EX-99 4 ex99-3.txt EXHIBIT 99.3 EXHIBIT 99.3 UNITED STATES OF AMERICA DEPARTMENT OF THE TREASURY COMPTROLLER OF THE CURRENCY ______________________________________ ) IN THE MATTER OF: ) ) ) AA-EC-07-58 Union Bank of California, N.A. ) San Francisco, California ) ______________________________________) CONSENT ORDER TO A CIVIL MONEY PENALTY AND TO CEASE AND DESIST The Comptroller of the Currency of the United States of America ("Comptroller"), through his National Bank Examiner, has supervisory authority over Union Bank of California, N.A., San Francisco, CA ("Bank"). The Bank, by and through its duly elected and acting Board of Directors ("Board"), has executed a "Stipulation and Consent to the Issuance of a Consent Order," dated 9/14/07, that is accepted by the Comptroller. By this ------- Stipulation and Consent, which is incorporated by reference, the Bank has consented to the issuance of this Consent Order for a Civil Money Penalty and to Cease and Desist ("Order") by the Comptroller. This Order supersedes a Memorandum of Understanding (MOU) made by the Bank with the Comptroller on March 23, 2005, as of the date of this Order. ARTICLE I COMPTROLLER'S FINDINGS The Comptroller finds, and the Bank neither admits nor denies, the following: (1) During the period November 2003 through December 2005, the Bank violated 12 C.F.R. ss.21.11 when it failed adequately to monitor its casa de cambio (CDC) accounts for suspicious activity during a ten month period, and failed to identify suspicious activity that occurred during January 2004 through August 2005 in certain CDC accounts and to file hundreds of related Suspicious Activity Reports (SARs) in a timely manner. The Bank's failure to monitor the CDC activity resulted in the movement of millions of dollars of suspected proceeds of drug sales through certain CDC accounts at the Bank without detection or reporting of the suspicious transactions. (2) The Bank entered into a Memorandum of Understanding (MOU) with the Comptroller on March 23, 2005. The MOU required implementation of a Bank-wide BSA compliance program, improved internal controls for monitoring high risk accounts and transactions, enhanced training and audit function, and enhanced due diligence procedures reasonably designed to detect and report instances of money laundering through certain private banking customer accounts. The MOU specifically required the Bank to improve its processes for identifying and reporting suspicious transactions. (3) During the 2006 Bank Secrecy Act (BSA) compliance examination of the Bank ("2006 BSA exam"), OCC examiners determined that the Bank had not achieved compliance with the terms of the March 2005 MOU. (a) While the Bank has put forth significant effort to correct BSA deficiencies and made progress in improving BSA compliance since signing the MOU, the actions 2 taken have been insufficient to ensure: (i) compliance with the BSA; (ii) implementation of appropriate customer due diligence processes for identification and monitoring of accounts and transactions that pose greater than normal risks; and (iii) processes, personnel, and control systems to ensure implementation of, adherence to, and compliance with the Bank's BSA compliance program, as required by the terms of the MOU. (b) The Financial Intelligence Unit ("FIU") is the Bank's enterprise-wide BSA compliance program for suspicious activity report (SAR) processes. During the period since entry of the MOU, the Bank's FIU was ineffective in detecting and reporting suspicious activity because of staff skill deficiencies and weak oversight, and it lacked adequate internal controls to detect and report suspicious activity, as required for compliance with the terms of the MOU. (c) Consequently, there was a serious breakdown in the Bank's SAR processes on an organization-wide basis. (d) The Bank's customer due diligence controls, particularly for existing customer profiles and across various lines of businesses, were insufficient to facilitate meaningful transaction analysis and an effective SAR process, as required for compliance with the terms of the MOU. (e) The Bank's failure to file SARs, its weak SAR processes, and inadequate staffing, oversight and internal controls in its FIU, also resulted in a failure to correct problems previously reported to the Bank by the OCC in the MOU. 3 (4) As a result of the 2006 BSA exam findings, the OCC determined that the Bank violated 12 C.F.R. ss.21.11 when it failed to detect and file SARs in a timely manner in connection with certain Bank account activity. (5) In addition, as a result of the 2006 BSA exam findings, the OCC determined that the Bank violated 12 C.F.R.ss.21.21 when it failed to establish and implement a Bank-wide BSA compliance program reasonably designed to assure and monitor its compliance with the BSA. (6) The Bank's failure during 2005-2006 to correct serious defects in its BSA compliance program that were previously reported to the Bank by the OCC in the MOU constitutes a repeat problem within the meaning of 12 U.S.C.ss.1818(s). ARTICLE II CIVIL MONEY PENALTY Pursuant to the authority vested in it by the Federal Deposit Insurance Act, as amended, 12 U.S.C. ss. 1818, the Comptroller hereby orders that: (1) The Bank shall pay a civil money penalty in the amount of ten million dollars ($10,000,000) upon execution of this Order. (a) If a check is the selected method of payment, the check shall be made payable to the Treasurer of the United States and shall be delivered to: Comptroller of the Currency, P.O. Box 979012, St. Louis, Missouri 63197-9000. (b) If a wire transfer is the selected method of payment, it must be sent to the Comptroller's account #2071-0001, ABA Routing # 021030004. (c) The Bank shall submit a copy of the check to the Director, Enforcement & Compliance Division, 250 E Street, S.W., Washington, D.C. 20219. 