Comptroller’s Handbook M-L

Safety and Soundness

Capital Asset Sensitivity to Other
Adequacy Quality Management Earnings Liquidity Market Risk Activities
(C) (A) (M) (E) (L) (S) (O)

Litigation and
Other Legal Matters
Version 1.0, January 2015

Version 1.1, December 28, 2018

Office of the
Comptroller of the Currency

Washington, DC 20219
 Version 1.1

Contents
Introduction .......................................................................................................................................... 1
Overview ....................................................................................................................... 1
Types of Litigation Exposure.................................................................................. 1
Risks Associated With Litigation and Other Legal Matters ......................................... 2
Compliance Risk ..................................................................................................... 2
Reputation Risk....................................................................................................... 3
Other Factors ........................................................................................................... 4
Strategic Factors................................................................................................ 4
Credit Factors .................................................................................................... 4
Operational Factors ........................................................................................... 4
Risk Management ......................................................................................................... 5
Policies and Processes............................................................................................. 5
Insurance Coverage ................................................................................................. 7
Internal and External Audit Activities .................................................................... 7
Examiner Guidance ....................................................................................................... 8
Evaluating Litigation .............................................................................................. 8
Access to Privileged Materials................................................................................ 9

Examination Procedures .................................................................................................................... 11

Scope ........................................................................................................................... 11
Quantity of Risk .......................................................................................................... 13
Quality of Risk Management ...................................................................................... 14
Conclusions ................................................................................................................. 18

References ........................................................................................................................................... 20

Table of Updates Since Publication .................................................................................................. 22

Comptroller’s Handbook i Litigation and Other Legal Matters

 Version 1.1

Introduction
The Office of the Comptroller of the Currency’s (OCC) Comptroller’s Handbook booklet,
“Litigation and Other Legal Matters,” is prepared for use by OCC examiners in connection
with their examination and supervision of national banks and federal savings associations
(collectively, banks). Each bank is different and may present specific issues. Accordingly,
examiners should apply the guidance in this booklet consistent with each bank’s individual
circumstances. When it is necessary to distinguish between them, national banks 1 and federal
savings associations will be referred to separately.

Overview
Pending or potential litigation can pose significant risks to banking organizations. Legal
issues, such as lawsuits, unenforceable contracts, and adverse judgments, can disrupt bank
operations, potentially reduce a bank’s earnings and capital, and result in the loss of
corporate focus and forgone business opportunities. Therefore, bank management should
develop timely and informative reports to help the board of directors remain fully informed
of litigation and other legal matters. Bank management should establish effective processes
to identify, monitor, and control litigation exposure. During an examination, the examiner
should identify any pending or potential litigation involving the bank, assess the liabilities
and potential impact from the litigation exposure, and determine whether the bank is
effectively identifying, measuring, monitoring, and controlling the potential risks. (Updated
December 28, 2018)

Types of Litigation Exposure

Litigation exposure can result from either bank-initiated or external-party initiated lawsuits.
Bank-initiated litigation occurs when bank management initiates legal proceedings for such
reasons as to enforce contract rights (e.g., loan and lease covenants); recover debts or
obligations owed to the bank; foreclose on property in which the bank holds a security or
ownership interest; or recover damages caused by insiders or third parties. In some cases,
bank-initiated litigation results in a countersuit. External-party initiated litigation occurs
when an action has been threatened or initiated against the bank. This litigation may involve
allegations of errors, omissions, violations of law, damages, or personal injury caused by the
bank, its management, or its staff. (Updated December 28, 2018)

1
References to “national banks” throughout this booklet also generally apply to federal branches and agencies
of foreign banking organizations unless otherwise specified. Refer to 12 USC 3102(b), “Establishment of
Federal Branches and Agencies by Foreign Bank,” and the “Federal Branches and Agencies Supervision”
booklet of the Comptroller’s Handbook for more information regarding applicability of laws, regulations, and
guidance to federal branches and agencies. (Footnote added December 28, 2018)

Comptroller’s Handbook 1 Litigation and Other Legal Matters

 Version 1.1

Risks Associated With Litigation and Other Legal Matters

(Section updated December 28, 2018)

From a supervisory perspective, risk is the potential that events will have an adverse effect on
a bank’s current or projected financial condition 2 and resilience. 3 The OCC has defined eight
categories of risk for bank supervision purposes: credit, interest rate, liquidity, price,
operational, compliance, strategic, and reputation. These categories are not mutually
exclusive. Any product or service may expose a bank to multiple risks. Risks also may be
interdependent and may be positively or negatively correlated. Examiners should be aware of
and assess this interdependence. Examiners also should be alert to concentrations that can
significantly elevate risk. Concentrations can accumulate within and across products,
business lines, geographic areas, countries, and legal entities. Refer to the “Bank Supervision
Process” booklet of the Comptroller’s Handbook for an expanded discussion of banking risks
and their definitions.

The primary risks associated with litigation and other legal matters are compliance and
reputation. In addition, strategic, credit, and operational factors that can lead to litigation
should be managed to reduce its likelihood.

