Exhibit 99.1

FEDERAL DEPOSIT INSURANCE CORPORATION

WASHINGTON, D.C.

The Federal Deposit Insurance Corporation (FDIC) is the appropriate Federal banking agency for Quaint Oak Bank, Southampton, Pennsylvania (Bank), under 12 U.S.C. § 1813(q).

The FDIC considered the matter and determined the Bank has engaged in unsafe or unsound banking practices and violations of law or regulation relating to, among other things, the Bank Secrecy Act, 31 U.S.C. § 5311 et seq., 12 U.S.C. § 1829b, and 12 U.S.C. §§ 1951-60; 31 C.F.R. Chapter X; and 12 U.S.C. § 1818(s) and the FDIC’s implementing regulations, 12 C.F.R. § 326.8 and 12 C.F.R. Part 353 (collectively, the BSA) with respect to the Bank’s Anti-Money Laundering/Countering the Financing of Terrorism Program (AML/CFT Program).

The Bank, by and through its duly elected and acting board of directors (Board), has executed a Stipulation and Consent to the Issuance of a Consent Order (Consent Agreement), dated May 15, 2025, that is accepted by the FDIC. With the Consent Agreement, the Bank has consented, without admitting or denying any charges of unsafe or unsound banking practices or violations of law or regulation, to the issuance of this Consent Order (Order) by the FDIC pursuant to 12 U.S.C. § 1818(b)(1).

Having determined that the requirements for issuance of an order under 12 U.S.C. § 1818(b) have been satisfied, the FDIC hereby orders that:

I. Board Requirements

A.  Supervision, Direction, and Oversight. The Board must increase, commensurate with the size and complexity of the Bank and the risk of Bank products and services, whether conducted or provided by the Bank, or on behalf of the Bank through one or more persons or entities, including those referred to by the Bank as Embedded Finance opportunities, (Bank Activities) and business arrangements between the Bank and another person or entity, by contract or otherwise, and any business arrangements with an entity conducting one or more Bank Activities, or a component of a Bank Activity, for or on behalf of another entity with a direct business arrangement with the Bank (collectively, Third-Party Relationships), its supervision and direction of Bank management, and its oversight and monitoring of the Bank’s AML/CFT Program, including assuming full responsibility for the development, approval, and implementation of and adherence to appropriate written policies, procedures, processes, and/or practices (collectively, Procedures), and at a minimum:

1.    Information. Ensure that Procedures regarding Board oversight and monitoring of the AML/CFT Program include provisions which require the Board be provided with the information and documentation necessary to fulfill its duties and responsibilities under this Order, and enable the Board to monitor and regularly evaluate the adherence to and the effectiveness of the Procedures;

2.    Meetings. Ensure that the minutes of meetings of the Board and Board committees are sufficiently detailed and reflect the discussion of and rationale for material decisions and any specific actions, including actions required by this Order, taken or to be taken by the Board and/or any requirements of or directions to Bank management as a result of the discussions; and

3.    Adoption, Implementation and Adherence. Act on any matter required by this Order within the timeframe established for such action in this Order and ensure that the Bank fully implements and adheres to any Procedure or other matter required by this Order as adopted, and in the event a Procedure or other matter, or any portion thereof, is not fully implemented or adhered to, the Board must promptly, in no instance more than 30 days from the event, advise the Deputy Regional Director of the FDIC’s New York Regional Office (DRD) in writing of the specific reasons for the deviation or delay and the steps it will take to address the deviation or delay.

B. Corrective Action. The Board must also ensure that the Board and the Bank take all steps necessary, consistent with other provisions of this Order, and safe and sound banking practices to:

1.    Banking Practices and Violations. Eliminate or correct the unsafe or unsound banking practices and the violations of law or regulation identified in the February 20, 2024 Report of Examination issued jointly by the FDIC and the Pennsylvania Department of Banking and Securities (2024 ROE);

