Federal Deposit Insurance Corporation
Office of Inspector General
Federal Deposit Insurance Corporation - Office of Inspector General

Enforcement Actions and Professional Liability Claims Against Institution-Affiliated Parties and Individuals Associated with Failed Institutions

This is the accessible text file for FDIC OIG report number Eval-14-002 entitled 'Enforcement Actions and Professional Liability Claims Against Institution-Affiliated Parties and Individuals Associated with Failed Institutions'.

This text file was formatted by the FDIC OIG to be accessible to users with visual impairments.

We have maintained the structural and data integrity of the original printed product in this text file to the extent possbile. Accessibility features, such as descriptions of tables, footnotes, and the text of the Corporation’s comments, are provided but may not exactly duplicate the presentation or format of the printed version.

The portable document format (PDF) file also posted on our Web site is an exact electronic replica of the printed version.

Offices of Inspector General

Federal Deposit Insurance Corporation Board of Governors of the Federal Reserve System and Consumer Financial Protection Bureau Department of the Treasury



Enforcement Actions and Professional Liability Claims Against Institution-Affiliated Parties and Individuals Associated with Failed Institutions

Report Numbers

EVAL-14-002 2014-SR-B-011 OIG-CA-14-012

July 2014

[Letterhead, Offices of Inspector General, FDIC Seal, Federal Reserve Board of Governors - Consumer Financial Protection Bureau Seal, Treasury Inspector General agency seals]

DATE: July 25, 2014

MEMORANDUM TO: Martin J. Gruenberg, Chairman, Federal Deposit Insurance Corporation

Janet L. Yellen, Chair, Board of Governors of the Federal Reserve System

Thomas J. Curry, Comptroller of the Currency, Office of the Comptroller of the Currency

FROM: Fred W. Gibson, Jr. /S/ Principal Deputy Inspector General Federal Deposit Insurance Corporation

Mark Bialek /S/ Inspector General Board of Governors of the Federal Reserve System and Consumer Financial Protection Bureau

Eric M. Thorson /S/ Inspector General Department of the Treasury

SUBJECT: Enforcement Actions and Professional Liability Claims Against InstitutionAffiliated Parties and Individuals Associated with Failed Institutions (Report Numbers: EVAL-14-002; 2014-SR-B-011; OIG-CA-14-012)

Attached is a copy of an evaluation report that the Offices of Inspector General (OIG) recently completed concerning actions that the banking regulators (the Federal Deposit Insurance Corporation—FDIC; the Board of Governors of the Federal Reserve System—FRB; and the Office of the Comptroller of the Currency—OCC) took against individuals and entities in response to actions that harmed financial institutions. The objectives of our evaluation were to:

1. Describe the Regulators’ processes for investigating and pursuing enforcement actions (EA) against institution-affiliated parties (IAP) associated with failed institutions; 2. Describe the FDIC’s process for investigating and pursuing professional liability claims (PLC) against individuals and entities associated with failed institutions and its coordination with the FRB and OCC; 3. Determine the results of the Regulators’ efforts in investigating and pursuing EAs against IAPs and the FDIC’s efforts in pursuing PLCs; and 4. Assess key factors that may impact the pursuit of EAs and PLCs.

As discussed in our report, the Regulators have established formal processes for investigating and imposing EAs on IAPs whose actions harmed institutions, and the FDIC has done the same for investigating and pursuing PLCs. During the 5-year period from 2008-2012, 465 institutions failed. As of September 30, 2013, the Regulators had issued 275 EAs against individuals associated with 87 of those failed institutions, and the FDIC had completed 430 PLCs and had an additional 305 pending a final result—many pertaining to directors and officers—based on litigation or negotiation.

The report contains seven recommendations intended to strengthen the FDIC, FRB, and OCC’s programs for pursuing EAs and the FDIC’s program for pursuing PLCs and to address factors that appeared to impact the Regulators’ ability to pursue such actions. Of the seven recommendations, two were applicable to all three agencies, one was applicable to the FRB and OCC, and four were applicable to the FDIC. Regarding EAs, we recommended that the:

- FDIC, FRB, and OCC further examine methodologies to support EAs that permanently ban from banking, those individuals whose actions harmed financial institutions based on a willful or continuing disregard for the safety or soundness of the institutions; - FDIC, FRB, and OCC address differences in how they notify each other when initiating EAs; - FDIC consider the use of cease and desist orders against individuals as an additional enforcement tool to address safety and soundness issues; and - FDIC issue written guidance on the issuance and publication of letters to individuals who were convicted of certain crimes.

Regarding PLCs, we recommended that the:

- FDIC research ways to make institutions more aware of, and mitigate the impact of, exclusions in financial institutions’ insurance policies that prevent or attempt to prevent the FDIC, as Receiver, from recovering on PLCs; - OCC and FRB inform their regulated institutions about the risks related to insurance policy exclusions; - FDIC provide more institution-specific information about PLC expenses and recoveries to members of its Board of Directors.

Comments from your respective agencies on a draft of this report were responsive to the recommendations and adequately described planned actions to be taken.

If you have questions concerning this report or would like to schedule a meeting to further discuss our evaluation results, please contact E. Marshall Gentry, FDIC OIG, at (703) 562-6378; Melissa Heist, FRB OIG, at (202) 973-5024; or Marla A. Freedman, Department of the Treasury OIG, at (202) 927-5400. Thank you for your assistance with this evaluation.

Attachment

Contents

Evaluation Objectives and Approach

Results in Brief

Background The 2008 Financial Crisis

Enforcement Actions Against Individuals Tools to Hold Individuals and IAPs Accountable The Regulators’ EA Processes EA Activity from 2008-2012 Factors Impacting the Pursuit of EAs Other Matters Pertaining to EAs

Professional Liability Claims Against Individuals and Entities The FDIC’s Program and Process for Investigating and Pursuing PLCs PLC Activity from 2008-2012 Factors Impacting the Pursuit of PLCs Other Matters Pertaining to PLCs

Agency Comments and OIG Evaluation

Appendices

1. Objectives, Scope, and Methodology 2. Regulators’ Processes for Pursuing EAs and PLCs 3. Glossary of Terms 4. Regulators’ Responses 5. Major Contributors to this Report 6. Final Report Distribution

Tables

1. Institution Failures: 2008-2012 2. Enforcement Actions Against IAPs Pertaining to 465 Failed Institutions 3. Description of PLC Types 4. PLCs Pertaining to 465 Failed Institutions 5. D&O Insurance Policies with Regulatory Exclusions 6. FDIC PLC Recoveries and Expenses: 2008-2013

Figure

1. Institution Failures, EAs Issued, and PLCs Completed

[End of Contents section]

Acronyms and Abbreviations

ALJ Administrative Law Judge Board Board of Directors BS&R FRB’s Division of Banking Supervision and Regulation CMP Civil Money Penalty CRC Case Review Committee DIF Deposit Insurance Fund D&O Director and Officer Downey Downey Savings and Loan Association, FA DOJ Department of Justice DRR FDIC’s Division of Resolutions and Receiverships EA Enforcement Action FDI Act Federal Deposit Insurance Act FDIC Federal Deposit Insurance Corporation FDICIA Federal Deposit Insurance Corporation Improvement Act of 1991 FRB Board of Governors of the Federal Reserve System FSB Federal Savings Bank IAP Institution-Affiliated Party IndyMac IndyMac Bank, FSB LLC Limited Liability Company MLR Material Loss Review MOU Memorandum of Understanding NCUA National Credit Union Administration OCC Office of the Comptroller of the Currency OIG Office of Inspector General OTS Office of Thrift Supervision PFR Primary Federal Regulator PLC Professional Liability Claim PLU FDIC’s Professional Liability Unit RMS FDIC’s Division of Risk Management Supervision SAR Suspicious Activity Report SOL Statute of Limitations Treasury Department of the Treasury U.S.C. United States Code WSRC OCC’s Washington Supervision Review Committee

[End of Acronyms and Abbreviations section]

[Letterhead, OIG Evaluation Report, Federal Deposit Insurance Corporation Board of Governors of the Federal Reserve System and Consumer Financial Protection Bureau Department of the Treasury]

July 25, 2014

Martin J. Gruenberg, Chairman Federal Deposit Insurance Corporation

Janet L. Yellen, Chair Board of Governors of the Federal Reserve System

Thomas J. Curry, Comptroller of the Currency Office of the Comptroller of the Currency

The federal banking regulators (Regulators)1 have strong enforcement powers under section 8 of the Federal Deposit Insurance Act (FDI Act) to address violations of law, breaches of fiduciary duty, or unsafe and unsound practices. The 2008 financial crisis had a profound and lasting impact on the banking industry and broader economy, resulting in the failure of 465 insured depository institutions (or institutions) through 2012 and losses totaling $86.6 billion to the Deposit Insurance Fund (DIF). In the wake of the crisis, members of Congress, the media, and the general public have questioned whether the Regulators have sufficiently used these powers to hold accountable, individuals whose actions harmed institutions.

Footnote 1: The Regulators discussed in this report are the Federal Deposit Insurance Corporation (FDIC), the Board of Governors of the Federal Reserve System (FRB), the Office of the Comptroller of the Currency (OCC), and the former Office of Thrift Supervision (OTS). The OCC is a bureau of the Department of the Treasury (Treasury). Effective July 21, 2011, the OTS was abolished and its functions were transferred to the OCC, FDIC, and FRB.

To that end, this report presents the results of our joint evaluation of (1) the Regulators’ efforts to investigate, pursue, and impose enforcement actions (EAs) against institution-affiliated parties (IAP) and (2) the FDIC’s efforts to pursue professional liability claims (PLCs) against individuals and entities whose actions harmed institutions that ultimately failed.

EAs address practices, conditions, or violations of law committed by IAPs that, if continued, could result in loss or damage to an institution. EAs can bar individuals from engaging in banking activities for life, impose monetary penalties, and/or require administrative restitution for losses incurred by institutions.

PLCs are civil claims based on tort and breach of contract that seek recovery for damages caused by former employees or professionals who worked for or provided services to the failed institution. The FDIC as Receiver for failed institutions, pursues PLCs and collects civil judgments for receiverships. For the purposes of our report, references to the FDIC in relation to PLC responsibilities refer to the FDIC in its receivership capacity and not in its corporate capacity as regulator and deposit insurer.

[End of section]

Evaluation Objectives and Approach

The objectives of our joint evaluation were to:

1. Describe the Regulators’ processes for investigating and pursuing EAs against IAPs associated with failed institutions;

2. Describe the FDIC’s process for investigating and pursuing PLCs against individuals and entities associated with failed institutions and its coordination with the FRB and OCC;

3. Determine the results of the Regulators’ efforts in investigating and pursuing EAs against IAPs and the FDIC’s efforts in pursuing PLCs; and

4. Assess key factors that may impact the pursuit of EAs and PLCs.

To address our objectives, we reviewed pertinent laws, regulations, policies, and procedures; researched EA and PLC activity pertaining to failed institutions; interviewed Regulator officials; and assessed coordination efforts within and among the Regulators. Our evaluation focused on the 465 institution failures that occurred during the 5-year period from 2008-2012. These institutions were regulated by the FDIC, FRB, OCC, and OTS. Portions of our testing focused on a judgmental sample of 63 of the 465 failed institutions that included the highest loss rates as a percentage of total assets, and on which we performed material loss reviews (MLR).2 Footnote 2: The 63 institutions consisted of 20 whose primary federal regulator (PFR) was the FDIC, 23 whose PFR was the FRB, and 20 whose PFR was the OCC. Specific details on how this sample was selected are provided in Appendix 1: Objectives, Scope, and Methodology.

The EAs and PLCs discussed in this report covered the time period from January 1, 2008 through September 30, 2013. The data in this report is current as of September 30, 2013, unless otherwise noted.

The Regulators have also imposed formal and informal EAs and other sanctions against financial institutions, and provided information or referred criminal matters to the Department of Justice (DOJ), which pursues criminal remedies. However, these activities were not included in the scope of our review, which focused on EAs against IAPs.

Appendix 1 includes additional detail on our objectives, scope, and methodology, including our sample selections. Appendix 2 contains flowcharts depicting the Regulators’ EA and PLC processes. Appendix 3 contains a glossary of terms used in this report. Those terms, where first used, are underlined. Additional appendices include the Regulators’ comments on this report, contributors to this report, and a report distribution list.

We performed this evaluation from April 2013 through January 2014 in accordance with the Council of the Inspectors General on Integrity and Efficiency’s Quality Standards for Inspection and Evaluation.

[End of section]

Results in Brief

Enforcement Actions. EAs against IAPs include removal/prohibition orders, civil money penalties (CMP), administrative restitution, and personal cease and desist orders. Removal/prohibition orders are the most severe actions and prohibit an IAP from participating in the affairs of any insured depository institution for life. Accordingly, the statutory criteria for sustaining a removal/prohibition order are rigorous and the Regulators must prove three grounds: misconduct, effect of the misconduct, and culpability for the misconduct. To prove culpability, the Regulators must show that the IAP exhibited personal dishonesty or a willful or continuing disregard for the safety or soundness of an institution. Proving willful or continuing disregard is particularly difficult, according to the Regulators.

The Regulators each have similar, formal processes to investigate and impose EAs on IAPs whose actions harmed institutions. These processes generally include an investigative period, agency review, an opportunity for the IAP to consent to the action, and a Notice of Charges if the IAP does not consent. A Notice of Charges triggers a review by an Administrative Law Judge (ALJ), followed by an agency decision, and potentially an IAP appeals process. Various divisions and offices within each agency coordinate with each other in pursuing EAs.

The Regulators issued 275 EAs against individuals associated with 87 failed institutions, or 19 percent of the 465 institutions that failed. The majority of these EAs were imposed against institution directors and officers. As of September 30, 2013, potential EAs against IAPs were in-process related to an additional 59 failed institutions. These EAs will ultimately be closed-out or imposed.

Of the total 275 EAs imposed, 128 were removal/prohibition orders against IAPs associated with 75 institutions (16 percent of the 465 failed institutions). This is an increase over the banking crisis of the 1980s and early 1990s where the Regulators imposed removal/prohibition orders against IAPs associated with about 6 percent of the institutions that failed from 1985 through 1995.

Removal/prohibition orders may be based on personal dishonesty or willful or continuing disregard for the safety or soundness of the institution. Most of the removal/prohibition orders issued by the Regulators included personal dishonesty as a basis for the action. The Regulators brought very few removal/prohibition orders based solely on willful or continuing disregard for safety or soundness. In this respect, we observed that most of our MLRs concluded that management did not operate institutions in a safe and sound manner, which contributed to institution failure. Most commonly, we reported that these failures were caused by the institutions’ management strategy of aggressive growth that concentrated assets in commercial real estate loans, which was often coupled with inadequate risk management practices for loan underwriting, credit administration, and credit quality review.3

Footnote 3: Comprehensive Study on the Impact of the Failure of Insured Depository Institutions, Report EVAL-13-002, dated January 2013.

