Ethics for Lawyers Who Represent Financial Institutions and Related Organizations and the Dodd-Frank Regulatory Reform Act

Introduction

The current amended Oklahoma Rules of Professional Conduct ("Oklahoma Rules") were approved by the Oklahoma Supreme Court and became effective January 1, 2008[1].  The amended Rules contain both changes to the substantive Oklahoma Rules themselves and extensive amendments and additions to the Comments.  Several of these amended Rules are cited in these materials and will be the subject of discussions at this seminar.  Additionally, we note that a number of federal regulatory enforcement actions have been issued which are directed at attorneys and law firms as "institution-affiliated" parties under federal law[2].  These provisions of federal law have been revised and strengthened as have other enforcement powers of financial institution regulatory agencies.

Major federal legislation impacting financial institutions and their lawyers has been passed by Congress in the last decade, including the Emergency Economic Stabilization Act of 2008[3], Financial Services Regulatory Relief Act of 2006[4], Gramm-Leach-Bliley Act[5], USA Patriot Act[6], and Sarbanes-Oxley Act[7].  Most recently the current Congress passed the Dodd-Frank Regulatory Reform Act[8] ("Dodd-Frank Act") which we will briefly explain here and discuss in this presentation and in the Panel Discussion at this seminar.

The Dodd-Frank Act was enacted on July 21, 2010, with various effective dates and many substantive revisions which impact statutes applicable to financial institutions and require implementing regulations.  Most of the provisions in the Dodd-Frank Act did not have an immediate impact, but rather will require planning to come into compliance within one year of enactment or have other time periods involving the issuance of new and/or revised regulations.  The transfer date for many provisions in the Dodd-Frank Act was announced on September 20, 2010, to be the earliest date allowed under the Act, i.e., July 21, 2011. That date also triggers full authorization for the new Consumer Financial Protection Bureau.

The Consumer Financial Protection Bureau, within the Federal Reserve, will have broad authorization to promulgate regulations to implement provisions of federal consumer financial law which will impact every financial institution as well as other creditors and related parties.  We emphasize that the scope of this area of law includes lending and operations products and services of financial institutions as well as jurisdiction over those who are service providers to financial institutions.  The expansive authority for the Bureau, along with the enforcement authority of the financial institutions regulators to take action to prevent financial institutions and their service providers "from committing or engaging in an unfair, deceptive, or abusive act or practice under federal law in connection with any transaction with a consumer for a consumer financial product or service, or the offering of a consumer financial product or service," is expected to result in additional rules, interpretations, and guidances and related enforcement actions.

Several other provisions of the Dodd-Frank Act can be expected to impact particular financial institution charter types and their affiliates. Provisions transferring the responsibilities of the Office of Thrift Supervision to the Office of the Comptroller of the Currency for savings institutions and to the Federal Reserve for their holding companies allow this charter type to remain but may result in revised regulations and other changes similar to current charter conversions.  Preemption provisions impacting national banks can be expected to require additional rulemaking interpretations. Other provisions may encourage charter conversions and corporate restructuring. 

Statutory changes and new regulatory provisions will also enhance existing restrictions on limits on transactions with affiliates and insider lending limits and limitations on purchases of assets from insiders.  Other provisions are expected to result in implementing regulations which will document current regulatory expectations, e.g., holding company operations and activities are specifically required to serve as a source of strength for subsidiary depository institutions.

Also of significance were Dodd-Frank Act provisions allowing de novo branching across state lines that would break down remaining state limitations on entry and allow geographic expansion which would no longer require a holding company acquisition.  However, products and services may be impacted by new limitations on credit card, industrial, and trust banks and other commercial firms under provisions in a new statutory title cited as the "Bank and Savings Association Holding Company and Depository Institution Regulatory Improvement Act of 2010."  Additionally, intercharge fees and other fee income limitations as well as a provision requiring a revision to reserve requirements to allow payment of interest on business demand deposits, may present additional earnings challenges in strategic corporate planning.  While several provisions which would have impacted capital adequacy requirements were not in the Dodd-Frank Act as enacted, separate regulatory actions are being considered which can be expected to impact capital requirements and may also significantly impact strategic corporate business plans for a large number of financial institutions.

In the previous decade, Congress passed a series of federal legislative directives ramping up the enforcement powers of federal financial institutions' regulators, i.e., the Financial Institution Reform, Recovery, and Enforcement Act of 1989 ("FIRREA")[9], the FDIC Improvement Act of 1991[10], and the Reigle Community Development and Regulatory Improvement   Act of 1994 ("Reigle Act")[11].  In fact, the regulatory agencies' Standards for Safety and Soundness were initially issued pursuant to Section 132(c) of the FDIC Improvement Act of 1991 as amended by the Reigle Act in 1994 and those statutory provisions which were mirrored by the regulators are codified in Section 39 of the FDIC Improvement Act at 12 U.S.C. 1831 p-1.  Subsequently, Year 2000 Guidelines were added by the regulators and then removed and replaced with the Interagency Guidelines Establishing Standards for Safeguarding Customer Information.  Current legal priorities for financial institutions and their federal regulators and thus, their lawyers, are also being driven by Congressional and regulatory reaction to the security breaches and criminal activity, credit problems, unfair and deceptive practices, and global economic issues.  Various national and international economic events and recent developments impact and overlay the body of law and ethical considerations through which lawyers representing financial institutions must cautiously tread.  In addition, regulatory enforcement actions continue to highlight the administrative law concerns raised in these materials.

 

I. ETHICAL ISSUES FOR LAWYERS REPRESENTING BANKS AND OTHER HIGHLY-REGULATED RELATED BUSINESSES

An attorney who represents a financial institution or a related business encounters some of the most complicated and far reaching ethical issues of any practitioner.  All bank regulatory agencies have authority to seek civil damages against any "institution affiliated party" which is defined to include attorneys in certain situations[12].  Section 708 of the Financial Services Regulatory Relief Act of 2006[13] substantially expanded the scope of regulatory enforcement authority applicable to "institution affiliated parties" by broadening that definition, effective October 13, 2006.

Because of the complications of being an "institution affiliated party" as well as unique conflict issues involving representation of the financial institution or one of its affiliates or related entities and those individuals associated with the institution in the capacity of officers or directors, whether practicing corporate or regulatory compliance law in the sphere of financial institution representation, a lawyer faces a multitude of ethical questions.  These ethical questions may also involve potential violations of Federal and state banking law.  There are also other ethical issues and concerns which arise when a lawyer serves on the board of directors of a financial institution or one of its affiliates or is simply operating a law firm which has a banking relationship with a financial institution the firm represents. 

