The subject final report is provided for your information and use. Please refer to the Executive Summary, included in the report, for the overall audit results. The report did not contain recommendations, thus a response was not required. However, the Division of Supervision and Consumer Protection provided a written response on July 13, 2010. We incorporated the response into Part II of the final report.

If you have questions concerning the report, please contact me at (703) 562-6352 or Mike Lombardi, Audit Manager, at (703) 562-6328. We appreciate the courtesies extended to the audit staff.

Attachment

cc: Thomas J. Dujenski, Regional Director, DSC

Elaine D. Drapeau, Acting Chief, Office of Internal Control and Review, DSC James H. Angel, Jr., Director, OERM

Table of Contents

---

Part I
Report by KPMG LLP Material Loss Review, RockBridge Commercial Bank, Atlanta, Georgia	I-1
Part II
OIG Evaluation of Management Response	II-1
Corporation Comments	II-2

---

 

Prepared for the
Federal Deposit Insurance Corporation
Office of Inspector General

 

Table of Contents

Executive Summary	l-1
Why We Did The Audit	l-3
Background	l-3
Causes of Failure and Material Loss	l-4
Board and Management Oversight	l-4
Concentration in CRE Lending	l-5
Underwriting and Credit Administration	l-8
The FDIC's Supervision of RockBridge	l-9
Supervisory History	l-10
Supervisory Response Related to Key Risks	l-10
Implementation of PCA	l-15
Appendices	l-17
Objectives, Scope, and Methodology	l-17
Glossary of Terms	l-20
Acronyms	l-21
Tables
1: Financial Condition of RockBridge	l-4
2: RockBridge Proposed and Actual Loan Mix over Time	l-6
3: RockBridge Supervisory Examination History	l-10
4: RockBridge Actual vs. Planned Loan Mix	l-12
5: RockBridge Actual vs. Planned Deposit Mix	l-12
6: RockBridge Off-Site Supervisory History	l-15
Figures
1: RockBridge ADC Concentration as a Percentage of Total Capital Compared to Peer Group	l-6
2: Composition of RockBridge Loan Portfolio ($)	l-7
3: Composition of RockBridge Loan Portfolio (%)	l-7

KPMG LLP 2001 M Street, NW Washington, DC 20036

July 15, 2010

Executive Summary

Stephen M. Beard
Assistant Inspector General for Material Loss Reviews
Federal Deposit Insurance Corporation
3501 North Fairfax Drive
Arlington, VA 22226

Material Loss Review Report for RockBridge Commercial Bank, Atlanta, Georgia

Dear Mr. Beard:

This is our performance audit report on the results of the Material Loss Review for RockBridge Commercial Bank (RockBridge or the Bank), Atlanta, Georgia. The objectives of this performance audit were to (1) determine the causes of RockBridge's failure and the resulting material loss to the Deposit Insurance Fund (DIF) and (2) evaluate the FDIC's supervision of RockBridge, including the FDIC's implementation of the Prompt Corrective Action (PCA) provisions of section 38 of the FDI Act.

Causes of Failure

RockBridge's failure can be attributed to (1) inadequate management and Board of Directors (Board) oversight; (2) a high concentration in Commercial Real Estate (CRE) lending; and (3) poor credit underwriting and credit administration. Management and the Board pursued a business strategy that deviated from its original business plan without having the appropriate management expertise and internal controls in place to adequately mitigate the corresponding risks. The Bank's rapid decline was exacerbated by the deteriorating economic conditions in the Atlanta, Georgia real estate market where RockBridge operated.

Evaluation of Supervision

In retrospect, given the examination findings and RockBridge's risk profile, a more critical assessment and aggressive supervisory approach may have been prudent. In particular, consistent with recently enhanced procedures for de novo institutions, the FDIC should have either (1) required the Bank to adhere to the original business plan, or (2) taken further steps to ensure that management and internal controls were commensurate with the business strategy actually executed by the Bank that resulted in a much greater risk profile. Considering the Bank's deviation from the original business plan, the developing concentrations in CRE lending, the reliance on potentially volatile funding sources, and poor credit underwriting and credit administration practices, it may have been prudent for the FDIC examiners to consider a more aggressive approach to the business plan deviation and a stronger supervisory tenor for a bank in its formative stage.

KPMG LLP is a Delaware limited liability partnership,
the U.S. member firm of KPMG International Cooperative
("KPMG International"), a Swiss entity.

Prompt Corrective Action

Based on the supervisory actions taken with respect to RockBridge, the FDIC properly implemented the applicable PCA provisions of section 38 of the FDI Act.

We conducted our performance audit in accordance with Generally Accepted Government Auditing Standards (GAGAS). Those standards require that we plan and perform the performance audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.

The information included in this report was obtained during our fieldwork, which occurred during the period from March 2010 through June 2010.

Very truly yours,

l-2

Why We Did the Audit

The FDIC Office of Inspector General (OIG) contracted with KPMG LLP (KPMG) to conduct a material loss review of RockBridge Commercial Bank (RockBridge or the Bank), Atlanta, Georgia.

On December 18, 2009, the Georgia Department of Banking and Finance (GDBF) closed RockBridge and named the FDIC as receiver. On January 20, 2010, the FDIC notified the OIG that RockBridge's total assets at closing were $294.8 million and the estimated loss to the Deposit Insurance Fund was $122.1 million. The OIG was required by section 38(k) of the Federal Deposit Insurance (FDI) Act to conduct a material loss review of the failure of RockBridge and retained KPMG for this purpose.

The audit objectives were to (1) determine the causes of the financial institution's failure and resulting material loss to the DIF and (2) evaluate the FDIC's supervision of the institution, including implementation of the Prompt Corrective Action (PCA) provisions of section 38.