Several factors appeared to impact the Regulators’ ability to pursue EAs against IAPs. Those factors included the rigorous statutory criteria for sustaining removal/prohibition orders; the extent to which each Regulator was willing to use certain EA tools, such as personal cease and desist orders; the Regulators’ risk appetite for bringing EAs; EA statutes of limitation (SOL); and staff resources, among other things. In connection with these factors, we are making recommendations related to evaluating approaches and developing methodologies to support issuing EAs against IAPs where the Regulators can show that IAPs exhibited a willful or continuing disregard for safety or soundness and increasing the use of personal cease and desist orders.

We also identified other matters warranting the Regulators’ attention. Specifically, the FDIC should issue guidance on the issuance and publication of letters to individuals who were convicted of certain crimes. In addition, the Regulators should address differences in how they notify each other when initiating EAs against IAPs and depository institutions.

Professional Liability Claims. The purpose of the professional liability program is to maximize recoveries to receiverships and hold accountable directors, officers, and other professionals that caused losses to failed depository institutions. The FDIC investigates PLCs pertaining to all failed depository institutions, regardless of whether the PFR was the FDIC, FRB, OCC, or OTS.

When an institution fails, the FDIC acquires a group of legal rights, titles, powers, and privileges, which include PLCs. The FDIC’s Professional Liability Unit (PLU) is responsible for the FDIC’s Professional Liability Program. PLU and the Investigations Department within the FDIC’s Division of Resolutions and Receiverships (DRR) investigate 11 claim areas for each institution failure and pursue PLCs that are both meritorious and expected to be cost-effective. For a PLC to have merit, the FDIC must meet the burden of proof required by the federal or state law that applies to the claim. For a typical tort claim, the FDIC generally must show that the subject individual or entity owed a duty to the institution, breached that duty, and the breach caused a loss to the institution. Officials told us that the threshold for misconduct to sustain a PLC can be lower than that for a removal/prohibition order.

To collect on these claims, the FDIC typically must sue the professionals responsible for the losses resulting from their breaches of duty to the failed institution. Recovery sources include liability insurance policies, fidelity bond insurance policies, and the assets of the individuals or entities pursued.

The FDIC has a formal process for investigating and pursuing PLCs. During 2013, the FDIC made significant improvements in the coordination and sharing of PLC information between the PLU and Enforcement groups, other FDIC divisions and offices, and the other PFRs.

The FDIC completed 430 PLCs4 and had an additional 305 pending a final result based on litigation or negotiation as of September 30, 2013. In total, the 735 completed and pending PLCs were associated with 193 of the 465 failed institutions (42 percent).

Footnote 4: Completed PLCs comprised settlements and court judgments to pay the FDIC and cases dismissed by the courts. Of the 430 completed PLCs, 379 resulted from settlements, 32 resulted from court judgments, and 19 were dismissed. Table 4 provides additional detail on the PLCs pertaining to the 465 failed institutions.

Of the 735 completed and pending PLCs, 162 pertained to directors and officers associated with 154 of the 465 failed institutions (33 percent). During the banking crisis of the 1980s and early 1990s, the FDIC brought claims against directors and officers in 24 percent of the failed institutions.

A key factor impacting the pursuit of PLCs was an increasing number of exclusions that insurers inserted into insurance policies, which excluded or attempted to exclude coverage for claims made by the FDIC. Other factors include meeting applicable federal or state law standards in support of meritorious claims, limited recovery resources, and a court decision pertaining to another agency that resulted in the FDIC limiting its use of tolling agreements to extend the SOL on PLCs.

We are recommending that the FDIC research ways to make institutions more aware of, and mitigate the impact of, insurance policy exclusions. In addition, we are recommending that the OCC and FRB inform their regulated institutions about the risks related to insurance policy exclusions.

In evaluating the FDIC’s PLC process, we noted improvements that could be made in the Corporation’s tracking and reporting of PLC expense and recovery information. In that regard, our report includes a recommendation that the FDIC take steps to provide more institutionspecific information to members of its Board of Directors (Board).

[End of section]

Background

Section 8 of the FDI Act grants authority to the Regulators to impose formal EAs against IAPs and depository institutions. Each of the Regulators has enforcement units within their legal divisions that administer and develop EAs against IAPs. These enforcement units work closely with risk management examiners to develop evidence to support EAs. The Regulators have jurisdictional authorities as follows:

- The FDIC is authorized to impose EAs against IAPs of statechartered institutions that are not members of the Federal Reserve System. There were 289 failed state nonmember institutions within the scope of our review. The FDIC, as insurer, is also authorized to use its back-up enforcement authority under certain circumstances to impose EAs against IAPs of any insured depository institution.

The FRB is authorized to impose EAs against IAPs of statechartered institutions that are members of the Federal Reserve System and bank holding companies.5 There were 49 failed state member institutions supervised by the FRB within the scope of this review.

- The OCC is authorized to impose EAs against IAPs associated with (1) national banks, (2) federal branches and agencies of foreign institutions, and (3) federally chartered savings associations and their subsidiaries. There were 79 failed national banks within the scope of our review.

Footnote 5: The FRB also has authority to impose EAs against IAPs of nonbank subsidiaries of bank holding companies, Edge Act and agreement corporations, and certain foreign banking organizations.

The FDIC’s PLU is responsible for the FDIC’s Professional Liability Program. PLU and DRR investigate every institution failure and pursue PLCs that are both meritorious and expected to be cost-effective.

The FDIC’s PLU was formed in 1989 and the FDIC’s authority to pursue PLCs comes from requirements in the FDI Act to maximize recoveries from receivership assets.

The 2008 Financial Crisis

Following years of poor underwriting practices and aggressive growth, the residential and commercial real estate markets declined significantly in 2007, setting off a string of events that led to a full-blown financial crisis. The 2008 financial crisis resulted in the collapse of large entities such as Lehman Brothers, necessitated government assistance to other institutions, and led to the failure of 465 institutions through December 31, 2012, and associated DIF losses of $86.6 billion.

When an institution’s failure results in a material loss to the DIF, the FDI Act requires the appropriate Inspector General to conduct an MLR to determine the cause of the failure and assess the regulator’s supervision of the institution. Many of our MLRs concluded that management did not operate institutions in a safe and sound manner, which contributed to institution failures. Table 1 depicts the number of failed institutions and MLRs conducted.

Table 1: Institution Failures: 2008-2012

Row 1 Year: 2008 FDIC: 14 FRB: 1 OCC: 5 OTS: 5 Total: 25

Row 2 Year: 2009 FDIC: 79 FRB: 16 OCC: 25 OTS: 20 Total: 140

Row 3 Year: 2010 FDIC: 99 FRB: 17 OCC: 23 OTS: 18 Total: 15

Row 4 Year: 2011 FDIC: 64 FRB: 11 OCC: 12 OTS: 5 Total: 92

Row 5 Year: 2012 FDIC: 33 FRB: 4 OCC: 14 OTS: 0 Total: 51

Row 6 Total FDIC: 289 (96 MLRs) FRB: 49 (23 MLRs) OCC: 79 (OCC and OTS have a combined 53 MLRs) OTS: 48 (OCC and OTS have a combined 53 MLRs) Total: 465

Source: Analysis of information obtained from the FDIC’s Division of Finance. * The 53 MLRs covered 26 OCC supervised institutions and 27 OTS-supervised institutions.

[End of table]

Consistent with the increase in failures, and starting in 2009, there was an increase in the number of issued EAs and completed PLCs. The increase in EAs and PLCs lagged behind the increase in institution failures due to the amount of time that it takes to investigate and process these actions. Figure 1 presents statistics on the number of institution failures and number of EAs and PLCs associated with failed institutions.

Figure 1: Institution Failures, EAs Issued, and PLCs Completed

[To view figure 1 refer to pdf version of this report] [Bar graph]

Year: 2008 Failures: 23 PLCs: 15 EAs: 18

Year: 2009 Failures: 140 PLCs: 62 EAs: 43

Year: 2010 Failures: 157 PLCs: 78 EAs: 60

Year: 2011 Failures: 92 PLCs: 80 EAs: 54

Year: 2012 Failures: 49 PLCs: 130 EAs: 64

Year: 2013 (through Sept.) Failures: 21 PLCs: 70 EAs: 40

Source: FDIC OIG analysis of FDIC, FRB, and OCC data. Note: An EA typically pertains to one individual but sometimes multiple individuals. A PLC typically pertains to multiple individuals and entities.

[End of figure 1]

[End of section]

Enforcement Actions Against Individuals

Tools to Hold Individuals and IAPs Accountable

The primary means for addressing supervisory concerns at institutions is through the ordinary course of routine examinations. However, when a supervised institution exhibits unsafe or unsound practices or where the practice or an alleged violation of law is so widespread or serious that normal recourse to ordinary supervisory methods are not appropriate or sufficient, the Regulators may use their authority to take formal EAs against institutions or IAPs.

An IAP includes a director, officer, employee, or controlling shareholder of, or agent for, an institution as well as an independent contractor (such as an attorney, appraiser, or accountant). The Regulators have broad discretion in determining the appropriate enforcement remedies to address misconduct committed by insiders and deter others from performing illegal acts. These remedies are listed below.

Removal/Prohibition Orders. Pursuant to section 8(e)(1) of the FDI Act, these orders result in the removal of IAPs from banking and prohibit them from participating in any affairs of any insured depository institution for life. This remedy imposes an industry-wide ban designed to protect the banking industry. The SOL to commence these actions6 is generally 5 years from the date of the misconduct or the date the institution incurred a loss.

To pursue these actions, the Regulators must obtain evidence of three grounds, each of which contain several elements, as described below. At least one element from each of the three grounds must be proven to pursue this EA.

- Misconduct

o The individual violated any law or regulation, cease-anddesist order that has become final, written agreement, or condition imposed in writing by a federal banking agency in connection with any action on any application, notice, or request by the institution or IAP; o The individual engaged or participated in any unsafe or unsound practice in connection with the institution; or o The individual committed or engaged in any act, omission, or practice constituting a breach of that person’s fiduciary duty.

- Effect of the Misconduct

o The institution suffered or will probably suffer financial loss or other damage, o Interests of the institution’s depositors have been or could be prejudiced, or o The individual received financial gain or other benefit.

- Culpability for the Misconduct

o The individual exhibited personal dishonesty, or o The individual demonstrated a willful or continuing disregard for the safety or soundness of the institution.

Civil Money Penalties. Pursuant to section 8(i)(2) of the FDI Act, the Regulators may impose CMPs on IAPs or depository institutions for engaging in improper conduct while employed or contracted by an institution. Collections resulting from all CMPs are remitted to the Treasury. The SOL to commence these actions is generally 5 years from the date of the misconduct and the SOL to collect is generally 5 years after an order is issued.

For most misconduct, CMPs are divided into three tiers with increasingly higher penalties for more egregious conduct. Penalties associated with tiers 1, 2, and 3 can be as high as $7,500, $37,500, and $1,425,000, respectively, per day for each day of the violation. The FDI Act requires Regulators to consider four mitigating factors in determining the appropriateness of a penalty: (1) the available resources and good faith of the person charged, (2) the gravity of the violation, (3) the history of previous violations, and (4) such other matters as justice may require.

Administrative Restitution. Section 8(b)(6) of the FDI Act grants the Regulators the authority to issue cease and desist orders requiring IAPs to make restitution to repay losses incurred by institutions as a result of their actions. Collections resulting from restitution orders are paid to the institutions unless they failed, in which case, they are paid to the FDIC. There is no express SOL to bring these orders.

To pursue administrative restitution, the Regulators must prove that:

- The IAP or depository institution was unjustly enriched (e.g., accepted and retained a benefit) in connection with a violation or practice; or

- The violation or practice involved a reckless disregard for the law or any applicable regulations or prior order of the appropriate federal banking agency.

Cease and Desist Orders. A cease and desist order pursuant to section 8(b) of the FDI Act is a supervisory response to an immediate, present, or ongoing unsafe and unsound practice, violation of law or regulation, or violation of written condition on the part of a depository institution or IAP, in an attempt to control and put a stop to the behavior or practice that is harming an institution. These orders require parties to stop engaging in certain violations or practices and affirmative action to correct the conditions resulting from any such violation or practice. Affirmative action may require an institution or IAP to make restitution or provide reimbursement, indemnification, or a guarantee against loss.

While cease and desist orders are often issued to institutions, they may also be issued to IAPs (herein referred to as personal cease and desist orders). There is no express SOL to commence cease and desist orders; however, the Regulators lose the ability to commence an action against an individual 6 years after the individual leaves the subject institution.

To pursue personal cease and desist orders, the Regulators must prove that the IAP:

- Is engaging in, has engaged, or is about to engage in an unsafe or unsound practice pertaining to a depository institution, or

- Is violating, has violated or is about to violate a law, rule, regulation, or any condition imposed in writing.

The OCC and FRB issue (and the OTS issued) personal cease and desist orders against IAPs. However, the FRB had not issued any such orders pertaining to the failed institutions under its supervision that were included in this evaluation. As discussed later in this report, the FDIC currently does not use personal cease and desist orders.

Formal Letters. In addition to pursuing the EAs against IAPs discussed above, the Regulators have issued formal letters7 to individuals who were convicted of covered offenses, pursuant to section 19 of the FDI Act (12 U.S.C. § 1829). Section 19 generally prohibits a person convicted of any criminal offense involving dishonesty, breach of trust, or money laundering (covered offenses) from working in any affairs of an insured depository institution or bank holding company. The ban is for life unless an exception is granted through consent by the FDIC. For certain offenses, an exception cannot be granted for 10 years following the date of conviction, except by order of the sentencing court.

Footnote 7: The FDIC and FRB refer to formal letters as section 19 letters and the OCC refers to them as 1829 prohibition letters. For simplicity, this report uses the term formal letters.

Formal letters reiterate existing prohibitions and do not impose any additional constraints. If after receiving a formal letter, a person reenters the banking industry in violation of 12 U.S.C. § 1829, he or she does so “knowingly,” and may therefore be subject to criminal sanctions and/or penalties.

The Regulators typically identify such persons by reviewing suspicious activity reports (SAR), through routine bank examinations, from institution personnel, or as a result of the prosecution process initiated by DOJ or other law enforcement officials. EA investigations may also identify a condition warranting a formal letter.

The Regulators may elect to issue a formal letter in lieu of a removal/prohibition order. FDIC officials prefer to impose a removal/prohibition order, if appropriate, but may issue a formal letter if the FDIC learns of an offense after a removal/prohibition SOL has expired or when it is otherwise unable to impose a removal/prohibition order. The OCC considers whether there was a related prohibited transaction amounting to at least $5,000 when deciding whether to issue a formal letter. The FRB will consider issuing a formal letter if it learns of a conviction or a plea agreement involving certain criminal offenses related to the individual’s role at the banking organization.

The Regulators’ EA Processes

The FDIC, FRB, and OCC each have a formal process for pursuing EAs and a flowchart of each Regulator’s process is provided in Appendix 2.

There are several similarities in each Regulator’s process for investigating and pursuing EAs against IAPs. The Regulators generally identify issues that may warrant EAs through routine oversight activities such as conducting examinations and reviewing SARs, from institution employees and customers, and from contact with other supervisory agencies or law enforcement officials. After reviewing the initial information, the Regulators may initiate an investigation if they believe there is sufficient evidence to pursue an EA. As part of the investigation, the Regulators interview witnesses, take sworn testimonies, and compel the production of relevant documents necessary to establish a legal basis for an EA. If there is sufficient evidence, the Regulators provide the respondents with the opportunity to consent to an EA. Most cases are settled through consent.

