Cal. Pac. Bank v. Fed. Deposit Ins. Corp.

• Citation: 885 F.3d 560
• Decision Date: 12 March 2018
• Docket Number: No. 16-70725,16-70725
• Parties: CALIFORNIA PACIFIC BANK, Petitioner, v. FEDERAL DEPOSIT INSURANCE CORPORATION, Respondent.
• Court: United States Courts of Appeals. United States Court of Appeals (9th Circuit)

885 F.3d 560

CALIFORNIA PACIFIC BANK, Petitioner,

v.FEDERAL DEPOSIT INSURANCE CORPORATION, Respondent.

No. 16-70725

United States Court of Appeals, Ninth Circuit.

Argued and Submitted November 15, 2017—San Francisco, California

Filed March 12, 2018

Matthew W. Powell (argued) and Steven J. Williamson, Wilke, Fleury, Hoffelt, Gould & Birney, LLP, Sacramento, California, for Petitioner

Joseph Brooks (argued), Counsel, Colleen J. Boles, Assistant General Counsel, Kathryn R. Norcross, Senior Counsel, Federal Deposit Insurance Corporation, Arlington, Virginia, for Respondent.

Before: Ronald M. Gould and Mary H. Murguia, Circuit Judges, and James E. Gritzner,^* District Judge.

OPINION

GRITZNER, District Judge:

California Pacific Bank (the Bank) appeals the issuance of a cease and desist order by the Board of Directors of the Federal Deposit Insurance Corporation (FDIC). The FDIC Board, which adopted in full the Recommended Decision of the Administrative Law Judge (ALJ), found that the Bank violated the Bank Secrecy Act (BSA), 31 U.S.C. §§ 5311 – 5330, and ordered the Bank to implement a corresponding plan to bring the Bank into compliance. The FDIC Board concluded that the Bank did not comply with the BSA's implementing regulations because it failed to establish and maintain procedures designed to ensure adequate internal controls, independent testing, administration, and training. The Bank filed a timely petition for review, challenging the constitutionality of the BSA and its implementing regulations and alleging that the FDIC Board's decision is not supported by substantial evidence. We deny the Bank's petition for review.

I. BACKGROUND

The BSA establishes, among other things, the recordkeeping and reporting requirements for private individuals, banks, and other financial institutions. 31 U.S.C. §§ 5311 – 5330 ; 12 U.S.C. §§ 1829b and 1951 – 1959. The BSA was enacted in 1970 as Title II of the Bank Records and Foreign Transactions Act, which was a response to rising Congressional concern over the use of foreign banks to launder the proceeds of illegal activity and evade federal income taxes. Pursuant to its purpose of identifying the source, volume, and movement of currency and other monetary instruments into and out of the United States or deposited into financial institutions, the BSA requires banks and other financial institutions to maintain a paper trail by keeping appropriate records of financial transactions.

To ensure compliance, Section 8(s) of the Federal Deposit Insurance Act directs the FDIC to issue regulations requiring banks to maintain a BSA compliance program, to review the program during bank examinations, to describe any problems with the program in its report of examination (ROE), and to state in that report whether a bank has failed to correct any problem with its program. 12 U.S.C. § 1818(s). In the event that a bank fails to correct any problem with its BSA compliance that the FDIC previously brought to its attention, the FDIC is required to issue a cease and desist order against the bank. 12 U.S.C. § 1818(s)(3)(B). FDIC regulations require that all insured nonmember banks "establish and maintain procedures reasonably designed to assure and monitor their compliance with the requirements of" the BSA and its implementing regulations. 12 C.F.R. § 326.8(a). Section 326.8(c) outlines the "four pillars" of compliance, which require that insured nonmember banks, at minimum,

(1) Provide for a system of internal controls to assure ongoing compliance;

(2) Provide for independent testing for compliance to be conducted by bank personnel or by an outside party;

(3) Designate an individual or individuals responsible for coordinating and monitoring day-to-day compliance; and

(4) Provide training for appropriate personnel.

The failure of any individual pillar can result in the FDIC deeming a bank noncompliant with the BSA. The Federal Financial Institutions Examination Council (FFIEC) Manual clarifies compliance requirements and provides for consistent examination procedures.¹ In January 2012, the Bank issued its revised "Bank Secrecy Act/Anti-Money Laundering Program Risk Assessment" Manual (Bank BSA Policy Manual), which serves as the Bank's in-house guide for BSA compliance.

As defined by the BSA, the Bank is a "State non-member bank" and an "insured depository institution." 12 U.S.C. § 1813(c)(2) and (e)(2). The Bank is a community bank with offices in San Francisco and Fremont, California. In 2012, the Bank had fewer than fifteen employees, approximately 200 customers, and approximately 500 deposit accounts. The Bank's customer base consists of a significant number of import-export customers, accounts held by non-resident aliens, and accounts with international transactions.

