RBB BANCORP CALIFORNIA DEPARTMENT OF FINANCIAL PROTECTION AND INNOVATION
SACRAMENTO, CALIFORNIA
| ) | |||
| ) | |||
| In the Matter of: | ) | ||
| ) | |||
| ROYAL BUSINESS BANK | ) | CONSENT ORDER | |
| LOS ANGELES, CALIFORNIA | ) | ||
| ) | FDIC-23-0042b | ||
| (INSURED STATE NONMEMBER BANK) | ) | ||
| ) | |||
| ) |
The Federal Deposit Insurance Corporation ("FDIC") is the appropriate Federal banking agency for Royal Business Bank, Los Angeles, California ("Bank") under Section 3(q) of the Federal Deposit Insurance Act ("FDI Act"), 12 U.S.C. § 1813(q). The California Department of Financial Protection and Innovation ("CDFPI") is the appropriate State banking agency for the Bank under Division 1 of the California Financial Code.
The Bank, by and through its duly elected and acting Board of Directors ("Board"), has executed a Stipulation to the Issuance of a Consent Order ("Stipulation"), dated October 18, 2023, that is accepted by the FDIC and the CDFPI. The Bank has entered the stipulation without admitting or denying any charges of violating the Bank Secrecy Act ("BSA"), 31 U.S.C. §§ 5311 et. seq., 12 U.S.C. § 1829b, and 12 U.S.C. §§ 1951-60, and the implementing regulations, 31 C.F.R. Chapter X, and 12 U.S.C. § 1818(s) and its implementing regulations, 12 C.F.R. Part 353 and 12 C.F.R. § 326.8, (collectively referred to as the laws, rules, and regulations governing "Anti-Money Laundering/Countering the Financing of Terrorism" or "AML/CFT"). With the Stipulation, the Bank has consented to the issuance of this Consent Order ("Order") by the FDIC and the CDFPI pursuant to Section 8(b)(1) of the FDI Act, and Section 580 of the California Financial Code ("CFC").
- 2 -
Having determined that the requirements for issuance of an order under Section 8(b) of the FDI Act, 12 U.S.C. § 1818(b), and CFC have been satisfied, the FDIC and the CDFPI hereby order that:
COMPLY WITH AML/CFT RULES & REGULATIONS
1. Within 120 days of the effective date of this Order, the Bank shall comply in all material respects with AML/CFT laws, rules, and regulations, including correcting all citations and violations as more fully set forth in the FDIC and CDFPI Report of Examination as of January 23, 2023 ("ROE"). The Bank shall:
(a) Correct the apparent violation of 12 C.F.R. § 326.8(c)(1) by developing, adopting, and fully implementing effective AML/CFT internal controls.
(b) Correct the apparent violation of 12 C.F.R. § 326.8(c)(3) by ensuring that adequate staffing/resources are provided to administer an effective AML/CFT program.
(c) Correct the apparent violation of 12 C.F.R. § 353.3 related to the failure to file Suspicious Activity Reports ("SARs").
(d) Take all necessary steps to ensure future compliance with all applicable laws and regulations.
- 3 -
ACCEPTABLE AML/CFT PROGRAM
2. Within 90 days of the effective date of this Order, the Bank shall review, enhance and implement its written compliance program designed to, among other things, ensure and maintain compliance by the Bank with AML/CFT laws, rules, and regulations. The program shall ensure that clear and comprehensive AML/CFT compliance reports are provided to the Bank's Board on a monthly basis. Such program and its implementation shall be in a manner acceptable to the Regional Director of the FDIC's San Francisco Regional Office ("Regional Director") and the CDFPI Commissioner ("Commissioner") as determined at subsequent examinations and/or visitations of the Bank. At a minimum, the program shall:
(a) Review and improve a system of internal controls, as discussed in Paragraph 4 herein, to ensure compliance with AML/CFT laws, rules, and regulations, including policies and procedures to detect and monitor all transactions that may be conducted for illegitimate purposes and that there is full compliance with all applicable laws and regulations.
