Home |  Contact |  Site Map

 
  Firm Information  |  Attorneys  |  Industries   |  Practices   |  Publications   |  Seminars   |  Recruiting   |  Resource Centers
 

Resources

2007 Publications
2006 Publications
Archived Publications
Search Publications
 

   Publications

 

Bank Regulatory Enforcement Actions

Jeffery E. Smith
Bricker & Eckler LLP
April 2006

Enforcement actions by bank regulatory agencies have become more prevalent and visible recently, including a number of high-profile formal enforcement actions involving historically very well-regarded, well-managed, and well-capitalized institutions which for years have been viewed as paragons of banking virtue in the financial services industry.

Agencies have been actively utilizing the comprehensive enforcement tools and mechanisms afforded them by the Financial Institutions Reform, Recovery, and Enforcement Act of 1989 ("FIRREA"), as well as a plethora of other federal and state laws and regulations, to address concerns in a variety of areas. The most interesting, and perhaps most frustrating, common factor in many of the recent enforcement initiatives involve regulatory concerns relating to "controls", "risk management" and "corporate governance", which are concepts involving significant subjective judgment by the agencies which can be difficult for bankers to address and resolve. 'While these "risk management" concerns, if real and unaddressed, can and do generate institutional "safety and soundness" issues, by themselves they can be somewhat amorphous and difficult to resolve.

Regulatory enforcement actions generate important challenges, issues, and problems for institutions, particularly when the enforcement actions become public. The impact of public disclosure of regulatory enforcement actions on customers, shareholders, employees, directors and other constituencies can be significant and severe. Banks are in a unique position of vulnerability to public opinion and reputation risk, and the public perception that there are "problems" can trigger the very business concerns which the institution, and the agencies, seek to avoid. And usually at the very worst time for all involved.

Agencies do not necessarily impose increasing pressure through any particular progressive series of enforcement "stages" but are able, at their discretion, to proceed to any combination of formal and informal enforcement action depending on the nature, severity, and perceived immediacy, of their concerns. The increasing severity of the enforcement action generally tracks downgrades in the institution's ratings, and statutory civil money penalties are tiered for increasing levels of non-compliance. Further, certain regulatory enforcement actions become "mandatory" under the "Prompt Corrective Action" requirements of the Federal Deposit Insurance Corporation Improvement Act ("FDICIA"), and agencies can lose some enforcement discretion, and flexibility, upon the occurrence of certain capital-related concerns. While the terms of some actions are "negotiated" between the agency and the institution, in reality there is generally little, if any, room for bank or board input with respect to the level or terms of the enforcement action. That being said, the specific terms of enforcement actions are critical (including the use of certain "trigger" terms by the agencies) and it is recommended that experienced counsel be involved as soon as the institution is made aware of a potential pending action.

Enforcement actions also result in heightened personal liability concerns for directors and other bank-affiliated parties, with increased exposure through potential shareholder claims as well as an increased risk of imposition of civil money penalties by the agencies. The category of individuals subject to enforcement actions ("institution-affiliated parties") was significantly expanded by FIRREA, and includes financial institution directors, officers, employees, controlling shareholders (and others in "control"), as well as independent contractors such as attorneys, appraisers and accountants who participate in inappropriate activities.

Enforcement actions create a unique environment of heightened institutional scrutiny, as well as scrutiny of its management and board, by the media, by shareholders, by regulatory agencies, and by plaintiffs counsel, resulting in perhaps the most challenging business environment at any time in it's institutional history.

It is critical that institution management, and boards, understand what these enforcement actions are, how they work, and how they effect the institution and impact their ongoing daily interaction with the institution and its varied, and sometimes conflicting, constituencies. Regulatory enforcement actions can and do have a wide-ranging impact on more areas of operation of the institution than may be first apparent, and understanding how these actions effect the institution and its constituencies, including management and the board, is critical to mitigate the potentially adverse consequences of these actions.