Compliance Risk
(Section updated December 28, 2018)

Compliance risk is the risk to current or projected financial condition and resilience arising
from violations of laws or regulations or from nonconformance with prescribed practices,
internal bank policies and procedures, or ethical standards. This risk exposes a bank to fines,
civil money penalties, payment of damages, and the voiding of contracts. Compliance risk
can result in diminished reputation, harm to bank customers, limited business opportunities,
and lessened expansion potential.

Compliance risk is not limited to risk from failure to comply with consumer protection-
related laws and regulations; it encompasses the risk of noncompliance with all laws and
regulations, as well as prudent ethical standards and contractual obligations. It also includes
the exposure to litigation (known as legal risk) from all aspects of banking, traditional and
nontraditional.

Banks may be subject to lawsuits for failure to comply with applicable laws and regulations.
Litigation resulting from noncompliance can be costly due to defending and settling lawsuits
if plaintiffs seek actual and punitive damages as well as compensation for lost opportunity.
For example, some Regulation Z (Truth in Lending Act) violations can result in treble

2
Financial condition includes impacts from diminished capital and liquidity. Capital in this context includes
potential impacts from losses, reduced earnings, and market value of equity.
3
Resilience recognizes the bank’s ability to withstand periods of stress.

Comptroller’s Handbook 2 Litigation and Other Legal Matters

 Version 1.1

damages. 4 Similarly, litigation arising from a bank’s failure to comply with fair lending laws
can have a significant monetary impact on the bank. In addition, if noncompliance with
applicable statutes and regulations is pervasive, a bank may be exposed to class action
litigation. Management should attempt to quantify the bank’s material exposure and
associated liabilities that may result from pending or potential legal actions. 5

Reputation Risk
(Section updated December 28, 2018)

Reputation risk is the risk to current or projected financial condition and resilience arising
from negative public opinion. This risk may impair a bank’s competitiveness by affecting its
ability to establish new relationships or services or continue servicing existing relationships.
Reputation risk is inherent in all bank activities, and management should deal prudently with
stakeholders, such as customers, counterparties, correspondents, investors, regulators,
employees, and the community.

A bank that actively associates its name with products and services offered through third-
party arrangements or asset management affiliates is more likely to have higher reputation
risk exposure. Significant threats to a bank’s reputation also may result from negative
publicity regarding matters such as unethical or deceptive business practices, violations of
laws or regulations, high-profile litigation, or poor financial performance. The assessment of
reputation risk should take into account the bank’s culture, the effectiveness of its problem-
escalation processes and rapid-response plans, and its engagement with news media.

Litigation can expose a bank to negative public opinion. A damaged reputation may affect
the bank’s ability to establish new relationships or services or to continue servicing existing
relationships, which may adversely affect current and future earnings. Widely publicized
litigation, regardless of its ultimate outcome, can affect a bank’s community standing, limit
its business opportunities, and impair its basic franchise value. Some banks have elected to
settle litigation rather than be subjected to prolonged court cases. Settlement is designed to
limit negative publicity and avoid reputation damage. Limiting reputation damage is
particularly important for business lines, such as asset management, that depend on a sound
reputation.

4
Treble damages can occur when a statute permits a court to triple the amount of the actual or compensatory
damages to be awarded to a plaintiff following a favorable judgment.
5
Refer to the “Compliance Management Systems” booklet of the Comptroller’s Handbook for an expanded
discussion of compliance management pertaining to consumer protection laws and regulations.

Comptroller’s Handbook 3 Litigation and Other Legal Matters

 Version 1.1

Other Factors

Strategic Factors

Litigation can result from improper strategic decisions, such as when a bank introduces new,
expanded, or modified products or services. The bank should perform adequate due diligence
to assess the risks of these new offerings and implement the appropriate internal control
infrastructure to support the activity. 6 (Updated December 28, 2018)

Credit Factors

(Section updated December 28, 2018)

Expenses associated with lender liability litigation can be substantial and potentially result in
significant losses. 7 To avoid costly lawsuits and losses, a bank should be able to demonstrate
rational behavior consistent with past practices, written policies and procedures, legal
precedent, and standard industry practice.

Litigation can also involve derivative instruments, such as when a dealer bank enforces
contract terms against counterparties. As derivative contract terms lengthen, become more
structurally complex, or involve higher-risk counterparties, the potential for litigation may
increase.

Risk exposure is usually limited to the actual value of the transaction agreed to in the
contract, but in certain cases, the potential liability from litigation can exceed the contractual
amount. For example, a borrower who alleges that the bank violated the terms, conditions, or
implied spirit of a credit agreement may further allege that the bank’s actions caused
damages through a resulting bankruptcy or liquidation that exceeded the contract amount.

