with respect to any or all of the subparts below:
(a) pursuant to 12 C.F.R. § 5.3(g)(5), the Bank is not an “eligible savings association” for the purposes of 12 C.F.R. Part 5; and
(b) pursuant to 12 C.F.R. § 5.51(c)(7)(ii), the Bank is not subject to the restrictions in 12 C.F.R. § 5.51 requiring prior notice to the OCC of changes in directors and senior executive officers or the limitations on golden parachute payments set forth in 12 C.F.R. Part 359, subject to the requirements contained in 12 C.F.R. § 5.51(c)(7)(i), (iii).
(2) This Agreement supersedes all prior OCC communications issued pursuant to 12 C.F.R. §§ 5.3(g)(5) and 5.51(c)(7)(ii).
ARTICLE XII
CLOSING
(1) This Agreement is intended to be, and shall be construed to be, a “written agreement” within the meaning of 12 U.S.C. § 1818, and expressly does not form, and may not be construed to form, a contract binding on the United States, the OCC, or any officer, employee, or agent of the OCC. Notwithstanding the absence of mutuality of obligation, or of consideration, or of a contract, the OCC may enforce any of the commitments or obligations
herein undertaken by the Bank under its supervisory powers, including 12 U.S.C. § 1818(b)(1), and not as a matter of contract law. The Bank expressly acknowledges that neither the Bank nor the OCC has any intention to enter into a contract. The Bank also expressly acknowledges that no officer, employee, or agent of the OCC has statutory or other authority to bind the United States, the U.S. Treasury Department, the OCC, or any other federal bank regulatory agency or entity, or any officer, employee, or agent of any of those entities to a contract affecting the OCC’s exercise of its supervisory responsibilities.
(2) This Agreement is effective upon its issuance by the OCC, through the Comptroller’s duly authorized representative. Except as otherwise expressly provided herein, all references to “days” in this Agreement shall mean calendar days and the computation of any period of time imposed by this Agreement shall not include the date of the act or event that commences the period of time. The provisions of this Agreement shall remain effective and enforceable except to the extent that, and until such time as, such provisions are amended, suspended, waived, or terminated in writing by the OCC, through the Comptroller’s duly authorized representative. If the Bank seeks an extension, amendment, suspension, waiver, or termination of any provision of this Agreement, or within any plan or program submitted pursuant to this Agreement, the Board or a Board-designee shall submit a written request to the Assistant Deputy Comptroller asking for relief. Any request submitted pursuant to this paragraph shall include a statement setting forth in detail the special circumstances that prevent the Bank from complying with the relevant provision(s) of the Agreement or plan or program submitted pursuant to this Agreement, and shall be accompanied by relevant supporting documentation. The OCC’s decision concerning a request submitted pursuant to this paragraph, which will be communicated to the Board in writing, is final and not subject to further review.
(3) The Bank will not be deemed to be in compliance with this Agreement until it has adopted, implemented, and adhered to all of the corrective actions set forth in each Article of this Agreement; the corrective actions are effective in addressing the Bank’s deficiencies; and the OCC has verified and validated the corrective actions. An assessment of the effectiveness of the corrective actions requires sufficient passage of time to demonstrate the sustained effectiveness of the corrective actions.
(4) The OCC may enforce the terms of this Agreement pursuant to its statutory authority, including 12 U.S.C. § 1818(i)(2).
(5) Each citation, guidance, or issuance referenced in this Agreement includes any subsequent citation, guidance, or issuance that replaces, supersedes, amends, or revises the referenced cited citation, guidance, or issuance.
(6) No separate promise or inducement of any kind has been made by the OCC, or by its officers, employees, or agents, to cause or induce the Bank to enter into this Agreement.
(7) All reports, plans, or programs submitted to the OCC pursuant to this Agreement shall be forwarded, by overnight mail or via email, to the following:
Xxxxx Xxxxx
Assistant Deputy Comptroller
000 Xxxxxx Xxxxxx, Xxxxx 0000
Xxxxxxxxx, XX 00000
(8) The terms of this Agreement, including this paragraph, are not subject to amendment or modification by any extraneous expression, prior agreements, or prior arrangements between the parties, whether oral or written.
IN TESTIMONY WHEREOF, the undersigned, authorized by the Comptroller as his duly authorized representative, has hereunto set his signature on behalf of the Comptroller.
/s/ Xxxxx Xxxxx |
|
6/18/2019 |
Xxxxx Xxxxx |
|
Date |
Assistant Deputy Comptroller |
|
|
Cleveland Field Office |
|
|
IN TESTIMONY WHEREOF, the undersigned, as the duly elected and acting Board of Directors of Sterling Bank and Trust, FSB, have hereunto set their signatures on behalf of the Bank.
/s/ Xxxxx Xxxxx |
|
6/18/2019 |
Xxxxx Xxxxx |
|
Date |
|
|
|
/s/ Xxxx Xxxx |
|
6/18/2019 |
Xxxx Xxxx |
|
Date |
|
|
|
/s/ Xxxx Xxxxxxx |
|
6/18/2019 |
Xxxx Xxxxxxx |
|
Date |
|
|
|
/s/ Xxxxxx Xxxxxxxx |
|
7/9/2019 |
Xxxxxx Xxxxxxxx |
|
Date |
|
|
|
/s/ Xxxxx Xxxxxxx |
|
6/18/2019 |
Xxxxx Xxxxxxx |
|
Date |
|
|
|
/s/ Xxxxxx Xxxxxxxxx Xxxxxxx |
|
7/16/2019 |
Xxxxxx Xxxxxxxxx Xxxxxxx |
|
Date |
|
|
|
/s/ Xxxxxxxx Xxxxxxx |
|
6/18/2019 |
Xxxxxxxx Xxxxxxx |
|
Date |
|
|
|
/s/ Xxxx Xxxxxxx |
|
6/18/2019 |
Xxxx Xxxxxxx |
|
Date |