The uniqueness of representing a client which is subject to high regulatory standards and examination and reporting to government entities increases the scrutiny of the ethical considerations with regard to appropriate confidentiality and conflicts issues.  These issues and the accompanying potential liability have been substantially enhanced in the last two decades due to litigation surrounding closed bank and savings and loan association receiverships and subsequent legislation.  The Federal legislative developments have been substantive and expansive in providing additional enforcement tools and broad safety and soundness standards.  Subsequently promulgated regulations to implement these new tools and standards have been effectively used to address regulatory concerns.

There have also been a myriad of other legislative and regulatory developments impacting the representation of financial institutions and related business.  For instance, the contracting of services with other entities, particularly technological services, has become subject to more specific regulatory scrutiny and guidance.       

In addition, because this is such a highly regulated industry, administrative law issues overlay virtually all of the bank regulatory and ethical issues.  These administrative law issues give rise to important ethical issues and have been reviewed nationally by bar association committees.     

The purpose of this presentation will be to highlight ethical concerns in several areas of banking and consumer law and to heighten awareness of the various laws and ethical considerations.  Also, we would seek to encourage the development of discussion and educational presentations concerning ethical issues in corporate and regulatory representation of financial institutions and related businesses.

A. Confidentiality: Attorney-Client Privilege.

Section 607 of the Financial Services Regulatory Relief Act of 2006[14] included a provision addressing the disclosure of information to supervisory agencies.  Specifically, Section 1828(x) of Title 12 of the United States Code was amended to address concerns regarding the waiving of privileges in responding to examination and other requests or otherwise providing information to federal and state banking regulators.  Subsection 1828(x)(1) specifically provides as follows:

The submission by any person of any information to any Federal banking agency, State bank supervisor, or foreign banking authority for any purpose in the course of any supervisory or regulatory process of such agency, supervisor, or authority shall not be construed as waiving, destroying, or otherwise affecting any privilege such person may claim with respect to such information under Federal or State law as to any person or entity other than such agency, supervisory, or authority.[15]

State professional responsibility rules have also been readdressed in this area. For instance, Rule 1.6 of the Oklahoma Rules previously provided for the "Confidentiality of Information" in the client-lawyer relationship as follows:

(a) A lawyer shall not reveal information relating to representation of a client unless the client consents after consultation, except for disclosures that are impliedly authorized in order to carry out the representation, and except as stated in paragraph (b) and (c).

(b) A lawyer may reveal, to the extent the lawyer reasonably believes necessary, information relating to representation of a client:

(1) to disclose the intention of the client to commit a crime and the information necessary to prevent the crime;

(2) to rectify the consequences of what the lawyer knows to be a client's criminal or fraudulent act in the commission of which the lawyer's services had been used, provided that the lawyer has first made reasonable efforts to contact the client but has been unable to do so, or that the lawyer has contacted and called upon the client to rectify such criminal or fraudulent act but the client has refused or is unable to do so;

(3) to establish a claim or defense on behalf of the lawyer in a controversy between the lawyer and the client, to establish a defense to a criminal charge or civil claim against the lawyer based upon conduct in which the client was involved, or to respond to allegations in any proceeding concerning the lawyer's representation of the client;

(4) or as otherwise permitted under these Rules.

(c) A lawyer shall reveal such information when required by law or court order.[16]

Rule 1.6 has been substantially expanded, as follows:

(a) A lawyer shall not reveal information relating to the representation of a client unless the client gives informed consent, the disclosure is impliedly authorized in order to carry out the representation or the disclosure is permitted by, paragraph (b).

(b) A lawyer may reveal information relating to representation of a client to the extent the lawyer reasonably believes necessary:

(1) to prevent reasonably certain death or substantial bodily harm;

(2) to prevent the client from committing:

(i) a crime; or

(ii) a fraud that is reasonably certain to result in substantial injury to the financial interests or property of another and in furtherance of which the client has used or is using the lawyer's services;

(3) to prevent, mitigate or rectify substantial injury to the financial interests or property of another that is reasonably certain to result or has resulted from the client's commission of a crime or fraud in furtherance of which the client has used the lawyer's services, provided that the lawyer has first made reasonable efforts to contact the client so that the client can rectify such criminal or fraudulent act, but the lawyer has been unable to do so, or the lawyer has contacted the client and called upon the client to rectify such criminal or fraudulent act and the client has refused or has been unable to do so;

(4) to secure legal advice about the lawyer's compliance with these Rules;

(5) to establish a claim or defense on behalf of the lawyer in a controversy between the lawyer and the client, to establish a defense to a criminal charge or civil claim against the lawyer based upon conduct in which the client was involved, or to respond to allegations in any proceeding concerning the lawyer's representation of the client; or

(6) as permitted or required to comply with these Rules, other law or a court order.[17]

Rule 1.6 of the ABA Model Rules of Conduct is not as permissive as the Oklahoma Rule and other state rules may vary also.[18]  Additionally, those attorneys who handle securities matters before the Securities and Exchange Commission ("SEC") for financial institutions will have the requirements of SEC regulations[19] implementing Part 307 of the Sarbones-Oxley Act of 2002 to meet in their communications with their client and the SEC.

Many unique areas of banking and consumer law and particularly the fair lending area of law give rise to concerns with regard to this Rule.  Because of the emphasis of Congress and the legislative directives to the federal banking regulatory agencies as well as Department of Justice and the Department of Housing and Urban Development on fair lending law violations, financial institutions have been for years and continue to prioritize fair lending training and auditing.  It appears appropriate that in the event that an in house or outside auditor discovers any discriminatory practice, management be advised immediately to be in contact with bank counsel both to address appropriate corrective action and to seek to protect the results of the auditing from discovery.  This discovery could be either in civil litigation or during an examination by a bank regulatory agency.