If the respondent refuses to consent, the Regulator files a Notice of Charges against the IAP with the Office of Financial Institution Adjudication8 and an administrative hearing process is initiated. The ALJ assigned to the Regulators reviews the case documents, the IAP has an opportunity to respond to the Notice of Charges, a public hearing is held, and the ALJ issues a recommended decision. The FDIC’s Board, the FRB, or the Comptroller of the Currency reviews the case materials, the ALJ’s recommendation, and makes a final decision about whether to issue an order against an IAP.9 Respondents have the right to appeal to the federal courts.

Footnote 8: The Office of Financial Institution Adjudication is an executive body charged with overseeing administrative enforcement proceedings of the FDIC, FRB, OCC, and National Credit Union Administration (NCUA). One ALJ is assigned to and hears all cases presented by the FDIC, FRB, OCC, and NCUA. This ALJ reports to an oversight committee comprised of members from the FDIC, FRB, OCC, and NCUA.

Footnote 9: For the EAs discussed in this report that went before an ALJ, all of the Regulators have upheld the ALJ’s recommended actions in making the final decision on whether to pursue EAs.

Throughout the process, various divisions within each Regulatory agency coordinate with each other. If at any point the Regulators determine that there is insufficient information to pursue an EA, it is closed out. The Regulators publicize EA activity, in accordance with section 8(u) of the FDI Act and report EA activity to their agency’s executive management and in their annual reports, which are provided to Congress.

Beginning in 2010, the FDIC established expectations for the timely handling and disposition of cases once they have been opened and has consistently met these expectations. The FRB and OCC do not have or plan to establish similar metrics.

EA Activity from 2008-2012

For the 465 institutions that failed from 2008 through 2012, the Regulators issued a total of 275 EAs pertaining to 87 institutions (19 percent), as follows:

- 128 removal/prohibition orders, - 120 CMPs, - 8 administrative restitution orders, and - 19 personal cease and desist orders.

Additionally, as of September 30, 2013, the FDIC, FRB, and OCC had potential EAs against IAPs in-process at an additional 59 institutions. These EAs will ultimately be imposed or closed-out.

The FRB and OCC issued formal letters to 14 individuals affiliated with 9 failed institutions. The FDIC and OTS had not issued any formal letters associated with the failed institutions that they supervised.

In two instances, the FDIC used its back-up enforcement authority under section 8(t) of the FDI Act and the Federal Deposit Insurance Corporation Improvement Act of 1991 (FDICIA) to pursue EAs against five former directors and officers from two institutions that were previously regulated by the OTS.

Table 2 shows EAs imposed against IAPs by each of the Regulators.

Table 2: Enforcement Actions Against IAPs Pertaining to 465 Failed Institutions

Row 1 Sanction: Removal/Prohibition Order Regulator: FDIC EA Activity, IAPs:86a EA Activity, Associated Institutions: 53a Total - All Regulators by EA Type (adjusted for duplication): 128 EAs issued to IAPs associated with 75 institutions.

Row 2 Sanction: Removal/Prohibition Order Regulator: FRB EA Activity, IAPs: 4 EA Activity, Associated Institutions: 2 Total - All Regulators by EA Type (adjusted for duplication): 128 EAs issued to IAPs associated with 75 institutions.

Row 3 Sanction: Removal/Prohibition Order Regulator: OCC EA Activity, IAPs: 19b EA Activity, Associated Institutions: 14b Total - All Regulators by EA Type (adjusted for duplication): 128 EAs issued to IAPs associated with 75 institutions.

Row 4 Sanction: Removal/Prohibition Order Regulator: OTSd EA Activity, IAPs: 19 EA Activity, Associated Institutions: 7 Total - All Regulators by EA Type (adjusted for duplication): 128 EAs issued to IAPs associated with 75 institutions.

Row 5 Sanction: Civil Money Penalty Regulator: FDIC EA Activity, IAPs: 63 for $4.1 million EA Activity, Associated Institutions: 26 Total - All Regulators by EA Type (adjusted for duplication): 120 EAs issued to IAPs associated with 42 institutions.

Row 6 Sanction: Civil Money Penalty Regulator: FRB EA Activity, IAPs: 0 EA Activity, Associated Institutions: 0 Total - All Regulators by EA Type (adjusted for duplication): 120 EAs issued to IAPs associated with 42 institutions.

Row 7 Sanction: Civil Money Penalty Regulator: OCC EA Activity, IAPs: 28 for $1.69 millionb EA Activity, Associated Institutions: 12b Total - All Regulators by EA Type (adjusted for duplication): 120 EAs issued to IAPs associated with 42 institutions.

Row 8 Sanction: Civil Money Penalty Regulator: OTSd EA Activity, IAPs: 29 for $195,500 EA Activity, Associated Institutions: 5 Total - All Regulators by EA Type (adjusted for duplication): 120 EAs issued to IAPs associated with 42 institutions.

Row 9 Sanction: Administrative Restitution Regulator: FDIC EA Activity, IAPs: 5 for $284,000 EA Activity, Associated Institutions: 2 Total - All Regulators by EA Type (adjusted for duplication):8 EAs issued to IAPS associated with 5 institutions.

Row 10 Sanction: Administrative Restitution Regulator: FRB EA Activity, IAPs: 0 EA Activity, Associated Institutions: 0 Total - All Regulators by EA Type (adjusted for duplication):8 EAs issued to IAPS associated with 5 institutions.

Row 11 Sanction: Administrative Restitution Regulator: OCC EA Activity, IAPs: 3 for $728,000 EA Activity, Associated Institutions: 3 Total - All Regulators by EA Type (adjusted for duplication):8 EAs issued to IAPS associated with 5 institutions.

Row 12 Sanction: Administrative Restitution Regulator: OTScd EA Activity, IAPs: 0 EA Activity, Associated Institutions: 0 Total - All Regulators by EA Type (adjusted for duplication):8 EAs issued to IAPS associated with 5 institutions.

Row 13 Sanction: Personal Cease and Desist Order Against an IAP Regulator: FDIC EA Activity, IAPs: 0 EA Activity, Associated Institutions: 0 Total - All Regulators by EA Type (adjusted for duplication): 19 EAs issued to IAPs associated with 6 institutions.

Row 14 Sanction: Personal Cease and Desist Order Against an IAP Regulator: FRB EA Activity, IAPs: 0 EA Activity, Associated Institutions: 0 Total - All Regulators by EA Type (adjusted for duplication): 19 EAs issued to IAPs associated with 6 institutions.

Row 15 Sanction: Personal Cease and Desist Order Against an IAP Regulator: OCC EA Activity, IAPs: 15 EA Activity, Associated Institutions: 5 Total - All Regulators by EA Type (adjusted for duplication): 19 EAs issued to IAPs associated with 6 institutions.

Row 16 Sanction: Personal Cease and Desist Order Against an IAP Regulator: OTSd EA Activity, IAPs: 4 EA Activity, Associated Institutions: 1 Total - All Regulators by EA Type (adjusted for duplication): 19 EAs issued to IAPs associated with 6 institutions.

Row 17 Sanction: Totals (adjusted for duplication) Regulator: All Regulators EA Activity: There were a total of 275 EAs issued against 218 IAPs associated with 87 institutions.

Source: Generated by the FDIC OIG based on information from FDIC, FRB, and OCC management officials and the agencies’ public Web sites. Data is as of September 30, 2013. a Includes removal/prohibition orders issued by the FDIC to five former officers and directors of two institutions formerly supervised by the OTS. In issuing these orders, the FDIC exercised its back-up enforcement authority. b Includes one removal/prohibition order and one CMP issued by the OCC to an institution formerly supervised by the OTS. c We were unable to locate information pertaining to any administrative restitution orders issued by the OTS. d OTS activity from January 1, 2008 through July 21, 2011, when the OTS was abolished.

[End of table]

Summary information for each Regulator follows:

FDIC: The FDIC issued 154 EAs against 122 IAPs associated with 58 institutions (20 percent of 291 failed institutions: 289 regulated by the FDIC and 2 formerly supervised by the OTS). Specifically the FDIC issued:

- Removal/prohibition orders to 79 directors and officers and seven other employees. - CMPs against 63 former bank directors and officers, for amounts ranging from $500 to $1.3 million. - Administrative restitution penalties to five directors, for amounts ranging from $4,000 to $225,000.

FRB: The FRB issued four EAs against four IAPs associated with two institutions (4 percent of the 49 failed institutions regulated by the FRB). Specifically, the FRB issued:

- Removal/prohibition orders to four bank officers.

Additionally, the FRB issued formal letters to six individuals (three officers, one bank teller, and two unknown) affiliated with four institutions.

OCC: The OCC issued 65 EAs against 41 IAPs associated with 17 institutions (21 percent of 80 failed institutions: 79 regulated by the OCC and 1 formerly regulated by the OTS). Specifically the OCC issued:

- Removal/prohibition orders to 18 directors and officers and one assistant manager. - CMPs to 28 directors and officers, for amounts ranging from $5,000 to $1 million. The $1 million CMP was imposed against a former President of an institution regulated by the OTS. - Administrative restitution penalties to three directors and officers. - Personal cease and desist orders to 15 directors and officers.

Additionally, the OCC issued formal letters to eight individuals associated with five institutions (three officers, two managers, and three lower-level employees). One of these letters was to an employee of an institution formerly regulated by the OTS.

OTS (January 1, 2008 through July 21, 2011): The OTS issued 52 EAs against 51 IAPs associated with 11 institutions (23 percent of the 48 failed institutions formerly regulated by the OTS). Specifically, the OTS issued:

- Removal/prohibition orders to 19 IAPs (five to directors and officers and most of the others to lower-level employees such as tellers, branch managers, and consultants). - CMPs against 29 former bank directors, for amounts ranging from $500 to $50,000. - Personal cease and desist orders against four former bank directors associated with one institution.

Comparison of Current and Historical EA Data. As noted above, during the 2008 financial crisis, the Regulators imposed removal/prohibition EAs against individuals affiliated with 75 out of 465 institutions (16 percent). As of September 30, 2013, potential EAs against IAPs were in-process at an additional 59 institutions (25, 8, and 26 institutions regulated by the FDIC, FRB, and OCC, respectively). These EAs will ultimately be imposed or closed-out. We also looked at removal/prohibition EAs imposed on IAPs affiliated with institutions that failed over the 11-year period from 1985 through 1995. During this period, 1,375 FDIC, FRB, and OCC-regulated institutions failed and removal/prohibition EAs were imposed on IAPs affiliated with 79 institutions (6 percent), as follows:

- FDIC: 34 out of 682 failures (5 percent), - FRB: 3 out of 108 failures (3 percent), and - OCC: 42 out of 585 failures (7 percent).

Accordingly, during the 2008 financial crisis, the FDIC, FRB, and OCC experienced an increase in the percentage of failed institutions for which they pursued removal/prohibition orders against IAPs.

Criminal Sanctions. While not a focus of this report, the Regulators have shared information with or referred criminal matters to the DOJ, which obtained convictions against 44 individuals (36 of whom were bank officers) associated with 25 of the 465 failed institutions included in this evaluation.

The DOJ obtained 3,674 criminal restitution orders imposing $280.8 million in monetary judgments against individuals associated with the 465 failed institutions. In these cases, the FDIC requested to be named a victim in the restitution orders.

Over the 6-year period from 2008 through 2013, the FDIC received $29.4 million in criminal restitution and forfeiture collections.

The FDIC’s Use of Back-up Enforcement Authority. Under certain circumstances, section 8(t) of the FDI Act and FDICIA permit the FDIC to engage in back-up enforcement action pertaining to all insured depository institutions, depository institution holding companies, and IAPs. Thus, the FDIC is permitted to pursue EAs against IAPs where the related institutions are or were regulated by a PFR other than the FDIC. While the PFR typically pursues EAs against IAPs, the FDIC may invoke its back-up enforcement authority under circumstances when the PFR consents or the FDIC believes that the PFR has not timely pursued an EA in response to a recommendation from the FDIC.

The FDIC used back-up enforcement authority to pursue EAs in two instances, as noted below. In both instances, the institutions were originally regulated by the OTS and subsequently by the OCC when the OTS was abolished. The FDIC and OCC consulted about the FDIC’s use of back-up enforcement authority prior to the FDIC’s decision to implement this authority.

Downey Savings and Loan Association, FA (Downey). Downey failed and was closed by the OTS on November 21, 2008, and the FDIC was appointed as Receiver.

The primary causes of Downey’s failure were the thrift’s high concentrations in single-family residential loans, which included concentrations in option adjustable rate mortgage loans, reduced documentation loans, subprime loans, and loans with layered risk; inadequate risk-monitoring systems; the thrift’s unresponsiveness to OTS’ recommendations; and high turnover in the thrift’s management.

The FDIC exercised its back-up enforcement authority based on the results of a preliminary investigation where the FDIC concluded that Downey extensively underwrote negative amortization loans, which constituted reckless and risky behavior that put customers at risk.

In June 2012, four of Downey’s former directors and officers each stipulated and consented to removal/prohibition orders that prohibited them from participating in any banking affairs for life. Additionally, the FDIC recovered $31.9 million as a result of a separate PLC settlement agreement with these four and other former Downey directors and officers. At the same time, the FDIC, in its corporate capacity, released these four directors and officers from the imposition of any additional EAs and seven former directors and officers from the imposition of any EAs.

IndyMac Bank, FSB (IndyMac). IndyMac failed and was closed by the OTS on July 11, 2008, and the FDIC was named conservator.

The primary causes of IndyMac’s failure were the institution’s aggressive growth strategy, high concentration of Alt-A loans, insufficient underwriting, credit concentrations in residential real estate in the California and Florida markets, and heavy reliance on costly funding sources and brokered deposits.

The magnitude of IndyMac’s loss and concerns about the institution’s management prompted the FDIC to exercise its back-up enforcement authority. In December 2012, the institution’s former Chairman and Chief Executive Officer stipulated and consented to a removal/prohibition order. Additionally, the FDIC separately settled pending PLC litigation against the same officer for $12 million.

Types of Actions Warranting EAs. Removal/prohibition orders may be based on personal dishonesty or willful or continuing disregard for the safety or soundness of the institution. Most of the removal/prohibition orders issued by the Regulators included personal dishonesty as a basis for the action. The Regulators brought very few removal/prohibition orders based solely on willful or continuing disregard for safety or soundness.

EAs against IAPs were issued in response to actions such as making false entries in institution financial statements, embezzlement, misappropriation, creating false invoices and other documents, forgery, participating in counterfeit check schemes, accepting illegal cash payments, knowingly underwriting loans containing fraudulent documentation, making unsound loans, using institution funds to pay for personal expenses, misapplying funds, obstructing a bank examination, intentional financial misstatements to make the institution’s performance look better, and concealing the true source of an illegal capital infusion.

EAs also referenced safety or soundness such as the failure of institutions to: change lending strategies based on warnings that certain credit concentrations were too high, monitor brokered loan activities, adhere to state lending limits, comply with institution lending policies, and disclose conflicts of interest.

