The OCC has published a regulatory bulletin (OCC Bulletin No. 33-2013) that provides guidance and establishes standards that the OCC will use when it requires a national bank or federal savings association to engage an independent consultant as part of an enforcement action to address significant violations of law, fraud or harm to consumers. The bulletin issued on November 12 describes how the OCC assesses the need to require a bank to hire an independent consultant in an enforcement action, the expectations for a bank’s due diligence process when retaining an independent consultant, the review of the qualifications of the proposed consultant, the proposed contractual terms of the engagement, and the OCC’s oversight of the performance of the consultant. The bulletin applies to any bank subject to an enforcement action in which the OCC requires the bank to hire an independent consultant to address significant violations of law, fraud, or harm to consumers. The bulletin does not apply when the OCC requires the bank to hire a consultant to provide expertise needed to correct operational or management deficiencies. When the OCC determines that an enforcement action requires the use of an independent consultant to address significant violations of law, fraud, or harm to consumers, the OCC will require the bank to submit information regarding the bank’s due diligence review of the proposed consultant, including the consultant’s qualifications and terms of engagement, according to the bulletin. That submission will be considered to be a request for a written determination from the OCC of supervisory non-objection to the proposed independent consultant and the terms of the contract. According to the bulletin, the OCC expects that a bank’s due diligence will establish that the consultant has sufficient independence, capacity, resources and expertise and that the contract(s) and work plan(s) adequately address the OCC’s supervisory concerns.

Nutter Notes: The OCC has required banks to retain independent consultants to assess compliance with legal requirements in cases involving material violations of law, and when banks are obligated to provide restitution for violations of consumer protection statutes. For example, the OCC has ordered banks to retain independent consultants to address significant deficiencies with Bank Secrecy Act and anti-money laundering (“BSA”) compliance programs, including reviews of BSA staffing, risk assessment and internal controls. The OCC also has ordered reviews by independent consultants of transaction activity to determine whether banks must file suspicious activity reports (“SAR”), whether SARs that have been filed need to be corrected or amended to meet regulatory requirements, or whether additional SARs should be filed to reflect continuing suspicious activity. The OCC has ordered similar reviews of currency transaction reporting. The OCC has ordered reviews by independent consultants to address significant consumer protection law violations, to identify affected consumers, monitor payments to such consumers, and to provide written reports evaluating compliance with remedial provisions in OCC enforcement actions. The OCC has also required banks to engage independent consultants to perform forensic audits in cases where the OCC has concerns about widespread fraud or systemic irregularities in a bank’s books and records. The bulletin points out that the use of an independent consultant does not absolve bank management or a bank’s board of directors of their responsibility for ensuring that all necessary corrective actions are identified and implemented.