4 (2) This Order shall be enforceable to the same extent and in the same manner as an effective and outstanding order that has been issued and has become final pursuant to 12 U.S.C. ss.ss. 1818(h) and (i) (as amended). ARTICLE III CEASE AND DESIST ORDER Pursuant to the authority vested in it by the Federal Deposit Insurance Act, as amended, 12 U.S.C. ss. 1818, the Comptroller hereby orders that: A. SUSPICIOUS ACTIVITY REPORTS (1) Within ninety (90) days of the date of this Order, the Board shall ensure that Bank management finalizes improvements and maintains Bank adherence to a written program to establish a system of internal controls and processes to ensure compliance with the requirements to file SARs set forth in 12 C.F.R. ss. 21.11, as amended. At a minimum, this written program shall establish risk-based procedures for identifying, escalating, investigating and reporting known or suspected violations of Federal law, violations of the BSA, or suspicious transactions related to money laundering activity, including suspicious activity relating to the opening of new accounts, the monitoring of current accounts, and the transfer of funds by or through the Bank. (2) The Board shall ensure that Bank management has established processes, personnel, and control systems to ensure the effective implementation of, and adherence to, the program developed pursuant to Paragraph A of this Article, and that there are appropriate monitoring criteria designed to ensure proper identification and timely reporting of all known or suspected violations of law and suspicious transactions. 5 (3) The Board shall ensure that Bank management uses investigative case file standards that are consistent with the SAR Decision-Making Process section of the FFIEC Bank Secrecy Act/Anti-Money Laundering Examination Manual. (4) Upon completion, a copy of this written program shall be submitted to Deputy Comptroller Delora Ng Jee ("Deputy Comptroller") for review and determination of no supervisory objection. B. BANK SECRECY ACT OFFICER AND SUPPORT STAFF (1) Within ninety (90) days of the date of this Order, the Board shall review the Bank's BSA Officer's authority, independence, responsibilities and skills and determine whether they are appropriate in light of the Bank's overall risk profile. In particular, the Board shall ensure an effective structure is in place so that the BSA Officer has sufficient authority to carry out his/her assigned responsibilities in implementing the Bank's BSA program. The Board shall also determine whether the BSA Officer's supporting staff has sufficient authority, responsibilities, structure, independence, competencies, and capabilities to support the BSA Officer. (2) Upon completion, a copy of the results of the Board's review and analysis, with any corrective action plan deemed necessary, shall be submitted to the Deputy Comptroller for review and determination of no supervisory objection. C. BANK SECRECY ACT INTERNAL CONTROLS (1) Within ninety (90) days of the date of this Order, the Board shall ensure that Bank management finalizes improvements and maintains Bank adherence to its written program of policies and procedures to provide for compliance with the BSA and for the appropriate identification and monitoring of transactions that pose greater than normal risk for compliance 6 with the BSA. This program should ensure effective implementation and execution of the following: (a) a governance structure, with clear lines of responsibility beginning with senior management and including each affected line of business ("LOB"), in which accountability for BSA compliance is required and is clearly communicated and enforced; (b) well-defined policies and procedures for investigating and resolving transactions that are identified as unusual or suspicious; and (c) a formal evaluation of the level of knowledge of the Bank's operational and supervisory personnel of the Bank's policies and procedures for identifying transactions that pose greater than normal risk for compliance with the BSA in order to determine whether additional or enhanced training should be conducted; (2) Upon completion, a copy of the program shall be submitted to the Deputy Comptroller for review and determination of no supervisory objection. (3) Within ninety (90) days of the date of this Order, the Board shall ensure that Bank management finalizes and continues improvements to strengthen risk-based processes to obtain appropriate customer due diligence information when opening new accounts or renewing or modifying an existing customer's account that includes: (a) the identification of all customers, and beneficial owners of accounts on a risk basis, in compliance with 31 C.F.R. ss. 103.121 and the Bank's customer due diligence procedures; 7 (b) a methodology for assigning risk levels to the Bank's customer base that considers factors such as type of customer, type of product or service, and geographic location; (c) for high risk accounts, as defined by the Bank's policy/methodology, that Bank management shall determine and conduct the appropriate level of enhanced due diligence and monitoring necessary for those categories of customers that pose a heightened risk of conducting potentially illicit activities at or through the Bank; (d) the BSA Officer or his/her designee shall ensure through periodic assessments whether the Bank's enhanced due diligence and monitoring activities are appropriate and require timely corrective action if necessary; and (e) escalation procedures to ensure that the Bank will not open an account for a customer, and shall consider closing any existing account of a customer, if the information available to the