Background

RockBridge applied for federal deposit insurance on December 7, 2005. The application was approved on April 25, 2006, and on November 13, 2006, the Bank opened for business as a de novo state-chartered nonmember bank. RockBridge had one branch in an office park in Atlanta, Georgia and the Bank's primary market included Cobb, DeKalb, Fulton, and Gwinnett counties. The Bank was owned by a holding company, RockBridge Financial Holdings, Inc. (RFHI), a noncomplex¹ bank holding company. Table 1 provides details on RockBridge's financial condition as of September 30, 2009 and the 3 preceding years.

---

¹ According to the Federal Reserve Bank of Atlanta, the determination of whether a holding company is "complex" vs. "noncomplex" is made on a case-by-case basis taking into account a number of considerations such as: the size and structure of the holding company; the extent of intercompany transactions between the insured depository institution subsidiaries and holding company or uninsured depository institution subsidiaries and holding company; the nature and scale of any non-bank activities, including whether these activities are subject to review by a functional regulator and the extent to which the holding company is conducting Gramm-Leach-Bliley authorized activities (e.g., insurance, securities, merchant banking); whether risk management processes for the holding company are consolidated; and whether the holding company has material debt outstanding to the general public.

l-3

Table 1: Financial Condition of RockBridge

Financial Data ($000)	9/30/09	12/31/08	12/31/07	12/31/06
Total Assets	$294,024	$262,970	$180,624	$29,096
Total Loans	$211,742	$228,815	$156,905	$7,323
Total Deposits	$291,707	$235,386	$154,030	$1,981
Brokered Deposits	$86,783	$93,425	$116,709	$0
Non-core Dependency Ratio	61.43%	70.43%	69.80%	-276.60%
Past Due and Non-accrual Ratio	39.38%	6.74%	0.00%	0.00%
CRE*/Total Capital	7,184.46%**	498.49%	344.12%	15.44%
Total Risk-Based Capital	0.83%	12.12%	16.15%	218.17%
Loan Growth Rate	-7.46%	45.83%	2,042.63%	N/A

Source: Uniform Bank Performance Reports (UBPR) and Reports of Examination (ROE).
*Includes Acquisition, Development, and Construction (ADC) and other Commercial Real Estate (CRE) loans.
**The 9/30/09 increase in this ratio is largely due to a significant decrease in capital.

Causes of Failure and Material Loss

RockBridge's failure can be attributed to (1) inadequate management and Board of Directors (Board) oversight; (2) a high concentration in Commercial Real Estate (CRE) lending; and (3) poor credit underwriting and credit administration. Management and the Board pursued a business strategy that deviated from its original business plan without having the appropriate management expertise and internal controls in place to adequately mitigate the corresponding risks. The Bank's rapid decline was exacerbated by the deteriorating economic conditions in the Atlanta, Georgia real estate market where RockBridge operated.

Board and Management Oversight

According to the original business plan, RockBridge anticipated a loan mix consisting of ADC, 1-4 family residential, CRE, Commercial and Industrial (C&I), and consumer loans. According to the FDIC Order approving deposit insurance, RockBridge was required to operate within the parameters of the business plan submitted to the FDIC. Furthermore, during the first 3 years of operations, the Bank was required to notify the FDIC of any major deviations or material change from the plan 60 days before consummation of the change.

The original business plan was based on the assumptions that (1) the initial capital raised would be approximately $19 million; (2) the loan mix would concentrate on C&I (50%) and 1-4 family residential (20%) lending; and (3) the funding source for loans would center around core deposits. The actual capital raised by the holding company was approximately $37 million, of which $27 million was allocated to the Bank. While the higher level of initial capital was considered positive at the time, interviews with examiners have indicated that this may have resulted in the unintended consequence of increasing pressure by investors on the Bank's management to leverage this additional capital and grow the business faster than originally planned.

l-4

The pressure to grow quickly was inherently contrary to the management team's plan to acquire core deposits and build a loan portfolio of C&I loans, which historically takes time to develop. Instead, consistent with a rapid growth strategy, the Bank relied on non-core funding and engaged in CRE loans directly or through loan participations. The Bank's management and the Board's failure to successfully execute the original business plan resulted in the ill-timed adoption of a strategy focused on CRE loans during a time when the Atlanta real estate market was quickly deteriorating.

The 2009 in-process FDIC examination noted that RockBridge's Board failed to fulfill its primary fiduciary responsibility to ensure the Bank be operated in a safe and sound manner.² The report indicated management did not properly monitor concentrations in the midst of a weakening economic market and pursued an aggressive lending strategy that, at times, relied on insufficient financial information.

In December 2006, the federal banking regulatory agencies issued joint guidance, entitled, Concentrations in Commercial Real Estate Lending, Sound Risk Management Practices (Joint Guidance)³ that reinforces existing regulations and guidelines for real estate lending and safety and soundness. The Joint Guidance points out that there are substantial risks posed by CRE concentrations, especially ADC concentrations. Such risks include unanticipated earnings and capital volatility during a downturn in the real estate market. The Joint Guidance reiterates that concentrations in CRE lending, coupled with weak loan underwriting and depressed CRE markets, contributed to significant credit losses in the past.

The Joint Guidance is noteworthy because the Bank opened only a month before the Joint Guidance was issued. Management should have more fully adopted the practices in the Joint Guidance given the stage of the Bank's lifecycle when the Joint Guidance was issued and the Board and management's decision to deviate from the original business plan in pursuit of CRE lending.

Concentration in CRE Lending

Both the GDBF and the FDIC quickly became aware that the Bank materially deviated from the loan portfolio composition that comprised its original business plan. Table 2 lists the loan mix proposed in the original business plan and the actual loan mix by category. The table indicates the most significant deviations were in the ADC and C&I categories.