These fair lending auditing results as well as other sorts of compliance auditing records have been addressed by a number of state legislatures including the Oklahoma Legislature.  Section 3002 of Title 6 of the Oklahoma Statutes, which was effective July 1, 1995, provides as follows:

A. For purposes of this section:

1. "Depository institution: means a state-chartered or federally chartered financial institution located in this state that is authorized to maintain deposit or share accounts;

2. "Compliance review committee" means:

a. an audit, loan review of compliance committee appointed by the board of directors of a depository institution, or

b. any other person to the extent the person acts in an investigatory capacity at the direction of a compliance review committee;

3. "Compliance review documents" means documents prepared for or created by a compliance review committee;

4. "Loan review committee" means a person or group of persons who, on behalf of a depository institution, reviews loans held by the institution for the purpose of assessing the credit quality of the loans, compliance with the loan policies of the institution, and compliance with the applicable laws and regulation; and

5. "Person" means an individual, group of individuals, board, committee, partnership, firm, association, corporation, or other entity.

B.  This section applies to a compliance review committee whose functions are to evaluate and seek to improve:

1. Loan underwriting standards;

2. Asset quality;

3. Financial reporting to federal or state regulatory agencies; or

4. Compliance with federal or state statutory or regulatory requirements.

C. Except as provided in subsection D of this section:

1. Compliance review documents are confidential and are not discoverable or admissible in evidence in any civil action arising out of matters evaluated by the compliance review committee; and

2. Compliance review documents delivered to a federal or state government agency remain confidential and are not discoverable or admissible in evidence in any civil action arising out of matters evaluated by the compliance review committee.

D. Subsection C of this section does not apply to any information required by statute or regulation to be maintained by or provided to a governmental agency while the information is in the possession of the governmental agency to the extent applicable law expressly authorizes its disclosure.

E. This section may not be construed to limit the discovery or admissibility in any civil action of any documents that are not compliance review documents, nor may it be construed to limit the discovery or admissibility of any relevant documents which reflect evidence of fraud committed by an insider of a depository institution, to the extent those documents are otherwise discoverable or admissible.[20]

The Federal banking agencies have also recognized and discussed the sensitivity and importance of preserving the confidentiality privilege during the examinations.  For instance, the Office of the Comptroller of the Currency has addressed these issues in the Comptroller's Handbook on Litigation and Other Legal Matters, which states as follows:        

When evaluating matters in litigation or other legal matters, an examiner should be aware that certain documents prepared by, or in the possession of, bank counsel may indeed be privileged and the examiner therefore should take certain precautions to safeguard these privileges.  Bank management or counsel, while desirous of being fully cooperative, may be concerned that disclosure of certain materials to an examiner could result in a waiver of an applicable privilege (i.e., attorney-client privilege or attorney work-product privilege).

The OCC is of the view that a bank that discloses privileged information to an examiner during an examination does not waive its privileges.  Nevertheless, the agency recognizes that the OCC's and bank's common interest in encouraging forthright and open communications is best maintained by taking appropriate steps during the examination to safeguard a bank's privileged materials.

As a general matter, examiners should, when possible, obtain needed information from sources that are not privileged.  In those few instances when access to privileged materials or information is considered necessary, the examiner, in consultation with the OCC legal counsel, should evaluate how to obtain the needed information.  Safeguards that should be considered by the examiner and counsel include:

  • Requesting privileged documents only when the risk of exposure to the bank's earnings or capital is material.

  • Limiting the form and scope of a request for privileged documents.

  • Exchanging written communications with the bank setting forth the precise identity of the materials being provided, confirming the OCC's and bank's expectations that the privileged materials are being provided pursuant to the agency's examination authority (i.e., 12 USC 481), and confirming that the confidentiality of the materials will be maintained to the extent required or permitted by law.[21]

Related issues involving whether the records actually belong to the bank and when those records may or may not be protected by an attorney-client privilege from access by a bank regulatory agency need to be explored.  Additionally, caution with regard to discussions of the issues among bankers or other persons, for instance, in a seminar setting, giving rise to a waiving of the privilege also is of concern to financial institutions counsel and should be addressed by counsel with the client as a preventative measure in representing the client.

A new Section 4.4(b) in the Rules addresses the issues of misdelivered documents, e.g., where produced documents include a third-parties' records or records are taken by a whistle blower.  The duty to promptly notify the sender is included along with commentary to address waiver of the privilege and related issues.

B. Professional Competence.

Rule 1.1 of the Oklahoma Rules[22] and Rule 1.1 of the ABA Model Rules of Professional Conduct[23] requiring professional competence state specifically as follows:

A lawyer shall provide competent representation to a client. Competent representation requires the legal knowledge, skill, thoroughness, and preparation reasonable necessary for the representation.

There are a substantial number of areas of the law which require in depth study and focus in order to achieve and maintain competency in representation of the financial institution client.  Lawyers representing financial institutions and related businesses find the applicable law challenging and continuously changing.  The need for finding a specific area in which to concentrate and continuing an attorney's legal education to be apprised of legal requirements and revisions to represent the client is quickly apparent in reviewing enforcement matters as well as civil litigation.  Reviewing the current emphasis of issues in both bank safety and soundness and compliance examinations provides guidance in identifying areas of particular importance to your client.

As an example, one area of long term and current emphasis by the regulators is the area of law generally referred to as "fair lending" including the implementing of regulations of the Equal Credit Opportunity Act[24], the Community Reinvestment Act[25], the Fair Housing Act[26], the Home Mortgage Disclosure Act[27], Real Estate Settlement Procedures Act ("RESPA")[28], and the Truth in Lending Act[29]which includes Section 32, the Home Ownership and Equity Protection Act of 1994 ("HOEPA")[30], which have been and continue to be vigorously enforced.  Of course, the various regulations, interpretations and commentaries published by the regulatory agencies on this topic are part of this expansive body of law; for instance, the Interagency Policy Statement on Discrimination in Lending as well as other interpretations available from the banking agencies must be familiar to a practitioner assisting a financial institution with compliance.

It is important that financial institution counsel be prepared to assist the client with avoiding any repeat violations, that is, those previously cited by a regulator in a Report of Examination.  Additionally, the current emphasis of examinations on privacy and safeguarding of customer information issues, the Bank Secrecy Act[31], and the Flood Disaster Protection Act[32] gives rise to a need for familiarity with those provisions and recent revisions as well as implementing regulations, guidelines, and interpretations.  Other areas with high enforcement exposure include the Federal affiliates and insider borrowing restrictions.[33]  Areas of third party exposure which require emphasis include privacy, suspicious activity reports and subpoenas, Truth-In-Lending[34], RESPA[35], and Truth-In-Savings[36].