Bank indicates that the customer's relationship with the Bank would be detrimental to the reputation of the Bank. (4) The Board shall notify the Deputy Comptroller in writing when its customer due diligence processes are finalized. (5) Within ninety (90) days of the date of this Order, the Board shall ensure that Bank management conducts a management information system (MIS) assessment, and develops a plan that will enable management to more effectively identify, monitor, and manage the Bank's BSA risks on a timely basis. This plan should address any system limitations, provide for appropriate reporting, and consider the following: 8 (a) any trends in unusual or suspicious activity that have been identified and reported by the Bank, as well as the product lines, departments and branches in which suspicious activity has occurred; (b) high risk accounts by line of business and type of business, countries of origin, location of the customers' businesses and residences, average dollar, and transaction volume of activity; (c) information regarding any type of subpoena received by the Bank, any other law enforcement inquiry directed to the Bank, and any action taken by the Bank on the affected account; (d) information regarding senior foreign political figures as defined in Section 312 of the USA PATRIOT Act and foreign correspondent accounts; (e) information regarding compliance with this Order; and (f) any additional information deemed necessary or appropriate by the BSA Officer or the Bank. (6) Upon completion, a copy of the MIS plan shall be submitted to the Deputy Comptroller for review and determination of no supervisory objection. (7) Within one hundred eighty days (180) of the date of this Order, the Board shall ensure that Bank management implements the MIS plan. (8) The Board shall ensure that the Bank has processes, personnel, and control systems to implement and adhere to the program developed pursuant to Paragraph C of this Article. 9 D. GENERAL STATEMENT ON PERFORMANCE EXPECTATIONS (1) Within one hundred eighty (180) days of the date of this Order, the Board shall ensure that Bank management achieves and maintains compliance with this Order and shall ensure that an effective BSA program is maintained in accordance with 12 C.F.R. 21.21; (2) The Board shall ensure that the Bank has processes, personnel, and control systems to ensure implementation of and adherence to Article III of this Order. (3) The Board shall monitor the Bank's BSA program activity including: implementation plan effectiveness; prompt identification and reporting of deficiencies; and timely corrective action through appropriate audit and compliance reviews. E. OTHER ACTION (1) Although the Board is by this Order required to submit certain proposed actions and programs for the review or prior written determination of no supervisory objection of the Deputy Comptroller, the Board has the ultimate responsibility for proper and sound management of the Bank. (2) It is expressly and clearly understood that if, at any time, the Comptroller deems it appropriate in fulfilling the responsibilities placed upon it by the several laws of the United States of America to undertake any action affecting the Bank, nothing in this Order shall in any way inhibit, estop, bar or otherwise prevent the Comptroller from doing so. (3) Any time limitations imposed by this Order shall begin to run from the date of this Order. Such time limitations may be extended in writing by the Deputy Comptroller for good cause upon written application by the Board. Any written requests to extend any time limitations submitted pursuant to this Article shall include a statement setting forth in detail the special circumstances that prevent the Bank from complying with any provision, that require the 10 Deputy Comptroller to exempt the Bank from any provision; or that require an extension of any time frame within this Order. All such requests shall be accompanied by relevant supporting documentation. The Deputy Comptroller's decision regarding the request is final and not subject to further review. (4) The provisions of this Order are effective upon issuance of this Order by the Comptroller, through his authorized representative whose hand appears below, and shall remain effective and enforceable, except to the extent that, and until such time as, any provisions of this Order shall have been amended, suspended, waived, or terminated in writing by the Comptroller. (5) In each instance in this Order in which the Board is required to ensure adherence to, and undertake to perform certain obligations of the Bank and Bank management, it is intended to mean that the Board shall: (a) authorize and adopt such actions on behalf of the Bank as may be necessary for the Bank to perform its obligations and undertakings under the terms of this Order; (b) require the timely reporting by Bank management of such actions directed by the Board to be taken under the terms of this Order; (c) follow-up on any non-compliance with such actions in a timely and appropriate manner; and (d) require corrective action be taken in a timely manner of any non-compliance with such actions. (6) This Order is intended to be, and shall be construed to be, a final order issued pursuant to 12 U.S.C. ss. 1818(b), and expressly does not form, and may not be construed to form, a contract binding on the Comptroller or the United States. 11 (7) The terms of this Order, including this paragraph, are not subject to amendment or modification by any extraneous expression, prior agreements or prior arrangements between the parties, whether oral or written. IT IS SO ORDERED, this 14 day of SEPTEMBER, 2007. /s/ DELORA NG JEE __________________________ Delora Ng Jee Deputy Comptroller Large Bank Supervision 12