---

²The 2009 examination report was not issued in final prior to RockBridge's closing.
³ Financial Institution Letter (FIL) 104-2006.

l-5

Table 2: RockBridge Proposed and Actual Loan Mix over Time

Loan Type	12/31/2008 Actual*	12/31/2008 Projected**	12/31/2007 Actual*	Original Business Plan Approved 4/25/06
ADC	40%	40%	42%	5%
Other CRE	25%	24%	19%	15%
1-4 Family Residential	4%	4%	3%	20%
C&I	24%	27%	28%	50%
Consumer	6%	5%	7%	10%

Numbers do not add to 100% due to rounding.
*Actual data from UBPR Reports.
**Projected data from 6/25/08 RockBridge Revised Business Plan.

Figure 1 illustrates the impact that the deviation from the proposed loan mix had on the Bank's ADC concentration as a percent of total capital.

[ D ]

The October 29, 2008 Report of Examination (ROE) revealed that RockBridge continued to be heavily involved in CRE, and in particular, ADC lending. The October 2008 examination noted that as of September 30, 2008 RockBridge had $55 million in loan participations, which were mostly purchased from, and made to, entities outside of RockBridge's specified trade area, representing 25% of the loan portfolio. The ROE also noted that adversely classified assets represented 7.4% of the portfolio and that all of these classified loans were participation loans. Figures 2 and 3 illustrate the general composition and growth pattern of RockBridge's loan portfolio from 2006 through 2009.

l-6

[ D ]

[ D ]

l-7

RockBridge did not notify the FDIC or the GDBF of the changes in the loan mix in advance as required by the Order granting Federal Deposit Insurance. After the October 15, 2007 examination, management was asked to provide a revised business plan and operating budget to identify strategies for reducing the dependence on non-core funding, achieving the desired loan mix, increasing ALLL, and limiting future growth. In response to this request, the Bank agreed to submit a revised business plan and detailed budget after receiving Board approval. RockBridge submitted the revised plan on June 25, 2008, and was notified of conditional acceptance of this plan by the GDBF⁵ on July 30, 2008 and by the FDIC on October 10, 2008.

By this time, the condition of the Bank had deteriorated and the October 2008 GDBF ROE noted that a Memorandum of Understanding (MOU) would be issued in consultation with the FDIC, directing specific actions to be taken by management to address the deficiencies noted in the ROE.

Underwriting and Credit Administration

The October 2008 ROE noted that 25% of RockBridge's portfolio consisted of loan participations. As of June 30, 2009, approximately 50% of RockBridge's total loans were from markets outside of those specified by the loan policy, and included loans in New York, Maine, Florida, and Alabama.

RockBridge also became involved in aircraft lending, but it did not appear that bank employees had the appropriate experience or training to properly underwrite and evaluate this type of specialty lending. As of June 30, 2009, RockBridge held roughly $31 million, or 12% of total loans, in aircraft loans. Approximately 15% of the aircraft loans resulted in a loss. While the 15% loss on aircraft lending is not significant relative to total losses, the high percentage of loans resulting in a loss was a result of poor underwriting standards and was indicative of the lack of oversight by management and the Board to effectively safeguard the institution from losses.

During the Bank's short history, examiners identified weaknesses in RockBridge's underwriting and credit administration practices. Issues noted included:

• The Bank failed to conduct proper due diligence and implement prudent underwriting of the loan participation credits. RockBridge relied on loan memorandums generated by originating banks.⁶
• The Bank failed to review compliance with Loan Policy guidelines related to loan-to-deposits

---

⁵The GDBF accepted RockBridge's revised business plan subject to the following conditions: (1) the Board of Directors adopt a resolution committing to maintain the Bank at a Prompt Corrective Action (PCA) category rating of "Well Capitalized" during the first three years of operation or until cumulative profitability is achieved, whichever is later; (2) the Board of Directors adopt a resolution committing to maintain the Bank's Tier 1 Capital Ratio at not less than 8% during the first three years of operation; (3) the Bank maintain a liquidity ratio of at least 10% unless a lower level is approved by the Department; (4) the business plan be carried out in substantial accordance with the business plan revisions provided to the Department and FDIC; and any material changes, including significant changes to the Bank's deposit and/or loan mix or business plan require prior approval of the Department and FDIC; (5) consolidated month-end statements of condition and statements of income and expenses continue to be forwarded to the Supervisory Manager; and (6) the Bank continue to abide by all conditions established within the Articles of Incorporation letter for the Bank dated April 17, 2006.
⁶ According to the FDIC's Risk Management Manual of Examination Policies, institutions purchasing participations must make a thorough, independent evaluation of the transaction and risks involved before committing any funds.

l-8

ratios, out-of-territory lending, policy exemptions, participations, concentration levels, desired loan mix, etc.
• The Bank failed to monitor its concentration in ADC loans in accordance with the Joint Guidance found in Financial Institution Letter (FIL) 104-2006, dated December 12, 2006.

RockBridge was cited in the GDBF October 29, 2008 examination for violation of laws and regulations related to its lending activity. Violations cited in the examination report include:

• loans in excess of legal limits,⁷
• insider loan approvals,⁸ and
• appraisal violations.⁹

The FDIC's Supervision of RockBridge

The FDIC, in conjunction with the GDBF, provided ongoing supervisory oversight of RockBridge consistent with FDIC requirements for de novo institutions.¹⁰ Through its supervisory efforts, the FDIC and the GDBF identified key risks in RockBridge's operations and made recommendations to improve risk management practices and address areas of concern, including noted deviations from the Bank's original business plan. Enforcement actions were taken in 2009; however, Board and senior management responses to those actions fell short and the financial condition of the Bank became critically deficient.