(b) Ensure that the Bank's AML/CFT program is managed by a qualified officer who has the required authority, responsibility, training, resources, and management reporting structure to ensure compliance with the Bank's AML/CFT program requirements and AML/CFT laws, rules, and regulations. Such a program shall include without limitation:
(i) Identification of timely, accurate and complete reporting to law enforcement and supervisory authorities of unusual or suspicious activity or known or suspected criminal activity perpetrated against or involving the Bank; and
(ii) Monitoring the Bank's compliance and ensuring that full and complete corrective action is taken with respect to identified violations and deficiencies.
(c) Provide and document training by competent staff and/or independent contractors of all Bank's Board members and all appropriate personnel, including, without limitation, senior management, tellers, customer service representatives, lending officers, private and personal banking officers and all other customer contact personnel, in all aspects of regulatory and internal policies and procedures related to AML/CFT laws, rules, and regulations.
- 4 -
(i) Ensure that training is tailored to address the specific compliance responsibilities of the group or individual for which the training is being provided.
(ii) Training shall be updated on a regular basis to ensure that all personnel are provided with the most current and up to date information, such as the particular money laundering, terrorist financing and illicit finance risks of the Bank based on its products, services, business lines, customer types, geographic reach and any other risks identified.
(iii) This training shall be conducted at least annually and shall be updated, as appropriate, to include changes to the relevant AML/CFT laws and regulations and changes to the Bank's Risk Assessment.
3. Within 90 days of the effective date of this Order, the Bank shall revise, adopt, and implement its AML Policy to include provisions which implement the requirements of this Order. The Bank's Board and management shall fully implement the provisions of the revised AML Policy. The revised AML Policy, and its implementation, shall be in a form and manner acceptable to the Regional Director and the Commissioner as determined at subsequent examinations and/or visitations of the Bank.
ACCEPTABLE CUSTOMER DUE DILIGENCE PROGRAM
4. Within 90 days of the effective date of this Order, the Bank shall review, enhance and implement appropriate risk-based policies and procedures for a written Customer Due Diligence ("CDD") program that complies with the requirements set forth in 31 C.F.R. § 1020.210(b)(v) and as detailed in the ROE. Such program and its implementation shall be in a manner acceptable to the Regional Director and the Commissioner as determined at subsequent examinations and/or visitations of the Bank. At a minimum, the Bank shall:
- 5 -
(a) Update customer risk profiles to reflect current expected activity information for High Risk Account ("HRA") reviews. The customer risk rating system must ensure that all customers of the Bank are appropriately risk-rated to capture the money laundering or terrorist financing risk they pose. The Bank's CDD shall operate in conjunction with the Bank's Customer Identification Program ("CIP") to enable the Bank to understand the nature and purpose of customer relationships and develop sufficient customer risk profiles.
(b) Update procedures to instruct analysts to reference expected activity from customer risk profiles when reviewing transaction monitoring alerts. The Bank must have appropriate policies, procedures and processes for monitoring and updating customer information including policies to address when and what customer information will be collected to ensure the Bank's customer risk ratings are current and serve as an accurate reflection of risk.
(c) Maintain a sustainable process to ensure all HRA customer relationships receive a periodic review.
(d) Maintain processes and procedures to investigate and, as appropriate, report suspicious or unusual activity detected in the course of the Bank's ongoing monitoring and updating of customer information.
(e) Conduct a rules tuning/calibration of transaction monitoring and risk scoring parameters and ensure the system is operating as expected.
- 6 -
SARS POLICY AND PROCEDURES
5. Within 90 days of the effective date of this Order, the Bank shall review and enhance policies and procedures to ensure that SARs are filed within 30 days of identifying a suspect or unusual and suspicious activity (or a total of 60 days if a suspect is unknown or once per quarter for ongoing transactions).