In this respect, most of our OIG MLRs covering 142 failed institutions concluded that management did not operate institutions in a safe and sound manner, which contributed to institution failures. Most commonly, we reported that these institution failures were caused by the institutions’ management strategy of aggressive growth that concentrated assets in commercial real estate loans, which was often coupled with inadequate risk management practices for loan underwriting, credit administration, and credit quality review. However, the Regulators have held very few individuals associated with failed institutions accountable for safety or soundness issues when a finding of dishonesty was not present. Notably, the OCC and the OTS issued personal cease and desist orders to address safety or soundness issues associated with failed institutions covered by our evaluation.

As discussed in the next section, we are recommending that the Regulators develop methodologies for issuing removal/prohibition EAs that can be supported by the willful or continuing disregard for safety or soundness element.

Factors Impacting the Pursuit of EAs

Based on our research and interviews with the Regulators, we identified the following factors that have impacted the Regulators’ ability to pursue EAs.

Statutory Requirements. The Regulators noted that a factor impacting the frequency of removal/prohibition EAs against individuals associated with failed institutions is the rigorous statutory criteria for imposing these EAs. The Regulators stated that even if an IAP acted poorly or made negligent business decisions that resulted in losses to an institution, such conduct does not provide enough evidence to show that the IAP acted with the required intent, according to the statute.

As stated previously, to pursue a removal/prohibition order, the Regulators must obtain evidence of the following three statutory criteria, each of which contains several elements:

- Misconduct, - Effect of the Misconduct, and - Culpability for the Misconduct.

To prove the last criterion, “culpability for the misconduct,” the Regulators must show that the individual (1) exhibited personal dishonesty or (2) demonstrated a willful or continuing disregard for the safety or soundness of the institution. The second element (willful or continuing disregard) can be particularly difficult to prove in support of a removal/prohibition order, according to the Regulators.

Court opinions have opined as follows with regards to the elements to satisfy culpability:

“Before [a Regulator] may impose the ultimate sanction of a Prohibition Order against a banker that forever bans him or her from working in the American banking industry, the [Regulator] must show a degree of culpability well beyond mere negligence, i.e., there must be a showing of scienter.”10

Footnote 10: Kim v. Office of Thrift Supervision, 40 F.3d 1050 (9th Cir. 1994). The term scienter refers to a state of mind often required to hold a person accountable for his or her acts. Scienter denotes a level of intent or knowledge than an act was wrong or deceptive.

With regards to personal dishonesty and a willful or continuing disregard for the safety or soundness of an institution:

“These standards of culpability require some showing of scienter. The term ‘personal dishonesty’ has been held to mean a disposition to lie, cheat, defraud, misrepresent, or deceive. It also includes a lack of straightforwardness and a lack of integrity.”11

Willful disregard has been defined as “deliberate conduct which exposed the bank to abnormal risk of loss or harm contrary to prudent banking practices.” Continuing disregard has been defined as conduct which has been “voluntarily engaged in over a period of time with heedless indifference to the prospective consequences."12

Footnote 11: 1 Michael v. FDIC, 687 F. 3d 337 (7th Cir. 2012).

Footnote 12: Grubb v. FDIC, 34 F. 3d 956 (10th Cir. 1994).

OCC officials stated that in a large number of cases, the factual record does not provide a basis to meet the culpability requirements noted above and these requirements have posed a significant obstacle to pursuing removal/prohibition orders.

OCC officials also noted that the definition of “unsafe and unsound,” utilized by certain Federal circuit courts has posed obstacles to pursuing removal/prohibition orders. For example, the United States Court of Appeals for the Fifth Circuit held that unsafe and unsound practices are limited to “practices with a reasonably direct effect on an association’s financial soundness.”13 The Court further explained that such effects must bear a relationship to an institution’s financial integrity and the government’s insurance risk. An OCC official noted that this formulation suggests that only those acts or practices that threaten the continued viability of an insured institution rise to the level of unsafe and unsound practices. Such a standard would not include acts or practices that threaten significant loss or damage to an institution if they do not also threaten its viability.

Footnote 13: Gulf Federal Savings and Loan Association of Jefferson Parish v. Federal Home Loan Bank Board, 651 F.2d 259 (5th Cir. 1981).

The Regulators noted that because removal/prohibition orders permanently remove IAPs from banking, thus, taking away their livelihood, it is appropriate for the legal standards to be rigorous.

In 2011, we reported that the Regulators often did not address risky behavior at institutions until financial and/or capital decline occurred.14 This practice resulted in supervisory actions that were taken too late for many of the institutions that failed during the 2008 financial crisis. Additionally, during our current evaluation, we learned that this practice made it challenging for the Regulators to support a finding of willful or continuing disregard for safety or soundness against former IAPs.

Footnote 14: Evaluation of Prompt Regulatory Action Implementation, September 2011.

At the time of this evaluation, the FDIC’s Division of Risk Management Supervision (RMS) and Legal Division were working on a strategy for documenting instances of willful or continuing disregard for safety or soundness in order to successfully pursue removal/prohibition orders that include this element. We believe that each of the Regulators could benefit from developing guidance in this area to proactively address risky behavior or document willful or continuing disregard in the event that such behavior persists.15 Documenting such actions as they occur and ensuring adequate coordination between agencies’ legal and examination units on this matter could make it easier to later sustain the willful or continuing disregard element of a removal/prohibition EA.

Footnote 15: We note that an increased use of enforcement authority under Section 39 of the FDI Act may provide a means to proactively document safety and soundness concerns and build support for proving continuing disregard. Although rarely used, Section 39, Standards for Safety and Soundness, would allow Regulators to take action against seemingly healthy institutions that were engaging in risky practices before losses occurred. While Section 39 actions are imposed against institutions, they can also serve to document safety and soundness concerns against institution management.

We recommend that the FDIC, FRB, and OCC:

1. Evaluate existing authorities, legal precedents, and supervisory approaches and establish and communicate, as appropriate, methodologies in which examination results and documentation can support the pursuit of removal/prohibition orders based on willful or continuing disregard for safety or soundness of an institution. Such methodologies may include: a. providing guidance to examiners on how to document and develop evidence sufficient to meet the willful or continuing disregard criteria, and/or b. ensuring adequate internal coordination among legal and supervision divisions, as necessary, about what evidence is needed to successfully bring such orders.

Use of Available Enforcement Tools. The Regulators have a number of progressive enforcement tools for dealing with unsafe and unsound practices at institutions starting with informal actions such as board resolutions and memoranda of understanding (MOU) and extending to formal cease and desist orders and termination of deposit insurance. We observed that the Regulators have fewer enforcement tools available for holding IAPs accountable. The Regulators noted that the legal standards for sustaining a removal/prohibition order should be rigorous since such actions take away one’s livelihood. However, this approach can limit the regulators’ options in holding individuals accountable for their actions.

Using personal cease and desist orders broadens the range of tools that the Regulators can use to hold individuals accountable, prevent future misconduct, and address safety and soundness issues. The OCC and OTS have imposed personal cease and desist orders against individuals associated with the failed institutions included in this review. The FRB also uses this tool against individuals, but has not done so in relation to individuals associated with the failed institutions under its supervision.16 The FDIC does not currently use personal cease and desist orders. FDIC officials noted that the FDIC issues cease and desist orders against institutions that include management-related provisions, which may affect individual bank officials.

Footnote 16: Additionally, all of the Regulators have issued cease and desist orders against institutions, including the 465 failed institutions that were included in this study. However, this evaluation is primarily limited to EAs pertaining to IAPs and PLCs against individuals and entities associated with failed institutions.

The Regulators have flexibility in determining the types of provisions to include in personal cease and desist orders. Those issued by the OCC and FRB have required IAPs to: cease and desist from certain acts in their current positions, ensure those acts are not carried out in any future employment positions, furnish future employers with a copy of the order, and notify the Regulator if the IAP is employed by an institution in the future. The Regulators are required to publicize EAs, including personal cease and desist orders, and have done so on their public Web sites.

As discussed earlier, cease and desist orders do not have to meet the same rigorous standards as removal/prohibition orders. In some instances, particularly when pursuing removal/prohibition orders, the evidence falls short of proving the required statutory elements. In instances such as these, the FDIC may wish to consider imposing cease and desist orders against IAPs whose actions resulted in unsafe or unsound practices. Cease and desist orders against IAPs may afford the FDIC a tool to address safety and soundness issues when it concludes that a removal/prohibition order is not warranted and/or supportable.

We recommend that the FDIC:

2. Research the use of personal cease and desist orders as an enforcement tool to address safety and soundness issues that do not meet the criteria for a removal/prohibition order.

Risk Appetite. We concluded that the Regulators’ risk appetite plays a role in their pursuit of EAs. The Regulators’ legal officials may be reluctant to pursue a case if these officials believe that it is not sufficiently strong and could set a precedent that could impede the agency’s ability to win future cases in the same area.

We understand that it is important to ensure that individual cases are sufficiently strong to avoid setting precedents and jeopardizing future cases. However, legal officials need to ensure that their risk appetite aligns with that of the agency head. Ultimately, legal officials should clearly communicate the legal risks of pursuing a particular EA, but the agency head or senior official with delegated authority should set the level of litigation risk that the agency is willing to assume.

Statute of Limitations. None of the Regulators identified the expiration of SOLs or related tolling agreements as impacting the pursuit of ongoing EAs. However, the Regulators may not identify actions that could lead to EAs until several years after a questionable act occurs. Because the SOL for commencing removal/prohibition orders and CMPs is typically 5 years from the date of the misconduct or the date the institution incurs a loss, the Regulators’ ability to pursue such EAs could be impeded if the misconduct is identified several years later.

The Regulators may pursue personal cease and desist orders up to 6 years after an IAP leaves the subject institution. Accordingly, this tool may provide the Regulators a longer period within which to pursue an EA. We noted that in some instances, the FDIC’s Legal Enforcement section elected not to pursue a removal/prohibition order against an IAP, in part, because the SOL had expired or was about to expire. In such cases, a personal cease and desist order could provide a viable alternative to removal/prohibition orders and extend the time within which the FDIC may take action.

Staff Resources. The Regulators did not attribute increased workloads or a lack of resources to not pursuing EAs. However, even if a case appears to meet the statutory criteria, the Regulators may choose to not pursue a removal/prohibition order based on other circumstances of a case. For example, in cases involving lower-level employees, one or more of the Regulators have considered the nature and effect of the misconduct, the resources involved in pursuing the case, and the risks presented by an individual’s continued participation in the institution’s affairs and decided to devote their limited resources to other more significant cases.

Limited Recovery Resources. A respondent’s ability to pay is another consideration in pursuing actions such as CMPs and restitution. For example, an individual may not have the means to pay if the majority of his/her wealth was in the institution’s stock and the institution failed or if that individual was a career banker and subject to a removal/prohibition order. There were several instances when the Regulators did not pursue CMPs or restitution due to a respondent’s inability to pay.

Parallel proceedings by DOJ. In some instances the Regulators perform investigations simultaneously with the DOJ. At other times, the DOJ may ask, or the Regulators may decide, to delay their pursuit of EAs until the DOJ completes its criminal investigation or proceeding. While this delays EAs, it may also benefit the Regulators in the long run, such as when the DOJ imposes criminal sanctions that the Regulators can subsequently rely on to impose EAs. On the other hand, because DOJ criminal convictions ban individuals from banking, a Regulator may conclude that it’s not necessary to also issue a removal/prohibition order. In determining how to proceed, the Regulators may also consider whether other regulators have open investigations on the matter.

Other Matters Pertaining to EAs

The FDIC’s Handling of Formal Letters. As discussed earlier, the FDIC, FRB and OCC issue formal letters to individuals who were convicted of certain crimes, pursuant to section 19 of the FDI Act. Formal letters reiterate that an individual has previously been prohibited from participating in banking for committing a criminal offense involving dishonesty, breach of trust, or money laundering.

The FRB posts formal letters on its public Web site and the OCC identifies the IAPs that were the subjects of these letters on its public Web site.

We found inconsistencies among the FDIC’s regional offices regarding their use of formal letters. The FDIC has not issued guidance on using, nor does it publicize these letters. Issuing guidance would better ensure a uniform approach to using section 19 letters. Publicizing such letters would be prudent in further holding individuals accountable and providing potential employers with a means for being aware of these individuals’ past actions as part of the hiring and screening process.

We recommend that the FDIC:

3. Establish written guidance describing under what circumstances to issue formal letters pursuant to section 19 of the FDI Act and post these letters to its public Web site.

EA Interagency Coordination Efforts. In 1997, a revised policy statement was published in the Federal Register, which encouraged increased coordination efforts among the banking Regulators concerning EAs.17 The statement generally calls for the Regulators to notify each other and state supervisory authorities in writing, prior to or when initiating EAs against IAPs and depository institutions. For the purposes of interagency notification, an EA is initiated when the appropriate responsible agency official, or group of officials, determines that a formal EA should be taken. Initiating EA activity typically consists of issuing a Notice of Charges or Stipulated Order to an IAP. Providing notifications to the federal Regulators when initiating EAs helps to ensure a consistent approach to pursuing EAs and may alert the Regulators if an IAP under investigation moves to an institution regulated by a different PFR.

Footnote 17: 62 Fed. Reg. 7782 (Feb. 20, 1997).

The Regulators posted EA orders to their public Web sites on a monthly basis as required by the FDI Act.18 Additionally, the FDIC, FRB, and OCC coordinated with each other to varying degrees in terms of providing information to each other when initiating EAs and these agencies notified state regulatory authorities. Further, the FDIC, FRB, and OCC met on a case-by-case basis to discuss matters of mutual supervisory concern. However, the Regulators did not consistently provide written notifications about EAs to each other, as described in the policy statement.

Footnote 18: 12 U.S.C. § 1818(u).

The Federal Register policy statement has not been revised since 1997, and therefore may not reflect technological advances for communicating EA activities. Accordingly, the Regulators may benefit from revisiting the policy statement to determine the best ways to address its requirements and differences that have arisen over time in agency notification practices. We recommend that the FDIC, FRB, and OCC:

4. Consider the need to (1) increase their level of written EA coordination to meet the requirements of Federal Register policy statement 62 Fed. Reg. 7782, or (2) revise the policy statement to reflect the Regulators’ current level of coordination.

[End of section]

Professional Liability Claims Against Individuals and Entities

The FDIC’s Program and Process for Investigating and Pursuing PLCs

The purpose of the FDIC’s professional liability program is to maximize recoveries to receiverships and hold accountable directors, officers, and other professionals who caused losses to failed depository institutions. The FDIC as Receiver, pursues PLCs pertaining to all failed depository institutions, regardless of whether the PFR was the FDIC, FRB, OCC, or OTS. The main objectives of the FDIC’s PLC process are to investigate all potential claims and recover losses on those PLCs that are determined to be meritorious and expected to be cost-effective.

PLCs are civil tort and breach of contract claims that seek recovery for damages caused to failed institutions by their directors, officers, and other professionals who worked for or provided services to the failed institutions such as lawyers, accountants, appraisers, and other professionals. Recoveries are used to pay claims against the receivership estate in accordance with statutory priorities set out by Congress, which provide first for payment of the receiver's administrative expenses, second for any deposit liability, and third for general creditor claims.

