Describing Lake Shore as being “in troubled condition,” the Office of the Comptroller of the Currency said the bank is in “substantial noncompliance” with a previous formal written agreement, and cited it for deficiencies in information technology security, risk governance, management oversight and anti-money-laundering efforts.

The agency also required the company to come up with a detailed three-year strategic plan that it cannot veer from without permission. The OCC imposed a host of new requirements and mandates, including limitations on so-called “golden parachute” severance, and affirms a prohibition on changes to directors or senior executive officers without regulatory consent.

The OCC’s order focuses on deficiencies in the bank’s governance and practices, and not Lake Shore’s financial health. Lake Shore, which has 11 branches in Chautauqua and Erie counties, reported net income of $5.7 million in 2022, down 8% from the year before.

The order contains many of the directives laid out in a written agreement between the bank and the regulator revealed in July, and expands upon them. The new consent order takes aim at Lake Shore’s Bank Secrecy Act and anti-money laundering safeguards, calling for a host of changes to improve its policies, systems and training for fighting fraud.

The written agreement with the OCC last year criticized the bank over its technology compliance and governance, and called for ensuring that the bank had competent management in place in several areas.

Lake Shore acknowledged that it had “experienced a data security incident” in November 2021 that “prevented employees from accessing internal systems and data for a limited period of time.” A subsequent investigation found “unauthorized access to certain data,” but no impact on the bank’s core systems and “no evidence that customer personal information was misused,” according to a document the bank filed with the Securities and Exchange Commission.

In an interview Friday, Daniel P. Reininga, Lake Shore’s president and CEO, said the bank is financially healthy, and he pledged to fulfill the regulators’ requirements.

“Our financial performance is strong. The capital levels are strong,” Reininga said. “There’s really no concerns there with respect to financial performance. These items are related to IT, audit and also (Bank Secrecy Act).”

The bank last year named Jennifer Zatkos to the newly created role of chief operating officer. Reininga said Zatkos has a background in Bank Secrecy Act/anti-money laundering practices.

“She’s positioned well and the bank’s positioned well to resolve those challenges,” he said.

Lake Shore also named Robert Cortellucci as chief technology officer, and hired Joshua Brunner as information security officer to beef up its leadership team.

Reininga, who has served as president and CEO since 2011, has announced he will retire in May, at the time of the bank’s annual shareholders meeting.

Reininga said Lake Shore “will be in great shape as we continue to work through these issues. 

“We will get through this and we will evolve from this,” he said. “We will continue to invest in staffing and resources to support our future growth, as well as reinforce our commitment to address all the outstanding matters.”

Lake Shore disclosed that its board of directors suspended quarterly dividend payments to shareholders “in order to focus the capital resources of the bank on addressing the operational, compliance and governance deficiencies described in the order.”