It is fair to say that not many, if any, banks have internal controls or policies and procedures to identify and mitigate deficiencies in the bankruptcy practices of banks. Indeed, banks typically rely on their Legal Department or external counsel to make sure banks protect their interests when bank customers file bankruptcy. While the Compliance Department and the Risk Management Department track compliance and risks related to numerous laws, rules and regulations, the Bankruptcy Code and its rules are typically not among those laws and rules. Certainly, it would be unexpected to find a Compliance Department or Risk Management Department that focuses on reviewing bankruptcy notices and filings by bank customers, and the responses by banks to those notices and filings to determine whether the banks filed, among other things, timely and accurate proofs of claim, payment change notices, claims of post-petition mortgage fees, expenses and charges or accurate notices of final cures. It is not unreasonable to think that those areas are all issues for the Bankruptcy Court to address, and for bank counsel to make sure the interests of the banks are protected. Perhaps, Compliance Departments and Risk Management Departments along with Audit Departments should rethink the importance of bank compliance with Bankruptcy laws and rules both as a way to mitigate regulatory risk and as a way to make sure the risk profile of the bank is accurate. As an incentive to do so, banks should consider a recent civil money penalty (CMP) action by the Office of the Comptroller of the Currency (OCC) against U.S. Bank National Association (US Bank).

On April 25, 2017, the OCC imposed a $15 million CMP against US Bank and required US Bank to make approximately $29 million in remediation to approximately 22,000 US Bank accountholders. The basis upon which the OCC took action against US Bank was that:

“Between 2009 and 2014, the Bank committed various errors related to bankruptcy filings, including: (a) untimely, not filed, or inaccurately filed Proofs of Claim; (b) payment application inaccuracies resulting in overpayments by debtors or trustees; (c) untimely and/or inaccurate Payment Change Notices; (d) untimely, and/or inaccurate Post-Petition Mortgage Fees, Expenses, and Charges; (e) inaccurate Notices of Final Cure; (f) exposure of confidential customer information in court-filed documents; and (g) inconsistent application of the Bank’s fee waiver practices.”

The OCC’s action against US Bank should be a second wake-up call for those Compliance Departments, Risk Management Departments and Audit Departments that assume that the Legal Department or external counsel will take care of any risks related to banks compliance with Bankruptcy law, rules and regulations during the Bankruptcy process. The first wake-up call for Compliance Departments and Risk Management Departments should have be the actions taken by the OCC and other federal prudential supervisors (and the Consumer Financial Protection Bureau) against mortgage servicers in connection with an interagency horizontal review of major residential mortgage servicers of the residential real estate mortgage foreclosure processes. In those enforcement actions, the OCC and the other agencies based their actions on deficiencies and unsafe or unsound practices in residential mortgage servicing and in the initiation and handling of foreclosure proceedings.

Clearly, the OCC’s action against US Bank shows that a bank may commit a safety and soundness violation by failing to comply with the Bankruptcy laws and rules. The challenge for banks is to determine what changes need to be made to their internal controls, including their policies and procedures, and what role the Legal Department, the Compliance Department, the Risk Management Department and the Audit Department should play in addressing the deficiencies.

Under the Three Lines of Defense Approach, the Legal Department must be the first line of defense, especially since the Legal Department should either have the expertise or have access to the expertise through external counsel. This means the Legal Department should either have an internal quality control process within the Legal Department or the Legal Department should properly manage and oversee the quality of the work performed by external counsel. Similarly, the Compliance Department and the Risk Management Department, as the second line of defense, should, at a minimum, obtain confirmation from the Legal Department that the Legal Department has engaged qualified and experienced external counsel to protect the interests of the bank. The purpose of the confirmation is both to make sure the Legal Department (and not any line manager) has engaged external counsel and that the Legal Department has assigned one or more attorneys to manage and oversee the bankruptcy legal services performed by external counsel on behalf of the bank. Finally, the Audit Department, as the third line of defense, should audit the Compliance Department to determine whether the Compliance Department has received the appropriate confirmation from the Legal Department and to make sure the Legal Department or the Compliance Department has a process in place to limit or mitigate any risk of a pattern or practice of deficiencies in the bankruptcy practices of the bank.