Operational Factors

A bank’s operations can pose significant exposure to litigation. This exposure includes
pending or potential litigation arising from flawed products, employee misconduct, internal
and external fraud, inappropriate business practices, disruptions due to cyber-related attacks,
improperly managed third-party relationships, 8 breach of fiduciary responsibility, unsafe
workplaces, inappropriate employment practices, failures of internal processes or systems,
incorrect or failed transaction execution, and disrupted business systems. (Updated December
28, 2018)
6
Refer to OCC Bulletin 2017-43, “New, Modified, or Expanded Bank Products and Services: Risk
Management Principles.”
7
Lender liability refers to lawsuits between a lender and a borrower alleging that the lender failed to fully honor
the terms of the loan contract.
8
Refer to OCC Bulletin 2013-29, “Third-Party Relationships: Risk Management Guidance”; OCC Bulletin
2017-7, “Third-Party Relationships: Supplemental Examination Procedures”; and OCC Bulletin 2017-21,
“Third-Party Relationships: Frequently Asked Questions to Supplement OCC Bulletin 2013-29.”

Comptroller’s Handbook 4 Litigation and Other Legal Matters

 Version 1.1

Risk Management
Each bank should identify, measure, monitor, and control risk by implementing an effective
risk management system appropriate for the size and complexity of its operations. When
examiners assess the effectiveness of a bank’s risk management system, they consider the
bank’s policies, processes, personnel, and control systems. Refer to the “Corporate and Risk
Governance” booklet of the Comptroller’s Handbook for an expanded discussion of risk
management. (Updated December 28, 2018)

Policies and Processes

(Section updated December 28, 2018)

Bank management should have policies and processes in place to reduce the likelihood of
litigation, prevent undue harm to the bank’s reputation, control expenses associated with
litigation, and mitigate potential liabilities.

For example, exposure to litigation can be mitigated by a corporate culture that promotes
high ethical standards, appropriate planning, sound due diligence, well-planned and well-
executed implementation, appropriate delivery networks, appropriate training, compensation
structures that do not encourage excessive risk taking, and effective risk management
systems.

A bank should develop policies and procedures that clearly define the role of the bank’s legal
counsel and other independent control functions in the approval process for new, expanded,
or modified products and services, third-party relationships, and other strategic decisions.

In addition, since legal action often begins as a consumer complaint, a bank should have a
process for identifying, managing, and analyzing complaints. The formality of the process
should be commensurate with the bank’s size, complexity, and risk profile. Procedures
should identify who is responsible for addressing complaints and detail the escalation
process, including an alternative process for complaints involving the employee(s) tasked in
the standard escalation process. Analysis of complaint data should be reported to the board
and management to

• identify areas of concern relating to compliance management and consumer protections.

• enable the bank to take proactive steps to mitigate risk of violations, consumer harm,
regulatory action, and legal action.

For more information, refer to the “Compliance Management Systems” booklet of the
Comptroller’s Handbook.

Banks should have policies and procedures for centralized oversight of all communication
with bank customers and other groups regarding matters of pending and potential litigation.
Management should initiate this process at the first indication that potential litigation may
develop and should engage in timely and appropriate communications.

Comptroller’s Handbook 5 Litigation and Other Legal Matters

 Version 1.1

Some private litigation may have importance to the entire banking industry. Management
should notify the OCC’s district counsel or Litigation Division if the bank is involved in
lawsuits that raise significant legal or policy issues within the scope of the OCC’s
supervisory responsibility, such as the proper interpretation of federal banking laws. 9 The
Class Action Fairness Act 10 requires banks and their subsidiaries to notify the OCC of
proposed class action settlements involving activities regulated by the OCC, such as deposit-
taking or lending practices, or practices associated with other bank products or services. 11 In
addition, banks and their subsidiaries should establish procedures so that counsel
representing them receives OCC Bulletin 2006-20, “Class Action Fairness Act of 2005:
Guidance for Filing Notices of Proposed Class Action Settlements.”

To identify potential litigation and reduce its likelihood, a bank should have legal counsel
(internal or external) participate in reviews of

• new, modified, or expanded products and services, to identify areas of potential legal
exposure. These reviews should include existing processes that will be significantly
modified and the use of third parties.
• loan or investment documents the bank uses to determine compliance with legal
requirements or the legality of particular transactions.
• correspondence for potential liability issues.
• emerging risk issues and root cause analyses of large loss events. 12

To measure and monitor litigation and its impact, a bank should

• establish and maintain a management information system (MIS) that informs the board
and management of pending and potential litigation in a timely and accurate manner.
• assess realistic potential losses posed by pending or potential litigation.
• incorporate a review system that tracks and evaluates litigation exposure for every
product and service offered.

9
OCC Bulletin 1996-40, “Notice of Important Litigation: Message to Bankers,” provides guidance for
supervisory communication and notification around lawsuits.
10
Refer to 28 USC 1711 et. seq., “Class Actions.”
11
Refer to 28 USC 1715, “Notifications to Appropriate Federal and State Officials.”
12
The purpose of root cause analysis is to determine the specific reasons a loss event occurred, including losses
related to litigation, through identifying any specific control breakdowns that were contributing factors in the
loss event and, following this analysis, to develop corrective action plans to mitigate such future losses.

Comptroller’s Handbook 6 Litigation and Other Legal Matters

 Version 1.1

To control litigation and mitigate its impact, a bank should

• establish a culture of ethical standards.

