An official website of the United States government
Parts of this site may be down for maintenance Saturday, November 23, 7:00 p.m. to Sunday, November 24, 9:00 a.m. (Eastern).
OCC Bulletin 2013-33 | November 12, 2013
Share This Page:
Chief Executive Officers of All National Banks and Federal Savings Associations, Federal Branches and Agencies, Department and Division Heads, All Examining Personnel, and Other Interested Parties
This bulletin provides guidance and establishes standards that the Office of the Comptroller of the Currency (OCC) uses when it requires national banks, federal savings associations, or federal branches or agencies (collectively, banks) to employ independent consultants as part of an enforcement action to address significant violations of law, fraud, or harm to consumers.
The bulletin describes the OCC’s
This bulletin applies to any bank subject to an enforcement action in which the OCC requires the bank to hire an independent consultant to address significant violations of law, fraud, or harm to consumers. This bulletin does not apply when the OCC requires the bank to hire a consultant to provide expertise needed to correct operational or management deficiencies. These types of “functional” engagements have been particularly valuable for community banks and do not raise the same level of concerns addressed in this bulletin. In these circumstances, banks should consult OCC Bulletin 2013-29, “Third-Party Relationships: Risk Management Guidance.”
The OCC has used its enforcement authority to require banks to retain independent consultants in a significant number of cases and for a variety of purposes. For example, as part of enforcement actions, the OCC has required banks to retain independent consultants to assess the banks’ compliance with legal requirements in cases involving material violations of law. The agency also has required the use of independent consultants when banks are obligated to provide restitution for violations of consumer protection statutes. The OCC has ordered banks of all sizes to retain independent consultants to
In addition, the OCC has required banks to retain independent consultants to provide expertise needed to correct operational and management deficiencies rather than to address significant violations of law, fraud, or harm to consumers. By retaining consultants to perform these “functional” engagements, banks gain the additional knowledge, experience, and resources required to address deficiencies identified through the supervisory process. These engagements have been particularly valuable for community banks that may lack the necessary expertise and resources to correct the problems on their own.
This bulletin focuses on enforcement actions that require the employment of an independent consultant to address significant violations of law, fraud, or harm to consumers. Because the use of a consultant to perform a functional engagement is not designed to address concerns related to significant violations, fraud, or harm to consumers, the level of OCC review and oversight is generally lower, and some of the concerns addressed in this bulletin—such as maintaining strict independence from bank management—may not be as critical. Nonetheless, the OCC expects a bank to conduct appropriate due diligence to ensure that an independent consultant performing a functional engagement has the necessary expertise and resources to provide the needed services.1
The use of an independent consultant does not absolve bank management or a bank’s board of directors of their responsibility for ensuring that all needed corrective actions are identified and implemented. Moreover, an independent consultant is not a substitute for the supervisory judgment of the OCC. The OCC retains sole responsibility for supervising banks, including overseeing and assessing banks’ compliance with enforcement actions.
OCC Assessment of the Need to Require Independent Consultants in an Enforcement Action
The OCC may require a bank to engage an independent consultant to ensure that independent judgment and the requisite expertise are employed when a bank determines the scope and cause of the underlying issues in an enforcement action or when remedial actions are needed. While the use of an independent consultant can help a bank achieve needed compliance, the OCC retains the final decision in determining whether the bank’s corrective actions are sufficient.
The OCC’s decision to require a bank to engage an independent consultant is an exercise of supervisory judgment and depends on the facts and circumstances of each bank, including examination conclusions. When determining whether to require an independent consultant, the OCC considers, among other factors,
OCC Review of the Proposed Consultant
When the OCC determines that an enforcement action requires the use of an independent consultant, the OCC requires the bank to submit information regarding the bank’s due diligence, including the proposed independent consultant’s2 qualifications and terms of engagement. This is a submission from the bank to the OCC requesting a written determination of supervisory no objection to the proposed independent consultant and contract. This requirement allows the OCC to assess whether the bank has conducted appropriate due diligence and whether the independent consultant has the requisite independence, expertise, capacity, and resources to satisfactorily complete the engagement. The OCC reviews the engagement contract to determine whether the scope of the work, the resources dedicated to the project, and the proposed timeline for completion are consistent with the enforcement action. The OCC’s determination to grant supervisory no objection to the proposed independent consultant is based on a full review of the matters addressed below and its informed supervisory judgment given the circumstances of the bank and the deficiencies that gave rise to the enforcement action.
The following is further guidance on three primary areas of consideration.
1. Due Diligence Expected of an Institution in Proposing to Use an Independent Consultant
A bank has an obligation to conduct appropriate due diligence before proposing to the OCC to use an independent consultant pursuant to a requirement in an enforcement action. In conducting due diligence, a bank should be guided by OCC Bulletin 2013-29, “Third-Party Relationships: Risk Management Guide,” as well as by the guidance set forth in this bulletin.
The bank’s submission to the OCC requesting a determination of supervisory no objection to a proposed independent consultant should document its due diligence, including, as appropriate, its evaluation of the qualifications, independence, resources, expertise, capacity, reputation, information security and document custody practices, risk management and reporting, conflicts of interests, and financial viability of the consultant the bank considered. The bank should also require the independent consultant to disclose any professional disciplinary actions; if any have occurred, the bank’s submission should include an evaluation of the impact of such actions on the engagement.