When an institution fails, the FDIC acquires a group of legal rights, titles, powers, and privileges, which include PLCs. PLCs are claims under civil law for losses caused by the wrongful conduct of directors, officers, lawyers, accountants, brokers, appraisers, and others who have provided professional services to a failed institution. To collect on these claims, the FDIC often must sue the professionals for losses resulting from their breaches of duty to the failed institution. PLCs also include contract rights inherited from the institution under fidelity bonds that institutions purchase to cover losses resulting from dishonest or fraudulent acts by their employees.

For each institution failure, the FDIC investigates 11 PLC types, as described in Table 3. Most PLCs are closed after the investigations are completed, including those that are not applicable to an institution’s operations. However, when warranted, the FDIC pursues PLCs that are meritorious and expected to be cost-effective. The FDIC has 3 years to file tort PLCs and 6 years to file contract PLCs, from the date of an institution failure, unless state law permits a longer timeframe.19 The FDIC documents the resolution of each PLC in written memoranda.

Footnote 19: 12 U.S.C. § 1821(d)(14).

Table 3: Description of PLC Types

Row 1 PLC Type: Director and Officer (D&O) Liability Description: Claims against former directors and officers of a failed institution for conduct that caused loss to the failed institution, such as negligence, gross negligence, or breach of fiduciary duty.

Row 2 PLC Type: Fidelity Bond Description: Claims against insurers for failure to pay under a financial institution bond issued to the failed institution for covered acts.

Row 3 PLC Type: Accountants’ Liability Description: Claims against external or internal accountants and auditors for conduct that caused loss to the failed institution, such as breach of contract, negligence, and professional malpractice.

Row 4 PLC Type: Attorney Malpractice Description: Claims against attorneys and law firms for conduct that caused loss to the failed institution, such as breach of contract, negligence, and professional malpractice.

Row 5 PLC Type: Appraiser Malpractice Description: Claims against individual appraisers and appraisal firms for conduct that caused loss to the failed institution, such as breach of contract, negligence, and professional malpractice.

Row 6 PLC Type: Insurance Description: In states permitting such claims, direct actions against liability insurance carriers, or actions brought as assignee of a professional liability insurance policy.

Row 7 PLC Type: Commodity Broker Description: Claims against brokers or brokerage firms whose conduct in connection with the purchase or sale of commodities caused loss to the failed institution, such as breach of contract, negligence, professional malpractice, and violation of law.

Row 8 PLC Type: Issuer Description: Claims against insurance brokers for conduct in connection with the issuance of insurance policies that caused loss to the failed institution, such as breach of contract and negligence.

Row 9 PLC Type: Residential Mortgage Malpractice and Fraud Description: Claims against mortgage brokers, title insurance companies, closing agents, and appraisers for conduct in connection with residential mortgages that caused losses to the failed institution, such as breach of contract, breach of fiduciary duty, negligence, and professional negligence.

Row 10 PLC Type: Securities and Residential Mortgage Backed Securities Description: Claims against securities brokers, brokerage firms, control persons, issuers, depositors, underwriters, and sellers in connection with the purchase or sale of securities to the failed institution, such as breach of contract, negligence, gross negligence, breach of fiduciary duty, and violations of law.

Row 11 PLC Type: Other Miscellaneous Claims Description: Other claims against professionals that do not fit into the other professional liability claim types.

Source: Generated by the FDIC OIG based on information from the FDIC.

[End of table]

PLC investigations require a coordinated effort between the FDIC’s DRR Investigations Department and PLU. Prior to an institution’s failure, DRR develops a Strategic Resolution Plan, which identifies critical issues and strategies from all of DRR’s functional areas pertaining to the orderly closing of an institution.

At the closing, DRR Investigations and PLU staff interview former institution officials, review insurance policies, and gather documents needed to investigate and make decisions on whether to pursue any of the 11 PLC types. Key documents include:

- D&O liability and fidelity bond insurance policies, - Board and loan committee minutes, - Uniform Bank Performance Reports and Securities and Exchange Commission filings, - Reports of Examination, - Regulatory orders pertaining to the institution, - External and internal audit reports, and - Loan policies.

After the closing, DRR and/or PLU begin the process of determining whether or not a PLC is meritorious and expected to be cost-effective to pursue. For example, to show that a tort PLC has merit, the FDIC generally must establish:

- Duty: the party owed a duty to the institution. - Breach of duty: the duty was breached or violated. - Causation: the misconduct was the cause for the loss to the institution. - Damages: the breach of duty resulted in a loss to the institution.

The legal criteria to support certain claims such as those pertaining to negligence or gross negligence may not be as rigorous as the criteria necessary to support a removal/prohibition order, depending on the applicable federal or state law that applies to the PLC.

To establish that a claim is expected to be cost-effective, the FDIC’s estimated recoveries should exceed its estimated costs to pursue the claim. Potential sources of recovery for the FDIC include obtainable proceeds from insurance policies and assets of the targeted individuals or entities. The FDIC’s costs include internal DRR and PLU costs and outside counsel fees and expenses.

PLCs that are deemed to either lack merit or cost-effectiveness are closed out by DRR and PLU through a dual approval process. Claims that are deemed to be both meritorious and cost-effective are pursued. For claims that are pursued, the FDIC and potential defendants are sometimes able to reach a negotiated settlement prior to litigation. In these cases, settlements are approved by delegated authority or the FDIC Board.20 If the FDIC and potential defendants are unable to negotiate a settlement and the FDIC litigates, the FDIC’s Board or appropriate delegated authority must first approve the filing of a lawsuit.21 Even after the FDIC files a lawsuit, the defendants and the FDIC may still reach a negotiated settlement or the case may proceed to trial.

Footnote 20: Currently, settlements in excess of $25 million require approval by the Deputy to the Chairman and Chief Operating Officer and settlements in excess of $100 million require approval by the FDIC’s Board.

Footnote 21: Authorization from the FDIC’s Board is required to file a lawsuit on all PLCs with the exception of fidelity bond claims of $25 million or less and residential mortgage malpractice and fraud claims of $5 million or less, which may be approved by delegated authority.

SOLs. The SOL to file a lawsuit in support of a tort and contract PLC is 3 and 6 years, respectively, from the date of an institution failure, unless state law permits a longer timeframe.22 The SOL can be extended for any of the 11 PLC areas if the FDIC and potential defendants execute a tolling agreement. Tolling agreements are typically used when both parties need more time to attempt to reach a pre-suit settlement. The FDIC executed tolling agreements for 15 PLCs from our sample of 63 failed institutions (24 percent).

Footnote 22: 12 U.S.C. § 1821(d)(14).

Performance Reporting. Since 2008, the FDIC has had an annual performance goal to make a decision to close or pursue 80 percent of PLCs within 18 months of an institution’s failure. The FDIC achieved this target each year from 2008 through 2013 with decision rates on PLCs ranging from 80 to 87 percent.

PLU prepares annual and quarterly reports for the FDIC Board, which summarize PLC recoveries and expenses, significant litigation and settlements, and PLU staffing and workloads.

The FDIC provides an annual report to Congress, which contains information on PLC recoveries during the year, the number of authorized and filed lawsuits, the number of open investigations, and the results of its efforts to achieve the annual performance goal.

The FDIC also places general information about PLCs on its public Web site including the number of PLC lawsuits authorized, the number of authorized D&O liability defendants, and a listing of D&O liability lawsuits filed in court. The FDIC began posting settlement agreements to its external Web site in March 2013.

Internal Coordination Enhancements. During 2013, the FDIC enhanced information sharing among its personnel working on PLCs and EAs.

- In February 2013, Legal Enforcement began including the status of enforcement investigations and actions in PLU’s Authority-to-Sue Memoranda presented to the FDIC Board for approval to file lawsuits in support of PLCs. Legal Enforcement also developed a worksheet to track the status of enforcement investigations and EAs related to all instances involving D&O liability claims in which an Authority-to-Sue Memorandum had been previously approved by the FDIC Board or in which the FDIC had obtained a pre-litigation settlement.

- In July 2013, RMS, DRR, the Legal Division, and the OIG entered into a MOU to improve information sharing, cooperation, and collaboration on investigations of potentially actionable misconduct or other wrongdoing at failed institutions. As part of the MOU, RMS and Legal Enforcement began sharing (1) information on pending EAs against individuals, (2) the inventory of reported cases under development, (3) the status of investigations, (4) closed-out investigations, (5) quarterly reports of authorized EAs, and (6) the status of any actual or potential enforcement investigation or EA related to a failed institution that is included in any Authority-to-Sue Memorandum, prior to the related FDIC Board meeting.

Pursuant to the MOU, PLU and DRR now share information regarding the status of the 11 claim areas, the assigned PLU attorney, and fidelity bond proofs of loss with RMS and Legal Enforcement. PLU also provides draft and final Authority-to-Sue memoranda to Legal Enforcement prior to the related FDIC Board meeting.

PLU management requires its close-out memoranda to state whether PLCs have been referred to Legal Enforcement. This requirement has been in effect since January 2013, or possibly earlier.

Legal Division guidance also instructs PLU attorneys to share information about meritorious claims that are not cost-effective from a PLC perspective with the Legal Enforcement attorneys. This enables Legal Enforcement to determine if EAs should be pursued in relation to FDIC-supervised institutions and information should be provided to the PFRs for claims pertaining to non-FDIC-supervised institutions.23 In this regard, we reviewed a sample of PLCs that were deemed not cost-effective, but appeared to have some level of merit, to confirm that PLU shared case information with Legal Enforcement and/or the PFR for EA consideration. Based on a sample of 611 closed PLCs from 63 failed institutions, we identified 15 PLCs that indicated some level of merit, but were closed out for lack of cost-effectiveness. In these 15 instances:

Footnote 23: Legal Division Policy No. 217 entitled Joint Enforcement Section and Professional Liability Group Protocol on Pursuit of Actions Against Institution- Affiliated Parties dated September 23, 2009.

- The FDIC was the PFR in eight instances. PLU notified Legal Enforcement in four of these instances.

- The FRB and OCC were the PFRs in five and two instances, respectively. The FDIC did not notify these Regulators about these claims.

PLU stated that although these 15 PLCs were potentially meritorious, they were not referred to Legal Enforcement because the facts were not sufficiently egregious to support an EA, which requires a higher standard of proof than a negligence claim.

We are not making a recommendation in this area because the FDIC made significant improvements in its internal coordination efforts during 2013. Further, the FDIC OIG verbally discussed with PLU and Legal Enforcement issues related to referring meritorious claims to Legal Enforcement, which then coordinates with FDIC regional offices and the PFRs, when warranted.

PLC Activity from 2008-2012

For the 465 institutions that failed during 2008 through 2012, the FDIC investigated 5,641 potential PLCs, as shown in Table 4.24 As of September 30, 2013, the FDIC:

Footnote 24: For each of the 465 failed institutions, the FDIC routinely opened PLC investigations into 11 claim areas, resulting in 5,115 potential PLCs plus an additional 526 potential PLCs for a total of 5,641. The 526 potential PLCs resulted from instances when there was more than one PLC in the same claim area.

- Completed 430 PLCs against individuals associated with 90 institutions (19 percent of 465). o 60 pertained to directors and officers associated with 56 institutions (12 percent of 465). o 329 involved residential mortgage fraud, mostly associated with six large failed institutions.

- Had 305 PLCs pending a final result based on litigation or negotiation. These PLCs were associated with 133 institutions of which, 102 pertained to former directors and officers.

- Authorized lawsuits against 1,007 former directors and officers pertaining to 162 PLCs that were completed or pending the results of litigation or negotiation.

In total, the 735 completed and pending PLCs noted above were associated with 193 of the 465 failed institutions (42 percent). Table 4 shows the number of PLCs pursued by claim type and the status of those PLCs as of September 30, 2013. Of the 5,641 potential claims, 430 were completed (7.6 percent), 875 were pending a final decision (15.5 percent), and 4,336 were not pursued (76.9 percent).

Table 4: PLCs Pertaining to 465 Failed Institutions

Row 1 Claim Type: D&O Liability Closed Out by FDIC and Not Pursued: 186 (38.5%) Pending a Decision by FDIC to Close or Pursue: 135 (28.0%) Pending Results from Litigation or Negotiation: 102 (21.1%) Completed (Judgment, Settlement, or Dismissed)*: 60 (12.4%)

Row 2 Claim Type: Fidelity Bond Closed Out by FDIC and Not Pursued: 376 (76.6%) Pending a Decision by FDIC to Close or Pursue: 79 (16.1%) Pending Results from Litigation or Negotiation: 19 (3.9%) Completed (Judgment, Settlement, or Dismissed)*: 17 (3.5%)

Row 3 Claim Type: Accountants’ Liability Closed Out by FDIC and Not Pursued: 381 (80.9%) Pending a Decision by FDIC to Close or Pursue: 82 (17.4%) Pending Results from Litigation or Negotiation: 5 (1.1%) Completed (Judgment, Settlement, or Dismissed)*: 3 (0.6%)

Row 4 Claim Type: Attorney Malpractice Closed Out by FDIC and Not Pursued: 411 (87.6%) Pending a Decision by FDIC to Close or Pursue: 40 (8.5%) Pending Results from Litigation or Negotiation: 10 (2.1%) Completed (Judgment, Settlement, or Dismissed)*: 8 (1.7%)

Row 5 Claim Type: Appraiser Malpractice Closed Out by FDIC and Not Pursued: 404 (86.7%) Pending a Decision by FDIC to Close or Pursue: 50 (10.7%) Pending Results from Litigation or Negotiation: 4 (0.9%) Completed (Judgment, Settlement, or Dismissed)*: 8 (1.7%)

Row 6 Claim Type: Insurance Closed Out by FDIC and Not Pursued: 437 (93.6%) Pending a Decision by FDIC to Close or Pursue: 29 (6.2%) Pending Results from Litigation or Negotiation: 1 (0.2%) Completed (Judgment, Settlement, or Dismissed)*: 0 (0.0%)

Row 7 Claim Type: Commodity Broker Closed Out by FDIC and Not Pursued: 438 (93.8%) Pending a Decision by FDIC to Close or Pursue: 29(6.2%) Pending Results from Litigation or Negotiation: 0 (0.0%) Completed (Judgment, Settlement, or Dismissed)*: 0 (0.0%)

Row 8 Claim Type: Issuer Closed Out by FDIC and Not Pursued: 438 (94.2%) Pending a Decision by FDIC to Close or Pursue: 27 (5.8%) Pending Results from Litigation or Negotiation: 0 (0.0%) Completed (Judgment, Settlement, or Dismissed)*: 0 (0.0%)

Row 9 Claim Type: Residential Mortgage Malpractice and Fraud Closed Out by FDIC and Not Pursued: 422 (46.4%) Pending a Decision by FDIC to Close or Pursue: 42 (4.6%) Pending Results from Litigation or Negotiation: 117 (12.9%) Completed (Judgment, Settlement, or Dismissed)*: 329 (36.2%)

Row 10 Claim Type: Securities and Residential Mortgage Backed Securities Closed Out by FDIC and Not Pursued: 392 (84.3%) Pending a Decision by FDIC to Close or Pursue: 24 (5.2%) Pending Results from Litigation or Negotiation: 47 (10.1%) Completed (Judgment, Settlement, or Dismissed)*: 2 (0.4%)

Row 11 Claim Type: Other Miscellaneous Claims Closed Out by FDIC and Not Pursued: 451 (92.6%) Pending a Decision by FDIC to Close or Pursue: 33 (6.8%)Pending Results from Litigation or Negotiation: 0 (0.0%) Completed (Judgment, Settlement, or Dismissed)*: 3 (0.6%)

Row 12 Claim Type: Total Closed Out by FDIC and Not Pursued: 4,336 (76.9%) Pending a Decision by FDIC to Close or Pursue: 570 (10.1%) Pending Results from Litigation or Negotiation: 305 (5.4%) Completed (Judgment, Settlement, or Dismissed)*: 430* (7.6%)

Grand Total: 5,641 PLCs

Source: Generated by the FDIC OIG based on an analysis of FDIC data as of September 30, 2013. * Completed PLCs comprised settlements and court judgments to pay the FDIC and cases dismissed by the courts. Of the 430 completed PLCs, 379 resulted from settlements, 32 resulted from court judgments, and 19 were dismissed.

