On December 29, the FDIC released a list of administrative enforcement actions taken against banks and individuals in November. The FDIC made 12 orders public including, “five consent orders, three prohibition orders, two orders terminating consent orders, one order to pay a civil money penalty (CMP), and one order dismissing both a notice of assessment of CMPs and an order to pay.” Included is a stipulated order and written agreement with a Tennessee-based bank (the Bank) to resolve alleged violations of the Bank Secrecy Act (BSA) and weaknesses in board and management oversight of its information technology function. The Bank agreed to the conditions of the consent order which requires the Bank to, among other things (i) establish an action plan to correct the bank’s Anti-Money Laundering/Countering the Financing for Terrorism (AML/CFT) program deficiencies and alleged violations; (ii) retain qualified IT management; (iii) perform a cybersecurity assessment; and (iv) designate someone responsible for coordinating and monitoring day-to-day compliance with the BSA.