Independence of Consultants Pursuant to Regulatory Actions
By now you have, no doubt, heard the concerns expressed by regulators over the need for utmost independence when banks and other financial institutions engage consultants, particularly to test and help remediate regulatory compliance areas such as anti-money laundering. Regulators have made it clear that specific best practices should be followed when consulting firms are engaged to help financial institutions resolve regulatory actions, including consent orders.
- Prior Work Performed: Regulators expect both the financial institution and the consultant to determine and evaluate all prior work performed by the consultant for the financial institution (including non-U.S. affiliates) in the previous 3 years, subject to privilege and confidentiality constraints. There should be documentation that the prior work performed does not impair independence and a transparent disclosure by the financial institution and the consultant to the regulators involved in an associated regulatory action or consent order. The regulators may directly contact the consultant and financial institution if questions are raised over prior work impairing consultant independence.
- Engagement Letter Provisions: Consultants must be subject to an engagement letter with the financial institution that requires the ultimate conclusions and judgments will be that of the consultant based on the exercise of its own independent judgment, taking into account expressed views of the financial institution.
- Regulator Involvement: When work is performed pursuant to a regulatory action or consent order, the consultant and the financial institution shall submit a work plan to the regulators involved setting forth proposed procedures to be followed with a proposed timeline for completion of the work and the location(s) from which transaction and account data will be obtained. Any modifications of the plan shall be submitted to the regulators for approval prior to beginning the modified work plan.
- Open Lines of Communication with Regulators: Regulators expect the consultant to maintain an open line of communication during the engagement with the regulators. There should be named individuals within the regulatory agency and the consultant which will remain in ongoing contact. Any need by the consultant to change the key contact must be communicated in writing to the regulators and the financial institution. The financial institution will consent to contacts between the consultant and regulators outside of the presence of the financial institution when information may be shared including contentious judgments during the engagement. Regulators may prefer a monthly schedule for such meetings.
- Disagreements About Material Matters: If the consultant and financial institution disagree about a material matter during the engagement, such disagreements shall be brought to the attention of the regulators. Material matters may relate to the work plan, a finding by the consultant, and the scope of the review or the interpretation of the engagement letter, to name a few.
- Recommendations Related to Suspicious Activity Reports the Financial Institution Did Not Adopt: Both the consultant and the financial institution shall maintain records of recommendations by the consultant for the financial institution to file Suspicious Activity Reports that the financial institution did not adopt and provide such records to the regulators upon request of the regulators.
- Consultant Issuance of the Final Report: The consultant shall issue the final report. The consultant may share drafts of the final report with the financial institution prior to submission, but the consultant shall issue the final report. The final report shall contain a list of all personnel from the financial institution that the consultant is aware substantively reviewed or comment on the draft of findings.
- Confidentiality Policies and Procedures: The consultant shall have policies and procedures designed to maintain the confidentiality of bank supervisory personnel material and provide that such material will not be shared with anyone not authorized by law or regulation to receive such material.
- Consultant Training on Confidentiality of Regulatory Supervisory Information: Consultants shall develop training for their partners, principals, and employees assigned to the financial institution engagement on the requirements of regulators over the confidentiality of supervisory information obtained from the regulators.
As you can see regulators are becoming more and more prescriptive as to the relationship between financial institutions subject to regulatory actions and consulting firms engaged to perform independent oversight. To resolve such conflicts, many financial institutions are looking to qualified alternative consulting firms with fewer potential independence conflicts.