• establish compensation systems that are aligned with risk management objectives.
• develop written policies for monitoring and managing litigation.
• maintain adequate capital or specific contingency reserves 13 to cover potential judgments
or settlements consistent with generally accepted accounting principles. 14
• implement systems and controls for compliance with laws, regulations, and other legal
requirements.
• implement training programs and internal control processes to identify, limit, and manage
litigation exposure.
• develop an action plan to control or mitigate litigation’s potential impact and the risk
exposure to the bank.
• seek legal advice and assistance to reduce the risk of potential claims becoming actively
litigated.
• oversee and monitor third-party relationships for legal services.

Insurance Coverage
Insurance coverage is a risk-mitigating control against adverse legal settlements. The
adequacy and type of insurance coverage should take into consideration the bank’s financial
capacity to self-insure, overall risk profile, complexity of its operations, and methods of
assessing and controlling risk. Insurance deductibles should be reasonable, and attention
should be given to maintaining sufficient coverage. See the Comptroller’s Handbook booklet
“Corporate and Risk Governance” for further details on the various types of insurance.
Insurance coverage should never be relied on to mitigate poor operational controls or the
absence of proper managerial attention. (Updated December 28, 2018)

Internal and External Audit Activities

(Section updated December 28, 2018)

An evaluation of risks associated with litigation and other legal matters should go beyond
legal counsel’s activities. Any area of the bank that is subject to litigation and other legal
matters should be considered in the bank’s audit program coverage. When assessing the risks
associated with litigation and other legal matters posed by the bank’s business functions, the
auditor should consider

13
OCC Bulletin 2011-21, “Interagency Guidance on the Advanced Measurement Approaches for Operational
Risk,” provides specific guidance on how banks subject to the Basel II Advanced Approaches Capital Standards
should address legal loss contingencies.
14
Accounting Standards Codification 450, “Contingencies,” calls for establishing a reserve for loss
contingencies, including those that may result from pending or potential litigation, when it is probable that a
liability has been incurred, when it is probable that the fact of the loss will be confirmed by future events, and
when the amount of loss can be reasonably estimated.

Comptroller’s Handbook 7 Litigation and Other Legal Matters

 Version 1.1

• the nature of the operation and related assets and liabilities.

• whether the operation’s policies and internal control standards are adequate.
• whether operating procedures and internal controls are effective.
• whether errors or irregularities associated with the business function could be material.
• the appropriateness of insurance coverage.

Examiner Guidance
Evaluating Litigation
(Section updated December 28, 2018)

To evaluate a bank’s exposure to litigation and its impact on the bank’s risk profile, the
examiner must know about any significant pending or potential litigation against the bank.
During examination planning, the examiner should obtain from the bank a list of any such
litigation. Examiners should consider the bank’s exposure to litigation when assessing the
bank’s reputation risk. Between supervisory activities, bank management has a responsibility
to keep the examiner apprised of significant pending litigation changes and any significant
potential new litigation.

The examiner should discuss significant pending or potential litigation with management and
request information on claims, contingent liabilities, and other legal matters that have a
reasonable likelihood of impairing assets or incurring liabilities. Contingent liabilities include
unsettled and outstanding claims or assessments and the anticipated cost of defending such
claims.

These materials, and the examiner’s evaluation of relevant internal controls, are the principal
basis for evaluation of litigation exposure. In evaluating the bank’s litigation exposure, the
examiner should consider the duration and likely outcome of the litigation and whether
management has effectively managed the litigation process.

The examiner should consider whether individual suits concerning the same or similar issues
indicate a pattern or practice that requires management and supervisory attention. When
finding unanticipated risks or what appears to be a recurring pattern of litigation, the
examiner should discuss the matter with management and the board, if warranted. The
examiner should consult with OCC legal counsel when assessing litigation activities to
determine whether an action plan is needed to eliminate or mitigate the litigation’s potential
impact and the risk exposure to the bank.

When assessing bank-initiated litigation, the examiner should rely on bank management
discussions, internal bank reports, and materials provided by internal or external legal
counsel. The examiner should not attempt to make complex legal judgments based on such
information. Depending on the significance of the events or conditions, the examiner should
interview bank personnel who, according to the bank, are knowledgeable about the matters in
litigation. If the information provided does not adequately address the examiner’s concerns,
the examiner should, upon consulting with the supervisory office and OCC legal counsel,

Comptroller’s Handbook 8 Litigation and Other Legal Matters

 Version 1.1

request that management obtain a letter from the bank’s attorneys that corroborates and
evaluates the information. Requests should be limited to issues or matters in litigation that
are significant or potentially significant to the bank’s earnings or capital and may include
information regarding exposures associated with certain external-party initiated litigation.

If litigation initiated by external parties is significant, the examiner should interview bank
personnel who, according to the bank, are knowledgeable about the matters in litigation to
properly identify and assess the litigation’s associated risks. In addition, the examiner should
obtain from bank management a determination as to whether the bank’s insurance coverage
mitigates potential losses or legal costs.

The examiner should make all requests to bank management for information from external
legal counsel. The OCC should not place an undue burden on the bank if the risk exposure is
known to be, or is likely to be, nominal.

