New York regulator Lawsky levies $10 million penalty on Deloitte, paves way to consultant reform

In his tenure as head of New York’s Department of Financial Services (DFS), Benjamin Lawksy has been unafraid to send shock waves throughout the United States and international financial services and regulatory arenas. Last year, Lawsky’s $340 million penalty against Standard Chartered Bank for New York state law violations and federal sanctions violations did not endear him to federal regulatory agencies, and heralded the arrival of state regulators in the federal sanctions field.
Now, Lawsky has taken aim at independent consulting firms that provide services to financial institutions caught up in regulatory and other enforcement actions. On June 18, the DFS and the administration of NY Governor Andrew Cuomo announced a settlement with Deloitte Financial Advisory Services on charges the firm violated state banking laws in the services it rendered to Standard Chartered in 2004 and 2005. According to the settlement, the firm left out key information from a report it presented to the DFS resulting from its review of violations of Standard Chartered, and shared confidential information from other clients with SCB.

Under the terms of the settlement agreement, Deloitte must pay a civil penalty of $10 million. The firm also agreed to a one-year suspension from consulting work with institutions that the DFS regulates. These entities include US and international financial institutions that hold a New York state charter.

Agreement specifies ‘Code of Conduct’ to govern consultants 

“At times, the consulting industry has been infected by an ‘I’ll scratch your back if you scratch mine’ culture and a stunning lack of independence,” Lawsky said in a statement. “Today, we are taking an important step in helping ensure that consultants are independent voices…. Our aggressive work investigating and reforming the consulting industry is far from over and will continue in the days, weeks, and months ahead.”

Deloitte must also establish and implement a six-part “code of conduct” that establishes “procedures and safeguards… intended to raise the standards now generally viewed as applicable to independent financial services consultants.” The agreement specifies the following six steps that DFS says will serve as a “new model” governing “independent consulting firms.” Financial institutions that hire independent consultants as part of regulatory or enforcement actions must adhere to these standards, which according to the Deloitte settlement include:

  • “Disclosure of Past Work that Could Represent Potential Conflicts of InterestThe financial institution and the consultant will disclose to DFS all prior work by the consultant for the financial institution in the previous three years.
  • Declaration of Independence Provision. The engagement letter between the consultant and the financial institution shall require that the consultant’s ultimate conclusions and judgments during its work will be based upon the exercise of its own independent judgment – rather than that of the financial institution.
  • Anti-tampering ProvisionsThe consultant’s final report shall contain a listing of all of the personnel from the financial institution who substantively reviewed or commented on drafts of the findings, conclusions, and recommendations to be included in the final report. The consultant will also bring any disagreement over a material matter between itself and the financial institution to DFS’s attention.
  • Records of Recommendations Financial Institutions Failed to Implement (‘Anti-Sweeping-Under-the-Rug’ Provision).The consultant and financial institution shall maintain records of recommendations to the financial institution that the financial institution did not adopt, and provide such records to DFS.
  • Monitoring the Monitor, Independent Lines of CommunicationDFS will meet regularly – at least monthly – with the independent consultant. The financial institution will consent that contacts between the Consultant and DFS may occur outside of the presence of the financial institution.
  • Protecting Confidential Information. The consultant shall have in place policies and procedures designed specifically to maintain the confidentiality of bank supervisory material.”

The statement by the Cuomo administration suggests that these new standards can serve as a “national model” for federal agencies and state regulators that utilize or require the hiring of independent consultants in their regulatory and enforcement actions.

Relations between consultant and bank fostered breaches, says DFS

Standard Chartered hired a predecessor firm of Deloitte FAS in 2004 under an agreement between the bank, the former New York State Banking Department and the Federal Reserve Bank of New York. That agreement required SCB to engage a qualified independent consultant to address deficiencies in the bank’s AML and BSA compliance.

Deloitte “did not demonstrate the necessary autonomy required of consultants performing regulatory work” and disclosed confidential information about other Deloitte clients to representatives of Standard Chartered, violating New York Banking law.

Despite misconduct, Deloitte did not ‘aid and abet’ sanctions violations

Deloitte pointed out in a statement that the DFS settlement applies only to its FAS division, not to its auditing arm or other units.

Enforcement actions requiring the hiring of independent consultants are common where state or federal regulators find deficiencies in an institution’s financial crime controls.

On the day the DFS action against Deloitte was announced, the Federal Reserve issued announced an enforcement action requiring M&T Bank to “engage an independent consultant” to review “high-risk customer accounts” in its enterprise-wide Bank Secrecy Act/Anti-Money Laundering compliance program. Two similar enforcement actions were issued earlier this year against the Metropolitan Bank Group, Inc., and HSH Nordbank.

As independent consultants come under fire, DFS lays out proposed standards

Even as consulting firms have become a fixture in financial crime regulation and enforcement in the past decade, some experts question their ability to remain truly independent. Critics in the government and private sector point out that consultants are often called in to review former or potential clients, eroding neutrality and creating an incentive to soften damaging findings.

The new DFS standards come as several US Senators are pressuring federal agencies concerning their use and oversight of consultants in regulatory actions. In a June 21 hearing of the Senate Committee on Banking, Housing and Urban Affairs, Senator Sherrod Brown, an Ohio Democrat, demanded clear standards from the Federal Reserve Board and Office of the Comptroller of the Currency.

“Without written guidelines and transparent processes, it is impossible to ensure the integrity of a system that relies upon consultants paid by banks to report on their regulatory compliance,” said Brown in a letter issued prior to the hearing. He praised the DFS code of conduct and urged “the OCC and Federal Reserve to act immediately to create a similar set of written standards.”

In a Senate hearing in April, OCC counsel, Daniel Stipano, said the agency was reconsidering how and when it would order the use of independent consultants. He told Brown at last week’s hearing that the OCC has not yet adopted any formal standards on consultancy firms.

Read the Deloitte agreement with DFS here