Most importantly, it is noted that certain consumer laws allow an appropriate redisclosure or reimbursement to customers to limit civil liability if properly accomplished within set time limits.  For instance, the Truth-In-Lending law permits corrective action within 60 days of "discovery".  Thus, it is imperative that counsel be familiar with these provisions and timely advise the client of legal alternatives to be considered in addition to the business decisions they may be reviewing.

An area of particular importance in which unwary practitioners may find problems is the appropriate notice or prior approval of the regulations of change of control of a financial institution.  This is an area which may result in enforcement actions against individuals or the financial institution.  Review of the rules of notice and the definitions of what constitutes "control" is advisable.[37]  While there are delineated exceptions, it is imperative that if there is any question with regard to the application of these provisions, the staff of the Federal Reserve Board or other regulator with jurisdiction be consulted prior to taking any action which could result in direct or indirect control of a bank or other financial institution.  One of the common errors by counsel involved in estate planning has been establishment of a trust which may inadvertently cause a violation of these provisions if the requirements of the exceptions are not met.

Additionally, it is noted that a change of control and other factors can trigger certain additional reporting requirements for periods established by regulatory issuances pursuant to Federal statutes.  For instance, Federal law requires specified categories of national banks to furnish the OCC with at least thirty (30) days notice before adding any individual to the board of directors or employing an individual as a senior executive officer.  That is, a national bank is subject to the notice requirement if the bank (i) has been chartered for fewer than two years, (ii)  has undergone a change of control within the preceding two years, or (iii) is not in compliance with the minimum capital requirements applicable to it or is otherwise in a "troubled condition," as determined on the bases of the bank's most recent report of condition or report of examination or inspection.[38]  There are certain waiver provisions and an appeal process; however, the significant penalties which can be assessed for violations of provisions relating to change of control and other factors dictate caution in reviewing the primary source of the provisions as well as communication with the banking regulatory agencies with jurisdiction over the entities involved.

We note that recent revisions to the provisions of federal law which expand enforcement authority over "institution affiliated parties" also specifically relate to change of control transactions. Additionally, recent enforcement actions which name attorneys have involved issues regarding insider transactions as well as issues of competency.[39]

C. Independent Professional Judgement/Conflict of Interest.

Representing a financial institution as an entity and dealing with statutes that have potential criminal or civil money penalties requires careful review of whether a lawyer is convinced that differing interests are not present.  Appropriate ongoing review and disclosure as well as encouragement of the retention of independent counsel is necessary in many instances.   Additionally, direct communication with the Board of Directors may be necessary in order to properly communicate concerns to the client.[40]

Areas in which these sorts of issues most quickly arise involve capital and dividend matters and holding company formations and expansion.   Also, affiliate party transactions and insider borrowing transactions can involve these sorts of issues because of the complicated overlapping of affiliate and insider borrowing issues.[41]  Recently adopted Regulation W[42] implementing provisions of the Banking Affiliates Act[43] and subsequent issuances provide guidance and additional limitations on affiliate transactions.  The violations of these provisions are more likely to involve pursuit of civil money penalties than many other sorts of violations.  Familiarity with definitions of "executive officer," "related interests," and "affiliates" as well as familiarity with the issues of "control" are imperative.  A willingness to step forward on behalf of the financial institution to request that an extension of credit or several loans be properly paid off by the borrower who is an insider is important to properly represent the client institution.

Another very difficult area that can involve civil money penalties or criminal prosecution and potential conflict of interest is the Bank Secrecy Act.[44]  Federal law disallows the disclosure to a person who is the subject of a suspicious activity report of the fact that a suspicious activity report is to be filed.  Bank counsel should be familiar with that requirement and properly advise clients with regard to these issues. Because of the very fine line in handling required reporting, including suspicious activity reports, versus complying with privacy law restrictions, counsel for the financial institution must be well apprised of these areas of law and quick to recognize and disclose conflicts.  A review of these pitfalls would involve a discussion of the inherent conflicts in these laws.  Generally, no release of customer financial records is permitted unless the customer agrees to the release or the customer is notified and the customer does not object after notice and a reasonable time to raise an objection.  However, in certain instances Federal law prohibits the disclosure to the customer of the request for information; for instance, where a Federal grand jury subpoena has been issued involving a crime against a bank.  Additionally, financial institutions are obligated to file suspicious activity reports in instances where there is a "suspicion" of a crime; however, only very limited information can be released to appropriate government authorities relevant to a possible violation and, release of information beyond those limits can expose the institution and related individuals to third party liability and the person who is the subject of the filing cannot be notified.[45]

Because of the nature of reporting currency transactions and appropriate use of suspicious activity reports in this area, a substantial degree of risk with regard to handling appropriate release of bank customer information is involved.  In instances when an officer or director of an institution is the subject of the report, the attorney's responsibility remains with the institution.  While independent representation may be sorely needed, to so advise the individual would cause a violation of Federal law.

Rule 1.13 of the Oklahoma Rules and the ABA Model Rules of Professional Conduct deal with representing an organization such as a bank or other business entity as a client.  This rule addresses the sorts of situations where an officer, employee or other person intends to act or refuses to act in a matter that may cause a violation of a legal obligation of the organization and the lawyer is obligated "to proceed as is reasonably necessary in the best interest of the organization".[46]  One measure that may be taken is advising that a separate legal opinion on the matter be sought for presentation to the appropriate authority (this may be the board of directors).  Separately, the rule provides that in dealing with an organization's directors, officers, employees, members, shareholders or other constituents, a lawyer is obligated to explain the identity of the client when it is apparent that the organization's interests are adverse to those of the constituents with whom the lawyer is dealing.  This rule also separately addresses the situation where an attorney represents both the organization and the interest of any such individual constituent and must obtain the consent required by Rule 1.7 from an appropriate official(s) other than the person being represented (again, this may be the board of directors).