The examiner should not assume that the bank’s legal counsel (internal or external) will keep
the OCC informed of developments after the initial response. If the examiner believes that
material litigation may evolve, the examiner should ask management to provide significant
information to the portfolio manager or examiner-in-charge (EIC) as part of ongoing
supervision. The examiner may also consider following up later, depending on the nature and
significance of pending or potential litigation.

Banks are occasionally involved in private litigation on an issue of importance to the entire
industry. Accordingly, the examiner should determine, based on information received from
the bank and the bank’s legal counsel, whether a lawsuit raises significant legal or policy
issues within the scope of the OCC’s supervisory responsibility, such as the proper
interpretation of federal banking laws. Bankers and the examiner should bring such litigation
to the attention of OCC legal counsel.

Access to Privileged Materials

(Section updated December 28, 2018)

Recognized privileges include attorney–client and attorney–work product privileges.

Pursuant to 12 USC 481 (national banks) and 12 USC 1464(d)(1)(B) (FSAs), OCC
examiners are entitled to prompt and unrestricted access to a bank’s books and records. The
bank is required to give any OCC examiner prompt and complete access to all bank books,
records, and personnel during any supervisory activity. The authority applies to all
supervisory activities and is not limited to examinations of a specific length, scope, or type.
Also included within the scope of the OCC’s authority is that OCC examiners must be able to
communicate freely with bank personnel. In some circumstances, examiners may also review
the books and records of bank affiliates and subsidiaries. In the case of functionally regulated

Comptroller’s Handbook 9 Litigation and Other Legal Matters

 Version 1.1

affiliates (FRA), 15 the OCC is required to give notice to and consult with the FRA’s primary
regulator before conducting an examination of the FRA and, to the fullest extent possible,
avoid duplication of examination activities, reporting requirements, and requests for
information. For more information, refer to the “Bank Supervision Process” booklet of the
Comptroller’s Handbook, appendix A, “Functional Regulation,” and consult with OCC legal
counsel.

The examiner should request the information needed to evaluate pending and potential
litigation exposure, which could include legal opinions or analysis prepared by counsel. Such
opinions and analysis, whether they are the work of internal or external legal counsel, may be
protected by attorney–client or attorney–work product privilege. 12 USC 1828(x), however,
expressly provides that banks do not waive, destroy, or otherwise affect their privilege by
providing requested information to the OCC. Examiners should consult with the supervisory
office and OCC legal counsel when a bank asserts a privilege claim. In those instances when
the OCC deems access to the bank counsel’s legal opinions and analysis necessary, the
examiner, in consultation with OCC legal counsel, should evaluate how to obtain the needed
information.

Procedural guidelines that the examiner and OCC legal counsel should consider include the
following:

• Limiting the form or scope of requests when the bank raises concern about the handling
of privileged information or material responsive to a request when appropriate. For
example, limiting the form or scope of a request may be appropriate when the requested
information or materials may be derived from a non-privileged source. The scope of the
request should be limited to the information is necessary to achieve the supervisory
objectives.
• Exchanging written communications with the bank that
- set forth the precise identity of the materials being provided.
- confirm the OCC’s and the bank’s expectations that any privileged materials are
being provided pursuant to the agency’s examination authority. 16
confirm that the confidentiality of any privileged materials will be maintained to the extent
required or permitted by law. 17

15
An FRA is a bank affiliate (including a bank operating subsidiary) whose primary regulator is the
U.S. Securities and Exchange Commission, a state insurance commissioner, or the U.S. Commodity Futures
Trading Commission. Refer to 12 USC 1831v, “Authority of State Insurance Regulator and Securities and
Exchange Commission.”
16
The OCC examines national banks and federal savings associations pursuant to authority conferred by
12 USC 481, “Appointment of Examiners; Examination of Member Banks, State Banks, and Trust Companies;
Reports” (national banks); 12 USC 1463, “Supervision of Savings Associations” (federal savings associations);
12 USC 1464, “Federal Savings Associations” (federal savings associations); and the requirements of
12 USC 1820(d), “Examinations.” The OCC examines federal branches and agencies pursuant to the authority
conferred by 12 USC 3105(c)(1)(C).
17
Refer to 18 USC 1905, “Disclosure of Confidential Information Generally,” and 1906, “Disclosure of
Information From a Bank Examination Report.” Refer also to 12 CFR 4, subpart C, “Release of Non-Public
OCC Information.”

Comptroller’s Handbook 10 Litigation and Other Legal Matters

 Version 1.1

Examination Procedures
This booklet contains expanded procedures for examining specialized activities or specific
products or services that warrant extra attention beyond the core assessment contained in the
“Community Bank Supervision,” “Federal Branches and Agencies Supervision,” and “Large
Bank Supervision” booklets of the Comptroller’s Handbook. Examiners determine which
expanded procedures to use, if any, during examination planning or after drawing
preliminary conclusions during the core assessment.

Scope
These procedures are designed to help the examiner tailor the examination to each bank and
determine the scope of the litigation and other legal matters examination. This determination
should consider work performed by internal and external auditors and other independent risk
control functions and by other examiners on related areas. Examiners need to perform only
those objectives and steps that are relevant to the scope of the examination as determined by
the following objective. Seldom will every objective or step of the expanded procedures be
necessary. (Updated December 28, 2018)

Objective: To determine the scope of the examination of litigation and other legal matters and
identify examination objectives and activities necessary to meet the needs of the supervisory
strategy for the bank.