In retrospect, given the examination findings and RockBridge's risk profile, a more critical assessment and aggressive supervisory approach may have been prudent. In particular, consistent with recently enhanced procedures for de novo institutions, the FDIC should have either (1) required the Bank to adhere to the original business plan, or (2) taken further steps to ensure that management and internal controls were commensurate with the business strategy actually executed by the Bank that resulted in a much greater risk profile. Considering the Bank's deviation from the original business plan, the developing concentrations in CRE lending, the reliance on potentially volatile funding sources, and poor credit underwriting and credit administration practices, it may have been prudent for the FDIC examiners to consider a more aggressive approach to the business plan deviation and a stronger supervisory tenor for a bank in its formative stage.

---

⁷Section 7-1-285(b) of the Financial Institution Code of Georgia.
⁸ Part 215(b)(1) and Part 215(b)(ii)(2) of the FDIC Rules and Regulations.
⁹ Part 323.3(d) and Part 323.4(b)(1) of the FDIC Rules and Regulations.
¹⁰ According to the FDIC Risk Management Manual of Examination Policies, de novo institutions are subject to additional supervisory oversight and regulatory controls, including a limited scope examination within the first six months of operation, and a full-scope examination within the first twelve months of operation. When RockBridge's application for deposit insurance was approved in 2006, the de novo period for institutions was 3 years. However, in August 2009, the FDIC issued Financial Institution Letter (FIL) 50-2009, entitled Enhanced Supervisory Procedures for Newly Insured FDIC-Supervised Depository Institutions, that extended the de novo period for newly-chartered institutions to 7 years for supervision, examinations, capital, and other requirements and supplemented existing guidance for processing deposit insurance applications for de novo institutions for which the FDIC is the primary federal regulator.

l-9

Further, such an approach could have established a stronger supervisory tenor during the first year of the Bank's operations and may have (1) been a more effective means of communicating the significance of the risks the Bank was assuming and the seriousness of supervisory concerns related to the Bank's risk profile, and (2) created a more structured supervisory framework to monitor actions the Board and management were taking to address deficiencies.

Supervisory History

The pre-opening examination conducted by the FDIC did not indicate any concerns related to the Bank's risk management practices and concluded that the Bank met all of the requirements to open for business as a state-chartered bank ready to service the public. The Bank opened for business on November 13, 2006. Four risk management examinations were performed from 2007 to 2009 and are summarized in Table 3.

Table 3: RockBridge Supervisory Examination History

Examination Start Date	Examination as of Date	Supervisory Agency	Supervisory Ratings (UFIRS)*	Supervisory Action
5/21/2007	3/31/2007	GDBF	1-1-2-3-1-2/2	None
10/15/2007	9/30/2007	FDIC	1-2-2-3-3-2/2	None
10/29/2008	9/30/2008	GDBF	2-3-3-3-3-3/3	MOU**
9/14/2009***	6/30/2009	FDIC	5-5-5-5-5-5/5	None

Source: Reports of Examination (ROE); FDIC ViSION system; FDIC, GDBF, and Bank communications.
*Financial institution regulators and examiners use the Uniform Financial Institutions Rating System (UFIRS) to evaluate a bank's performance in six components represented by the CAMELS acronym: Capital adequacy, Asset quality, Management practices, Earnings performance, Liquidity position, and Sensitivity to market risk. Each component, and an overall composite score, is assigned a rating of 1 through 5, with 1 having the least regulatory concern and 5 having the greatest concern.
**Effective 2/18/2009.
***The examination was completed but the ROE was never issued as it was completed near the time the Bank was closed.

In addition, on August 5, 2009, due to the continued decline in the financial condition of the Bank, the FDIC made an interim ratings change from the then current UFIRS ratings of 233333/3 to 554543/5. Based on this interim ratings change, the next examination, originally scheduled for December 2009, was moved up to September 14, 2009. However, the Bank continued to degrade and failed prior to the issuance of the ROE from the September 2009 examination.

Supervisory Response Related to Key Risks

In retrospect, given the findings of the examinations and RockBridge's risk profile, a more critical assessment and aggressive supervisory approach may have been prudent. Board and management responses to enforcement actions taken in 2008 fell short, and by the time the supervisory action taken in 2009 became effective, the Bank's financial condition had become critically deficient and it was closed.

2007 Supervisory Activities

As a de novo institution, RockBridge was subject to two risk management examinations in its first year of operation. Specifically, the examination guidance requires a limited scope

examination be conducted for newly-chartered and insured institutions within the first 6 months of operation, and a full-scope examination within the first 12 months of operation. In their respective 2007 examinations, the GDBF and the FDIC identified a number of risk management practices that needed to be addressed as well as RockBridge's increased risk profile stemming from the Bank's deviations from its original business plan, away from C&I and towards CRE. However, both examinations concluded that the Bank's overall condition was satisfactory.

The GDBF May 2007 examination did not identify any issues of noncompliance with the conditions contained in the final approval of the Bank's charter and deposit insurance. However, the examination report noted that the Bank had moderate exposure to interest rate risk due to a rapidly changing balance sheet structure and earnings position. Some minor criticisms and recommendations that could be addressed in the normal course of business were made.

The FDIC performed the second onsite examination beginning October 15, 2007. While the overall condition of the Bank was again determined to be satisfactory, the ROE did note the emergence of some issues. In particular, it was noted that while asset quality was still satisfactory, a concentration in construction and land development, which was not part of the original business strategy, had developed. In addition, the examination indicated the portfolio was unseasoned and would be negatively impacted by a downturn in the local economy. These factors resulted in a downgrade of the Asset Quality component of the CAMELS rating to a "2" from a "1" on the prior examination.