It is also important to understand that, while certain regulatory enforcement actions remain confidential between the agencies and the institution, others are required to be publicly disclosed by applicable law and regulation. Institutions which are publicly-held may need to address important, and potentially divergent, disclosure concerns where actions which are otherwise not subject to public disclosure nonetheless become so under the requirements of state and federal securities laws. These issues become even more troubling and prominent in the current corporate disclosure environment as evidenced by the Sarbanes-Oxley Act and other corporate governance initiatives, and care must be taken to avoid liability from failure to disclose actions which may be material to the institution and its shareholders. Unfortunately, these issues are often-times analyzed with the benefit of "20-20 hindsight", and institutions are well-advised to seek experienced legal counsel when such issues arise.

As always, the key to dealing with regulatory enforcement actions is to avoid them in the first place. That being said, they are sometimes inevitable and the best protection is to understand how they will impact the institution and its constituencies, and to then buckle down and do what is necessary to comply with the actions and minimize any adverse effects. Cooperation between the board, management, and the agencies is paramount, and by the time enforcement actions have become necessary it is usually not in the best interests of any of the parties to take a hostile or adverse position with the agencies, or to engage in finger-pointing. Most actions reflect real and valid concerns with issues and activities that diligent management and directors should also desire to resolve, and are frankly typically consistent with the best interests of the institution and its constituencies.

Contents of Regulatory Enforcement Actions

The level, and specific terms, of enforcement actions vary depending on the target institution and the nature and extent of the regulatory concerns. Enforcement actions typically require the institution, and/or its management and/or board, to undertake certain designated activities and actions, and/or to avoid or restrict certain designated activities and actions, during a defined period of time, and to provide ongoing progress reports to the agencies which track institutional efforts to implement the requirements of the enforcement action. The enforcement actions, and the impacted activities, are tailored to the issues and concerns of the specific institution.

Potential enforcement subjects are as diverse as the issues which impact the institution, and can include corporate transactional activities (such as suspending pending M&A transactions), corporate governance activities (such as reviewing and adopting appropriate insider trading, ethics, director independence, and audit policies and procedures), operational activities (such as a review of information systems, "controls", audit adequacy, credit policies and procedures, restricting or eliminating dividends, reserve adequacy, liquidity, capital adequacy, asset quality, earnings, etc.), specific management and director concerns (such as competency, succession planning, conflicts, Reg O issues, etc.), as well as any and all other areas of institutional concern which may arise.

It is worth noting that while the recent enactment of the highly-publicized Sarbanes-Oxley Act of 2002 ("Sarbanes") does not have a direct bearing on enforcement actions by banking agencies in the context of publicly-held institutions, it does in fact provide further areas of potential noncompliance for which enforcement actions may be taken by those agencies. Publicly-held banking organizations must comply with Sarbanes, as well as with various NYSE and NASDAQ rules as appropriate for their listing exchange status. As reflected by post-Sarbanes banking agency issuances regarding corporate governance issues for non-public banking institutions, Sarbanes is also importantly indicative of the heightened scrutiny of corporate activities generally in the current business and regulatory environment.

Basic Types of Regulatory Enforcement Actions

The following are highlights of the most common basic bank regulatory enforcement actions, which arc sometimes described as "formal" or "informal". The primary distinction is that "informal" actions are generally not enforceable in court by the agencies, while "formal" actions under Section 1818 of the Title 12 of the U.S. Code are enforceable in a court of law, and respondents are entitled to formal adjudicatory hearings under the Administrative Procedures Act. Interim relief is available to the agencies during the pending proceedings. Irrespective of whether the action is deemed "informal" or "formal", the institution needs to understand what the action requires and how best to address resolving the action and relieving itself of its burdens on a timely basis.