2.    Deficiencies and Weaknesses. Appropriately address the deficiencies and weaknesses identified in the 2024 ROE; and

3.    Order Compliance. Fully comply with the provisions of this Order in a timely manner.

II. Third-Party Relationships

Within 90 days from the effective date of this Order, the Board must ensure the Bank develops, adopts, implements, and adheres to a written third-party risk management program that is reasonably designed to identify, monitor, and control risks associated with Bank Activities conducted through Third-Party Relationships and satisfactorily ensures that these Bank Activities are conducted in a safe and sound manner and in compliance with applicable laws and regulations (TPRM Program). At a minimum, the TPRM Program must (i) be commensurate with the Bank’s size, and complexity, and the risk of Bank Activities and Third-Party Relationships; (ii) address the third-party risk management related deficiencies and weaknesses identified in the 2024 ROE; (iii) include appropriate due diligence Procedures for proposed new Third-Party Relationships and ongoing due diligence of existing Third-Party Relationships; (iv) include appropriate Procedures relating to oversight, monitoring, and testing to enable the Bank to assess the Third-Party Relationship’s compliance with Bank Procedures, applicable laws and regulations, and its written agreement with the Bank; (v) comply with the requirements of this Order; (vi) include Procedures for monitoring the performance of and the Bank’s adherence to the TPRM Program and documenting, tracking, and reporting such performance and adherence; and (vii) include Procedures for the performance of periodic risk-based reviews and appropriate revisions of the TPRM Program to ensure that it is and continues to be reasonably designed to identify, monitor, and control risks associated with Bank Activities conducted through Third- Party Relationships and ensure and monitor the Bank’s compliance with applicable laws and regulations.

III. AML/CFT Program

The Board must ensure that the Bank’s written AML/CFT Program is reasonably designed to assure and monitor the Bank’s compliance with the BSA. At a minimum, the AML/CFT Program must (i) be commensurate with the Bank’s size and complexity, the risk of Bank Activities and Third-Party Relationships, and the Bank’s money laundering (ML), terrorist financing (TF), and other illicit financial activity risk profile (collectively, ML/TF Risk Profile); (ii) address the BSA-related deficiencies and weaknesses identified in the 2024 ROE; (iii) comply with the requirements of this Order; (iv) include Procedures for monitoring the performance of and the Bank’s adherence to the AML/CFT Program and documenting, tracking, and reporting such performance and adherence; and (v) include Procedures for the performance of an initial and then periodic risk-based reviews and appropriate revisions of the AML/CFT Program to ensure that it is and continues to be reasonably designed to assure and monitor the Bank’s compliance with the BSA.

A. Risk Assessment. The Board must ensure that:

1.    Procedures. Within 90 days from the effective date of this Order, appropriate Procedures regarding the assessment of the risks of ML, TF, and other illicit financial activity (collectively, ML/TF Risk Assessment) and the frequency of ML/TF Risk Assessments are developed, adopted, and implemented by the Bank. These Bank Procedures must, at a minimum, require:

(a)    the reassessment of the Bank’s ML/TF Risk Profile when appropriate;

(b)    the development, adoption, and implementation of appropriate risk-mitigation strategies using current data and information; and

(c)    satisfactory documentation and analysis supporting the resulting ML/TF Risk Assessment;

2.    Assessment. Within 180 days from the effective date of this Order, the ML/TF Risk Assessment accurately reflects the Bank’s ML/TF Risk Profile. The ML/TF Risk Assessment must, at a minimum:

(a)    appropriately consider all pertinent information, including information regarding Bank Activities, Third-Party Relationships, Customers, transactions, and geographic locations;

(b)    include a detailed qualitative and quantitative written analysis of the risk of ML, TF, or other illicit financial activity (collectively, ML/TF Risks) within each identified category; and

(c)    include the appropriate risk-mitigating strategies for ML/TF Risks identified in the ML/TF Risk Assessment that will be developed, adopted, and implemented.