The rating of "2" for Asset Quality indicates satisfactory asset quality and credit administration practices with the level and severity of classifications, and other weaknesses warranting a limited level of supervisory concern. The ROE, however, also noted that (1) "While the Bank currently has no adversely classified or past due loans, the loan portfolio remains unseasoned and is comprised of loans with inherently greater risk given the concentration in ADC loans centered in the residential real estate market," and (2) "While these loans have sufficient collateral coverage and are backed by guarantors with satisfactory net worth and liquidity, a prolonged downturn in the housing market could negatively impact some of the borrowers' financial condition and/or the value of the collateral." In hindsight, additional consideration of these risk factors identified by the examiners may have been warranted in assessing asset quality and resulted in an elevated degree of supervisory concern more consistent with the overall risk profile of the portfolio.

While the Bank's original business plan listed a mix of deposit products to fund growth, it did note "There are no specific plans at this time to use brokers or agents to generate loans or deposits for the Bank." Examiners however, noted that "the primary funding source has been brokered deposits," and that "Together, with certificates of deposits (CDs) obtained through the internet and jumbo CDs, aggregating another $14.6 million, potentially volatile funding sources represent 79% of the deposit base." As a result, the Liquidity component of the CAMELS ratings was reduced from a "1" to a "3".

The October 15, 2007 ROE indicated that the loan mix and deposit base targeted in the original business plan had not been achieved. The actual loan portfolio had a concentration of ADC loans, which were originally projected to be 5% of the loan portfolio, and most of the loan growth was funded with brokered deposits and other non-core deposits. Tables 4 and 5 outline the actual versus planned loan portfolio mix and deposit mix as of September 30, 2007.

l-11

Table 4: RockBridge Actual vs. Planned Loan Mix

Loan Type	Actual Loan Mix (9/30/07)*	Planned Loan Mix**
ADC	42%	5%
Other CRE	15%	15%
Residential Real Estate	5%	20%
Commercial & Industrial	26%	50%
Consumer & Other	11%	10%

*UBPR 9/30/07 (total does not equal 100% due to rounding).
**Source – Original RockBridge Business Plan.

Table 5: RockBridge Actual vs. Planned Deposit Mix

Deposit Type	Actual Deposit Mix (9/30/07)*	Planned Deposit Mix**
CDs	68.3%	35.0%
Jumbo CDs	11.2%	24.5%
Money Market Accounts	4.8%	12.5%
Demand Deposits	1.9%	8.0%
Other Deposits	13.8%	20.0%

*UBPR 9/30/07.
**Source – Original RockBridge Business Plan.

The examination report noted that certain aspects of the current business plan were in contravention of the Order approving deposit insurance. Further, consistent with comments made in the assessment of asset quality, examiners reported that Board and management oversight of the credit administration practices needed enhancement and that management should monitor the Bank's concentration in ADC loans in accordance with the Joint Guidance. The FDIC also deemed the performance of senior management and the Board to be satisfactory and assigned the Management component a "2" rating.

A Management rating of "2" indicates satisfactory management and Board performance and risk management practices relative to the institution's size, complexity, and risk profile. Minor weaknesses may exist, but are not material to the safety and soundness of the institution and are being addressed. In general, significant risks and problems are effectively identified, measured, monitored, and controlled. A "3" Management rating would indicate management and Board performance need improvement or risk management practices are less than satisfactory given the nature of the institution's activities. The capabilities of management and the Board may be insufficient for the type, size, or condition of the institution. Problems and significant risks may be inadequately identified, measured, monitored, and controlled. The 2007 examination findings with regard to Management appear to be more consistent with the characteristics of a "3" rating rather than a "2".

In their respective 2007 examinations, the GDBF and the FDIC both assigned RockBridge a composite "2" CAMELS rating, which indicates that an institution is considered to be fundamentally sound and only moderate weaknesses are present and are well within the Board's and management's capabilities and willingness to correct. Further, overall risk management practices are satisfactory relative to the institution's size, complexity, and risk profile.

l-12

Considering the Bank's deviation from the original business plan, the developing concentrations in CRE lending, the reliance on potentially volatile funding sources, and poor credit underwriting and credit administration practices, it may have been prudent for the FDIC examiners to consider increased attention to management practices and/or assigning a lower composite rating.

2008 Supervisory Activities

The October 29, 2008 GDBF examination noted that the overall condition of the Bank had deteriorated since the prior examination. The level of adversely classified loans increased due to the decline in the real estate market, the Bank's high growth rate, and the Bank's concentration in ADC lending. A number of credit underwriting and administration weaknesses were also highlighted.

In assessing the condition of the Bank, the CAMELS ratings were reduced for Capital (from "1" to "2"), Asset Quality ("2" to "3"), Management ("2" to "3"), and Sensitivity to Market Risk ("2" to "3"). The overall composite rating was also reduced from "2" to "3". Based on the findings from the examination and deterioration of the asset quality of the institution, the GDBF recommended that the Bank be placed under an MOU.

2009 Supervisory Activities

The FDIC and GDBF jointly issued an MOU dated February 18, 2009. The MOU included provisions related to:

• Asset Quality
• Loan Review
• Allowance for Loan and Lease Losses
• Liquidity and Funds Management
• Earnings
• Capital and Dividends
• Violations of Laws and Regulations

The Board also agreed to provide the GDBF and FDIC with written progress reports outlining actions taken to address the provisions in the memorandum within 30 days after the end of each quarter.

On September 14, 2009, the FDIC initiated an examination of RockBridge. This examination was completed, but the ROE was never issued as the Bank failed soon thereafter.

The ROE noted the following:

• The Bank was insolvent and the overall condition was poor;
• Asset quality was critically deficient due to the institution's concentrations in ADC and CRE loans;
• Earnings were deficient due to asset quality weaknesses that have necessitated high ALLL provisions and a contracted net interest margin;
• Capital levels and Sensitivity to Market Risk were inadequate; and

• Management's performance was poor as reflected in the overall performance of the institution.