  • General Supervisory Oversight and Examination Reports. U.S. banks are arguably the most highly-regulated industry in the world. The primary, and most common, "enforcement action" is reflected by the regular and "target", or "special", examination process, and the ongoing day-to-day relationship between the institution and relevant regulatory agencies. Agencies cite concerns for response by the institution and its board on an ongoing basis informally in day-to-day interaction, as well as through the examination process, and then view the responses in light of agency expectations. If issues are properly addressed, the matters are closed and the issues deemed resolved. If not, agencies have a variety of arrows in their quiver which they can choose to use to address concerns at their discretion, including exerting increasing pressure through more "formal" enforcement actions which follow. Agency examination reports, and their contents and institutional responses, are strictly confidential and protected vigorously by the agencies. There are significant penalties for disclosing examination reports and their contents.

  • Board Resolutions. The second level of "informal" enforcement action involves the "voluntary" adoption of certain "recommended" resolutions by the board of directors, typically agreeing to take certain actions, or to refrain from certain actions within a stated period of time. These "board resolutions" are distinguished from more formal written enforcement actions in that there is no "written agreement" between the board and the agencies. Again however, agencies have significant discretion in "recommending' adoption of certain resolutions and can always increase the severity of the action to the more "formal" enforcement actions described herein. Board resolutions are typically not public documents, but can trigger SEC disclosure obligations in certain instances, depending on the nature and extent of the board commitments.

  • Memorandum of Understanding ("MOU"). The MOU is historically considered an "informal" enforcement action, and takes the form of a written document which is executed by the institution (and sometimes individual directors), with the agencies which carries with it certain additional agency remedies for lack of compliance. While the MOU is not typically made public, and is historically considered an "informal" enforcement action, some MOU's may involve agreements and commitments by the institution which are "material" for securities law purposes for publicly-held institutions, and which therefore may lead to the need to disclose on a case-by-case basis.

  • Written Agreements. Written agreements between the institution, its individual directors, and the agencies are historically considered "formal" enforcement actions, and are enforceable in court by the agencies. Written agreements are typically required by law to be publicly disclosed by the agencies, and usually trigger securities-related disclosure obligations for publicly-held institutions.

  • Consent Orders. Consent orders are somewhat less common than MOU's, written agreements, and cease and desist orders, and involve a unilateral order, issued by the agencies, directing the institution and/or its management and/or board to take certain corrective actions. Consent orders are required to be publicly disclosed by the agencies, and likewise usually result in securities-related disclosure obligations for public institutions.

  • Cease and Desist Orders ("C&D"). Temporary and permanent C&D's are the highest level of enforcement action taken by the banking agencies as a last resort. They can take the form of consent orders, or can be processed through formal agency charges, hearings, and agency directives. C&D's are required to be publicly disclosed by the agencies, and again usually trigger securities-related disclosures for public institutions.

Other Regulatory Enforcement Options

Other regulatory enforcement options include requiring specific "safety and soundness" plans, imposition of specific capital directives, and declaring an institution to be in "troubled condition". Each of these options has its own unique additional impact, and can be used to place pending transactions on "hold" with respect to a variety of actions and proposed activities; to require agency approval of proposed new directors and officers; to suspend dividends; to terminate payment of "golden parachute" payments; and to address a diverse variety of other regulatory issues and concerns. The "Prompt Corrective Action" requirements of FDICIA can be used for a variety of actions, including capital directives and safety and soundness concerns, and to enforce capital allocations, commitments and support between the parent holding company and sister banks within a multi-bank organization under the cross-guaranty provisions of the FIRREA. Additional enforcement tools and mechanisms include limitations contained in regulatory approvals (such as divestiture conditions in acquisition approvals), suspension, prohibition and removal orders for institution-affiliated parties, as well as termination of insured status.

The Impact of Regulatory Enforcement Actions

The impact of regulatory enforcement actions on an institution and its management and board can be extensive, ranging from predictable increased liability and compliance oversight distractions to very real day-to-day operating issues. While often-times not immediately apparent, enforcement actions often can and do adversely impact the institution and can pose serious challenges to its very ability to recover from the problems which it faces.

