Tiny bank must beef up info security, another must bring on 2 new directors; 6 barred from future FI service

Two small banks – one of which is being required to train its staff on information and cyber security awareness – are among the institutions and individuals cited in the 11 enforcement actions announced Friday by the Federal Deposit Insurance Corp. (FDIC).

State Bank, a $28 million-assets institution in Green River, Wyo., is required under a May cease-and-desist consent order to have and retain qualified management, correct all credit underwriting and administration weaknesses outlined in its November 2018 examination report, replenish its allowance for loan and lease losses (ALLL), and, among other things, ensure that those performing IT system administrative activities do not perform conflicting duties in the bank (that, or provide for “rigorous” independent monitoring). The bank must also ensure that all bank employees receive annual training for information security awareness, cybersecurity awareness, and identity theft red flags (in addition to correcting all documented IT weaknesses).

The Farmers Bank, a $121 million-assets institution in Carnegie, Okla., entered into a cease-and-desist consent order with the FDIC in March that focuses on board management and internal controls. The bank’s board of directors is tasked with “assuming full responsibility for the approval of the Bank’s policies and objectives and for the supervision of the Bank’s management …” The board was required to add two independent directors that have prior banking experience and don’t have personal or financial ties to any of the bank’s officers, directors or shareholders, or anyone holding more than 5% of the bank’s shares. Regular reviews of officers’ and directors’ expenditures are also called for.

The agency also terminated a consent order from Jan. 29, 2010, with The Patterson Bank (Patterson, Ga.), now known as First Southern Bank.

In all, the FDIC announced a total of 11 enforcement actions Friday. Besides the above, these include one section 19 order (allowing a person previously barred to again work in an insured institution), five removal and prohibition orders, and two voluntary terminations of deposit insurance.

FDIC, according to the prohibition orders, says it found (but none of the parties admitted or denied) that:

  • Michael B. Gaines, while serving as branch sales manager of Tri-State Bank of Memphis (Memphis, Tenn.), embezzled funds from customers whose accounts had been designated dormant accounts.
  • Kelsey A. Smith, while a branch manager of Great Western Bank (Sioux Falls, S.D.), made multiple unauthorized withdrawals from customer accounts, made off-book loans using customer funds, diverted bank and customer funds to her own use and benefit, and falsified bank records and documents.
  • Moshe Benenfeld, from January 2014 through May 2016, used his position and authority as a vice president and branch manager of Apple Bank for Savings (Manhasset, N.Y.) to falsify certain bank records to establish lines of credit for uncreditworthy borrowers; secure these fraudulently established lines of credit with the deposits of other Apple Bank customers without their authorization; and divert funds from one Apple Bank customer’s account to another unrelated Apple Bank customer, all without authorization.
  • Stacey Becker Lawson, while an employee of American Exchange Bank (Henryetta, Okla.), appears to have embezzled $177,375.40 of the bank’s funds for her own use.
  • Maydelin Brito, while an institution-affiliated party of Ocean Bank (Miami, Fla.), from August through October 2017 stole $10,390 from the accounts of two bank customers through unauthorized withdraws.

FDIC Makes Public May Enforcement Actions; No Administrative Hearings Scheduled for July 2019