On November 13, the Federal Reserve Board issued two cease and desist orders against a state-chartered bank and a bank holding company for alleged compliance deficiencies.

The Federal Reserve Board first order was against a state-chartered bank in Kansas in connection with the bank’s alleged non-compliance with anti-money laundering (AML) and Bank Secrecy Act (BSA) regulations that were revealed in a May examination. See 31 U.S.C. § 5311 et seq. In addition, the FRB also cited shortcomings in “staffing, internal controls, credit risk management, lending and credit administration, capital, information technology and information security, books and records, regulatory reporting, liquidity and funds management, earnings, interest rate risk management [and] third party risk management.”

Among the requirements of the consent order, the bank is directed to appoint a qualified BSA/AML compliance officer and implement several measures to enhance BSA/AML compliance, including:

  • Allocate adequate resources to align the compliance program with its risk profile;
  • Enhance its customer identification program to verify customer identities;
  • Improve its customer due diligence program with risk-based policies, procedures, and enhanced due diligence measures;
  • Develop a program to ensure timely and accurate reporting of suspicious activity; and
  • Engage independent third parties to review the bank’s transaction monitoring system and transaction activities.
  • The Federal Reserve Board’s order also requires the bank to submit written plans for these improvements in addition to periodic progress reports. In addition, the bank agreed not to pay out dividends without sign-off from the FRB, the Kansas City Fed and its state regulator.
  • The consent order follows a similar one issued by the FRB back in September 2023 against the bank and its holding company where the FRB cited deficiencies in risk management, compliance with AML regulations, and operational shortcomings based on an October 2022 exam.

On the same day, the Federal Reserve Board and the Texas Department of Banking jointly issued a cease and desist order against a Texas bank holding company in connection with alleged operational deficiencies uncovered by a June examination, including with its ability to serve as a source of strengthen to its banking subsidiaries. The order requires the bank holding company to implement the following measures to enhance the compliance profile of its operations:

  • Utilize financial and managerial resources to support subsidiary banks, enhance board oversight, and improve risk management practices;
  • Develop an enhanced liquidity risk management program; and
  • Submit quarterly progress reports, a strategic business plan and budget for 2025.

The bank holding company will further be required to submit a written plan to strengthen board oversight of its management and operations. The plan is intended to outline effective oversight of its operations and ensure the board of directors adequately supervises management’s adherence to applicable laws and regulations. Finally, the bank holding company is to refrain from declaring dividends, repurchasing shares, or incurring, increasing, prepaying, or guaranteeing debt without prior regulator approval.

Putting It Into Practice: The cease and desist orders reflect the FRB’s commitment to policing compliance deficiencies occurring in banks within its supervisory jurisdiction (see our blog posts on previous similar enforcements here, here, and here). Banks are advised to assess their current risk management programs against these enforcement actions, identify necessary enhancements, and develop plans to bring their compliance management system protocols in line with regulators’ expectations.