changed. You can check the current page or check for previous versions at the Internet Archive. Yahoo! is not affiliated with the authors of this page or responsible for its content.
FEDERAL DEPOSIT INSURANCE CORPORATION WASHINGTON, D.C.



FEDERAL DEPOSIT INSURANCE CORPORATION

WASHINGTON,
D.C.






)
In the Matter of
)
)
FIRSTBANK OF PUERTO RICO
) ORDER TO CEASE AND DESIST
SANTURCE, PUERTO RICO
)

) FDIC-06-146b
(INSURED STATE NONMEMBER BANK)
)

)

Firstbank of Puerto Rico, Santurce, Puerto Rico (Insured
Institution), having been advised of its right to a Notice of
Charges and of Hearing detailing the unsafe or unsound banking
practices and violations of law, regulation and written condition
imposed by an order granting an application alleged to have been
committed by the Insured Institution and of its right to a
hearing on the alleged charges under section 8(b)(1) of the
Federal Deposit Insurance Act (Act), 12 U.S.C. § 1818(b)(1),
and having waived those rights, entered into a STIPULATION AND
CONSENT TO THE ISSUANCE OF AN ORDER TO CEASE AND DESIST (CONSENT
AGREEMENT) with counsel for the Federal Deposit Insurance
Corporation (FDIC), dated August 22, 2006, whereby solely for
the purpose of this proceeding and without admitting or denying
the alleged charges of unsafe or unsound banking practices and
violations of law, regulation and written condition imposed by an
order granting an application, the Insured Institution consented
2

to the issuance of an ORDER TO CEASE AND DESIST (ORDER) by the
FDIC.
The FDIC considered the matter and determined that it had
reason to believe that the Insured Institution had engaged in
unsafe or unsound banking practices and had committed violations
of law, regulation and/or written condition imposed by an order
granting an application. The FDIC, therefore, accepted the
CONSENT AGREEMENT and issued the following:

ORDER TO CEASE AND DESIST

IT IS HEREBY ORDERED that the Insured Institution, its
directors, officers, employees, agents and other institution-
affiliated parties (as that term is defined in Section 3(u) of
the Act, 12 U.S.C. § 1813(u)), and its successors and assigns
cease and desist from engaging in the unsafe or unsound banking
practices and committing the violations of law, regulation and
written condition imposed by an order granting an application
order specified below:
(a)

operating with inadequate management supervision
and oversight by the Insured Institutions board of directors
(Board) to prevent unsafe or unsound practices and violations
of the Bank Secrecy Act, 31 U.S.C. § 5311 et seq., 12 U.S.C.
3

§ 1829b and 12 U.S.C. §§ 1951-1959, and its implementing
regulations, 31 C.F.R. Part 103 and 12 C.F.R. Part 353, and 12
U.S.C. § 1818(s) and its implementing regulation, 12 C.F.R.
§ 326.8 (collectively referred to as BSA);
(b)

operating with inadequate management supervision
and oversight by the Board to ensure compliance with a written
condition imposed by the FDIC in its September 27, 2002 order
approving the Insured Institutions application to establish a
branch in the British Virgin Islands which required the Insured
Institution to develop and maintain an enhanced due diligence
program designed to identify and monitor customers and
transactions posing a heightened risk to the Insured Institution;
(c)

operating with an inadequate BSA/Anti-Money
Laundering Compliance Program (BSA/AML Compliance Program) to
monitor and assure compliance with the BSA; and
(d)

operating with ineffective policies, procedures
and processes to adequately screen, monitor and verify account
transactions to ensure compliance with the regulations
promulgated by the United States Department of Treasurys Office
of Foreign Assets Control (OFAC), 31 C.F.R. Part 500, as well
as all statutes, regulations, rules and/or guidelines issued or
administered by OFAC (OFAC Provisions).

