





FEDERAL DEPOSIT INSURANCE CORPORATION


WASHINGTON, D.C.


 
 
)
 
 
In the Matter of
 
)
 
 
 
 
)
 
 
UNITY BANK
 
)
 
 
CLINTON, NEW JERSEY
 
)
CONSENT ORDER
 
 
 
)
 
 
 
 
)
FDIC-20-0014b
 
(INSURED STATE NONMEMBER BANK)
 
)
 
 
 
 
)
 
 
 
 
)
 
 



The Federal Deposit Insurance Corporation (FDIC) is the appropriate Federal
banking agency for Unity Bank, Clinton, New Jersey (Bank), under section 3(q) of
the Federal Deposit Insurance Act (Act), 12 U.S.C. § 1813(q).
The Bank, by and through its duly elected and acting board of directors (Board),
has executed a STIPULATION AND CONSENT TO THE ISSUANCE OF A CONSENT ORDER
(CONSENT AGREEMENT), dated July 6, 2020, that is accepted by the FDIC. With the
CONSENT AGREEMENT, the Bank has consented, without admitting or denying any
charges of unsafe or unsound banking practices or violations of law or
regulation relating to, among other things, weaknesses in the Bank’s Bank
Secrecy Act/Anti-Money Laundering Compliance Program (BSA/AML Compliance
Program), to the issuance of this CONSENT ORDER (ORDER) by the FDIC.
Having determined that the requirements for issuance of an order under section
8(b) of the Act, 12 U.S.C. § 1818(b), have been satisfied, the FDIC hereby
orders that:


BOARD SUPERVISION
1.     The Board must increase its supervision and direction of the Bank’s
BSA/AML Compliance Program, consistent with the role and expertise expected for
directors of banks of comparable size and





--------------------------------------------------------------------------------





risk, and assume full responsibility for the approval and implementation of
sound BSA/AML policies, procedures, and processes reasonably designed to assure
and monitor the Bank’s compliance with the Bank Secrecy Act, 31 U.S.C. § 5311 et
seq., 12 U.S.C. § 1829b, 12 U.S.C. §§ 1951-1959 and 12 U.S.C. § 1818(s), and its
implementing regulations, 31 C.F.R. chapter X, 12 C.F.R. § 326.8 and 12 C.F.R.
part 353 (collectively, the BSA). The Board must ensure complete and timely
compliance with this ORDER.


BSA/AML COMPLIANCE PROGRAM
2.     The Bank must review and improve its written BSA/AML Compliance Program
and ensure that it is reasonably designed to assure and monitor the Bank’s
compliance with the BSA. At a minimum, the BSA/AML Compliance Program must
address the BSA-related deficiencies and weaknesses identified in the October
21, 2019 FDIC Report of Examination (2019 ROE) transmitted to the Bank on
February 26, 2020, meet the requirements of this ORDER, and include procedures
for monitoring performance and for periodically reviewing and revising the
BSA/AML Compliance Program to ensure that it is and continues to be reasonably
designed to assure and monitor the Bank’s compliance with the BSA.
(a)    BSA Risk Assessment: Within 90 days from the effective date of this
ORDER, the Bank must:
(i)    review and improve its BSA risk assessment (Risk Assessment) to
accurately reflect the Bank’s risk profile related to money laundering,
terrorist financing, and other illicit activity (Risk Profile) and develop
appropriate risk-mitigating strategies for identified risks after reviewing its
products, services, customers, entities, transactions, system alerts, and
geographic footprint and conducting a detailed qualitative and quantitative
analysis of the risk within each identified category; and
(ii)    establish appropriate written policies, procedures, and processes
regarding Risk Assessments that require, at a minimum, the periodic reassessment
of the Bank’s Risk Profile and satisfactory documentation of the resulting Risk
Assessment.
(b)    System of BSA Internal Controls: Within 180 days from the effective date
of this ORDER, the Bank must review, improve, and validate its system of
internal controls to ensure that it is





