Consent
Order
On
May 1, 2024, the Bank agreed to a Consent Order from the FDIC and the Oklahoma State Banking Department (“State”), addressing,
among other items, Board oversight, monitoring policies, internal control testing, management, operations, and increased capital for
the Bank.
OLD
GLORY HOLDING COMPANY AND SUBSIDIARIES
NOTES
TO CONSOLIDATED FINANCIAL STATEMENTS
(dollars
in thousands, except share data)
December
31, 2025 and 2024
The
2024 Consent Order was the result of an examination of the Bank by the FDIC and the State, which commenced in June of 2023, and resulted
in certain criticisms of the Bank. No fine or penalty was imposed or required. The Consent Order requires that:
| ● | The
Board of Directors increase participation in the Bank’s affairs by assuming responsibility
for the approval of the Bank’s policies and objectives and for the oversight of the
Bank’s executive and senior management, including approval of a process to monitor
all Bank activities and compliance with the Bank’s Board-approved policies; |
| ● | Board
of Directors shall monitor the overall condition of the Bank, its risk profile, and compliance
with internal policies, regulations, statutes, statements of policy, and rules; |
| ● | The
Bank shall notify the FDIC and State of the resignation or termination of any of the Bank’s
directors or executive officers; |
| ● | The
Bank shall obtain the written approval of the State prior to the addition of any individual
to the Board or the employment of any individual as an executive officer; |
| ● | The
Board update its existing business plan to provide updated goals and projections through
the year 2026 and submit to the FDIC and State for comment and approval; |
| ● | In
the event there are changes to the business plan or any event that results in a deviation
of 10%, the business plan must be resubmitted for comment and approval; |
| ● | The
Board shall create a written Capital Plan to ensure management is monitoring capital levels
and submit to the FDIC and State for comment and approval; |
| ● | After
establishing an adequate Allowance for Credit Losses, the Bank shall maintain its Tier 1
Leverage Capital ratio equal to 14 percent of the Bank’s Average Total Assets; |
| ● | The
Tier 1 Leverage ratio shall be achieved and maintained through retention of earnings, collection
of charged-off assets, reduction in total assets, sale of new equity, or any combination
thereof; |
| ● | While
this order is in effect, the Bank shall not declare or pay dividends or bonuses, without
the prior written consent of the FDIC and State; |
| ● | The
Board shall ensure that the interest rate risk management model report is prepared and reviewed
by the Board quarterly; |
| ● | The
Board shall correct all apparent violations of laws or non-conformance with applicable rules
and regulations noted in the Report of Examination of the Bank as of September 18, 2023; |
| ● | The
Board shall fully implement the existing Board-approved Audit and Compliance Assessment Policy; |
| ● | The
Bank shall conduct audits required by the Audit and Compliance Assessment Policy; |
| ● | The
Board shall engage an independent qualified audit firm to audit the Bank’s IT controls; |
| ● | Management
shall develop a formal audit tracking system for IT audit issues, vulnerability assessment
and penetration test findings, and examination deficiencies; |
| ● | The
Board shall develop, approve, and implement the following formal policies and procedures: |
| ○ | Electronic
Funds Transfer Policy; |
| ○ | Security
Incident Response Policy; and |
| ○ | Item
Processing Procedures. |
| ● | The
Board shall ensure that the following policies and programs are revised: |
| ○ | The
Information Security program; |
| ○ | Business
Continuity Management Plan; and |
| ○ | The
Third-Party Security Policy. |
| ● | The
Board shall ensure that established IT-related committees meet formally and are performing
their delegated IT responsibilities and duties, including conducting, at a minimum, quarterly
meetings; |
| ● | The
Board shall ensure the Bank’s cybersecurity preparedness and resiliency is at a baseline
maturity level. The results of managements cybersecurity evaluation shall be presented to
the Board for review and approval; |
| ● | The
Board shall initiate procedures to improve the initial vendor analysis process; |
| ● | The
Board shall ensure management conducts a full-scope test of the Business Continuity Management
Plan and the Incident Response Plan. A written summary of the results shall be provided to
the Board; |
| ● | The
Bank shall furnish written progress reports to the FDIC and State detailing the form and
manner of any actions taken to secure compliance with this Order and the results thereof.
These reports shall be reviewed by the Board; |
OLD
GLORY HOLDING COMPANY AND SUBSIDIARIES
NOTES
TO CONSOLIDATED FINANCIAL STATEMENTS
(dollars
in thousands, except share data)
December
31, 2025 and 2024
The
provisions of this Order will remain effective and enforceable except to the extent that and until such time as any provision has been
modified, terminated, suspended, or set aside by the FDIC and State.
The
Bank has satisfied a number of the concerns raised in the Consent Order. The de-SPAC transaction with DAAQ (defined below), if consummated,
will satisfy the capital provisions of the Consent Order.
Capital
Level Notification
On
September 11, 2025, the FDIC notified the Bank that its Tier 1 capital level fell within the “Undercapitalized” capital category.
As a result, the Bank is subject to mandatory requirements of Section 38 of the Federal Deposit Insurance Act including:
| ● | The
Bank must submit an acceptable capital restoration plan |
| ● | The
Bank must comply with asset growth restrictions |
| ● | The
Bank must not pay dividends or any other capital distributions without prior approval |
| ● | The
Bank must obtain FDIC prior approval to make any acquisition, open any new branch offices,
engage in any new line of business, or make any transfers or payments to any affiliate,
including the Company. |
|