[End of table]

Comparison of Current and Historical PLC Data. With regards to the 2008 financial crisis, the FDIC completed PLCs against directors and officers affiliated with 56 out of the 465 failed institutions (12 percent). PLCs against directors and officers were pending a final decision based on litigation or negotiation at 99 institutions. In all, a PLC had either been completed or was pending a final decision against directors and officers at a total of 154 institutions (33 percent), as of September 30, 2013.

From 1980 through 1995, the FDIC investigated PLCs for more than 1,600 failures for which it was the Receiver. The FDIC brought claims against directors and officers in 24 percent of the institution failures occurring between 1985 and 1992.25

Footnote 25: FDIC publication: Managing the Crisis: The FDIC and RTC Experience 1980-1994, 1998.

Types of Actions Warranting PLCs. PLCs were pursued in response to the following types of misconduct:

- Negligent approval of loans with poor underwriting or that violated the institution’s lending policy; - Reckless implementation of high-risk lending programs; - Failure to heed supervisory warnings; - Loan fraud; - Breach of fiduciary duty pertaining to credit card pricing strategies: one sampled institution increased the interest rates on its credit card loans in disregard of sound business judgment; - Unlawful dividend payments: one sampled institution paid dividends to stockholders, in violation of a state statutory limit; and - Failure to follow appraisal standards.

Review of PLCs from 63 Failed Institutions. We reviewed 693 potential PLCs from a sample of 63 failed institutions. As discussed earlier, these institutions had the highest loss rates as a percentage of assets. In 611 instances (88 percent), the FDIC did not pursue PLCs because cases lacked merit or were not expected to be cost-effective. For the remaining 82 PLCs:

- 30 were settled for $75.3 million—14 of the PLCs were settled without litigation and 16 were settled after a lawsuit was filed, - 33 were being pursued through litigation or negotiation, and - 19 were still pending a decision to close out or pursue.

The FDIC pursued at least one PLC on 42 of the 63 sampled institutions (67 percent) with the most commonly pursued PLC type being D&O liability. We verified that the FDIC obtained proper authority before initiating litigation or agreeing to a settlement and that close-out decisions were properly approved by DRR and PLU.

Factors Impacting the Pursuit of PLCs

Based on our research and interviews, we identified the following factors that have impacted the pursuit of PLC’s by the FDIC.

Regulatory and Other Insurance Policy Exclusions. D&O insurance contracts purchased by institutions before failure are a primary source of recovery for losses resulting from misconduct of culpable directors and officers before their institutions failed. These potential recovery sources have been impacted by insurance policy exclusions, which prohibit or attempt to prohibit government agencies, such as the FDIC from recovering losses under the policy, even if the losses from wrongful acts by management would have been paid to non-government claimants. These exclusions became prevalent during the 2008 financial crisis as the condition of the banking industry deteriorated. As the crisis unfolded, an increasing number of insurance policies reduced their coverage periods from 3 years to one-year, resulting in annual renewals. Upon renewal, private insurance companies added exclusions, especially for troubled institutions. D&O liability insurance companies also increased the number of policies with regulatory exclusions during the banking crisis of the 1980s and early 1990s.

Table 5 shows that regulatory exclusions became more common in insurance policies as the 2008 financial crisis progressed. The rate of regulatory exclusions steadily increased from 2007 through 2013.

Table 5: D&O Insurance Policies with Regulatory Exclusions

Row 1 Year: 2007 Failed Institutions with Regulatory Exclusions: 0 Total Number of Failed Institutions: 3 Percentage: 0%

Row 2 Year: 2008 Failed Institutions with Regulatory Exclusions: 3 Total Number of Failed Institutions: 25 Percentage: 12%

Row 3 Year: 2009 Failed Institutions with Regulatory Exclusions: 50 Total Number of Failed Institutions: 140 Percentage: 36%

Row 4 Year: 2010 Failed Institutions with Regulatory Exclusions: 98 Total Number of Failed Institutions: 157 Percentage: 62%

Row 5 Year: 2011 Failed Institutions with Regulatory Exclusions: 65 Total Number of Failed Institutions: 92 Percentage: 71%

Row 6 Year: 2012 Failed Institutions with Regulatory Exclusions: 46 Total Number of Failed Institutions: 51 Percentage: 90%

Row 7 Year: 2013 Failed Institutions with Regulatory Exclusions: 23 Total Number of Failed Institutions: 24 Percentage: 100% *

Row 8 Year: Total 285 492 Failed Institutions with Regulatory Exclusions: 285 Total Number of Failed Institutions: 492 Percentage: 58%

Source: FDIC’s PLU. * One institution never had a D&O insurance policy.

[End of table]

In addition to regulatory exclusions, three other types of exclusions also became prevalent during the 2008 financial crisis.

- Prior act exclusions. The insurance policy states that the insurance company will not cover certain acts that occurred prior to a specified date. - “Insured versus insured” clause. This insurance policy clause prohibits an institution from suing itself. When an institution fails, the FDIC becomes the Receiver. Insurance carriers have argued that this policy exclusion prohibits the FDIC from recovering proceeds from insurance carriers. - Carve outs. The insurance policy precludes coverage of certain unpaid loans.

For the most part, the FDIC has not been successful in pursuing claims when regulatory and prior act exclusions are present in insurance policies because these exclusions are specific and straightforward. The FDIC has had some success in pursuing claims when the related insurance policies had “insured versus insured” clauses and carve out provisions. When pursuing PLCs, the FDIC has also targeted an individual’s personal assets.

The FDIC has performed some research to quantify the potential impact of regulatory exclusions. Specifically, PLU conducted an informal study on 492 institution failures that occurred from 2007 through 2013 and estimated the potential impact of lost PLC recoveries due to regulatory exclusions in insurance policies.26 PLU found that 285 of the 492 failed institutions (58 percent) had D&O insurance policies with regulatory exclusions and estimated that these exclusions reduced the FDIC’s potential PLC recoveries by $271.1 million.

The FDIC has considered potential alternative recovery sources such as increasing the deposit insurance assessments for institutions with regulatory exclusions. However, FDIC officials concluded that it would be difficult to implement an assessment-based alternative to D&O policies, particularly when D&O policies renew annually. We believe that the FDIC should continue to research alternative recovery sources. One option we discussed with FDIC officials was requiring institutions with regulatory exclusions in their insurance policies to establish reserves on their balance sheets to compensate for the additional risk of loss when D&O policy proceeds may not be available to the FDIC. Doing so, could preserve a reserve amount in lieu of the D&O proceeds and limit DIF losses should the institution fail. However, requiring such a reserve would reduce an institution’s regulatory capital and could be detrimental to a problem institution.

We recommend that the FDIC:

5. Perform additional research pertaining to ways to compensate for lost revenues as a result of regulatory and other insurance policy exclusions.

In response to the increase in insurance policy exclusions, in October 2013, the FDIC issued a financial institution letter27 to institutions for which the FDIC was the PFR. The letter discussed the importance of reviewing and understanding the risks associated with coverage exclusions pertaining to D&O liability insurance policies. When such exclusions apply, directors and officers may be personally liable for damages arising out of civil suits relating to their decisions and actions. The letter recommended that each director and officer fully understand the protections and limitations provided by the institution’s D&O liability policy when considering renewals of and amendments to existing policies.

This letter appropriately raises awareness of this issue among banking directors and officers. The OCC and the FRB did not issue similar letters. Given its significance and applicability to all insured institutions, the information in the October 2013 advisory letter would be beneficial to institutions regulated by the FRB and OCC.

Accordingly, we recommend that the FRB and OCC:

6. Advise their regulated institutions about insurance policy exclusions.

Legal Requirements. Legal requirements are a factor in pursuing PLCs because the FDIC must prove certain elements to establish that a claim has merit. To show that a tort PLC has merit, the FDIC generally must prove: duty, breach, causation, and damages. Federal and state statutes and judicial decisions establish the legal obligations of individuals and entities subject to PLCs. In some instances, proving each required element can be difficult. Additionally, some state laws include a business judgment rule that have been interpreted to require the FDIC to prove gross negligence to succeed on a PLC. Based on a review of 611 claim areas from our sample of 63 failed institutions, 596 (97.5 percent) were closed due to a lack of merit.

Limited Recovery Resources. The FDIC evaluates potential recovery sources such as available insurance coverage and personal or company assets of the targeted defendants along with the estimated cost to litigate the claim and the probability of success in litigation.

The majority of PLCs are paid out of insurance proceeds. In other instances, individuals or entities pay PLCs. Recoveries can be impacted when insurance policy funds are reduced as a result of legal fees to defend individuals and entities against PLCs. If insurance is unavailable as a recovery source, the FDIC can still pursue personal assets of potential defendants or company assets. However, potential defendants may have limited assets, the assets may be subject to bankruptcy proceedings, or the cost to pursue the assets may be prohibitive.

Based on a review of 611 claim areas from a sample of 63 failed institutions, we found that 15 (2.5 percent) contained some level of merit but were not pursued because the FDIC determined that it was not costeffective to do so because of limited recovery resources.

SOLs and Restrictions of Tolling Agreements. SOLs place time constraints on the FDIC to file suit on PLCs. Tolling agreements extend a SOL and allow more time for the FDIC and potential defendants to reach pre-litigation settlements. FDIC officials noted that SOLs have not impacted the agency’s ability to pursue PLCs. However, if the FDIC does not identify misconduct until after the expiration of an SOL, the FDIC is generally prohibited from pursuing a PLC.

In 15 out of 63 sampled institutions (24 percent), the FDIC and potential defendants entered into tolling agreements on one or more PLCs. The FDIC and defendants entered into 20 tolling agreements associated with those 63 institutions.

The FDIC has limited its use of tolling agreements due to an April 2013 Kansas court decision prohibiting their use by the NCUA. The court ruled that an extender statute, which allows the NCUA to file claims on behalf of failed credit unions for a certain period of time after the institutions fail, prohibits the use of tolling agreements. Because the FDIC has a similar extender statute (12 U.S.C. § 1821(d)(14)(A)) to allow for the filing of PLCs for a certain period of time after institutions fail, the court’s order impacted the FDIC and it now files cases earlier that might have otherwise been settled without litigation. The FDIC disagrees with and has filed an amicus brief in support of the NCUA’s position and pending appeal of the Kansas court’s decision. FDIC officials noted that the FDIC has prevailed in PLC lawsuits in which this decision has been raised as a defense.

Staffing Resources. We did not identify staffing resources as an impediment to pursuing PLCs. To address greater PLC workloads as the financial crisis progressed, the FDIC increased staff dedicated to investigating and litigating PLCs. As of December 31, 2012, DRR Investigations had 102 total staff located in two offices (the Dallas Regional Office and East Coast Temporary Satellite Office).28 DRR also receives assistance from contractors during times of peak workload. PLU had 55 staff located in three offices (the Virginia Square facility, Dallas Regional Office, and East Coast Temporary Satellite Office). PLU also receives assistance from outside counsel to investigate claims and litigate cases.

Other Matters Pertaining to PLCs

Tracking Recoveries and Expenses. The FDIC tracks PLC recovery and expense information on an aggregate, program-wide basis and reports this information to the FDIC Board on a quarterly and annual basis. Table 6 presents annual PLC recoveries and expenses. Recoveries often lag expenses because a significant amount of time can pass before the FDIC is able to collect on PLCs. Annual recoveries can also be heavily impacted by large settlements. For example:

- In 2011, over half of the PLC recoveries were from a $140.5 million final payment from a 2001 settlement related to the failure of Superior Bank, FSB.

- In 2012, nearly half of the recoveries were derived from a $165.0 million collection on a settlement with the former directors and officers of Washington Mutual Bank.

- In 2013, the majority of the recoveries resulted from settlements of $500 million from JPMorgan Chase & Company and its affiliates and $55.3 million from Ally Securities, LLC.

Table 6: FDIC PLC Recoveries and Expenses: 2008-2013 (Dollars in Millions)

Row 1 Year: 2008 Recoveries: $31.3 Expenses*: $9.7 Recoveries to Expenses: 3.23 to 1

Row 2 Year: 2009 Recoveries: $47.1 Expenses*: $52.9 Recoveries to Expenses: 0.89 to 1

Row 3 Year: 2010 Recoveries: $79.4 Expenses*: $160.8 Recoveries to Expenses: 0.49 to 1

Row 4 Year: 2011 Recoveries: $231.9 Expenses*: $139.5 Recoveries to Expenses: 1.66 to 1

Row 5 Year: 2012 Recoveries: $337.3 Expenses*: $110.1 Recoveries to Expenses: 3.06 to 1

Row 6 Year: 2013 Recoveries: $674.2 Expenses*: $144.6 Recoveries to Expenses: 4.66 to 1

Row 7 Year: Total Recoveries: $1,401.2 Expenses*: $617.6 Recoveries to Expenses: 2.27 to 1

Source: FDIC’s PLU. * Expenses include all costs associated with investigating, closing, and pursuing PLCs.

[End of table]

Currently, the FDIC’s Legal Division does not report PLC cost and recovery information by individual institution. PLC costs include DRR investigation costs, PLU attorney costs, and outside counsel expenses. As discussed previously, the FDIC investigates each of the 11 claim areas for each failed institution and most of these claims are closed out. The FDIC makes the decision on the merit and cost-effectiveness of pursuing a PLC after completing the investigation phase and by comparing expected settlements with anticipated litigation costs. Accordingly, because these investigative expenses are sunk costs, PLC expenses will exceed recoveries for failed institutions when no claims are pursued.

For those PLCs that are deemed to be meritorious and cost-effective, the Legal Division provides estimated recovery and expense information by institution to the FDIC Board when requesting its approval to issue a lawsuit in support of a PLC. However, actual recovery and expense information by institution is not reported to the FDIC Board. Formally tracking and providing recovery and expense information by institution to the FDIC Board and other FDIC executives could provide greater transparency, better ensure that the FDIC’s recoveries associated with pursuing PLCs align with expenses on a case-specific basis, and allow for another means of assessing PLC costs and program success. For example, the Legal Division could periodically report to the FDIC Board total cost and recovery information pertaining to institutions for which all 11 PLC types were closed or completed during a reporting period.