IT IS FURTHER ORDERED that the Insured Institution, its
institution-affiliated parties, and its successors and assigns,
shall take affirmative action as follows:
4

CORRECTION AND PREVENTION

1.
Beginning
on
the effective date of this Order, the
Insured Institution shall take all steps necessary, consistent
with other provisions of the ORDER and sound banking practices,
to correct and prevent the unsafe or unsound banking practices
and violations of law, regulation and written condition imposed
by an order granting an application identified in the FDIC's
January 9, 2006 Report of Examination ("ROE"), address each
deficiency identified in the ROE and ensure the Insured
Institution is operated with adequate management supervision and
Board oversight to prevent any future unsafe or unsound banking
practices, violations of law, regulation and/or written condition
imposed by an order granting an application.

SYSTEM OF BSA INTERNAL CONTROLS

2.

Within 120 days from the effective date of this ORDER,
the Insured Institution shall develop, adopt, and implement a
system of internal controls designed to ensure full compliance
with the BSA (BSA Internal Controls) taking into consideration
its size and risk profile. At a minimum, such system of BSA
Internal Controls shall include policies, procedures and
processes addressing the following areas:
(a)

Risk Assessment: The Insured Institution shall
conduct an initial BSA/AML risk assessment of the Insured
5

Institutions operations (Risk Assessment) taking into
consideration its customers, their geographic locations, the
types of accounts, products and services offered and the
geographic areas in which these accounts, products and services
are offered to enable it to stratify its customers, products,
services and geographies by risk category and determine the
Insured Institutions overall risk profile. The Insured
Institution shall establish written policies, procedures and
processes to conduct periodic Risk Assessments and to adjust its
stratifications and risk profile as appropriate, but in no event
less frequently than every twelve to eighteen months;

(b)

Customer Due Diligence: The Insured
Institution shall develop, adopt and implement
written policies,
procedures and processes to operate in conjunction with the
customer identification program required by subparagraph (g)
below for:
(i)

establishing customer profiles based upon
the business activity, ownership
structure, anticipated or actual volume
and types of transactions (including
those transactions involving high-risk
jurisdictions) of that customer and
determining whether the customer should
be subject to the Insured Institutions
enhanced due diligence policies,
6

procedures and processes required by
subparagraph (c) below;
(ii)

assigning risk ratings to each customer
based upon their profile and the results
of the Risk Assessment required by
subparagraph (a) above;
(iii)

maintaining and periodically updating
customer profiles and risk ratings; and
(iv)

resolving issues when insufficient or
inaccurate information is obtained to
appropriately establish a customer profile
and risk rating;
(c)

Enhanced Due Diligence: The Insured
Institution shall develop, adopt and implement
policies,
procedures and processes to operate in conjunction with the due
diligence policies, procedures and processes required by
subparagraph (b) above and the customer identification program
required by subparagraph (g) below with respect to high-risk
customers to:
(i)

determine whether additional information,
such as the purpose of the account, source
of funds and wealth, the beneficial owners
of the account, customers occupation or
type of business, financial statements,
banking references, domicile of the
7

customers business, proximity of
customers residence, place of employment
or place of business to the Insured
Institution, description of primary trade
area of customer or beneficial owner and
whether international transactions are
expected to be routine, description of the
business operations, the anticipated
volume of currency and total sales and a
list of major customers and suppliers and
explanations for changes in account
activity should be required and collected
for that customers profile; and

(ii)

determine whether on-site visits to
collect and verify information for the
customer profile are warranted;

(d)

Account/Transaction Monitoring: The Insured
Institution shall develop, adopt and implement policies,
procedures and processes appropriate to the Insured Institution
considering its size and risk profile (based upon the Risk
Assessment) to operate in conjunction with the policies,
procedures and processes required by subparagraph (e) below and
to monitor and aggregate currency activity, funds transfers, and
monetary instrument sales to ensure the timely, accurate and
complete filing of
Currency Transaction Reports (CTRs), Reports
of International Transportation of Currency or Monetary
Instruments (CMIRs), Reports of Foreign Bank and Financial
8

Accounts (FBARs) and any other similar or
related reports
required by law or regulation;
(e)

Suspicious Activ