Each of the CAMELS component ratings resulting from this examination was a "5" with an overall composite rating of "5". The ROE noted that the Bank was not in compliance with two ongoing conditions with the Order approving the Bank's application for deposit insurance and several requirements of the February 18, 2009 MOU.

In hindsight, risk factors identified in 2007, that contributed to the financial deterioration of the Bank in 2008, could have triggered a stronger supervisory response. In our view, the following factors could have supported a lower Management component rating, a lower CAMELS composite rating, and/or a pursuit of a supervisory action:

• RockBridge's de novo status
• Noted material deviations from its original business plan, which included:
  • Reliance on non-core funding sources to fund asset growth
  • Concentration in ADC lending in a weakening real estate market
• Weaknesses in credit underwriting and credit administration

FDIC officials explained that, at the time, consideration was given to the Board and management's overall experience and general willingness to address concerns in determining the supervisory approach to the Bank.

Off-Site Monitoring

In addition to on-site examinations, the FDIC's off-site monitoring program generally consists of periodic contact with bank management to discuss current or emerging issues, and the use of various off-site monitoring tools, including the Off-site Review List (ORL), to monitor institutions between examinations.

The Case Manager Procedures Manual states that the off-site review program is designed to identify emerging supervisory concerns and potential problems so that supervisory strategies can be adjusted accordingly." The FDIC generates an ORL quarterly, listing institutions that meet certain criteria based on three risk measurements:

• The Statistical CAMELS Off-site Rating (SCOR) model uses statistical techniques to measure the likelihood that an institution will receive a ratings downgrade at the next examination.
• SCOR-Lag, a derivation of SCOR, attempts to more accurately assess the financial condition of rapidly growing banks.
• The Growth Monitoring System (GMS) identifies institutions experiencing rapid growth and/or with a funding structure highly dependent on non-core funding sources.

The ORL consists of institutions with a composite CAMELS rating of "1" or "2" that have been identified by SCOR or SCOR-Lag as having a 35% or higher probability of being downgraded to a "3" rating or worse at the next examination or have been flagged by the GMS as being in the 98th or higher growth percentile.

l-14

Off-site reviews must be completed and approved within 3½ months after each Call Report date.¹¹ This generally provides 45 days to complete the off-site reviews once Call Report data is finalized.

Four off-site reviews were conducted for RockBridge as summarized in Table 6.

Table 6: RockBridge Off-Site Supervisory History

Date of Review	Completed Date	Level of Risk	Risk Trend	Follow-Up
3/31/2008	6/27/2008	Medium	Increasing	None
6/30/2008	10/1/2008	Medium	Increasing	None
9/30/2008	12/18/2008	Medium	Increasing	None
12/31/2008	4/2/2009	Medium	Increasing	None

The off-site reviews for RockBridge were conducted in accordance with policy; however, they did not result in any material change to the supervisory approach to the institution.

Implementation of PCA

Section 38, Prompt Corrective Action, of the FDI Act establishes a framework of mandatory and discretionary actions pertaining to all institutions. The section requires regulators to take progressively more severe actions, known as "prompt corrective actions," as an institution's capital levels deteriorate. The purpose of section 38 is to resolve the problems of insured depository institutions at the least possible long-term cost to the DIF. Part 325, Capital Maintenance, of the FDIC Rules and Regulations defines the capital measures used in determining the supervisory actions that will be taken pursuant to section 38 for FDIC-supervised institutions. Part 325 also establishes procedures for the submission and review of capital restoration plans and for the issuance of directives and orders pursuant to section 38.

Based on the supervisory actions taken with respect to RockBridge, the FDIC properly implemented the applicable PCA provisions of section 38. Also, as a condition of approval for its deposit insurance application, the Bank had to maintain a certain capital ratio for the first 3 years of its operations. Further, the February 18, 2009 MOU required that the Bank submit a capital restoration plan should the capital levels drop below levels prescribed in the MOU:

• Tier 1 Leverage Capital Ratio of not less than 8%;
• Tier 1 Risk-Based Capital Ratio of not less than 8%, and
• Total Risk-Based Capital of not less than 10%.

Two of these capital levels are above those required to be considered "well capitalized" under PCA:

• Tier 1 Leverage Capital Ratio of 5% or greater;
• Tier 1 Risk-Based Capital Ratio of 6% or greater, and

---

¹¹The FDIC also utilizes other off-site monitoring tools in addition to the Off-site Review List.

l-15

• Total Risk-Based Capital of 10% or greater.

Based on June 30, 2009 call report data, RockBridge's capital levels were:

• Tier 1 Leverage Capital Ratio: 4.55%
• Tier 1 Risk-Based Capital Ratio: 5.48%
• Total Risk-Based Capital Ratio: 6.81%

On August 4, 2009, the FDIC provided RockBridge with two notifications. The first notification stated that the Bank was considered to be in "troubled condition" as defined in section 303.101 of the FDIC Rules and Regulations. The second notification informed RockBridge that it had become "undercapitalized" pursuant to Part 325 of the FDIC Rules and Regulations. By becoming "undercapitalized", the Bank was subject to certain restrictions on asset growth, dividends and other capital distributions, and management fees. In accordance with PCA provisions, the FDIC required the Bank's Board to file a written capital restoration plan by September 18, 2009. The Bank complied with this requirement.

Subsequent to June 2009, the Bank's capital levels continued to erode. On September 18, 2009, RockBridge notified the FDIC that it had made a provision for loan and lease losses that resulted in the capital ratios dropping to the point that it had become "significantly undercapitalized." On October 15, the Bank provided an additional notification that it had made another provision for loan and lease losses and had become "critically undercapitalized."