--------------------------------------------------------------------------------





reasonably designed to assure and monitor compliance with the BSA (BSA Internal
Controls) taking into consideration the Risk Assessment; the Risk Profile; the
Bank’s size, structure, and complexity; and the deficiencies and weaknesses
identified in the 2019 ROE. At a minimum, such system of BSA Internal Controls
must include written policies, procedures, and processes addressing the
following areas:
(i)    Suspicious Activity Monitoring and Reporting: The Bank must:
(A)    review and improve its policies, procedures, processes, and systems for
monitoring, detecting, and reporting suspicious activity conducted within or
through the Bank and ensure the timely, accurate, and complete filing of
suspicious activity reports (SARs) with an appropriate level of documentation
and support for Bank management’s decisions to file or not to file a SAR. These
policies, procedures, processes, and systems should ensure that all relevant
areas of the Bank are monitored for suspicious activity, including cash
transactions, monetary instruments, ACH and ATM transactions, and international
and domestic wire transfers; and
(B)    conduct a comprehensive review and validation of all systems the Bank
utilizes to monitor, detect, and report suspicious activity and develop
policies, procedures, and processes requiring the periodic review and validation
of these systems based on the Bank’s current Risk Profile. Decisions to adjust
or not adjust system parameters as a result of the reviews should be supported
through a well-documented analysis with appropriate information.
(ii)    Customer Due Diligence: The Bank must review and improve its customer
due diligence (CDD) policies, procedures, and processes for new and existing
customers to:
(A)be consistent with the Bank’s Risk Profile and Risk Assessment, with
increased focus on customers identified in the Bank’s Customer Risk Profile, as
defined below, as posing heightened risk of money laundering, terrorist
financing, or other illicit activities;
(B)establish specific staff responsibilities, including who is responsible for
reviewing or approving changes to a customer’s risk rating or profile;





--------------------------------------------------------------------------------





(C)ensure that the Bank possesses sufficient customer information to implement
an effective suspicious activity monitoring system;
(D)document analysis associated with the due diligence process, including
guidance for resolving issues when insufficient or inaccurate information is
obtained;
(E)maintain current customer information;
(F)    operate in conjunction with the Bank’s Customer Identification Program
(CIP);
(G)    enable the Bank to reasonably predict the types of transactions in which
a customer is likely to engage; and
(H)    provide for:
i.     a risk assessment of the customer base through an appropriate risk-rating
system to ensure that the risk level of the Bank’s customers is accurately
identified based on the potential for money laundering, terrorist financing, or
other illicit activity posed by the customer’s activities, with consideration
given to the purpose of the account, the anticipated type and volume of account
activity, types of products and services offered, and locations and markets
served by the customer (Customer Risk Profile);
ii.    an appropriate level of ongoing monitoring commensurate with the risk
level of a Customer Risk Profile to ensure that the Bank can reasonably detect
suspicious activity and accurately determine which customers are higher risk and
require additional due diligence (risk-based customer due diligence or RBCDD);
iii.    a process to obtain and analyze a sufficient level of customer
information at account opening to establish and support the risk ratings
assigned in the Bank’s Customer Risk Profiles;
iv.    a process to document and satisfactorily support the CDD analysis; and





--------------------------------------------------------------------------------





v.    processes to reasonably ensure the timely identification and accurate
reporting of known or suspected criminal activity, as required by the suspicious
activity reporting provisions of part 353 of the FDIC’s Rules and Regulations,
12 C.F.R. part 353.
(iii)    Risk-Based Customer Due Diligence: The Bank must review and improve
policies, procedures, and processes to conduct RBCDD necessary for those
categories of customers the Bank has reason to believe pose a heightened risk of
money laundering, terrorist financing, or other illicit activities. The RBCDD
policies, procedures, and processes adopted should, at a minimum:
(A)    consider the customer’s business activity, ownership structure,
anticipated or actual volume, and types of transactions;
(B)    operate in conjunction with its CIP and CDD policies, procedures, and
processes;
(C)    determine the appropriate frequency for conducting ongoing reviews, based
on customer risk level;
(D)    determine the appropriate documentation necessary to conduct and support
ongoing reviews and analyses in order to reasonably understand the normal and
expected transactions of the customer;
(E)    reasonably ensure the timely identification and accurate and complete
reporting of known or suspected criminal activity against or involving the Bank
to law enforcement and supervisory authorities, as required by the suspicious
activity reporting provisions of part 353 of the FDIC’s Rules and Regulations,
12 C.F.R. part 353;
(F)    provide for the development of a high-risk customer list noting entities
with multiple accounts and assignment of one risk rating across related accounts
(High-Risk Customer List); and