(Procedures 1 and 6 updated December 28, 2018)

1. Review the following sources of information, and note any previously identified
problems related to litigation and other legal matters that require follow-up:

• Supervisory strategy
• OCC’s supervisory information system
• EIC’s scope memorandum
• Information obtained from ongoing supervision
• Previous reports of examination (ROE) or supervisory letters (SL) and work papers
• Bank management’s responses to previous ROEs or SLs
• Customer complaints. Examiners should review customer complaint data from the
OCC’s Customer Assistance Group, the bank, and the Bureau of Consumer Financial
Protection (when applicable). When possible, examiners should review and leverage
complaint analysis already performed during the supervisory cycle to avoid
duplication of effort.

2. Obtain from bank management a list of significant pending litigation. What qualifies as
“significant” should be determined after consultation with the EIC. Consider

• the nature of the litigation.

Comptroller’s Handbook 11 Litigation and Other Legal Matters

 Version 1.1

• the background of the parties involved (individuals, corporations, advocacy groups,

etc.).
• the progress of the case to date.
• bank management’s response or intended response.
• the likelihood of an unfavorable outcome.
• the cost to pursue the litigation and an estimate of the potential losses.

3. Obtain from the examiner assigned to review bank audits a list of any significant
litigation noted in the latest review performed by the internal or external auditors.

4. Obtain from management a list of any potential litigation or claims for damages that have
been or may be asserted and the outcomes of which would likely be unfavorable to the
bank. Consider

• the nature of the matter.

• the relationship of the involved parties.
• how management intends to respond if litigation is commenced or a formal claim for
damages asserted.
• the potential exposure if the claim is asserted and the estimated cost of defending the
claim.

5. Obtain and review the list of attorneys and legal firms to whom or which the bank has
referred litigation and related matters. Consider

• potential conflicts of interest between attorneys or legal firms and the bank, for
example, insider or lending relationships.
• approval by the board of directors to contract counsel to represent the bank.

6. Review findings from other areas under examination and identify any litigation risks.
Consider especially areas where litigation is prevalent. Examples of these areas include

• asset management.
• Bank Secrecy Act/anti-money laundering management.
• fair lending.
• insider activity.
• third-party relationships.
• consumer protection.

7. Based on an analysis of information obtained in the previous steps, as well as input from
the EIC, determine the scope and objectives of the litigation and other legal matters
examination.

Comptroller’s Handbook 12 Litigation and Other Legal Matters

 Version 1.1

Quantity of Risk

Conclusion: The quantity of each associated risk is

(low, moderate, or high).
Objective: To determine the associated risks by assessing whether pending or potential litigation,
claims, or contingent liabilities against the bank exist and quantifying their potential effect on
capital, earnings, and financial soundness.

(Procedure 2 updated December 28, 2018)

1. Evaluate management’s list of pending litigation and analysis of potential litigation risks
for their impact on the financial condition of the bank. Consider whether

• the bank maintains adequate insurance coverage for errors and omissions, liability,
personal injury, and related risks.
• a contingency reserve would be appropriate.
• a common or recurring pattern or practice or a concentration of legal actions points to
a systemic problem in an area of the bank.

2. After consulting with the supervisory office and OCC legal counsel, request management
provide a briefing paper or synopsis from the bank’s legal counsel. This document should
summarize the material facts, legal issues, and likelihood of success of significant or
potentially significant pending or potential litigation. If the document is not provided or
does not contain sufficient information to properly assess the risks, contact the
appropriate OCC legal counsel for assistance.

3. Review the level of actual legal expenses versus potential expenses to measure the
possible effect on earnings and capital levels.

4. Assess the nature of pending and potential litigation to evaluate the level of reputation
risk.

Comptroller’s Handbook 13 Litigation and Other Legal Matters

 Version 1.1

Quality of Risk Management

Conclusion: The quality of risk management is

(strong, satisfactory, insufficient, or weak). (Updated December 28, 2018)
The conclusion on risk management considers all risks associated with litigation and other
legal matters.

Policies
Policies are statements of actions adopted by a bank to pursue certain objectives. Policies
guide decisions, often set standards (on risk limits, for example), and should be consistent
with the bank’s underlying mission, risk appetite, and core values. Policies should be
reviewed periodically for effectiveness and approved by the board of directors or designated
board committee. (Updated December 28, 2018)

Objective: To determine whether the board and management have established appropriate
guidelines for managing the risks of litigation and other legal matters.

(Procedure 1 updated December 28, 2018)

1. Review the bank’s policies on litigation and other legal matters. Determine whether the
policies provide guidance to

• establish procedures for reviewing the risks of potential litigation.

• establish procedures for reviewing the bank’s products and services for compliance
with applicable law and regulations.
• establish procedures for creating legal loss contingencies.
• efficiently address risk.