Based on the "significantly undercapitalized" condition, the FDIC issued a PCA directive, effective October 28, 2009. In accordance with PCA provisions, the FDIC required the Bank's Board to file a written capital restoration plan. The capital restoration plan submitted on September 18, 2009 was offered by the Bank as compliance with this requirement. This plan outlined steps the Bank would take to become "adequately capitalized", including the sale of stock as well as investigating the sale of the Bank.

Ultimately, the Bank was unable to find a suitable acquirer or otherwise raise sufficient capital to support the Bank's continued operation and correct its then "critically undercapitalized" position. On December 18, 2009, the GDBF closed RockBridge and named the FDIC as receiver.

l-16

Objectives

We performed this performance audit to satisfy the requirements of section 38(k) of the FDI Act, which provides, in general, that if the Deposit Insurance Fund incurs a material loss with respect to an insured depository institution, the Inspector General of the appropriate federal banking agency shall prepare a report to that agency reviewing the agency's supervision of the institution. The FDI Act requires that the report be completed within 6 months after it becomes apparent that a material loss has been incurred.

Our audit objectives were to (1) determine the causes of the financial institution's failure and resulting material loss to the DIF and (2) evaluate the FDIC's supervision of the institution, including implementation of the PCA provisions of section 38. We evaluated whether capital was an adequate indicator of safety and soundness and the FDIC's compliance with PCA guidelines.

We conducted this performance audit from March 2010 to June 2010 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained, as described in the Scope and Methodology section, provides a reasonable basis for our findings and conclusions based on our audit objectives.

Scope and Methodology

The scope of this audit included an analysis of RockBridge from November 2006 until its failure on December 18, 2009. Our review also entailed an evaluation of the regulatory supervision of the Bank over the same period.

To achieve the objectives, we performed the following procedures and utilized the following techniques:

• Analyzed ROEs prepared by FDIC and GDBF examiners from May 2007 to September 2009.
• Reviewed the following documentation:
  • Financial institution data and correspondence maintained at the DSC's Atlanta Regional Office as provided to KPMG by DSC.
  • Field Office records, including examination workpapers.

l-17

• Reports prepared by the Division of Resolutions and Receiverships (DRR) and DSC relating to the Bank's closure.
• Pertinent DSC policies and procedures.
• Interviewed the relevant FDIC officials having supervisory responsibilities pertaining to RockBridge, which included DSC examination staff in the Atlanta Region.
• Interviewed appropriate officials from the GDBF to discuss the historical perspective of the institution, its examinations, and other activities regarding the state's supervision of the Bank.
• Researched various banking laws and regulations, including state laws.

KPMG relied primarily upon the materials provided by the FDIC OIG and DSC, as well as information and other data collected during interviews. KPMG did not perform specific audit procedures to ensure the information and data were complete and accurate. KPMG is, however, aware that Circular 12000.1, Cooperation with the Office of Inspector General, dated September 28, 2007, requires that all FDIC employees, contractors, and subcontractors cooperate with the OIG in order for the OIG to carry out its statutory mandate. To that end, all employees, contractors, and subcontractors must:

(1) Provide authorized representatives of the OIG immediate and unrestricted access to all Corporation, receivership, contractor, and subcontractor personnel, facilities, equipment, hard copy and electronic records, files, information systems, and other sources of information when requested during the course of their official duties.

(2) Provide authorized representatives of the OIG immediate and unrestricted access to any records or material available to any part of the FDIC.

Interviews were conducted to gain a better understanding of decisions made regarding the supervisory approach to the Bank and to clarify information and conclusions contained in reports of examination and other relevant supervisory correspondence between the FDIC and the Bank. KPMG relied on the information provided in the interviews without conducting additional specific audit procedures to test such information.

Internal Control, Reliance on Computer-processed Information, Performance Measurement, and Compliance with Laws and Regulations

Consistent with the audit objectives, we did not assess DSC's overall internal control or management control structure. We relied on information in DSC systems, reports, ROEs, and interviews of examiners to understand RockBridge's management controls pertaining to the causes of failure and material loss as discussed in the body of this report.

We obtained data from various FDIC systems but determined that information system controls were not significant to the audit objectives and, therefore, did not evaluate the

l-18

effectiveness of information system controls. We relied on our analysis of information from various sources, including ROEs, correspondence files, and testimonial evidence, to corroborate data obtained from systems that were used to support our audit conclusions.

The Government Performance and Results Act of 1993 (the Results Act) directs Executive Branch agencies to develop a customer-focused strategic plan, align agency programs and activities with concrete missions and goals, and prepare and report on annual performance plans. For this material loss review, we did not assess the strengths and weaknesses of DSC's annual performance plan in meeting the requirements of the Results Act because such an assessment is not part of the audit objectives. DSC's compliance with the Results Act is reviewed in OIG's program audits of DSC operations.

Regarding compliance with laws and regulations, we performed tests to determine whether the FDIC had complied with provisions of PCA and limited tests to determine compliance with certain aspects of the FDI Act. The results of our tests are discussed, where appropriate, in this report. Additionally, we assessed the risk of fraud and abuse related to our objectives in the course of evaluating audit evidence.