2. Assessing the Independence of the Consultants
As part of its review, the OCC evaluates the bank’s assessment of the independence of the consultant. The objective of this review is to establish that the consultant can perform its work with a high level of objectivity such that the results of the engagement are free of any potential bias and that the work is based on the consultant’s own independent and expert judgment. The OCC’s determination of independence depends on the facts of each case. Any direct conflicts or facts that call into question the independent consultant’s integrity will cause the OCC to disqualify the consultant. Examples of such direct conflicts include the use of a consultant that has previously reviewed the transactions that are to be evaluated in the current review or that has previously assessed the specific policies and procedures related to the violations or practices at issue.
In addition to a direct conflict of interest, a bank should consider whether there is the potential for an appearance of a conflict of interest such that the consultant’s objectivity could be unduly influenced indirectly. In many complex cases, the number of qualified potential consultants may be limited. Accordingly, it may not be possible to ensure that there is no existing or previous relationship with a proposed consultant. In those cases, the OCC considers all material information related to past and present business relationships to ensure that the potential for undue influence does not exist.
The bank’s submission to the OCC should include its assessment of the proposed consultant’s independence by addressing any existing and prior relationships with the bank (and, as appropriate, affiliates or insiders), any potential conflicts of interest, and other relevant factors. The bank should request the independent consultant include in its submissions to the bank assurances that the proposed engagement will not breach any professional restrictions governing conflicts of interest to which it is subject.
When evaluating the independence of a consultant, including whether an actual or potential conflict of interest exists, the bank’s assessments should address, and the OCC considers, among other things, the following factors:
No single factor determines the outcome of the OCC’s assessment; rather, the OCC considers these factors collectively with the goal of ensuring that the services provided by the consultant, including its findings and recommendations, are expert and free of bias.
3. Engagement Contract and Work Plan
The OCC will review the proposed engagement contract and work plan to ensure that the terms are consistent with the requirements of the enforcement action. The OCC’s review includes an assessment of the expertise and resources that the independent consultant commits to the engagement.
The bank should ensure the proposed engagement contract it submits for a determination of supervisory no objection guarantees
OCC Oversight of the Engagement
1. Ongoing or Periodic Oversight
The OCC oversees compliance with the enforcement action and therefore the progress of the engagement through its supervisory authority over the bank. The types and frequency of interactions between the OCC, the bank, and the independent consultant depend on the particular facts and circumstances covered by the enforcement action, expertise and resources of bank management, nature of the independent consultant’s engagement, and timeline for completion of the engagement. In establishing the supervisory strategy for evaluating the bank’s compliance with the enforcement action, the OCC evaluates and plans for appropriate and timely monitoring of the independent consultant’s work. Considerations governing the OCC’s monitoring include the
For example, in some cases the independent consultant plays a limited role in the remedial steps the bank must take to comply with the enforcement action. In such circumstances, the appropriate oversight may involve a limited or moderate level of interaction with the OCC. In other cases, the seriousness of the violation(s) or the complexities involved may require more frequent monitoring and significant interactions among the OCC, the bank, and the independent consultant. These interactions could include periodic reports to and meetings with the OCC to ensure that the engagement is proceeding properly, that management is taking appropriate steps to correct the identified problems, and that the bank has sufficient expertise and appropriate processes to ensure that corrective actions are sustainable.
The OCC may examine the independent consultant’s supporting documentation, analyses, and work papers to ensure that the findings are accurate and complete. If the OCC identifies issues with the scope or progress of the work being performed, the OCC directs the bank to take appropriate remedial actions. In addition, if at any time the OCC determines that the work of the independent consultant is not consistent with the requirements of the enforcement action or the terms of the engagement, the OCC will assess whether to require the parties to modify or terminate the engagement or whether to take other action.
2. Verification or Validation of the Work of the Independent Consultant
As part of the assessment of the bank’s compliance with the enforcement action, the OCC must determine whether the bank has addressed and corrected the violations or deficiencies that formed the basis for the enforcement action. Accordingly, the OCC reviews the independent consultant’s final written report of findings and recommendations to the bank’s board of directors and management. This review gives the OCC the opportunity to assess whether all matters to be reviewed by the independent consultant were adequately addressed. If they were not, the OCC may require that additional work be performed by the bank or the independent consultant.
Once the independent consultant’s final written report and findings have been presented to the bank’s board and reviewed by the OCC, the bank should prepare a plan to address the findings of the independent consultant and to implement the board’s responses. Such plans should be approved by the bank’s board of directors and are subject to OCC review and a written determination of supervisory no objection before they can be implemented. This review allows the OCC to determine whether the underlying violations or deficiencies will be corrected, whether the bank will undertake appropriate remediation as called for in the enforcement action, and whether those corrective actions will be sustainable.3
An independent consultant can play a valuable role in assisting a bank’s management and board of directors in correcting significant violations of law, fraud, or harm to consumers. It is the OCC’s policy to carefully consider whether to require an independent consultant in these cases and, consistent with the standards and processes set forth in this bulletin, to evaluate the consultant’s independence, capacity, resources, and expertise and to monitor the consultant’s performance.
Please direct questions about this guidance to your supervisory office.
John C. Lyons Jr.
Senior Deputy Comptroller and Chief National Bank Examiner
1 Banks should be guided by OCC Bulletin 2013-29, “Third-Party Relationships: Risk Management Guidance” regarding the selection, contractual requirements, and ongoing relationship with independent consultants.
2 The guidance and standards established by the bulletin apply not only to direct consulting relationships between the bank and the independent consultant but also to any subcontracting consultant. Accordingly, if the proposed independent consultant intends to subcontract any part of the engagement, the bank’s due diligence and assessment of the subcontractor, and the contract with the subcontractor, must be included in the bank’s submission to the OCC.
3 Notwithstanding this review, the enforcement action remains in place until the bank is in compliance with all articles in the action. See PPM 5310-3 (REV), “Enforcement Action Policy,” dated September 9, 2011.