WASHINGTON, D.C. – Federal bank regulators, apparently spooked by the collapse last year of three major banks, issued a Cease-and-Desist/ Consent order in May against an Oklahoma bank.
Old Glory Bank in Elmore City, a town of approximately 735 residents southwest of Pauls Valley, agreed to the consent order issued by the FDIC without admitting or denying the allegations of unsafe or unsound banking practices and violations of law and/or regulations.
No details about what prompted the investigation and the consent order were provided.
The bank’s website says Old Glory is a state-chartered bank in Oklahoma “with customers in all 50 states.” First State Bank in Elmore City was established in 1903 and was renamed Old Glory Bank in 2022.
State Banking Commissioner Mick Thompson told Southwest Ledger that federal regulators are “being overly cautious” in the wake of the collapse of Silicon Valley Bank of Santa Clara, California, on March 10, 2023; Signature Bank of New York two days later; and First Republic Bank of San Francisco, California, on May 1, 2023.
The FDIC is “putting community banks in the same category” as the nation’s biggest banks: JPMorgan Chase, Bank of America, Wells Fargo, Citibank, and U.S. Bancorp, Thompson said.
The FDIC imposed numerous requirements on the Garvin County bank.
• The bank’s board of directors must “increase its participation in bank affairs” by assuming responsibility for approval of the bank’s policies and objectives and for oversight of the bank’s executive and senior management, including approval of a process to monitor all bank activities and compliance with board-approved policies.
The board’s participation also must include monitoring the overall condition of the bank, its risk profile, and compliance with internal policies, regulations, statutes, statements of policy, and rules.
• During the life of the consent order, the bank must notify the FDIC’s regional director and the state banking commissioner of the resignation or termination of any of the bank’s directors or executive officers.
The bank must obtain the written approval of the commissioner prior to the addition of any individual to the board or the employment of any individual as an executive officer.
If the FDIC regional director issues a notice of disapproval, or if the state issues a letter of disapproval with respect to the proposed individual, then that person may not be added to the board or employed by the bank.
• By Aug. 1 the bank’s governing board must revisit its business plan and provide updated goals and projections, as compared to the institution’s business plan from 2022. The updated business plan must address calendar years 2024, 2025 and 2026 operations, projections for earnings performance, budget, growth, balance sheet mix, liability structure, and capital, together with strategies for achieving those objectives.
The business plan must be submitted to the FDIC and to the state commissioner for comment and approval, and make any revisions as directed.
If there is a change in the business plan (such as a new product, new business line, new or proposed business relationship) or any event that may result in a deviation of 10% or more in any balance sheet account as projected in the existing business plan, the bank must receive approval from the FDIC and the commissioner prior to implementation of any such deviation or changes.
• By Aug. 1 the bank’s board must create a written plan “to ensure management is monitoring capital levels.” The plan must include the board’s growth initiatives and capital raise projections, and must be approved by the FDIC’s regional director and the state Banking Commissioner.
• After establishing an adequate allowance for credit losses, Old Glory Bank must maintain its Tier 1 leverage capital ratio equal to 14% of the bank’s average total assets. That ratio “shall be achieved and maintained through retention of earnings, collection of chargedoff assets, reduction in total assets, sale of new equity, or any combination thereof.”
Any increase in Tier 1 capital necessary to meet the requirements of the consent order “may not be accomplished through a deduction from the bank’s allowance for credit losses, the order stipulates.
• If any capital ratios are less than those required by the consent order, Old Glory Bank must present to the FDIC and the state commissioner a “capital improvement plan” to increase the bank’s capital “or to take such other measures to bring all the capital ratios to the percentages required by this order, as well as a plan to sell or merge the bank.”
The increase in capital required to meet the capital ratios required by the consent order “may be accomplished by (1) the sale of securities in the form of common stock; (2) the direct contribution of cash by the directors and/or shareholders of the bank or by the bank’s holding company; (3) receipt of an income tax refund or capitalization; or (4) any other method approved by the FDIC’s regional director and the state commissioner.
• So long as the consent order remains in effect, Old Glory Bank cannot declare or pay dividends or bonuses without prior written consent of the regional director and the commissioner. All requests for prior approval must include an analysis of the impact the proposed dividend or bonus payment would have on the bank’s capital, income, and/or liquidity positions.
• The bank board must “ensure that the interest rate risk management model report is prepared and reviewed” by the board quarterly. All assumptions used in the model must be documented and supported.
• The bank board must “fully implement” an approved audit and compliance assessment policy.
The scope and frequency of information technology audit activities should be based on the IT risk assessment. Any exceptions to the audit and compliance assessment policy must be reported to the bank’s board for review.
The board must engage an independent qualified audit firm to audit the bank’s IT controls, “which shall include, at a minimum, penetration and vulnerability tests, and assessments of the information security program, cybersecurity program, and electronic funds transfer system (“ACH and Wire Transfers”)
• By Aug. 1 the board must develop, approve, and implement several formal policies and procedures: (a) Electronic Funds Transfer Policy; (b) Security Incident Response Policy; and (c) Item Processing Procedures.
• By Sept. 1 the bank’s board just ensure that the institution’s cybersecurity preparedness and resiliency are “at baseline maturity level.”
• Old Glory Bank was required to send a copy of the consent order to its shareholders and parent holding company, Old Glory Holding Company, a Delaware bank holding company that owns Old Glory Bank.