Consent Order to Cease and Desist for Affirmative Relief


Exhibit 10.4
Before The

In the Matter of
    )     Order No.:
    )     Date:
Fort Lauderdale, Florida
OTS Docket No.: 05551
     WHEREAS, BankAtlantic, Fort Lauderdale, Florida, OTS Docket No. 05551 (BankAtlantic or Bank),by and through its Board of Directors (Board), has executed a Stipulation and Consent to theIssuance of an Order to Cease and Desist for Affirmative Relief and an Order of Assessment of aCivil Money Penalty (Stipulation); and
     WHEREAS, BankAtlantic, without admitting or denying that grounds exist for initiating anadministrative cease and desist proceeding, by executing the Stipulation, has consented and agreedto the issuance of this Consent Order to Cease and Desist for Affirmative Relief (C&D Order) by theOffice of Thrift Supervision (OTS), pursuant to Section 8(b) of the Federal Deposit Insurance Act(FDIA), 12 U.S.C. § 1818(b)1; and
     WHEREAS, the Director of the OTS has delegated to the Regional Directors of the OTS theauthority to issue consent orders on behalf of the OTS pursuant to provisions of Section 8 of theFDIA, 12 U.S.C. § 1818.
1   All references to the United States Code (U.S.C.) are as amended.



Order to Cease and Desist
1. The Bank and its directors, officers, employees, and agents shall cease and desist from anyaction (alone or with another or others) for or toward causing, bringing about, participating in,counseling or the aiding and abetting of any violation of:
  a.   the Currency and Foreign Transactions Reporting Act, as amended by the USA PatriotAct and other laws (the Bank Secrecy Act or BSA), 31 U.S.C. §§ 5311 et seq., and therelated BSA regulations issued by the U. S. Department of the Treasury, 31 C.F.R. Part103, and the OTS, 12 C.F.R. § 563.177 (collectively with the aforementioned laws andregulations, the BSA Laws and Regulations); and
  b.   the OTS regulations governing suspicious activity reports (SAR) and other reports andstatements set forth in 12 C.F.R. § 563.180.
Anti-Money Laundering/Bank Secrecy Act Compliance
2. The Board shall review the Bank’s program for compliance with the BSA Laws and Regulations (BSACompliance Program) not less than annually and adopt and implement such revisions and amendments asare necessary to ensure: (i) the adequacy and effectiveness of the BSA Compliance Program; (ii)BankAtlantic’s continued compliance with the BSA Laws and Regulations; (iii) the appropriateidentification and monitoring of accounts and transactions that pose greater than normal risks forcompliance with the BSA Laws and Regulations; (iv) the timely and accurate reporting of suspiciousactivities or transactions with appropriate law enforcement and bank regulatory authorities; and(v) the accurate completion and maintenance of documents, forms, logs and records as required ornecessitated by the BSA Laws and Regulations. The Board shall, at a minimum, take the followingactions:
  a.   The Board shall review the Bank’s customer identification policies and procedures(CIP Policy) and know your customer policies and procedures
BankAtlantic C&D Order



(KYC Policy) and ensure that the weaknesses, deficiencies and violations discussed inthe 2004 Examination have been fully addressed and that the CIP Policy and KYC Policyare adequate and effective to ensure the Bank’s compliance with applicable laws,regulations and agency guidance.
  b.   The Board shall review the Bank’s policies and procedures for compliance with theapplicable requirements of the regulations of the U.S. Department of the Treasury Officeof Foreign Assets Control (OFAC), 31 C.F.R. Part 500, (OFAC Policy) and ensure that theweaknesses, deficiencies and violations discussed in the 2004 Examination have been fullyaddressed and that the OFAC Policy is adequate and effective to ensure the Bank’scompliance with applicable laws, regulations and agency guidance.
  c.   The Board shall ensure that the Bank’s BSA Compliance Program incorporates anti-moneylaundering (AML) procedures and systems, including, as may be appropriate, AML software,to adequately monitor (i) wire transfer activity; (ii) foreign currency exchangetransactions; (iii) cash and automatic teller machine transactions; (iv) check processingtransactions, e.g., automated clearing house transactions; (v) monetary instrumenttransactions, e.g., money orders, cashier checks, travelers checks, etc.; (vi)account transfers; and (vii) lending activity, to timely and effectively identifysuspicious transactions for appropriate action. The Bank’s AML monitoring proceduresshall be based upon periodic risk assessments of the Bank’s business activities, products,services and customers, to be conducted at least annually or more frequently, ifwarranted. Management shall review all accounts or transactions identified as suspicious,consistent with written monitoring and review procedures adopted by the Board, and takeappropriate corrective action (including, without limitation, filing of a SAR andincreased monitoring and oversight). The Bank shall fully document its review of allaccounts and transactions identified as suspicious, the determinations made regarding suchaccounts and transactions, and the corrective actions taken with regarding to suchaccounts and transactions.
BankAtlantic C&D Order