The ethical issues which arise in the situation where a lawyer serves on the board of directors of a financial institution or a related business are manifold.  The commentary to Rule 1.7 of the Oklahoma Rules sets forth specific direction on certain of these issues as follows:

A lawyer for a corporation or other organization who is also a member of its board of directors should determine whether the responsibilities of the two roles may conflict.  The lawyer may be called on to advise the corporation in matters involving actions of the directors.  Consideration should be given to the frequency with which such situations may arise, the potential intensity of the conflict, the effect of the lawyer's resignation from the board and the possibility of the corporation's obtaining legal advice from another lawyer in such situations.  If there is material risk that the dual role will compromise the lawyer's independence of professional judgement, the lawyer should not serve as a director.[47]

Interestingly, the commentary to the amended Rule expands this analysis with the following additional language:

or should cease to act as the corporation's lawyer when conflicts of interest arise.  The lawyer should advise the other members of the board that in some circumstances matters discussed at board meetings while the lawyer is present in the capacity of director might not be protected by the attorney-client privilege and that conflict of interest considerations might require the lawyer's recusal as a director or might require the lawyer and the lawyer's firm to decline representation of the corporation in a matter.[48]

The concept with regard to a "Chinese Wall" in acquisition and merger transactions particularly as well as in regulatory representation needs to be carefully reviewed.  Several provisions in the amended Rules affect commercial lawyers' conflict of interest issues.  A new Section 1.18 addresses the likelihood of a conflict being created in the first meeting with a prospective client on a new matter and, as noted above, other revisions include the use of "informed consent" requirements.  Separately in amended Rule 1.0(k) the old "Chinese Wall" approach in handling conflicts within a firm is addressed within the definition for the "screened" handling of matters.

D. Zealous Advocacy.

The attorney"s obligation to zealously assert the client"s position is found in the Preamble to the Oklahoma Rules and the ABA Model Rules of Conduct and Rule 1.3 of both the Oklahoma and Model Rules.  After first identifying the client and resolving any conflicts, the attorney still must guard against advocating a position zealously which ultimately is not in the best interests of his/her client and its directors nor the attorney as an affiliated party.

For instance, attorneys representing financial institutions frequently find themselves in situations involving evaluations of loans for combination or otherwise structuring lending transactions involving insider transactions, affiliate transactions, or lending limit considerations with outside borrowers.  Pressure to assist in allowing the loans booked at the bank rather than participated or made by another lender is not uncommon.  This is an area in which counsel have been pursued as "affiliated parties" by bank regulatory agencies and further discussion and review of the responsibilities of attorneys in this area is important.

E. Administrative Law.

In order to effectively represent a client in regulatory enforcement and compliance matters, one must put in perspective the current regulatory enforcement tools of the banking agencies.  This can best be accomplished by first reorienting ourselves with the interplay of administrative law and banking law.  Next we must focus on the status of prompt corrective action after the passage Gramm-Leach-Bliley Act[49] and its implementing regulations and the relationships and use of other enforcement tools by the regulators.  Additionally, we need to review the various regulatory priorities of financial institutions by looking at not only liability in enforcement actions, but also third party liability in both compliance and safety and soundness matters.

Enforcement actions can only be brought by federal regulators based on statutory authority or certain types of rules of the agencies adopted pursuant to the Federal Administrative Procedure Act.[50]  An article published in the American Bar Association's Administrative Law Review's Spring 2000 issue entitled Distinguishing Legislative Rules from Interpretive Rules[51] describes the confusion in the law regarding those rules which have the force and effect of law.  While you may or may not agree with the position advocated by the author of that article, the review of the status of the law is helpful in reflecting on the various rulemaking endeavors of the federal banking regulatory agencies.

In addition to other precedent setting cases, the above-referenced article discusses a recent decision by the D.C. District Court.[52]  If you were planning a fishing trip to Alaska, you would want to know whether the Federal Aviation Administration ("FAA") could require a guide who transports you to conform to the licensing requirements applicable to commercial pilots or whether the Alaska Professional Hunters Association was right that the FAA's rule was procedurally invalid.  Likewise, in representing any banker or bank director or office or affiliated party in any sort of enforcement action, you will want to be able to effectively evaluate the status of the underlying law which may serve as the basis for such action.  In the Alaska Professional Hunters Association case, the Court determined that the FAA's rule was invalid.

Publication for comment and codification in the Code of Federal Regulations is not always required for a rule to have the force and effect of law; however, the statutory basis for a lesser process on which to find an interpretation or guideline or other sort of legal basis for an enforcement action (perhaps one which may be cited in an examination report) needs to be reviewed to determine whether a valid reference for any sort of enforcement action exists.  Both the state of administrative law and banking enforcement law are in flux and legal counsel should be current on the status and the interplay between these areas of law.

The federal banking regulators have been diligent in their work and have been prodded by Congress to more aggressively establish additional legal basis for enforcement actions.  Because of the potential for various sorts of actions to be pursued against a financial institution and its affiliated parties for violations of that level of law which serves as valid basis for such action, focus by directors, management and counsel on those areas addressed by Congress and by the regulators is well placed.

We saw the pendulum move from consumer exams in the late 70's to safety and soundness in the early 80's, a reemphasis on compliance beginning in the late 80's, and then movement toward an emphasis again on safety and soundness in the early to mid 90's.  Congress and the banking regulatory agencies have gradually over the last decade reemphasized safety and soundness and risk management in addition to compliance for banks.  This change in emphasis is reflected in the interagency guidelines establishing standards for safety and soundness, the interagency guidelines for asset quality, earnings and stock valuation standards, and the categories of risk identified by the regulators as inherent in bank activities.  Examiners have become familiar with the application of examination procedures for the various risk management standards of their agencies and current examinations encompass these concepts.

Federal regulators were mandated by Congress in 1991 and again in 1994 to reemphasize safety and soundness when each federal banking agency was required by the Federal Deposit Insurance Corporation Improvement Act of 1991[53] and the Reigle Community Development and Regulatory Improvement Act of 1994[54] to establish safety and soundness standards for all insured depository institutions and took the approach in their issuances that they were simply helping a bank be a better bank.  Specifically, for instance, the safety and soundness guidelines were written to reflect what the regulators thought were good banking practices.  However, because of the Federal statutory mandate, the accompanying enforcement rules give the regulators another arrow in their enforcement quiver.  This additional arrow has been effectively used in a number of enforcement scenarios particularly those relating to Year 2000 compliance.  Formal written agreements serve as particularly effective enforcement tool because substantive violations of the agreements themselves rather than any violation of law can serve as a basis for assessment of civil money penalties.