In July 2010, FDIC Examiner Heather Rawlins conducted a safety and soundness examination of the Bank. Rawlins deemed the Bank's BSA program satisfactory but identified several areas that "must be corrected." Among the corrective requirements were that the Bank document its director training and incorporate a method of testing employees' knowledge of training; designate new customers that have high levels of activity as high risk for at least six months; monitor and analyze aggregate activity for at least three months to establish a pattern of activity; and increase the risk rating for the customer base. Rawlins reviewed the results of the examination with the Bank's CEO, Richard Chi, and the Bank's third-party auditor, Joan Vivaldo. The Bank's management agreed to the recommendations.

During 2011, at least four individuals served sequentially as the Bank's BSA compliance officer (BSA Officer). In August 2011, Alan Chi, CEO Richard Chi's son, became acting BSA Officer without the Bank's Board of Directors interviewing for the position. Further, the Bank's Board of Directors did not recruit anyone else for the vacancy. Following election by the Bank's Board of Directors in January 2012, Alan Chi became the Bank's permanent BSA Administrator, in addition to the Bank's Senior Vice President, Senior Credit Officer, Chief Financial Officer, Internal Auditor, and Operations Compliance Officer.

After becoming acting BSA Officer in 2011, Alan Chi revised the Bank's new customer deposit account risk assessment form. Under the revised form, accounts would be downgraded (assessed a lower score on the risk-point scale) if a customer already maintained an account at the bank or if a customer had been referred to the Bank by an employee or well-known customer. Vivaldo criticized the revised scoring methodology, and in correspondence with Alan Chi, noted that this methodology failed to identify three new high risk deposit accounts. Vivaldo commented that Alan Chi's use of an automatic twelve point reduction for certain customers "could turn around and bite them someday." Vivaldo informed Alan Chi that if he ignored her, he would be left "to the tender mercies of the FDIC." Alan Chi replied that he deemed the lower risk rating satisfactory, given his longstanding knowledge of the customers. In a follow-up communication, Vivaldo flagged the potential for the FDIC to criticize the Bank for failing to report high risk accounts. This prompted Alan Chi to further revise his risk assessment form. In the updated version, accounts would be downgraded only if directly related to any loan or existing deposit account. Vivaldo's concerns persisted: "Again, I suggest you lower the score tiers to pre July 2011 levels. With the proposed ranges, almost no account will be medium risk or high risk. An unnatural system. The FDIC recommended the pre July 2011 scoring tiers."

Alan Chi also revised the risk assessment form the Bank used to assess its own risk. Using this altered methodology resulted in the Bank having a "low," rather than "medium to high," overall risk rating. Vivaldo disagreed with the new methodology.

FDIC examiner Rawlins performed another examination of the Bank beginning on December 3, 2012, which used the Bank's information as of September 30, 2012. The FDIC's 2012 ROE concluded that the Bank failed to administer a BSA compliance program in accordance with the four pillars and failed to file a Suspicious Activity Report (SAR) where one was needed.

Rawlins assessed the Bank's progress for the first BSA pillar, internal controls, by selecting twenty-four deposit accounts for review. Rawlins found that the information contained within sixteen of the accounts was incomplete and that activity in those accounts was higher than expected. Although Alan Chi informed Rawlins that the Bank's loan accounts contained additional information, Rawlins reviewed only the deposit accounts. Rawlins echoed Vivaldo's concerns regarding the Bank's revised risk ratings. Rawlins discovered that the Bank had persisted with daily batch reviews of account activity, rather than adopting Rawlins' recommendation for longer-term monitoring. The Bank's loan documentation revealed four site visits between August 2009 and May 2012, only one of which occurred after Alan Chi became acting BSA Officer. Rawlins considered Alan Chi's due diligence with respect to site visits to be inadequate. Alan Chi testified at the ALJ hearing that he kept his BSA assessments relating to the site visits "in my head, as well as [the heads of] the other officers that went with me."

The FDIC's review of the second pillar, independent testing, centered on Vivaldo. Vivaldo was the Bank's internal auditor from 2005 through the second quarter of 2012 and performed quarterly reviews. Prior to the 2012 review, FDIC examiners had not criticized Vivaldo's methods. Nonetheless, Rawlins deemed Vivaldo's 2012 review inadequate. Rawlins noted that Vivaldo's 2012 report failed to assess Alan Chi's qualifications as BSA Officer, to assess the sufficiency of the Bank's compliance training, or to identify the deficiencies relating to risk rating and customer monitoring that the examiners discovered during the 2010 examination and continued...