2. Determine whether the policies are reviewed and approved by the board or a board-
designated committee.

3. Determine whether the policies are communicated in a proper and timely manner to
appropriate personnel.

Processes
Processes are the procedures, programs, and practices that impose order on a bank’s pursuit
of its objectives. Processes define how activities are carried out and help manage risk.
Effective processes are consistent with the underlying policies and are governed by
appropriate checks and balances (such as internal controls). (Updated December 28, 2018)

Comptroller’s Handbook 14 Litigation and Other Legal Matters

 Version 1.1

Objective: To determine whether board has approved and management has established adequate
and effective processes and systems to identify and manage litigation risk.

(Objective and procedures 1–3 and 5–7 updated December 28, 2018)

1. Determine the adequacy of processes for monitoring litigation. Consider whether

• the board receives sufficient information from management and legal counsel and
discusses significant pending and potential litigation.
• management communicates significant pending and potential litigation with legal
counsel and the board in a timely manner.
• litigation loss contingency reserves are established in accordance with bank policy
and Accounting Standards Codification (ASC) 450, “Contingencies.”

2. Determine whether the bank’s processes for obtaining legal review of the bank’s new,
modified, or expanded products, services, and systems are adequate. Consider whether
these processes

• provide sufficient assurance of compliance with applicable laws, rules, and

regulations.
• take into account the potential for litigation associated with product liability.

3. Determine whether management engages the bank’s general legal counsel, or outside
legal counsel, to review documents (for example, contracts, agreements, or disclosure
statements) for compliance with current legal requirements.

4. Determine whether the bank uses independent legal counsel when a member of bank
management is involved in litigation in an official capacity and uses highly specialized
legal counsel when significant litigation is threatened.

5. Determine whether the bank has processes in place to obtain and track changes to
applicable laws, regulations, and legal interpretations relevant to its operations.

6. Determine whether management is knowledgeable about new legislation and regulatory

rules.

7. Evaluate bank notification processes and practices to determine that appropriate officials
and agencies are notified in a timely manner of any pending class action litigation.

Personnel
Personnel are the bank staff and managers who execute or oversee processes. Personnel
should be qualified and competent, have clearly defined responsibilities, and be held
accountable for their actions. They should understand the bank’s mission, risk appetite, core
values, policies, and processes. Banks should design compensation programs to attract, and

Comptroller’s Handbook 15 Litigation and Other Legal Matters

 Version 1.1

retain personnel, align with strategy, and appropriately balance risk-taking and reward.
(Updated December 28, 2018)

Objective: To determine whether the board, management, and affected personnel adequately
understand the concepts of risk associated with litigation and other legal matters and whether
they can adequately manage such risk.

(Procedures 1 and 3 updated December 28, 2018)

1. Assess training programs to determine if employees are thoroughly trained and

understand their responsibilities regarding the legal requirements associated with the
bank’s products and services.

2. Evaluate how well the bank’s staff members understand conflicts of interest and whether
they have the technical skills to avoid such conflicts. To test staff members’
understanding, determine, for example, whether the bank conducts educational programs
to foster staff members’ awareness of the importance of avoiding not only conflicts but
also the appearance of such conflicts.

3. If the bank uses external counsel, determine the adequacy of the bank’s oversight and risk
management of such third parties. Refer to OCC Bulletin 2013-29, OCC Bulletin 2017-7,
and OCC Bulletin 2017-21.

Control Systems
Control systems are the functions (such as internal and external audits, and quality assurance)
and information systems that bank managers use to measure performance, make decisions
about risk, and assess the effectiveness of processes and personnel. Control functions should
have clear reporting lines, sufficient resources, and appropriate access and authority. MIS
should provide timely, accurate, and relevant feedback. (Updated December 28, 2018)

Objective: To determine whether management has established appropriate control systems for
litigation and other legal matters and whether these controls and overall insurance protection
are sufficient.

(Procedures 3 and 4 updated December 28, 2018)

1. Review copies of recent reports prepared by internal or external auditors regarding

litigation and other legal matters. Consider

• the significance of disclosed litigation issues.

• the audit scope of internal controls and adequacy of MIS regarding litigation-related
issues.
• whether audit reviews verify management’s analysis of litigation risk.
• recommendations for resolving problems or weaknesses in the process for assessing
litigation- related risk.

Comptroller’s Handbook 16 Litigation and Other Legal Matters

 Version 1.1

• management’s responses and whether corrective actions have been initiated or

completed.
• any audit follow-up activities.

2. Determine whether any pending litigation initiated by the bank or an external party
indicates weakness in controls.

3. Determine whether the bank’s legal counsel has reviewed new, modified, or expanded
products, services, systems, and processes for compliance with applicable laws and
regulations. Such reviews should take place whether the new products, services, systems,
or processes are purchased or developed and before they are introduced to the public. If
such reviews have not taken place, determine whether the board and management have

• evaluated risks adequately.

• made informed decisions regarding potential legal exposure.

4. Determine whether legal counsel periodically reviews all of the bank’s products, services,
systems, and processes to assess compliance with applicable laws and regulations. If not,
determine whether management has evaluated risks and made informed decisions
regarding potential legal exposure.

5. Determine the appropriateness of the bank’s overall insurance coverage. Consider

• the type of coverage.