For several years the enforcement actions focused on risk management, Bank Secrecy Act compliance and information security and now there is again a renewed development of compliance and safety and soundness examination strategies and enforcement actions by the regulators.  These enforcement actions relate to investment and credit risks, capital adequacy, management problems, and other significant safety and soundness issues. Additionally, the overhaul of consumer lending and operations rules currently create an environment of risk which can impact management ratings and result in enforcement actions.  Additionally, regulatory response to the federal Gramm-Leach-Bliley Act mandates require the agencies to continue to apply their resources to information security risks.  The experience of using prompt corrective actions as enforcement tools has advanced the skills of the regulators in both establishing the basis for such actions and pursuing them effectively.

Pursuant to the Gramm-Leach-Bliley Act, the Federal Deposit Insurance Corporation, Federal Reserve Board, Office of the Comptroller of the Currency, and Office of Thrift Supervision issued Interagency Guidelines Establishing Standards for Safeguarding Customer Information ("Guidelines").[55]  While the new privacy rules and permitted activities under Gramm-Leach-Bliley have seemed to receive the greatest attention, these Guidelines can have a more significant impact on enforcement related matters.  This is because the agencies are able to enforce these standards in the same manner as other safety and soundness standards issued pursuant to Section 39(a) of the Federal Deposit Insurance Act.  Section 39(a) authorizes the agencies to establish operational and managerial standards for insured depository institutions related to, among other things, internal controls, information systems, and internal audit systems, as well as such other operational and managerial standards as the agencies determine to be appropriate.  A violation of these standards may be an unsafe and unsound practice within the meaning of these provisions.[56] The Guidelines are applied to banks, savings associations, bank holding companies, and certain of their nonbank subsidiaries.  The Guidelines required institutions to fully implement an information security program as outlined in the Guidelines.

The Guidelines required institutions to implement a comprehensive information security program that includes administrative, technical, and physical safeguards appropriate to the size and complexity of the institution and the nature and scope of their activities.  An institution's information security program must ensure the security and confidentiality of customer information; protect against any anticipated threats or hazards to the security or integrity of such information; and protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer, or risk to the safety and soundness of the institution.

The Guidelines describe the oversight role of the board of directors in this process and management's continuing duty to evaluate and report to the board on the overall status of the program.  The four steps in this process require an institution to: (1) identify and assess the risks that may threaten customer information; (2) develop a written plan containing policies and procedures to manage and control these risks; (3) implement and test the plan; and (4) adjust the plan on a continuing basis to account for changes in technology, the sensitivity of customer information, and internal or external threats to information security.  The Guidelines also set forth an institution's responsibility for overseeing outsourcing arrangements.

It is emphasized by the regulators that each financial institution needs a risk management system which works for the particular institution.  The examiners should take into consideration the institution's current system and give the benefit of the doubt to those institutions which have taken a thoughtful approach to establishing good banking practices.  Thus, it is important to review the current emphasis of examinations in addition to those Guidelines and consider ways to properly evaluate and redevelop lending and operations policies and processes to comply with the expectations of the regulators.

F. Interdisciplinary Practice and Multistate Practice and Unauthorized Practice of Law.

The discussions and actions by bar associations and others concerning both interdisciplinary practice and multistate practice issues have significant implications for financial institution and consumer law practitioners.  The concerns regarding unauthorized practice of law are raised in many regulatory compliance auditing and consulting arenas involving consumer law and other areas of law affecting financial institutions and related businesses. Additionally, multifaceted class action lawsuits involving consumer laws often involve activities conducted in many states by the same entity or related entities.  Counsel representing financial institutions and related businesses should be familiar with these issues if not involved in these discussions.[57]  Of course, the impact of the Sarbanes-Oxley Act[58] and its implementing regulations on auditing and consulting businesses was a significant development and the reach and affect of subsequent regulatory actions continue to be part of these discussions.

The amended Rules made no substantive changes to current Rule 5.4 which would address multidisciplinary practices.  The amended Rules 5.5 and 8.5 did revise the multi-jurisdictional rules creating specific safe harbors and addressing reciprocal enforcement.  Rule 1.13 as amended, addresses the Sabanes-Oxley "up the ladder" communication requirements for representing an entity.  We encourage your review of the specific provisions of the Rules on the OBA website cited in the Introduction to these materials.

 

II. CORPORATE CODES OF CONDUCT AND ETHICS POLICIES

Issues regarding ethical conduct for financial institution officers, directors, employees and attorneys often arise in connection with the Federal Bank Bribery Act (the "Act").[59]  The Act prohibits the payment or solicitation of bribes in connection with financial institution transactions, as follows:

"(a) Whoever-

(1) Corruptly gives, offers, or promises anything of value to any person, with intent to influence or reward an officer, director, employee, agent, or attorney of a financial institution in connection with any business or transaction of such institution; or

(2) As an officer, director, employee, agent or attorney of a financial institution, corruptly solicits or demands for the benefit of any person, or corruptly solicits or demands for the benefit of any person, or corruptly accepts or agrees to accept, anything of value from any person, intending to be influenced or rewarded in connection with any business or transaction of such institution;

Shall be fined not more than $1,000,000 or three times the value of the thing given, offered, promised, solicited, demanded, accepted, or agreed to be accepted, whichever is greater, or imprisoned not more than 30 years, or both, but if the value of the thing given, offered, promised, solicited, demanded, accepted, or agreed to be accepted does not exceed $1,000, shall be fined under this title or imprisoned not more than one year, or both.[60]

The language of the Act clarifies that it is not intended to prohibit “bona fide salary, wages, fees, or other compensation paid, or expenses paid or reimbursed, in the usual course of business.”[61]  The Act continues to direct that “federal agencies with responsibility for regulating a financial institution shall jointly establish such guidelines as are appropriate to assist an officer, director, employee, agent, or attorney of a financial institution to comply with [the Act]".[62]

Regulatory pronouncements in recent years have emphasized the need for financial institutions to adopt corporate codes of conduct, codes of ethics or ethics policies (collectively hereafter "code" or "codes") to address issues arising under the Act, as well as general corporate governance concerns arising under the Sarbanes-Oxley Act and related provisions of the Federal Deposit Insurance Act ("FDI Act") and regulations, and those laws and regulations specifically addressing prohibitions and limitations on insider transactions, including the Federal Reserve Board's Regulation O ("Regulation O").[63]  The FDIC issued its "Corporate Code of Conduct Guidance on Implementing an Effective Ethics Program" in October of 2005 ("FDIC Guidance") and the OCC addressed the need for codes in the "Insider Activities" segment of the Controller's Handbook, issued in March of 2006 ("Comptroller's Handbook").[64]