Important "conflict of interest" issues may arise in otherwise "normal" relations between holding companies (whose shareholders, as an example, expect to receive dividends for their shares), and subsidiary banks (the source of revenues whose dividend payments may be restricted or eliminated by the enforcement action), and directors who serve on both boards may well find themselves in very difficult conflict positions. Issues also arise in the context of banking regulators who may be demanding increased reserves for asset quality and general capital concerns, while the SEC, creditors, and shareholders at the same time may view such additional reserves as inappropriate.

Institution-affiliated parties are subject to significant personal liability for recovery of certain losses under a diverse variety of state and federal laws and regulations, and for potentially devastating "civil money penalties" for a plethora of potential agency claims. Personal liability issues are not resolved by resigning from the institution assuming the problems have already occurred and institution-affiliated parties remain subject to agency-imposed civil money penalties for up to 6 years following termination of their involvement. Of course it's always better to be part of the resolution than to be perceived as jumping ship when the problems are first identified.

Enforcement actions, and the business and operational problems they reflect, can also adversely impact ongoing activities by institutions through potential required divestitures (as a result of loss of eligibility for "financial holding company" status under the Gramm-Leach-Bliley Act or otherwise), increased finding costs, D&O coverage and cost issues, and bonding eligibility and cost issues, as well as general limitations on certain ongoing or proposed institutional activities.

In addition to facing tiered state and federal statutory penalties, including exposure of up to $1.25 million per day for certain violations, public disclosure of enforcement actions can result in practical business issues (including analyst and investment banker speculation; shareholder, board, and management distraction and factionalizing; predatory moves by competitors with customers and employees) which can trigger further institutional problems. Those problems include depositor (and liquidity) concerns; investor concerns and share value reduction; creditor apprehension (and potential triggering of loan covenants); increased operating costs (including increased professional fees); employee uncertainty and distraction (and resignations); customer uncertainty and concerns; restrictions on ability to service loan customers; reduction in debt and equity ratings; increased cost (and availability) of funding; unwanted advances by potential suitors; splits between directors and management and the development of adverse factions within the groups; shareholder strike suits; increased perceived vulnerability to plaintiffs actions; and general institutional malaise and concern.

Public disclosure of regulatory enforcement actions place the institution and its management and board in a "fishbowl" of media, shareholder, and regulatory scrutiny on a daily basis. As noted previously, banks are uniquely susceptible to public image concerns, and the very notion that an institution is subject to a regulatory enforcement action can trigger a firestorm of public concern which has a very real practical impact on every aspect of institutional operations and can bring about, or exacerbate, the problems which the institution, and the agencies, seek most to resolve.

And, as noted previously, all at the worst possible time for the institution.

Conclusions

The possibility of having to deal with regulatory enforcement actions remains a fact of life for all bankers. The corporate world as a whole is suffering from the unfortunate actions of a few very visible bad players, and the banking world is not exempt from this environment of heightened business and ethical scrutiny.

Institutions and their boards and management must be aware of these issues, and must be prepared to address concerns as they arise. Again, fighting the agencies is generally a losing proposition in the long run (absent some very real and demonstrable agency abuse or factual inaccuracy), and an objective analysis of most enforcement actions tends to reveal the need to address institutional shortcomings which are consistent with the general fiduciary obligations of the board.

It is critical to recognize not only the technical impact of enforcement actions, but the business impact of the actions on virtually all aspects of the institution. The vast majority of enforcement actions do not occur in a vacuum, and are not a surprise. Or at least they should not be.

The best defense is a good offense. Management and boards should be on the watch for telltale agency and auditor "hints", some of which are not very subtle, that they should be taking action to correct potential concerns long before those concerns manifest themselves in actual agency enforcement actions.

And if enforcement actions are unavoidable, as some are, management and boards should avoid the temptation to engage in finger-pointing and second-guessing, and should act quickly and decisively to resolve the concerns in a timely fashion in order to mitigate the potential for costly exposure to the institution and to institution-affiliated parties.

 

 

 

 

Copyright 2005-2008, Bricker & Eckler LLP, all rights reserved.  Please read our Privacy Notice.