  d.   Management shall conduct a comprehensive review of the Bank’s departments assignedresponsibility for compliance with the BSA Compliance Program and the BSA Laws andRegulations (BSA Department) to determine the adequacy of the organization and resourcesdedicated to the BSA Department. This review shall include, at a minimum, assessment ofthe capability of the BSA Officer and his/her supporting staff to monitor and ensurecompliance with the Bank’s BSA Compliance Program and the BSA Laws and Regulations, takinginto account (i) knowledge of the process and systems for monitoring suspiciousactivities; (ii) knowledge and expertise concerning the BSA Compliance Program and the BSALaws and Regulations; (iii) knowledge and expertise in fraud control and compliancemonitoring; (iv) authority to correct identified deficiencies; (v) reporting structure andindependence from Bank Management; (vi) the Bank’s methodology for collecting,maintaining, and recalling information related to transactions that pose greater thannormal risks for BSA compliance; and (vii) evaluation of the types of transactions,accounts, products, services, and geographic areas that pose greater than normal risks forcompliance with the BSA Compliance Program and the BSA Laws and Regulations. Withinninety (90) days after the Effective Date of this C&D Order, Management shall provide theBoard a written report of its assessment of the Bank’s BSA Department, including anyrecommendations for strengthening the BSA Department (BSA Department Report). The Boardshall review the BSA Department Report and ensure that Management makes changes as neededto strengthen the BSA Department, including ensuring that the BSA Department and the BSAOfficer shall report directly to the Regulatory Compliance Committee provided for inParagraph 4 below.
  e.   Management shall maintain, and the Board shall review and adopt, a comprehensivetraining program for all appropriate operational and supervisory personnel to ensureawareness of their responsibility for (i) compliance with the requirements of the BSA Lawsand Regulations and the
BankAtlantic C&D Order



OTS regulations governing SAR filings; (ii) the BSA and AML risks inherent to theirdepartments and products; and (iii) any changes to the Bank’s BSA Compliance Programrequired by this C&D Order, the Bank’s BSA Audit, future OTS examinations, andamendments to the BSA Laws and Regulations (BSA Training Program). The BSA TrainingProgram should include requirements for mandatory attendance, the frequency oftraining, specialized training procedures for certain departments of the Bank basedupon the particular operations and risk presented by such areas (such as the wiretransfer department), and procedures and timing for updating the BSA Training Programand materials based upon violations, deficiencies and weaknesses identified by the BSAAudit, future OTS examinations, or the Bank’s external independent audit. The Bankshall maintain documentation of all BSA training attended by its employees.
  f.   The Board shall provide for the maintenance of an internal audit function,independent of the Bank’s compliance function and the BSA Officer and his/her supportingstaff, that will, on at least an annual basis, comprehensively review and assess (i) theadequacy and effectiveness of the Bank’s BSA Compliance Program, consistent with therequirements of the BSA Laws and Regulations, relevant OTS guidance, and the Bank’scurrent and future activities and operations; (ii) the Bank’s compliance with its BSACompliance Program; and (iii) the Bank’s compliance with the BSA Laws and Regulations(hereafter referred to as the BSA Audit). The BSA Audit must include adequate levels oftransactional testing to corroborate the audit findings, procedures for documentingcompletion of appropriate corrective actions by Management, and reassessment of anydepartment, operation, branch or area identified as having less than adequate BSAcompliance within six (6) months following the completion of each BSA Audit. Withinthirty (30) days after completion of the BSA Audit, the Board will review the results ofthe BSA Audit, adopt appropriate corrective actions and timeframes to address identifieddeficiencies or weaknesses, require Management to fully implement
BankAtlantic C&D Order



the corrective actions adopted by the Board, and ensure the timely completion of allrequired corrective actions. The Board’s review, discussions and required correctiveactions shall be fully detailed in the appropriate Board meeting minutes. A copy ofthe BSA Audit procedures, scope and findings, and the relevant meeting minutesdetailing the Board’s review, shall be provided to the Regional Director within ten(10) days after the Board’s review of the BSA Audit findings.
  g.   The Board shall ensure that the annual BSA Audit required by Paragraph 2.f. aboveincludes a review and assessment of the adequacy and effectiveness of the CIP Policy andKYC Policy. The review shall consider, without limitation, the adequacy and effectivenessof due diligence procedures and customer profiles for customer groups with heightened BSAand AML risk, as identified by the Bank, including, non-US resident accounts, commercialand business accounts, customers with significant wire transfer activity, and customersgenerating more than five (5) currency transaction report filings per year. The reviewshall assess the adequacy and effectiveness of the CIP Policy and KYC Policy for the Bankand for each individual branch, including an assessment of the adequacy and reliability ofdata and information obtained and maintained by the Bank and each individual branch, andidentify any deficiencies, weaknesses or noncompliance with the CIP Policy, KYC Policy orapplicable laws and regulations.
  h.   In addition to the BSA Audit required by Paragraph 2.f. above, the Board shallrequire Management to engage a qualified independent outside third party to conduct annualindependent tests of the Bank’s compliance with the BSA Compliance Program and the BSALaws and Regulations. Each annual independent test shall comply with the requirementscontained in the Federal Financial Institutions Examination Counsel’s BSA/AML ExaminationManual.
BankAtlantic C&D Order