--------------------------------------------------------------------------------





(G)    ensure the BSA Internal Controls operate in conjunction with each other
and are consistent with account/transaction monitoring, including arranging for
the dissemination of a High-Risk Customer List to appropriate departments within
the Bank.
(c)    Independent Testing: Within 240 days from the effective date of this
ORDER, and periodically thereafter based on the Bank’s current Risk Profile,
independent testing for compliance with the BSA must be conducted by either a
qualified outside party with the requisite ability to perform such testing and
analysis or by Bank personnel who are independent of the BSA function and who
have the requisite ability to perform such testing and analysis. The scope of
the testing procedures performed and the test findings must be satisfactorily
documented. The results of each independent test, as well as any apparent
exceptions noted during the testing, must be presented to the Board. The Board
must document the steps taken to correct any exceptions noted, address any
recommendations made during each independent test, and record its actions in the
minutes of the Board meetings.
The independent testing must, at a minimum, include:
(i)    an evaluation of the overall adequacy and effectiveness of the BSA/AML
Compliance Program, including policies, procedures, and processes;
(ii)    a review of the Bank’s Risk Assessment;
(iii)    appropriate risk-based transaction testing to verify the Bank’s
adherence to the BSA (e.g., CIP, CDD, and RBCDD programs; SARs; Currency
Transaction Reports (CTR) and CTR exemptions; and information sharing requests);
(iv)    an evaluation of Bank management’s efforts to resolve apparent
violations and deficiencies noted in previous audits and regulatory
examinations;
(v)    a review of staff training for adequacy, accuracy, and completeness;
(vi)    a review of the effectiveness of the suspicious activity monitoring
systems used for compliance with the BSA;





--------------------------------------------------------------------------------





(vii)    an assessment of the effectiveness of the Bank’s policy and the overall
process for identifying and reporting suspicious activity, including a review of
SAR-related documentation to determine its accuracy, timeliness, completeness;
and
(viii)    an assessment of the integrity and accuracy of management information
systems used in the BSA/AML Compliance Program.
(d)    BSA Officer and Resources: Within 90 days from the effective date of this
ORDER, the Bank must ensure that its designated BSA Officer has sufficient
authority and resources (monetary, physical, and personnel) to effectively
administer the BSA/AML Compliance Program. At a minimum, the Bank must:
(i)perform a review of its BSA-related resources (monetary, physical, and
staffing) and analyze whether current resource levels are adequate and
appropriate, and develop policies, procedures, and processes requiring the
periodic, not less than annually, review of these resources. The review should
also include, at a minimum, consideration of the Bank’s current size and growth
plans, geographic areas served, products and services offered, changes in the
BSA, the Risk Assessment, the Risk Profile, and the deficiencies and weaknesses
identified in the 2019 ROE;
(ii)ensure an adequate level of BSA-related resources, including staffing, to
implement the BSA/AML Compliance Program and ensure compliance with the BSA;
(iii)delegate sufficient authority to its designated BSA Officer to effectively
coordinate, monitor, and ensure compliance with the BSA; and
(iv)develop policies, procedures, and processes requiring the BSA Officer to
report directly to the Board or the Compliance Committee established under
paragraph 5 of this ORDER with regard to matters related to the BSA.
(e)    Training: The Bank must take all necessary steps, consistent with sound
banking practices, to ensure that all appropriate personnel are aware of, and
can comply with, the requirements of





--------------------------------------------------------------------------------





the BSA applicable to the individual’s specific responsibilities to assure the
Bank’s compliance with the BSA. Within 180 days from the effective date of this
ORDER, the Bank must develop, adopt, and implement effective training programs
designed for the Board, Bank management, and staff and their specific compliance
responsibilities on all relevant aspects of laws, regulations, and Bank
policies, procedures, and processes relating to the BSA (Training Program). The
Training Program must ensure that all appropriate personnel are aware of, and
can comply with, the requirements of the BSA on an ongoing basis and, at a
minimum, include:
(i)    an overview of the BSA for new staff along with specific training
designed for their specific duties and responsibilities upon hiring;
(ii)    training on the Bank’s BSA/AML policies, procedures, and processes along
with new rules and requirements as they arise for appropriate personnel designed
to address their specific duties and responsibilities;
(iii)    a requirement that the Bank fully document the training of each
employee, including the designated BSA Officer(s), with respect to BSA/AML
policies, procedures, and processes; and
(iv)    a requirement that training in these areas be conducted at least
annually.


OFAC COMPLIANCE
3.     Within 60 days from the effective date of this ORDER, the Bank must
review and analyze its compliance with the regulations issued by the Office of
Foreign Assets Control (OFAC) and take all necessary action to ensure timely and
complete compliance with the OFAC regulations.