l-19

Term	Definition
Adversely Classified Assets	Assets subject to criticism and/or comment in an examination report. Adversely classified assets are allocated on the basis of risk (lowest to highest) into three categories: Substandard, Doubtful, and Loss.
Allowance for Loan and Lease Losses (ALLL)	The ALLL is an estimate of uncollectible amounts that is used to reduce the book value of loans and leases to the amount that is expected to be collected. It is established in recognition that some of the loans in the institution's overall loan and lease portfolio will not be repaid. Boards of directors are responsible for ensuring that their institutions have controls in place to consistently determine the allowance in accordance with the institution's stated policies and procedures, generally accepted accounting principles, and supervisory guidance.
Call Report	Consolidated Reports of Condition and Income (also known as the Call Reports) are reports that are required to be filed by every national bank, state member bank, and insured nonmember bank pursuant to the Federal Deposit Insurance Act. These reports are used to calculate deposit insurance assessments and monitor the condition, performance, and risk profile of individual banks and the Banking industry.
Concentration	A concentration is a significantly large volume of economically related assets that an institution has advanced or committed to a certain industry, person, entity, or affiliated group. These assets may, in the aggregate, present a substantial risk to the safety and soundness of the institution.
Prompt Corrective Action (PCA)	The purpose of PCA is to resolve the problems of insured depository institutions at the least possible long-term cost to the DIF. Part 325 of the FDIC Rules and Regulations, 12 Code of Federal Regulations, section 325.101, et seq, implements section 38, Prompt Corrective Action, of the FDI Act, 12 United States Code section 1831o, by establishing a framework for taking prompt corrective supervisory actions against insured nonmember banks that are less than adequately capitalized. The following terms are used to describe capital adequacy: Well Capitalized, Adequately Capitalized, Undercapitalized, Significantly Undercapitalized, and Critically Undercapitalized.
Uniform Bank Performance Report (UBPR)	The UBPR is an analysis of financial institution financial data and ratios that includes extensive comparisons to peer group performance. The report is produced by the Federal Financial Institutions Examination Council for the use of banking supervisors, bankers, and the general public and is produced quarterly from Call Report data submitted by banks.

l-20

ADC	Acquisition, Development, and Construction
ALLL	Allowance for Loan and Lease Losses
CAMELS	Capital, Asset Quality, Management, Earnings, Liquidity, and Sensitivity to Market Risk
CD	Certificate of Deposit
CRE	Commercial Real Estate
DIF	Deposit Insurance Fund
DRR	Division of Resolutions and Receiverships
DSC	Division of Supervision and Consumer Protection
EIC	Examiner-in-Charge
FDI	Federal Deposit Insurance
FIL	Financial Institution Letter
GAGAS	Generally Accepted Government Auditing Standards
GDBF	Georgia Department of Banking and Finance
OIG	Office of Inspector General
ORL	Off-site Review List
PCA	Prompt Corrective Action
RO	Regional Office
ROE	Report of Examination
UBPR	Uniform Bank Performance Report
UFIRS	Uniform Financial Institutions Rating System

l-21

---

 

OIG Evaluation of Management Response

After we issued our draft report, management officials provided additional information for our consideration, and we revised our report to reflect this information, as appropriate. On July 13, 2010, the Director, Division of Supervision and Consumer Protection (DSC), provided a written response to the draft report. That response is provided in its entirety on page II-2 of this report.

DSC reiterated the OIG's conclusions regarding the causes of RockBridge's failure and the FDIC's supervision of the bank. DSC stated that the failure of RockBridge demonstrates why stringent supervisory attention is necessary for de novo institutions. DSC has extended its supervisory program so that these institutions receive a full-scope examination every year for 7 years, as opposed to 3 years. According to DSC, de novo business plans are being closely monitored against approved financial projections throughout the 7-year period. Additionally, DSC issued a Financial Institution Letter in August 2009 that describes the program changes for de novo institutions and warns that changes in business plans undertaken without required prior notice may subject an institution or its insiders to civil money penalties.

ll-1

July 13, 2010 TO: Stephen Beard Assistant Inspector General for Material Loss Reviews   FROM: Sandra L. Thompson [Electronically produced version; original signed by Sandra L. Thompson] Director   SUBJECT: Draft Audit Report Entitled, Material Loss Review of RockBridge Commercial Bank, Atlanta, GA (Assignment No. 2010-034)   Pursuant to Section 38(k) of the Federal Deposit Insurance act (FDI Act), the Federal Deposit Insurance Corporation's Office of Inspector General (OIG) conducted a material loss review of RockBridge Commercial Bank (RockBridge) which failed on December 18, 2009. This memorandum is the response of the Division of Supervision and Consumer Protection (DSC) to the OIG's Draft Report (Report) received on June 17, 2010. RockBridge failed due to management's and Board of Director's inadequate oversight of a strategy of rapid asset growth during the de novo period that led to a high concentration in acquisition, development and construction (ADC) and other commercial real estate (CRE) loans. This growth strategy was a deviation from the original business plan, which called for a diverse portfolio mix of Commercial and Industrial loans, 1-4 residential, ADC, CRE, and consumer loans funded by core deposits. Instead, RockBridge's rapid growth strategy engaged in ADC and CRE lending directly or through participations, funded by noncore deposits. The FDIC and the Georgia Department of Banking and Finance (GDBF) performed two supervisory examinations in RockBridge's first year of operations, and examinations in 2008 and 2009, which was consistent with the requirements for de novo institutions. The FDIC October 2007 examination noted the deviation from the original business plan with a concentration in ADC loans funded by noncore deposits, and recommended that management develop a revised plan to reduce dependence on noncore funding and achieve the desired loan mix. The GDBF 2008 examination noted substantial increases in adversely classified items and ADC concentrations as a percentage of Tier 1 Capital. As a result of this examination, RockBridge was downgraded, and eventually closed due to the Board's inability to operate the institution in a safe and sound manner. The failure of RockBridge demonstrates why stringent supervisory attention is necessary for de novo institutions. DSC has extended its supervisory program so that these institutions receive a full scope examination every year for seven years, as opposed to three years. De novo business plans are being closely monitored against approved financial projections throughout the seven year period. A Financial Institution Letter issued in August 2009 describes the program changes for de novo institutions and warns that changes in business plans undertaken without required prior notice may subject an institution or its insiders to civil money penalties. Thank you for the opportunity to review and comment on the Report.