3. The Board and Management shall ensure that all deficiencies, weaknesses and violations of law orregulation identified in the Bank’s 2004 Examination have been corrected, as directed therein,except where such direction is modified or changed by the terms of this C&D Order. Further, theBoard and Management of the Bank shall take immediate action to cause the Bank to comply with theterms of this C&D Order.
Board Compliance Committee
4. Within thirty (30) days of the Effective Date of this C&D Order, the Board shall appoint acommittee comprising three (3) or more Directors, the majority of whom shall be independent ofManagement, to monitor and coordinate the Bank’s compliance with the provisions of this C&D Orderand the completion of any remaining corrective action required in the 2004 Examination (theRegulatory Compliance Committee).
5. Within forty-five (45) days after the end of each calendar quarter, the Regulatory ComplianceCommittee shall submit a written progress report to the Board detailing the actions taken orrequired to be taken to comply with each provision of this C&D Order and the actions required bythe 2004 Examination, as well as the results and status of those actions.
6. Within sixty (60) days after the end of each calendar quarter, the Board shall submit to theRegional Director: (i) a copy of the Regulatory Compliance Committee’s quarterly progress reportrequired by Paragraph 5 above, with any additional comments made by the Board; and (ii) a writtencertification that each Director has reviewed the report.
Compliance with Order
7. All policies, procedures, corrective actions, plans, programs, reviews and systems required bythis C&D Order (collectively, Policies and Procedures) shall conform to all applicable statutes,regulations, OTS policy and guidance. The Board shall submit copies
BankAtlantic C&D Order



of all Policies and Procedures required by this C&D Order to the Regional Director within thetimeframes specified or, in the event a timeframe is not specified, within thirty (30) days afteradoption by the Board. The Board shall revise such Policies and Procedures as required by theRegional Director within thirty (30) days of receipt of written direction from the RegionalDirector. The Policies and Procedures, as modified consistent with the written direction of theRegional Director, shall be incorporated into this C&D Order and any deviation from such Policiesand Procedures shall be a violation of this C&D Order.
8. All technical words or terms used in this C&D Order for which meanings are not specified orotherwise provided by the provisions of this C&D Order shall, insofar as applicable, have meaningsas defined in Chapter V of Title 12 of the Code of Federal Regulations, Part 103 of Chapter I ofTitle 31 of the Code of Federal Regulations, the BSA, the Home Owners Loan Act (HOLA), the FDIA,OTS Memoranda or other published OTS guidance. Any such technical words or terms used in this C&DOrder and undefined in said Code of Federal Regulations, the BSA, the HOLA, the FDIA, OTSMemoranda, or other published regulatory guidance shall have meanings that are in accordance withthe best custom and usage in the savings and loan industry.
Successor Statutes, Regulations, Guidance, Amendments
9. Reference in this C&D Order to provisions of statutes, regulations, OTS Memoranda, and otherpublished regulatory guidance shall be deemed to include references to all amendments to suchprovisions as have been made as of the Effective Date and references to successor provisions asthey become applicable.
BankAtlantic C&D Order



No Violations Authorized; OTS Not Restricted
10. Nothing in this C&D Order or the Stipulation shall be construed as: (i) allowing the Bank toviolate any law, rule, regulation, or policy statement to which it is subject, or (ii) restrictingor estopping the OTS from taking any action(s) that it believes are appropriate in fulfilling theresponsibilities placed upon it by law including, without limitation, any type of supervisory,enforcement or other action that the OTS determines to be appropriate, arising out of mattersdescribed in the most recent Report of Examination, or based on other matters.
Time Limits; Effect of Headings; Separability Clause; Stipulation Incorporated
11. Time limitations for compliance with the terms of this C&D Order run from the Effective Date,unless otherwise noted.
12. The section and paragraph headings herein are for convenience only and shall not affect theconstruction hereof.
13. In case any provision in this C&D Order is ruled to be invalid, illegal or unenforceable by thedecision of any court of competent jurisdiction, the validity, legality and enforceability of theremaining provisions hereof shall not in any way be affected or impaired thereby, unless theRegional Director in his/her sole discretion determines otherwise.
14. The Stipulation is made a part hereof and is incorporated herein by this reference.
Effective Date; Duration
15. This C&D Order is and shall become effective on the date it is issued, i.e., the Effective Dateas shown on the first page hereof. This C&D Order (including the relatedStipulation) shall remain in effect until terminated, modified or suspended, in writing by the OTS,acting through its Director, Regional Director or other authorized representative.
  By:   /s/John E. Ryan   
    John E. Ryan   
    Regional Director   
BankAtlantic C&D Order