LOOK BACK REVIEW
4.    (a)     Within 60 days from the effective date of this ORDER, the Bank
must engage a qualified firm acceptable to the Deputy Regional Director of the
FDIC New York Regional Office and the





--------------------------------------------------------------------------------





Commissioner of the New Jersey Department of Banking and Insurance
(Commissioner) to conduct a review of all accounts and transaction activity for
the time period beginning January 1, 2019, through the effective date of this
ORDER to determine whether reportable transactions and suspicious activity
involving any accounts or transactions within or through the Bank were properly
identified and reported in accordance with the applicable reporting requirements
(Initial Look Back Review).
(b)    Within 180 days of receipt of the Deputy Regional Director’s and the
Commissioner’s non-objections regarding the proposed engagement of the qualified
firm, the firm must complete the Initial Look Back Review and the Bank must
prepare and file any additional CTRs and SARs necessary based upon the review.
Upon completion of the Initial Look Back Review, the Bank must immediately
submit the findings of the review and copies of any additional SARs and CTRs
filed to the Deputy Regional Director and the Commissioner.
(c)    The Deputy Regional Director and the Commissioner may, in their sole
discretion after reviewing the results of the Initial Look Back Review, provide
written notification (Additional Look Back Review Notification) to the Bank
requiring the firm selected to do the Initial Look Back Review, or another
qualified firm acceptable to the Deputy Regional Director and the Commissioner
(Additional Look Back Review Firm), to review all accounts and transaction
activity for additional time periods to determine whether reportable
transactions and suspicious activity involving any accounts or transactions
within or through the Bank were properly identified and reported in accordance
with the applicable reporting requirements and in a manner consistent with the
written notification sent to the Bank (Additional Look Back Review). The
Additional Look Back Review Firm must complete the Additional Look Back Review
and the Bank must prepare and file any additional CTRs and SARs necessary based
upon the review within the timeframe established in the Additional Look Back
Review Notification. Upon completion of the Additional Look Back Review, the
Bank must immediately submit the findings of the review and copies of any
additional SARs and CTRs filed to the Deputy Regional Director and the
Commissioner.







--------------------------------------------------------------------------------





DIRECTORS’ COMPLIANCE COMMITTEE
5.     Within 30 days from the effective date of this ORDER, the Board must
establish a directors’ BSA/AML compliance committee (Compliance Committee). A
majority of the Compliance Committee members may not now or have previously been
involved in the daily operations of the Bank. The Compliance Committee will have
the responsibility of overseeing the Bank’s compliance with this ORDER, the BSA,
and the Bank’s BSA/AML Compliance Program. The Compliance Committee must receive
monthly reports from the BSA Officer regarding the Bank’s compliance with this
ORDER, the BSA, and the Bank’s BSA/AML Compliance Program. The Compliance
Committee must present a report to the Board at each regularly scheduled Board
meeting regarding the Bank’s compliance with this ORDER, the BSA, and the Bank’s
BSA/AML Compliance Program, and this report must be recorded in the appropriate
minutes of the Board meeting and retained in the Bank’s records. The
establishment of this Compliance Committee does not diminish the responsibility
or liability of the entire Board to ensure timely compliance with the provisions
of this ORDER.
 
CORRECTIVE ACTION
6.     Within 240 days from the effective date of this ORDER, the Bank must take
all steps necessary, consistent with other provisions of this ORDER and sound
banking practices, to eliminate and correct any unsafe or unsound banking
practices and any violations of law or regulation cited in the 2019 ROE. The
Bank must take all steps necessary to ensure future compliance with all
applicable laws and regulations.


PROGRESS REPORTS
7.     Within 30 days after the end of each calendar quarter following the
effective date of this ORDER, the Bank must furnish to the Deputy Regional
Director and the Commissioner written progress reports detailing the form,
manner, and results of any actions taken to secure compliance with this ORDER.
All progress reports and other written responses to this ORDER must be reviewed
and approved by the Board and be made a part of the Board minutes.





--------------------------------------------------------------------------------







NOTICE TO PARENT HOLDING COMPANY
8.     Within 30 days from the effective date of this ORDER, the Bank must
provide either a copy of this ORDER or an accurate and complete description of
all material aspects of the ORDER to its parent holding company.


OTHER ACTIONS
9.     The provisions of this ORDER do not bar, estop, or otherwise prevent the
FDIC or any other federal or state agency or department from taking any other
action against the Bank or any of the Bank’s current or former
institution-affiliated parties.


This ORDER is effective on the date of issuance and its provisions will remain
effective and enforceable until such time as any provision is modified,
terminated, suspended, or set aside in writing by the FDIC. The provisions of
this ORDER are binding upon the Bank, its institution-affiliated parties, and
any successors and assigns thereof.




Issued Under Delegated Authority.
Dated: July 8, 2020






/s/ Jessica A. Kaemingk
___________________________________                
By:    Jessica A. Kaemingk
Deputy Regional Director
New York Region
Federal Deposit Insurance Corporation