The FDIC Guidance recommends that codes address all of the following issues:

1. Safeguarding confidential information and compliance with the Gramm-Leach-Bliley Act of 1999 ("GLBA");

2. Ensuring the integrity of records and accounting information;

3. Providing strong internal controls over assets;

4. Providing candor in dealing with auditors, examiners and legal counsel;

5. Avoiding self-dealings and acceptance of gifts or favors, including specific compliance with the Act;

6. Implementing appropriate background checks (both for employees and ensuring that third party service providers conduct appropriate employee screening procedures);

7. Involving internal auditor in monitoring codes;

8. Providing a mechanism to report questionable activity (such as a hotline which could be advertised to employees, suppliers, third party service providers and customers);

9. Outlining penalties for breaches of codes;

10. Providing periodic training and acknowledgement of codes; and

11. Periodically updating codes, as well as other applicable policies and procedures, to reflect new business activities.[65]

The FDIC Guidance also specifically identifies the following regulations, as applicable, that should be considered in adopting codes and included in codes, or related policies:

1. Section 18(k) of the FDI Act (Authority to Regulate or Prohibit Certain Forms of Benefits to Institution-Affiliated Parties);

2. Part 359 of the FDIC Rules and Regulations (Golden Parachutes and Indemnification Payments);

3. Section 39(c) of the FDI Act (Compensation Standards);

4. Section 32 of the FDI Act (Agency Disapproval of Directors and Senior Executive Officers of Insured Depository Institutions or Depository Institution Holding Companies);

5. Section 19 of the FDI Act (Penalty for Unauthorized Participation by Convicted Individual);

6. Part 349 of the FDIC Rules and Regulations (Reports and Public Disclosure of Indebtedness of Executive Officers and Principal Shareholders to a State Nonmember Bank and its Correspondent Banks);

7. Sections 22(g) and 22(h) of the Federal Reserve Act (Loans to Executive Officers of Banks and Extensions of Credit to Executive Officers, Directors, and Principal Shareholders of Member Banks);

8. Regulation O (Loans to Executive Officers, Directors, and Principal Shareholders of Member Banks);

9. Section 337.3 of the FDIC Rules and Regulations (Limits on Extensions of Credit to Executive Officers, Directors, and Principal Shareholders of Insured Nonmember Banks);

10. Part 348 of the FDIC Rules and Regulations (Management Official Interlocks);

11. Section 7(j) of the FDI Act and the Change in Bank Control Act of 1978;

12. Section 737 of the GLBA (Bank Officers and Directors as Officers and Directors of Public Utilities);

13. Section 8(e) of the FDI Act (Removal and Prohibition Authority); and

14. Section 8(g) of the FDI Act (Felony Charge Involving Dishonesty or Breach of Trust as Cause for Suspension, Removal, or Prohibition).[66]

The Comptroller's Handbook identifies codes as part of appropriate insider policies which must be established by management and the Board of Directors, whose duties relative to insider issues also include the following

1. Fulfilling fiduciary obligations relating to common law, including the duty of care and the duty of loyalty;

2. Complying with insider-related laws and regulations;

3. Establishing and applying sound, independent processes to monitor and ensure compliance with insider policies, laws and regulations (for example, providing for effective internal controls and adequate audit coverage);

4. Ensuring that hiring practices are effective;

5. Setting appropriate compensation and fees to insiders;

6. Following prudent dividend policies;

7. Implementing sound management information systems; and

8. Submitting accurate financial reports and other disclosures.[67]

The Comptroller's Handbook presents the following as issues that should be addressed in codes or other policies related to insider activity:

1. Requirements for the disclosure of actual or potential conflicts of interest;

2. Identification of all insider "related interests" as defined in Regulation O;

3. Identification of material interests that insiders have in the business of any borrower, applicant, other bank customer, vendor or supplier;

4. Guidelines for insider lending and other transactions, including fees or commissions received from the bank;

5. Requirements that all transactions with insiders be at arm's length;

6. Requirements for prompt reporting of insider securities transactions;

7. Prohibitions on the use of insider information in securities transactions;

8. Specifying the circumstances and conditions under which the bank will make its facilities, real or personal property (including airplanes, cars, etc.) or personnel available for insiders' use;

9. Specifying restrictions on the acceptance of gifts, bequests, or other items of value (such as an exchange of "favors," payment for services, etc.) from customers or other persons doing or seeking to do business with the bank;

10. Requiring bank employees to report improper or unethical behavior to appropriate parties (bank management, board of directors, auditors, etc.) and to report suspicious activity in accordance with the bank's suspicious activity report policy;

11. Specifying the consequences for breaches of fiduciary duty and unethical conduct;

12.  Guidelines for reporting all insider and insider-related transactions to the board of directors or a board committee; and

13. Including record-keeping requirements established by applicable federal or state laws.[68]

There are many sources available to banks and their counsel in developing, implementing and enforcing codes in addition to the FDIC Guidance and the Comptroller's Handbook, including the following:

1. FDIC Statement of Policy - "Guidelines for Compliance with the Federal Bank Bribery Law"[69];

2. FDIC Statement of Policy - "Statement Concerning the Responsibilities of Bank Directors and Officers"[70];

3. FDIC Letter - "Guidance on Developing an Effective Pre-employment Background Screening Process"[71];

4. FDIC Letter - "Guidance on Implementing a Fraud Hotline"[72];

5. Interagency Statement on Application of Recent Corporate Governance Initiatives to Non-Public Banking Organizations[73]; and

6. FDIC Guidance "Corporate Governance, Audits, and Reporting Requirements"[74].

Having identified attorneys as both affiliated parties of the bank and as being specifically subject to the Act, it is apparent that not only should attorneys be involved in developing and implementing a code of conduct from the standpoint of providing legal counsel but that bank counsel must also be familiar and compliant with such codes.  It should also be apparent from the many regulatory pronouncements regarding codes of conduct and ethics policies that this is an area of current regulatory scrutiny.  Even more importantly, the implementation of an effective code will provide the bank with an important tool to identify, and hopefully avoid, the many economic, reputation, compliance and other risks inherent in unethical (not to mention illegal) actions on the part of officers, directors, employees and even bank counsel.