B. System of AML/CFT Internal Controls. The Board must ensure that, within 180 days from the effective date of this Order, the Bank has a system of internal controls in place that assures and monitors compliance with the BSA (AML/CFT Internal Controls). The AML/CFT Internal Controls must appropriately consider the ML/TF Risk Profile; ML/TF Risk Assessment; and the anticipated number of new Bank Activities and their respective complexity, scope, and volumes, and the anticipated number of new Third-Party Relationships and their complexity and scope (Growth Plans). The AML/CFT Internal Controls must also, at a minimum, include Procedures that reflect the Bank’s actual practices and require:

1.    AML/CFT Resources Reviews. The performance of an initial and then periodic risk-based reviews and assessments of the adequacy and appropriateness of the Bank’s current AML/CFT related resources (AML/CFT Resources Review). An AML/CFT Resources Review must, at a minimum: (a) consider the ML/TF Risk Profile; the ML/TF Risk Assessment; and Growth Plans; and (b) assess whether the Bank has the appropriate level and type of AML/CFT-related resources, including the appropriate number of Bank managers and staff with the requisite expertise, skillsets, and sufficient authority and independence, to effectively mitigate ML/TF Risks, ensure appropriate oversight and supervision of the AML/CFT-related Procedures, Bank Activities, and Third-Party Relationships, and ensure compliance with this Order, the BSA and the requirements of the laws and regulations administered by the Office of Foreign Assets Control (collectively, OFAC Requirements). An AML/CFT Resources Review must be satisfactorily documented and supported in a written report that identifies any deficiencies, weaknesses, issues and/or concerns, including those due to employee turnover, and/or additional AML/CFT resource needs, and contains recommendations on how they should be addressed, and a timeframe for completing each action, with a copy of the report promptly delivered to the internal audit department and Compliance Committee;

2.    AML/CFT Reporting Reviews. The performance of an initial and then periodic risk-based comprehensive reviews (AML/CFT Reporting Reviews) to, at a minimum, (a) assess and validate whether each of the networks, systems, models, or other information resource (collectively, Systems), including the accuracy, completeness, and consistency of the System’s information, used by the Bank to risk rate all new and existing customers (collectively, Customers), monitor, detect, and report suspicious activity and/or identify and file BSA-related reports (BSA Reports), based on the current ML/TF Risk Assessment and ML/TF Risk Profile, enable the Bank to operate and conduct Bank Activities in a safe and sound manner and in compliance with the BSA; (b) assess whether the Bank’s system documentation and related Procedures accurately reflect the rules, thresholds and scenarios in use and are appropriately supported; and (c) assess whether decisions to adjust or not adjust system parameters resulting from an AML/CFT Reporting Review are appropriately documented and supported. An AML/CFT Reporting Review must be satisfactorily documented and supported in a written report that identifies any deficiencies, weaknesses, issues and/or concerns, and contains recommendations on how they should be addressed, and a timeframe for completing each action, with a copy of the report promptly delivered to the internal audit department and Compliance Committee;

3.    Monitoring and Reporting. The review and appropriate revision of the Bank’s Procedures and Systems for identifying, monitoring, detecting, and reporting of activity conducted within or through the Bank to, at a minimum:

(a)    ensure the timely detection, investigation, and reporting of suspicious activity with the filing of accurate and complete suspicious activity reports (SARs);

(b)    address all stages of suspicious activity monitoring, including alert reviews, investigations, requests for information, case reviews, escalations, case closings, the filing of SARs, and SAR follow-ups, and be comprehensive, clear, and consistent;

(c)    require appropriate levels of documentation, analysis, and support for each stage of the suspicious activity monitoring and reporting process; and

(d)    establish processes to appropriately address any backlogs and ensure the timely identification and accurate reporting of known or suspected criminal violation of federal law or a suspicious transaction related to a money laundering activity or a violation of the BSA, as required by the suspicious activity reporting provisions of 12 C.F.R. Part 353; and

4.    Customer Due Diligence. The review and appropriate revision of the Bank’s due diligence Procedures, including its Customer Identification Program, for all Customers to, at a minimum:

(a)    ensure consistency with the ML/TF Risk Profile, the ML/TF Risk Assessment, Bank Procedures, and the Bank’s Risk Appetite Statement and require an increased focus on Customers identified by the Bank as posing a heightened risk of ML, TF, or other illicit financial activities;

(b)    establish a standardized methodology designed to ensure the risk level of the Bank’s Customers is appropriately identified and assessed based on the potential ML/TF Risks posed by the Customer’s activities, with appropriate consideration given to the nature and purpose of the account, including the anticipated type and volume of account activity, types of products and services offered, and locations and markets served by the Customer;