We recommend that the FDIC:

7. Track recoveries and expenses associated with professional liability claims by institution, and periodically report this information to the FDIC Board of Directors and other FDIC executives.

[End of section]

Agency Comments and OIG Evaluation

We provided a draft of this report to the FDIC, FRB, and OCC for review and comment and incorporated the agencies’ comments into the final report, where appropriate. The agencies also provided written comments that we have included in their entirety in Appendix 4.

The FDIC, FRB, and OCC agreed with and described their planned actions to address the recommendations applicable to their respective agencies. Of the seven recommendations in this report, two were applicable to all three agencies, one was applicable to the FRB and OCC, and four were applicable to the FDIC.

* * * * * *

We extend our appreciation to the FDIC, FRB, and OCC for the cooperation extended to our staff during the evaluation. Major contributors to this report are listed in Appendix 5.

Fred W. Gibson, Jr. /S/ Principal Deputy Inspector General Federal Deposit Insurance Corporation

Mark Bialek /S/ Inspector General Board of Governors of the Federal Reserve System and Consumer Financial Protection Bureau

Eric M. Thorson /S/ Inspector General Department of the Treasury

Appendix 1

Objectives, Scope, and Methodology

Objectives

Our objectives were to:

1. Describe the Regulators’ processes for investigating and pursuing EAs against IAPs associated with failed institutions; 2. Describe the FDIC’s process for investigating and pursuing PLCs against individuals and entities associated with failed institutions and its coordination with the FRB and OCC; 3. Determine the results of the Regulators’ efforts in investigating and pursuing EAs and the FDIC’s efforts in pursuing PLCs; and 4. Assess key factors that may impact the pursuit of EAs and PLCs.

Scope and Methodology

The evaluation was performed jointly by the OIGs for the FDIC, the FRB, and the Treasury. Our review covered the 465 institutions that failed during the 5-year period spanning January 1, 2008 through December 31, 2012, that were regulated by the FDIC, FRB, OCC, or OTS. The EAs and PLCs discussed in this report covered the time period from January 1, 2008 through September 30, 2013. The data in this report is as of September 30, 2013, unless otherwise noted.

The information in this report is primarily limited to formal EAs imposed on IAPs and PLCs brought against individuals and entities. The Regulators have also imposed formal and informal EAs and other sanctions against institutions, and have shared information with or referred criminal matters to the DOJ.

Portions of our testing focused on a judgmental sample29 of institutions regulated by the FDIC, FRB, and OCC, that failed between 2008 and 2012, where an MLR was conducted. Of the 465 institutions included in this evaluation, 145 fit these criteria. Our sample consisted of 63 of the 145 institutions, where the:

- FDIC was the PFR for 96 of the 145 institutions. We selected the 20 institutions with the highest percentage of losses to total assets. - FRB was the PFR for 23 of the 145 institutions. We selected all 23 institutions. - OCC was the PFR for 26 of the 145 institutions. We selected the 20 institutions with the highest percentage of losses to total assets.

Footnote 29: The results of a judgmental sample cannot be projected to the intended population by standard statistical methods.

We obtained data from the Regulators’ information systems and public Web sites to gather statistics on the number and status of EAs and PLCs. We traced data from these systems to source documents and reviewed the data for consistency and reliability. We did not assess the information system controls associated with the systems because this was not part of our objectives.

We performed this evaluation from April 2013 through January 2014 in accordance with the Council of the Inspectors General on Integrity and Efficiency’s Quality Standards for Inspection and Evaluation.

Objective 1. To describe the Regulators’ processes for investigating and pursuing EAs against IAPs associated with failed institutions, the OIGs:

- Reviewed Section 8 of the FDI Act and identified the authority granted and statutory elements required to issue the different types of EAs against IAPs.

- Gained an understanding of the policies, procedures, and criteria pertaining to EAs, including those pertaining to delegations of authority and SOLs.

- Reviewed EA information contained in reports provided to Congress, the FDIC’s Board, the FRB, and the Comptroller of the Currency.

- Interviewed Headquarters and regional office staff in the FDIC’s Legal Division, RMS, and DRR; in the FRB’s Legal Division and Division of Banking Supervision and Regulation (BS&R); and the OCC’s Enforcement and Compliance Division.

- Interviewed the FDIC’s Chairman and the ALJ for the FDIC, FRB, OCC, and NCUA.

- Assessed coordination efforts within each regulatory agency.

- Documented the FDIC’s use of back-up enforcement authority pertaining to Downey and IndyMac.

- Reviewed FDIC’s expectations and success pertaining to the timely handling and disposition of EA cases. The FRB and OCC did not have commensurate metrics.

- Documented the FDIC’s, FRB’s and OCC’s issuance and use of formal letters.

- Reviewed the Regulators’ processes for publicizing EAs and concluded that the Regulators publicized EAs in accordance with statutory requirements.

- For the judgmental sample of 63 failed institutions, we: o Reviewed documentation in support of pursued, pending and closed-out EAs. o Determined whether EA decisions were properly approved. o Determined the timeliness of EA close-outs.

Objective 2. To describe the FDIC’s process for investigating and pursuing PLCs against individuals and entities associated with failed institutions and its coordination with the FRB and OCC, the FDIC OIG:

- Reviewed FDIC guidance and key reports, including o Applicable DRR and Legal Division directives, o The Joint Delegations of Authority issued by DRR and the Legal Division, o The FDIC’s Annual Report to Congress, o Documents provided to the FDIC’s Board, and o Policies and procedures related to interagency coordination efforts pertaining to PLCs.

- Determined DRR Investigations’ and the Legal Division’s PLU staffing levels.

- Interviewed DRR and Legal Division officials in the FDIC’s Regional, Temporary Satellite, and Headquarters’ offices.

- Assessed the FDIC’s success in meeting performance goals pertaining to PLCs.

- Reviewed the FDIC’s process for publicizing completed PLCs and tested the process for compliance.

- For the judgmental sample of 63 failed institutions, the FDIC OIG:

o Reviewed documentation on the PLC investigations process and tolling agreements executed between the FDIC and potential defendants. o Reviewed documentation supporting FDIC decisions to close or pursue PLCs, including close-out memoranda and authorizations to file suit or settle. o Determined whether PLC decisions were properly approved.

o Determined which PLCs were closed out due to lack of merit and cost-effectiveness.

o Determined the timeliness of PLC close-outs.

o Reviewed coordination efforts among the FDIC’s PLU and Enforcement sections, and other PFRs.

The Treasury OIG:

- Reviewed policies and procedures related to interagency coordination efforts between the FDIC and other Regulators, pertaining to PLCs.

- Selected a sample of PLCs that were pursued by the FDIC where the OCC was the PFR, reviewed supporting documentation, and interviewed OCC officials to assess OCC coordination efforts with the FDIC.

- Coordinated with the FDIC regarding PLC information pertaining to the 20 OCC failed institutions that were sampled in this evaluation.

Objective 3. To determine the results of the Regulators’ efforts in investigating and pursuing EAs and the FDIC’s efforts in pursuing PLCs, the OIGs:

- Gathered statistics showing the number and types of EAs and PLCs pertaining to the 465 FDIC-insured institutions that failed during the five year period from 2008-2012.

- For the judgmental sample of 63 failed institutions: o Analyzed the number of related EAs and PLCs, o Determined the reasons why EAs and PLCs were pursued or closed, and whether cases were timely closed. o Analyzed MLR data pertaining to the institutions’ management.

- Verified EA and PLC data to source documents and information on the Regulators’ public Web sites.

- Determined the number of EAs and PLCs against directors and officers compared to other IAPs and individuals.

- Compared the number of EAs adjudicated by the ALJ to the number of EAs consented to by the IAPs.

- Analyzed the number of failed institutions with convictions against IAPs that resulted from the FDIC, FRB, and Treasury OIG Office of Investigations’ efforts.

Objective 4. To assess key factors that may impact the Regulators’ pursuit of EAs and PLCs, the OIGs:

- For the judgmental sample of 63 institutions: o Reviewed EA and PLC documentation and determined the extent that key factors impacted decisions to close EA cases and PLCs. o Assessed the need for and use of tolling agreements for EAs and PLCs when a SOL was as a factor. o Compared the timing of EA and PLC decisions to performance goal deadlines.

- Conducted interviews to understand the reasons EA cases and PLCs were closed, including whether legal requirements, staffing and monetary resources, or risk appetite, among other things, impacted decisions to pursue or close these cases.

Appendix 2

Regulators’ Processes for Pursuing EAs and PLCs

FDIC: Enforcement Actions Process Pertaining to IAPs

[To view this image of flow chart refer to the pdf version of this report]

Source: Created by the FDIC OIG based on input from the FDIC. [End of image]

FRB: Enforcement Actions Process Pertaining to IAPs

[To view this image of flow chart refer to the pdf version of this report]

Source: Created by the FDIC OIG based on input from the FDIC. [End of image]

OCC: Enforcement Actions Process Pertaining to IAPs

[To view this image of flow chart refer to the pdf version of this report]

Source: Created by the FDIC OIG based on input from the FDIC. [End of image]

FDIC: Professional Liability Claims Process

[To view this image of flow chart refer to the pdf version of this report]

Source: Created by the FDIC OIG based on input from the FDIC.

[End of section]

Appendix 3 Glossary of Terms

2008 Financial Crisis: The 2008 financial crisis is considered by many economists to be the worst financial crisis since the Great Depression of the 1930s. It resulted in the threat of total collapse of large financial institutions, national government assistance to financial institutions, and downturns in stock markets around the world. Also associated with the crisis were large declines in employment, household wealth, and other economic indicators. Studies suggest that losses associated with this crisis based on lost output (value of goods and services not produced) could range from a few trillion dollars to over $10 trillion.

Authority-to-Sue Memorandum: An official document used by the FDIC for communicating the findings of a PLC investigation and recommending approval to file a lawsuit. This document is reviewed by the FDIC Board as part of the approval process for initiating litigation. The document contains information on the defendant(s), case facts, the reasons for pursuing the claim, damages, anticipated defenses, likelihood of success in litigation, and cost estimates.

Breach of Contract Claim: A claim made against an individual or entity whose duty is defined by the terms of a contract.

Covered Offense: Any criminal offense involving dishonesty, breach of trust, or money laundering.

Deposit Insurance Fund (DIF): The DIF was created in 2006, when the Federal Deposit Insurance Report Act of 2005 provided for the merging of the Bank Insurance Fund and the Savings Association Insurance Fund. The FDIC administers the DIF, the goal of which is to (1) insure deposits and protect depositors of DIF-insured institutions, and (2) resolve failed DIF-insured institutions at the least possible cost to the DIF (unless a systemic risk determination is made). The DIF is primarily funded from deposit insurance assessments.

Edge Act: A 1919 amendment to the Federal Reserve Act, which was sponsored by Senator Walter E. Edge of New Jersey, that authorized the FRB to charter corporations for the purpose of engaging in certain international or foreign banking and financial operations either directly or through the agency, ownership, or control of local institutions in foreign countries.

FDIC as Receiver: The FDIC as Receiver succeeds to the rights, powers, and privileges of a failed institution and its stockholders, officers, and directors. The FDIC as Receiver may collect all obligations and money due to an institution, preserve or liquidate its assets and property, and perform any other function of the institution consistent with its appointment. The FDIC as Receiver is functionally and legally separate from the FDIC acting in its corporate capacity as regulator and deposit insurer.

Federal Deposit Insurance Act (FDI Act): A statute enacted on September 21, 1950 (12 U.S.C § 1811 et. seq.) that governs the FDIC.

Formal Enforcement Action: An action taken pursuant to the powers granted to Regulators under Section 8 of the FDI Act. Each situation and circumstance determines the most appropriate action to be taken.

Informal Enforcement Action: A voluntary commitment made by an institution’s Board. These actions are designed to correct identified deficiencies or ensure compliance with federal and state banking laws and regulations. Informal actions are neither publicly disclosed nor legally enforceable.

Institution-Affiliated Party (IAP): As defined in Section 3(u) of the FDIC Act, an IAP is: 1. Any director, officer, employee, or controlling stockholder (other than a bank holding company or savings and loan holding company) of, or agent for, an insured depository institution; 2. Any other person who has filed or is required to file a change-in-control notice with the appropriate Federal banking agency under section 7(j); 3. Any shareholder (other than a bank holding company or savings and loan holding company), consultant, joint venture partner, and any other person as determined by the appropriate Federal banking agency (by regulation or case-by-case) who participates in the conduct of the affairs of an insured depository institution; and 4. Any independent contractor (including any attorney, appraiser, or accountant) who knowingly or recklessly participates in a) any violation of any law or regulation; b) any breach of fiduciary duty; or c) any unsafe or unsound practice, which caused or is likely to cause more than a minimal financial loss to, or a significant adverse effect on, the insured depository institution.

Insured Depository Institution: Includes all institutions insured by the FDIC, including national banks, state institutions, thrifts, and saving and loans.

Material Loss Review (MLR): When an institution failure results in a material loss to the DIF, the FDI Act requires the appropriate Inspector General to conduct an MLR to report the causes of the failure and the PFR’s supervision of the institution. Before July 21, 2010, a material loss was defined as a loss to the DIF that was in excess of the greater of $25 million or two percent of an institution’s total assets at the time the FDIC was appointed receiver. Amended by the Dodd-Frank Act, effective July 21, 2010, section 38(k) defines a loss as material if it exceeds $200 million for calendar years 2010 and 2011, $150 million for calendar years 2012 and 2013, and $50 million for calendar years 2014 and thereafter (with a provision that the threshold can be raised temporarily to $75 million if certain conditions are met).

Notice of Charges: A formal document stating the charges against an IAP, individual, or entity; the facts surrounding a case; and a time and place for a hearing.

Office of Financial Institution Adjudication: The executive body charged with overseeing administrative enforcement proceedings of the FDIC, FRB, OCC, and NCUA.

Restitution: A remedial action to compensate an institution for a loss that it suffered as a result of a wrongdoer’s misconduct. Restitution may be result from an administrative action or a criminal proceeding. Administrative restitution may be imposed by the Regulators under Section 8(b)(6) of the FDI Act if an IAP was unjustly enriched by a violation or practice that involved a reckless disregard of a law, regulation, or prior order issued by the Regulators. Criminal restitution may be imposed by a court when a person is convicted of a criminal offense.

Regulatory Exclusion: An insurance policy endorsement, term, or rider that excludes the FDIC as Receiver from recovering damages based on its PLCs from insurance policy proceeds.

Suspicious Activity Report (SAR): A report made by an institution to the Financial Crimes Enforcement Network (FinCEN), an agency of the Department of the Treasury, regarding suspicious or potentially suspicious activity. An institution is required to file a SAR when it detects a known or suspected criminal violation of federal law or a suspicious transaction related to money laundering or a violation of the Bank Secrecy Act.

