What is the proper context in which to understand the August 18, 2015 settlement agreement ("Agreement") between Promontory Financial Group, LLC ("Promontory") and the New York State Department of Financial Services ("Department")? Are there lessons in the Agreement for other financial institutions and those that serve as advisors to the industry?

First, some background is necessary. Promontory is a highly regarded financial institution consulting firm founded by former Comptroller of the Currency Eugene Ludwig. Its management and staff include many former high-ranking financial regulators. Vedder Price has referred clients to Promontory for consulting services. Several years ago, Promontory was retained by Standard Chartered Bank to identify transactions that might have occurred in contravention of the OFAC regulations. Reports were submitted by Promontory to the Department. Following a two-year investigation, the Department found fault in the conduct of Promontory, finding that Promontory exhibited a lack of independent judgment in the preparation and submission of certain reports to the Department.

The Agreement is meant to address the deficiencies identified in the investigative report conducted by the Department. In the Agreement, Promontory acknowledges that any report it submits to the Department must be objective and reflect its best independent judgment. In that same document, Promontory also states that it will document in any report submitted to the Department changes made at the suggestion of a client or its counsel. Promontory agrees that, in some instances related to the Standard Chartered Bank engagement, it "did not meet the Department’s current requirements for consultants performing regulatory compliance work for entities supervised by the Department." Promontory also agrees to pay to the Department $15 million, and not to accept any new engagements that would require access to confidential Department examinations or supervision materials for a period of six months.

There are lessons to be learned from this matter. However, these are not new lessons, but lessons that may have already been learned, but must be learned again. Here are some of those lessons:

  1. There is no such thing as a consultant-client privilege. All communications between a bank and its consultants are subject to the right of the bank examiners “to make a thorough examination of all of the affairs of the bank.” This is a power that is backed by the right to subpoena records from third parties, including consultants. Accordingly, there should be no communication between a bank and its consultant that the bank would not want its examiners to review.
  2. E-mail is a useful and convenient means of communication. However, e-mail is not a good medium by which bankers and consultants should vet strategies concerning regulatory matters. The informality with which ideas and strategies are discussed in e-mails can lead to misconstruction. Telephone conferences and face-to-face meetings still have their places in business communications.
  3. Self-reporting is not advocacy. When called upon by a bank regulator to perform any self-reporting task, the report must be both comprehensive and factual. Let the attorneys, not the consultants, perform the advocacy function.
  4. Increasingly, banks are being held responsible for the failure to detect and report the wrongful activity of their customers. As stated by one client in response to this ever increasing burden: “And we don’t even get a badge.” The requirement that a bank must accept policing responsibility over customers is a trend that has steadily grown over the last several decades and shows no sign of abatement.
  5. The fundamental relationship between banks and their regulators continues to become more formal. Having received criticism for being unprepared for the recession, examiners are less willing to resolve matters informally. The bank supervision process can quickly become adversarial.
  6. Escape from the regulatory penalty box can be difficult. As with enforcement actions taken against banks, there is no assurance that the Agreement between the Department and Promontory is the end of this matter. The Agreement makes clear that it does not preclude an action by another federal or state agency or any law enforcement authority. Whether there is more to come remains to be seen.

In conclusion, the action taken against Promontory is best viewed as another dust up between the banking industry and its regulators. As bank regulators demand more policing of customers and self-reporting, the banking industry needs to adapt to the formality that has become a permanent part of the bank supervision process.