(c)    ensure the Bank has sufficient information to understand the nature and purpose of Customer relationships for purposes of developing a Customer risk profile and address the means by which information will be requested and collected from Customers;

(d)    ensure an appropriate level of ongoing monitoring commensurate with Customer risk profiles to ensure that the Bank can accurately identify those Customers the Bank has reason to believe pose a heightened risk of ML, TF, or other illicit financial activities and require additional due diligence;

(e)    establish when, what, and how additional information will be collected for Customers the Bank has identified as posing a heightened risk of ML, TF, or other illicit financial activities, taking into account the Customer risk profile and the specific risks posed by the Customer;

(f)    establish whether and when Customer information should be updated to ensure it is current and accurate;

(g)    establish standards for conducting and documenting analysis associated with the due diligence process, including guidance for resolving issues when insufficient or inaccurate information is obtained;

(h)    establish specific staff responsibilities, including who is responsible for requesting and collecting Customer information, overseeing the collection of Customer information through Third-Party Relationships, determining whether collected Customer information is sufficient, and reviewing and/or authorizing changes to Customer risk profiles and/or Customer information; and

(i)    establish satisfactory quality control procedures over customer due diligence processes.

5.    Third-Party Relationships Review. The performance of an initial and then periodic risk-based comprehensive reviews of any Third-Party Relationship performing a BSA compliance activity or function on behalf of the Bank (AML/CFT Third-Party Relationship Reviews) to assess the Third-Party Relationship’s adherence to the Bank’s AML/CFT-related Procedures and its internal controls in place to assure compliance with the BSA, including, at a minimum, (a) whether the Third-Party Relationship is adhering to the Bank’s Procedures, the ML/TF Risk Profile, and the ML/TF Risk Assessment, and the Bank’s Risk Appetite Statement when identifying and assessing the ML/TF Risks posed by a Customer’s activities; (b) whether the Third-Party Relationship is requesting, obtaining, and evaluating sufficient information to understand the nature and purpose of Customer relationships for purposes of developing a Customer risk profile and the specific risks posed by the Customer; (c) whether the Third-Party Relationship’s ongoing monitoring is commensurate with Customers’ risk profiles and enables the identification of Customers for which there is a reason to believe pose heightened ML/TF Risks and require additional due diligence; and (d) whether the Third-Party Relationship’s analysis associated with the due diligence process is satisfactorily documented and supported. All AML/CFT Third-Party Relationship Reviews must be satisfactorily documented and supported in a written report that identifies any deficiencies, with recommendations on how they should be addressed.

C. AML/CFT Independent Testing. The Board must ensure that, within 120 days from the effective date of this Order, the Bank has developed, adopted, and implemented Procedures for the independent testing of the AML/CFT Program and the Bank’s compliance with the BSA (AML/CFT Independent Testing Procedures) that consider all pertinent information, including the current ML/TF Risk Assessment, and are appropriate for the Bank’s ML/TF Risk Profile. The AML/CFT Independent Testing Procedures must, at a minimum, require:

1.    AML/CFT Program Evaluation. The evaluation of the overall adequacy and effectiveness of the AML/CFT Program, including the Bank’s Procedures, and whether the Board, Bank management, staff, consultants, and agents, including any Third-Party Relationships serving as agents of the Bank, satisfactorily adhere to the Bank’s AML/CFT Program;

2.    AML/CFT Risk Assessment and Profile Review. A review of the ML/TF Risk Assessment and ML/TF Risk Profile;

3.    Transaction Testing. Appropriate risk-based transaction testing to verify the Bank’s compliance with the BSA;

4.    AML/CFT Officer Evaluation. An evaluation of the AML/CFT Officer’s skills and ability to effectively coordinate and monitor day-to-day compliance, administer all aspects of the AML/CFT Program, including the Bank’s compliance with the BSA, and report directly to the Board or the Compliance Committee with regard to all matters related to the BSA;

5.    Management Evaluation. An evaluation of Bank management’s efforts to resolve violations cited and deficiencies noted in previous audits and regulatory examinations;

6.    AML/CFT Training Program Review. A review of the AML/CFT Training Program, defined below, for completeness and effectiveness;