Tolling Agreement: An agreement between the Regulators and potential defendants that extends the SOL. This agreement has been used when the parties are attempting to negotiate a settlement without litigation.

Tort: A breach of duty that the law imposes on persons who stand in a particular relation to one another.

Tort Claim: A civil legal claim, other than a breach of contract, for which a remedy may be obtained, usually in the form of damages.

Uniform Bank Performance Report: A multi-page financial analysis that compares the performance of a given bank against itself and its peer banks, over time.

Written Agreement: An enforceable agreement executed between institutions and regulators in lieu of an EA pursuant to An enforceabsection 8(a) or 8(b) of the FDI Act.

[End of section]

Appendix 4

Regulators’ Responses

[Lettterhead, FDIC logo, Federal Deposit Insurance Corporation, Office of the Chairman 550 17th Street NW, Washington, D.C. 20429-9990]

June 27, 2014

Stephen M. Beard Deputy Inspector General for Audits and Evaluations Office ofinspector General for the Federal Deposit Insurance Corporation 3501 Fairfax Drive Arlington, VA 22226

Dear Mr. Beard:

Thank you for the opportunity to review and comment on the draft report by the Offices ofinspector General for the Federal Deposit Insurance Corporation (the "FDIC"), Board of Governors of the Federal Reserve System and Consumer Financial Protection Bureau, and Department of the Treasury (the "OIGs"), which is entitled Enforcement Actions and Professional Liability Claims Against Institution-Affiliated Parties and Individuals Associated with Failed Institutions, Assignment No. 2013-023 (the "Report"). The objective of the Report is to evaluate (1) the federal banking regulators' efforts to investigate, pursue, and impose enforcement actions against institution-affiliated parties ("lAPs") and (2) the FDIC's efforts to pursue professional liability claims against individuals and entities whose actions harmed institutions that failed.

The Report makes seven recommendations intended to strengthen the federal banking agencies' enforcement programs and the FDIC's professional liability program. The FDIC concurs with each of the recommendations directed to it. Below are the specific actions that the FDIC will undertake to address each recommendation. I appreciate your review and recommendations.

OIGs Audit Recommendation 1: Evaluate existing authorities, legal precedents, and supervisory approaches and establish and communicate, as appropriate, methodologies in which examination results and documentation can support the pursuit of removal/prohibition orders based on willful or continuing disregard for safety or soundness of an institution. Such methodologies may include: a. providing guidance to examiners on how to document and develop evidence sufficient to meet the willful or continuing disregard criteria, and/or b. ensuring adequate internal coordination among legal and supervision divisions, as necessary, about what evidence is needed to successfully bring such orders.

FDIC Response: The FDIC concurs with this recommendation.

Staff has already drafted comprehensive guidance to describe examples of misconduct involving willful or continuing disregard, which may warrant investigation or potential enforcement action. This guidance is nearly ready for dissemination and training is being planned for senior examiners and regional office case managers on this matter.

In addition, the FDIC has recently brought removal/prohibition actions based on the willful or continuing disregard of former lAPs of two failed banks, and continues to consider other such actions.

OIGs Audit Recommendation 2: Research the use of personal cease and desist orders as an enforcement tool to address safety and soundness issues that do not meet the criteria for a removal/prohibition order.

FDIC Response: The FDIC concurs with this recommendation.

Staff is evaluating the use of personal cease-and-desist ("PC&D") orders to ensure that they are appropriately considered as part of the FDIC's enforcement program. Staff has also incorporated the option of issuing PC&D orders into the ongoing reviews of failed insured depository institutions.

OIGs Audit Recommendation 3: Establish written guidance describing under what circumstances to issue formal letters pursuant to section 19 of the FDI Act and post these letters to its public Web site.

FDIC Response: The FDIC concurs with this recommendation.

Staff has begun preparing written guidance describing the criteria for issuing formal letters under 12 U.S.C. § 1829. As part of this process, staff is coordinating with the Office of the Comptroller of the Currency (the "OCC") and the Federal Reserve Board (the "FRB") about their criteria for issuing formal letters. Staff has also begun to discuss how to implement the guidance and post formal letters on the FDIC's public website. The FDIC expects to create a repository for formal letters on its public Enforcement Decision and Orders website, which is located at https://www5.fdic.gov/EDO/index.html.

OIGs Audit Recommendation 4: Consider the need to (1) increase their level of written EA coordination to meet the requirements of Federal Register policy statement 62 Fed. Reg 7782, or (2) revise the policy statement to reflect the Regulators' current level of coordination.

FDIC Response: The FDIC will work with the other federal banking regulators to either revise or rescind Federal Register policy statement 62 Fed. Reg. 7782 (1997), which is entitled Interagency Coordination of Formal Corrective Action by the Federal Bank Regulatory Agencies.

Communication among the Federal Banking Agencies has evolved since the 1997 policy statement was written. Since the 1990s, the FDIC has posted all its enforcement actions on its public Enforcement Decision and Orders website, which includes all enforcement actions that the FDIC has issued since the 1990s. Further, on at least a monthly basis, staff has been coordinating with the OCC and FRB regarding enforcement investigations and actions against former lAPs of failed insured depository institutions. The FDIC will work with the OCC and FRB to determine whether the policy statement should be revised or rescinded in light of intervening developments.

OIGs Audit Recommendation 5: Perform additional research pertaining to ways to compensate for lost revenues as a result of regulatory and other insurance policy exclusions.

FDIC Response: The FDIC concurs with this recommendation.

Both during the prior failing institution crisis (1982-1994) and the more recent crisis (beginning in 2008), the FDIC has performed research and analyzed options to identify ways to compensate for lost recoveries due to insurance policy provisions that exclude coverage for FDIC liability claims. Staff continues to do so. Accordingly, the FDIC fully supports this recommendation. The FDIC has created an interdivisional working group to consider options to address this issue.

OIGs Audit Recommendation 6: Advise their regulated institutions about insurance policy exclusions (OCC and FRB only).

FDIC Response: This recommendation is only directed to the OCC and FRB.

In October 2013, the FDIC issued Financial Institution Letter, FIL-47-2013, entitled Director and Officer Liability Insurance Policies, Exclusions, and Indemnification for Civil Money Penalties. The FIL discusses the importance of reviewing and understanding the risks associated with coverage exclusions pertaining to director-and-officer ("D&O") liability insurance policies. The letter recommends that all directors and officers fully understand the protections and limitations provided by their D&O liability policies. The FDIC supports the recommendation that the OCC and FRB similarly advise their regulated institutions about insurance policy exclusions and other policy provisions that may reduce coverage for certain claims.

OIGs Audit Recommendation 7: Track recoveries and expenses associated with professional liability claims by institution, and periodically report this information to the FDIC Board of Directors and other FDIC executives.

FDIC Response: The FDIC concurs with this recommendation.

The FDIC's Professional Liability Unit currently reports recoveries and expenses on an aggregate basis to the FDIC Board of Directors. Historically, this information has not been reported by institution because, although investigations are conducted in connection with every failed institution, many do not result in the assertion of claims and thus do not have any recoveries. For these institutions, the only expenses to report are the "sunk" costs associated with the professional liability investigations. With respect to those failed institutions for which claims are asserted, the FDIC Board of Directors or the appropriate FDIC delegated authorities are advised of recoveries and expenses at various points, including when staff seeks authority to file lawsuits, settle claims, or make expenditures. On a going forward basis, staff will take the recommended additional step to report on recoveries and expenses by institution on an annual basis for those failed institutions in which all claims areas were closed or fully resolved during the reporting period.

In sum, thank you again for the opportunity to review and comment on the Report. I appreciate your team's professionalism, regular communication, and analysis. Your findings, observations, and recommendations have provided the FDIC with constructive suggestions for enhancing its enforcement and professional liability programs.

Sincerely /S/ Martin J. Gruenberg Chairman

[End of FDIC Corporate Comments]

[Board of Governors of the Federal Reserve System Comments]

[Letterhead Board of Governors of the Federal Reserve System Comments, Agency Seal, Scott G. Alvarez, General Counsel]

July 1, 2014

Mark Bialek, Inspector General Board of Governors of the Federal Reserve System Washington, D.C. 20551

Dear Mr. Bialek:

Thank you for the opportunity to comment on your draft report about enforcement actions and professional liability claims against institution-affiliated parties ("lAPs") associated with failed institutions. As the report recognizes, the Board uses the full range of enforcement tools available to pursue actions against lAPs of failed institutions for their role in violations of law and unsafe and unsound practices committed by the firm. In taking these actions, we work cooperatively with other agencies in the U.S. Government and relevant state governments in investigating and punishing lAPs who engage in misconduct.

The draft report contains two recommendations relating to enforcement actions against lAPs. The first recommendation is that the Board and other Federal banking agencies consider increasing their written interagency coordination on enforcement actions or revise a 1997 interagency policy statement to reflect the current level of coordination.' We plan to review the interagency policy statement, in coordination with the other Federal banking agencies, and consider ways to ensure an appropriate and effective level of communication between the Federal banking agencies as the report recommends.

Footnote 1: 62 Fed. Reg. 7782 (Feb. 20, 1 997).

The second recommendation is that the Board establish and communicate to Federal Reserve supervision staff, as appropriate, methodologies for developing and documenting examination results that support the pursuit of removal and prohibition orders against lAPs where examiners detect willful or continuing disregard for safety and soundness. Legal training is made available to supervision staff on enforcement matters, including the relevant standards for prohibition and removal actions. As a matter of practice, supervisory and legal staff work together in developing specific actions against individuals. We will consider revisions to our training program that may improve coordination among supervisory staff and legal staff about situations and evidence that support enforcement actions.

A third recommendation relates to the report's finding with regard to the FDIC's efforts to pursue professional liability claims against individuals and entities whose actions harmed institutions that ultimately failed. The report recommends that the Federal Reserve and the OCC provide guidance to their regulated institutions, similar to an advisory statement sent by the FDIC to its institutions in 2013, about the level of, and exclusions to, director and officer insurance liability policies for board members and executive officers.2 While the Federal Reserve has issued supervisory guidance urging the institutions it supervises to review their bylaws and any outstanding indemnification agreements, as well as insurance policies to ensure that they conform with the requirements of federal Jaw and regulations, we will review this policy to ensure it is current and appropriately circulated to institutions supervised by the Federal Reserve.3

Footnote 2: Director and Officer Liability Insurance Policies, Exclusions, and Indemnification for Civil Money Penalties, FDIC FIL-47-2013 (October 10, 2013).

Footnote 3: Guidance Regarding Indemnification Agreements and Payments, SR 02-17 (Jlllly 8, 2002).

Thank you, again, for the opportunity to provide comments to this draft report. Sincerely, /S/

[End of Board of Governors of the Federal Reserve System Comments]

[Office of the Comptroller of the Currency Comments]

[Letterhead Office of the Comptroller of the Currency Agency Seal, Washington, DC 20219]

July 16, 2014

Susan Barron Audit Director Department of the Treasury Office of Inspector General Washington, DC 20220

Subject: Response to Draft Report

Dear Ms. Barron:

We have reviewed the Federal Deposit Insurance Corporation's (FDIC) draft joint report titled "Enforcement Actions and Professional Liability Claims Against Institution-Affiliated Parties and Individuals Associated with Failed Institutions." The audit objective was to: 1) describe the regulators' processes for investigating and pursuing enforcement actions (EAs) against institution-affiliated parties (lAPs) associated with failed institutions; 2) describe the FDIC's process for investigating and pursuing Professional Liability Claims (PLCs) against individuals and entities associated with failed institutions and its coordination with the Board of Governors of the Federal Reserve System (FRB) and OCC; 3) determine the results of the regulators' efforts in investigating and pursuing EAs against lAPs and the FDIC's efforts in pursuing PLCs; and 4) assess key factors that may impact the pursuit of EAs and PLCs.

You found that regulators can use EAs against lAPs to remove and prohibit them from participating in the affairs of any insured depository institution for life. Accordingly, the statutory criteria for sustaining a removal/prohibition order are rigorous and the regulators must meet the requisite legal standard for three separate prongs of the statute: misconduct, effect of the misconduct, and culpability for the misconduct. In addition, the regulators each have similar, formal processes to investigate and impose EAs on lAPs whose actions harmed institutions. These processes generally include an investigative period (which can include a formal investigation), agency review, an opportunity for the lAP to consent to the action, and issuance of a Notice of Charges followed by an administrative hearing and an opportunity to appeal to a federal court of appeals if the lAP does not consent to the action.

You made three recommendations to the OCC.

First, you recommend the OCC establish, and communicate, as appropriate, methodologies in which examination results and documentation can support the pursuit of removaUprohibition orders based on willful or continuing disregard for the safety or soundness of an institution.

The OCC will complete a review of existing authorities and legal precedents related to the willful or continuing disregard for the safety or soundness standard by June 30,2015. The OCC will then consider, as appropriate, developing additional guidance for examiners on how to document and support actions based on that standard.

Second, you recommend the OCC consider the need to (I) increase their level of written EA coordination to meet the requirements of Federal Register policy statement 62 Fed. Reg. 7782. or (2) revise the policy statement to reflect the regulators' current level of coordination.

The OCC will coordinate with representatives from the FDIC and FRB by March 31, 2015, to determine whether to increase the level of coordination and communication consistent with the policy statement or to revise the policy statement as appropriate.

Finally, you recommend the OCC should advise its regulated institutions about insurance policy exclusions.

We plan to address the insurance policy exclusion issues in updates to the OCC's The Director's Book and a new section of the Comptroller's Handbook titled "Corporate and Risk Governance." December 31, 2015, is the scheduled completion date for both issuances.

If you need additional information, please contact me or Jennifer Kelly, Senior Deputy Comptroller for Midsize and Community Bank Supervision, at 202-649-5420.

Sincerely,

/S/

Thomas J. Curry Comptroller of the Currency

[End of Office of the Comptroller of the Currency Comments]

[End of section]

Appendix 5

Major Contributors to this Report

FDIC OIG Headquarters

Philip Hodge, Audit Specialist Robin J. King, Auditor-in-Charge Charlinda Sims, Auditor Jill Lennox, Evaluations Manager

E. Marshall Gentry, Assistant Inspector General for Evaluations

Board of Governors of the Federal Reserve System and Consumer Financial Protection Bureau OIG

Jennifer Ksanznak, Auditor Michael VanHuysen, Senior OIG Manager Anna Saez, Audit Manager

Melissa Heist, Associate Inspector General for Audits and Evaluations

Department of the Treasury OIG

Kevin Guishard, Auditor-in-Charge Jeremy Spears, Auditor John Tomasetti, Auditor Dana Duvall, Audit Manager Susan Barron, Audit Director

Marla A. Freedman, Assistant Inspector General for Audit Robert Taylor, Deputy Assistant Inspector General for Audit

[End of section]

Appendix 6

Final Report Distribution

Federal Deposit Insurance Corporation

Chairman

Board of Governors of the Federal Reserve

Chair

Office of the Comptroller of the Currency

Comptroller of the Currency Liaison Officer

Department of the Treasury

Deputy Secretary Office of Strategic Planning and Performance Management Office of the Deputy Chief Financial Officer, Risk and Control Group

Office of Management and Budget

OIG Budget Examiner

Print Print
Close