(a) Such a program must ensure that timely identification of suspicious activity occurs and that timely investigation into unusual activity is undertaken.
(b) The Bank shall review and enhance its policies and procedures concerning notification to the Bank's Board of SAR filings.
BOARD OVERSIGHT OF AML/CFT COMPLIANCE
6. Within 90 days from the effective date of this Order, and periodically thereafter, but no less than annually, the Board shall perform, either internally or through a third party, an analysis and assessment of the Bank's BSA Department.
(a) At a minimum, the assessment should analyze and address staffing needs to ensure appropriate resources are in place to administer an AML/CFT program. In addition, the staffing needs assessment shall ensure the Bank has designated a qualified individual to coordinate and monitor day-to-day compliance with AML/CFT laws, rules, and regulations. The analysis should include assumptions for the Bank's growth plans, risk profile, and higher-risk customer types served. Additionally, the analysis must consider resources needed to address the internal control deficiencies detailed within the ROE.
(b) Following the effective date of this Order, the Bank's Board shall monitor and confirm the completion of actions taken by management to comply with the terms of this Order. The Bank's Board shall certify in writing to the Regional Director and the Commissioner when all of the above actions have been accomplished. All actions taken by the Bank's Board pursuant to this Order shall be duly noted in the minutes of its meetings. The Board shall receive reports on at least a monthly basis from the qualified officer appointed in Paragraph 2 regarding compliance with AML/CFT laws, rules, and regulations and shall review such reports at its meetings.
- 7 -
PROGRESS REPORTS
7. Within 30 days of the end of the first quarter following the effective date of this Order, and within 30 days of the end of each quarter thereafter, the Bank shall furnish written progress reports to the Regional Director and the Commissioner. Such reports shall detail the form and manner of any actions taken to secure compliance with this Order and the results thereof and provide additional information as necessary. Such reports may be discontinued when the corrections required by this Order have been accomplished and the Regional Director and the Commissioner have released the Bank in writing from making further reports.
DISCLOSURE
8. Following the effective date of this Order, the Bank shall provide a copy of the Order or otherwise furnish a description of the Order to its shareholder(s) in conjunction with:
(a) the Bank's next shareholder communication; and
(b) the notice or proxy statement preceding the Bank's next shareholder meeting.
The description shall fully describe the Order in all material respects. The description and any accompanying communication, statement, or notice shall be sent to the FDIC, Division of Risk Management Supervision, Accounting and Securities Disclosure Section, 550 17th Street, N.W., Washington, D.C. 20429, at least 20 days prior to dissemination to shareholders. Any changes requested to be made by the FDIC shall be made prior to dissemination of the description, communication, notice, or statement.
- 8 -
The provisions of this Order shall not bar, estop, or otherwise prevent the FDIC, the CDFPI, or any other federal or state agency or department from taking any other action against the Bank or any of the Bank's current or former institution-affiliated parties, as that term is defined in Section 3(u) of the FDI Act, 12 U.S.C. § 1813(u).
This Order will become effective upon its issuance by the FDIC and the CDFPI.
The provisions of this Order shall be binding upon the Bank, its institution-affiliated parties, and any successors and assigns thereof.
The provisions of this Order shall remain effective and enforceable except to the extent that and until such time as any provision has been modified, terminated, suspended, or set aside by the FDIC and the CDFPI.
Issued pursuant to delegated authority.
Dated this 25th day of October, 2023.
| /s/ Paul Worthing | /s/ Aaron Prosperi | ||
| Paul P. Worthing | Aaron Prosperi | ||
| Regional Director | Deputy Commissioner, Banking Division | ||
| Division of Risk Management Supervision | California Department of Financial | ||
| San Francisco Region | Protection and Innovation | ||
| Federal Deposit Insurance Corporation |
Attachments
- Original Link
- Original Document
- Permalink
Disclaimer
RBB Bancorp published this content on 31 October 2023 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 31 October 2023 10:07:18 UTC.