7.    Systems and Information Assessment. An assessment of the quality, completeness, reliability, and accuracy of Systems and information used by the Bank to risk rate Customers, and monitor, detect, and report suspicious activity and/or identify and file BSA Reports;

8.    BSA Reporting Assessment. An assessment of the effectiveness of the Bank’s identification of suspicious activity, and filing of BSA Reports, including reviews of SAR-related documentation to determine their accuracy, timeliness, and completeness;

9.    Testing Documentation Assessment. An assessment of the documentation prepared in connection with the scope of the testing procedures performed, each step of the testing process, including the escalation and exclusion process for issues or concerns, and whether they include appropriately detailed descriptions and are satisfactory supported by workpapers that have undergone an appropriate quality assurance review; and

10.    AML/CFT Audit Report Preparation. Preparation of a report reflecting the results of the testing (AML/CFT Audit Report) that, at a minimum:

(a)    includes a root cause analysis for each identified issue or concern;

(b)    indicates whether the identified issue or concern is new or was previously identified;

(c)    reflects the employee(s) or business line responsible for the identified issue or concern;

(d)    summarizes management’s response to the identified issue or concern noting concurrence or disagreement with the finding, an explanation for the existence of the issue or concern, and management’s plans for and timing of remediation of the issue or concern; and

(e)    is submitted to the Audit Committee and the Compliance Committee immediately upon completion.

D. AML/CFT Officer. The Board must ensure that the Bank has a designated individual or individuals (AML/CFT Officer) with qualifications commensurate with the ML/TF Risk Assessment and ML/TF Risk Profile. The AML/CFT Officer must have sufficient delegated authority and requisite skills and ability to effectively coordinate and monitor day-to- day compliance, and administer all aspects of the AML/CFT Program, including the Bank’s compliance with the BSA. Within 60 days of the effective date of this Order, the Board must, at a minimum, ensure that the Bank has:

1.    Designated AML/CFT Officer. A designated AML/CFT Officer with the appropriate qualifications and skills and sufficient delegated authority to effectively coordinate, monitor, and ensure the Bank’s compliance with the BSA;

2.    Reporting Procedures. Procedures requiring the AML/CFT Officer to report directly to the Board or the Compliance Committee with regard to all matters related to the BSA; and

3.    AML/CFT Action Plan Procedures. Procedures requiring the AML/CFT Officer to periodically prepare and submit action plans to address and correct all identified AML/CFT Program weaknesses and deficiencies (AML/CFT Action Plans) to the Compliance Committee and to the internal audit department. An AML/CFT Action Plan must, at a minimum:

(a)    list and describe in detail all identified weaknesses and deficiencies;

(b)    establish and describe in detail the means by which each identified weakness and deficiency will be addressed and corrected;

(c)    identify the parties responsible for implementing corrective action;

(d)    establish a timeframe for executing and completing each corrective action;

(e)    provide the status of any weakness or deficiency where corrective action has not been completed; and

(f)    establish the manner and process for testing the corrective action once completed to ensure it appropriately addressed the identified weakness or deficiency.

E. AML/CFT Training. The Board must ensure all appropriate personnel are aware of, and can comply with, the requirements of the BSA applicable to the individual’s specific duties and responsibilities to assure the Bank’s compliance with the BSA and ensure that the Bank implements effective training for the Board, Bank management, staff with assigned duties under the AML/CFT Program, and other Bank staff (collectively, Bank Personnel) regarding the BSA generally and with respect to the compliance of Bank Activities and the Bank’s Procedures with the BSA (AML/CFT Training Program) within 120 days from the effective date of this Order. The AML/CFT Training Program must, at a minimum:

1.    Tailored Training. Ensure training is tailored to address the specific duties and responsibilities of the Bank Personnel for which the training is being provided;

2.    Initial and Periodic Training. Require initial and periodic tailored training, updated as appropriate; and

3.    Documentation. Require full documentation of the AML/CFT Training Program and its implementation including type of training, training materials, dates of the training sessions, and attendance records.