 

[1]In re: Application of the OBA to Amend the Rules of Professional Conduct, 2007 OK 22. April 17, 2007; www.okbar.org.

[2]12 U.S.C. ' 1813(4), as amended.

[3]Emergency Economic Stabilization Act of 2008 Pub. L. 110-343 (Oct. 3, 2008).

[4] Financial Services Regulatory Relief Act of 2006, Pub. L. 109-351, October 13, 2006.

[5] Gramm-Leach-Bliley Act, Pub. L. 106-102, 133 Stat. 1338 (1999).

[6] USA Patriot Act, Pub. L. 107-56, 115 Stat. 272 (2001).

[7] Sarbanes-Oxley Act, Pub. L. 102-204 (2002).

[8]The Dodd-Frank Wall Street Reform and Consumer Protection Act (Pub. L. 111-203 H.R. 473, July 21, 2010).

[9]Financial Institutions Reform. Recovery, and Enforcement Act ogf 1989, Pub. L. No. 101-73, 1036 stat. 183 (1989)

[10]Federal Deposit Insurance Corporation Improvement Act of 1991, Pub. L. No. 102-242, 105 stat. 2236 (1991)

[11]Reigle Community Development and Regulatory Improvement Act of 1994, Pub. L. No. 103-325, Title III, '108 stat. 2160 (1994)

[12] Financial Institutions Reform, Recovery, and Enforcement Act of 1989, Pub. L. No. 101-73, 103 Stat. 183 (1989), amending 12 U.S.C. ''1813, 1786, ("FIRREA").

[13] See Footnote 3.

[14] Section 607 of the Financial Services Federal Regulatory Relief Act of 2006; 12 U.S.C. 1828(x).

[15] 12 U.S.C. 1828(x)(1).

[16]OK ST RPC Rule 1.6.

[17]OK ST RPC 1.6.

[18]MODEL RULES OF PROF'L CONDUCT 1.6 (2001).

[19]17 CFR 205.

[20]OK ST T.6 ' 3002.

[21]Litigation and Other Legal Matters, Comptroller's Handbook, Office of the Comptroller of the Currency, February 2000.

[22]OK ST RPC Rule 1.1.

[23]MODEL RULES OF PROF'L CONDUCT 1.1 (2001).

[24]15 U.S.C. ' 1691 et seq.; 12 C.F.R. 202.1 et. seq.

[25]12 U.S.C. ' 2901 et seq.

[26]42 U.S.C. ' 3601 et seq.

[27]12 U.S.C. ' 2801 et seq.

[28]12 U.S.C. ' 2601 et. seq.

[29]15 U.S.C. ' 1601 et. seq.

[30]12 C.F.R. 226.32.

[31]12 U.S.C. ' 1829(b) and 1951-1959; 31 U.S.C. ' 5311-5330; 31 CFR 103.

[32]42 U.S.C. ' 4012 et. seq.

[33]12 U.S.C. ' 23A and B; 12 CFR 223; 12 C.F.R. 215.

[34]15 U.S.C. ' 1601 et. seq.; 12 C.F.R. 226.

[35]12 U.S.C. ' 2601 et. seq.; 12 C.F.R. 3500.

[36]12 U.S.C. ' 4301 et. seq.; 12 C.F.R. 230.

[37]See e.g., Regulation Y issued by the Board of Governors of the Federal Reserve System under the authority of Section 5(b) of the Bank Holding Act of 1956, as amended, 12 U.S.C. ' 1844(b), as well as other authorities sets forth in Subpart E provisions dealing with the change in bank control.

[38]  12 U.S.C. ' 5.51.

[39] See, e.g., OCC Enforcement Actions http://www.occ.treas.gov/EnforcementActions/ e.g., #2007-122.

[40] See OK ST RPC Rule 1.4 regarding Communication with the client and OK ST RPC Rule 1.13 regarding Organization As Client.

[41] Affiliate Transactions and Insider Loans, Consumer Finance Law Quarterly Report, Vol. 48, No. 3, Summer 1994.

[42] 12 CFR 223.

[43] 12 USC ' 371c & 371c-1.

[44] Id fn 29.

[45] Id. Also, see Oklahoma case of Dew v. Central Bank, 81,379 (Ct.App. Div. II, Feb. 21, 1995).

[46]OK ST RPC Rule 1.13 and MODEL RULES OF PROF'L CONDUCT 1.13.

[47]See commentary to OK ST RPC Rule 1.7 regarding "other conflict situations".

[48]Commentary to OK ST RPC Rule 1.7.

[49]Gramm-Leach-Bliley Act, Pub. L. No. 106-102, 133 Stat. 1338 (1999).

[50]5 U.S.C. ' 551, et seq.

[51]Richard J. Pierce, Jr., Distinguishing Legislative Rules from Interpretive Rules, 52 Admin. L. Rev. 547 (2000).

[52]Alaska Professional Hunters Association v. F.A.A., 177 F.3d 1030 (1999).

[53]Pub. L. No. 102-242, 105 Stat. 2267 (1991).

[54]Pub. L. No. 103-325, Title III, ' 303, 108 Stat. 2215 (1994).

[55]Federal Register, Vol. 66, No. 22 (February 1, 2001).

[56]12 U.S.C. ' 1818.

[57]OK ST RPC Rule 5.4 and Rule 5.5

[58]Sarbanes-Oxley Act, Pub. L. 102-204 (2002).

[59]18 U.S.C. 215.

[60]18 U.S.C. 215(a).

[61]18 U.S.C. 215(c).

[62]18 U.S.C. 215(d).

[63]12 U.S.C. 375a and 375b; 12 CFR Part 215; Public Law 107-204 of 2002, 107th Congress; 12 U.S.C. 1831m; 12 CFR Part 363.

[64]FIL-105-2005; Comptroller's Handbook, Corporate Governance, Insider Activities, March 2006.

[65]FIL-105-2005.

[66]Id.

[67] Comptroller's Handbook, See FN 62.

[68] Id.

[69] 52 Fed. Reg. 43941, November 17, 1987.

[70] FDIC FIL-87-92, December 3, 1992.

[71] FIL-46-2005, June 1, 2005.

[72] FIL-80-2005, August 16, 2005.

[73] OCC Bulletin 2003-21, Attachment, May 29, 2003.

[74] FDIC FIL 17-2003, Attachment II, March 5, 2003.