IV. Look Back Review

A. Engagement and Report. Within 60 days from the effective date of this Order, the Board must ensure the Bank submits one or more proposed engagement letters or contracts to the DRD for review, and comment or non-objection to engage an independent third party acceptable to the DRD to conduct a review of all accounts and transaction activity for the time period beginning June 30, 2023 through the effective date of this Order to determine whether suspicious activity involving any accounts or transactions within or through the Bank were properly identified and reported in accordance with the applicable reporting requirements (Look Back Review). The engagement letter or contract must, at a minimum:

1.    describe the work to be performed under the engagement letter or contract;

2.    provide for unrestricted access to workpapers and personnel of the third party by the FDIC; and

3.    require that the Look Back Review be completed and summarized in a written report reflecting the findings of the Look Back Review (Look Back Report) and delivered to the Compliance Committee within 180 days from the DRD’s non-objection to the proposed engagement letter or contract.

B. Filings. Within 30 days from delivery of the Look Back Report, the Board must ensure the Bank appropriately prepares and files any additional SARs and BSA Reports necessary based upon the Look Back Review and the Look Back Report and maintains a schedule of the BSA Identification Numbers assigned to them by the Financial Crimes Enforcement Network.

V. OFAC Compliance Program

The Board must ensure that the Bank complies with OFAC Requirements and that the Procedures established by and collectively referred to by the Bank as its OFAC Compliance Program satisfactorily enables the Bank to comply with the OFAC Requirements. Within 120 days of the effective date of the Consent Order, the Board should assess whether the OFAC Compliance Program (A) is commensurate with the Bank’s compliance risk and appropriately considers the Bank Activities, Customers, entities, transactions, geographic locations, and reliance on Third-Party Relationships to fulfill any of the Bank’s OFAC Requirements, (B) includes Procedures for the initial and then periodic risk-based reviews and revisions of the OFAC Compliance Program as new Bank Activities, business lines, geographic locations and Third-Party Relationships are added, and (C) appropriately addresses the OFAC Compliance Program-related deficiencies and weaknesses identified in the 2024 ROE.

VI. Directors’ Compliance Committee

Within 7 days of the effective date of this Order, the Board must submit the proposed composition of a Compliance Committee of the Board of Directors, comprised of a majority of directors who are independent of management and who are not now, and have not previously been, involved in the daily operations of the Bank, to the DRD for review, and comment or non- objection. Within 15 days of receipt of the DRD’s non-objection to the composition of the Compliance Committee, the Board must establish and maintain its Compliance Committee. If, after receiving the non-objection of the DRD, there is a proposed change to the composition of the Compliance Committee, such proposed change must be submitted to the DRD for review, and comment or non-objection. The Compliance Committee will have the responsibility of overseeing the Bank’s compliance with this Order. The Compliance Committee must ensure it receives detailed monthly reports from Bank management regarding corrective action required in connection with this Order and must present a detailed written report to the Board at each regularly scheduled Board meeting regarding the Bank’s compliance with this Order. This report and any discussions related to it must be included in the minutes of the corresponding Board meeting. Nothing herein, including the existence of the Compliance Committee, diminishes the responsibility of the entire Board to ensure full compliance with this Order in a timely manner.

VII. Progress Reports

Within 45 days of the end of each calendar quarter following the effective date of this Order, the Board must furnish to the DRD written progress reports detailing the form, manner, and results of any actions taken to secure compliance with this Order as PDF documents through the FDIC’s Secure Email portal (securemail.fdic.gov) using e-mail address: NYMailRoom@fdic.gov. All progress reports and other written responses to this Order must be reviewed and approved by the Board and be made a part of the Board minutes.

VIII. Notice to Shareholder

The Bank must provide either a copy of this Order or an accurate and complete description of all material aspects of the Order to its parent holding company within 10 days of the effective date of this Order.

IX. Miscellaneous

The provisions of this Order do not bar, estop, or otherwise prevent the FDIC or any other federal or state agency or department from taking any other action against the Bank or any of the Bank’s current or former institution-affiliated parties.

This Order is effective on the date of issuance and its provisions will remain effective and enforceable until a provision is modified, terminated, suspended, or set aside in writing by the FDIC. The provisions of this Order are binding upon the Bank, its institution-affiliated parties, and any successors and assigns thereof.

Issued Under Delegated Authority.