• the amount of coverage relative to the historical level of external-party litigation and
the significance of pending or potential litigation.
• the reasonableness of the deductibles.
• if the bank does not have insurance coverage, the bank’s capacity to self-insure,
taking into consideration the bank’s financial condition, overall risk profile, staff
capability, and complexity of its operations.

Comptroller’s Handbook 17 Litigation and Other Legal Matters

 Version 1.1

Conclusions

Conclusion: The aggregate level of each associated risk is

(low, moderate, or high).
The direction of each associated risk is
(increasing, stable, or decreasing).
Objective: To determine, document, and communicate overall findings and conclusions regarding
the examination of litigation and other legal matters.

(Procedures 1–5 and 7 updated December 28, 2018)

1. Determine preliminary examination findings and conclusions and discuss the following
with the EIC:

• Quantity of associated risks (as noted in this booklet’s “Introduction” section)

• Quality of risk management
• Aggregate level and direction of associated risks
• Overall risk of litigation and other legal matters
• Violations and other concerns

Summary of Risks Associated With Litigation and Other Legal Matters

(Updated December 28, 2018)
Quality of risk Aggregate level
Quantity of risk Direction of risk
management of risk
Risk category (Weak,
(Low, (Low, (Increasing,
insufficient,
moderate, moderate, stable,
satisfactory,
high) high) decreasing)
strong)
Compliance

Reputation

2. Discuss examination findings with bank management, including violations, deficient

practices, and conclusions about risks and risk management practices. If necessary, obtain
commitments for corrective action.

3. Compose conclusion comments, highlighting any issues that should be included in the
ROE or SL. If necessary, compose matters requiring attention and violation write-ups.

4. Update the OCC’s supervisory information systems and any applicable ROE schedules or
tables.

5. Document recommendations for the supervisory strategy (e.g., what the OCC should do
in the future to effectively supervise litigation and other legal matters in the bank,
including time periods, staffing, and workdays required).

Comptroller’s Handbook 18 Litigation and Other Legal Matters

 Version 1.1

6. Update, organize, and reference work papers in accordance with OCC policy.

7. Appropriately dispose of or secure any paper or electronic media that contain sensitive
bank or customer information.

Comptroller’s Handbook 19 Litigation and Other Legal Matters

 Version 1.1

References
(Section updated December 28, 2018)

Listed references apply to both national banks and federal savings associations unless
otherwise specified.

Laws
12 USC 481, “Appointment of Examiners; Examination of Member Banks, State Banks, and
Trust Companies; Reports” (national banks)
12 USC 1463, “Supervision of Savings Associations” (federal savings associations)
12 USC 1464, “Federal Savings Associations” (federal savings associations)
12 USC 1820(d), “Annual On-Site Examinations of All Insured Depository Institutions
Required”
12 USC 1828(x), “Privileges Not Affected by Disclosure to Banking Agency or Supervisor”
12 USC 1831v, “Authority of State Insurance Regulator and Securities and Exchange
Commission”
12 USC 3102(b), “Rules and Regulations; Rights and Privileges; Duties and Liabilities;
Exceptions; Coordination of Examinations” (federal branches and agencies)
12 USC 3105(c)(1)(C), “On-Site Examination” (federal branches and agencies)
18 USC 1905, “Disclosure of Confidential Information”
18 USC 1906, “Disclosure of Information From a Bank Examination Report”
28 USC 1711 et seq., “The Class Action Fairness Act of 2005”
28 USC 1715, “Notifications to Appropriate Federal and State Officials”

Regulation
12 CFR 4, subpart C, “Release of Non-Public OCC Information”

Comptroller’s Handbook
“Bank Supervision Process”
“Community Bank Supervision”
“Compliance Management Systems”
“Corporate and Risk Governance”
“Federal Branches and Agencies Supervision”
“Foreword”
“Large Bank Supervision”

OCC Issuances
OCC Bulletin 1996-40, “Notice of Important Litigation: Message to Bankers”
OCC Bulletin 2006-20, “Class Action Fairness Act of 2005: Guidance for Filing Notices of
Proposed Class Action Settlements”

Comptroller’s Handbook 20 Litigation and Other Legal Matters

 Version 1.1

OCC Bulletin 2011-21, “Interagency Guidance on the Advanced Measurement Approaches

for Operational Risk”
OCC Bulletin 2013-29, “Third-Party Relationships: Risk Management Guidance”
OCC Bulletin 2017-7, “Third-Party Relationships: Supplemental Examination Procedures”
OCC Bulletin 2017-21, “Third-Party Relationships: Frequently Asked Questions to
Supplement OCC Bulletin 2013-29”
OCC Bulletin 2017-43, “Risk Management Principles of New, Modified, or Expanded Bank
Products and Services: Risk Management Principles”

Other
Financial Accounting Standards Board’s ASC 450, “Contingencies”

Comptroller’s Handbook 21 Litigation and Other Legal Matters

 Version 1.1

Table of Updates Since Publication

Refer to the “Foreword” booklet of the Comptroller’s Handbook for more information
regarding the OCC’s process for updating Comptroller’s Handbook booklets.

Version 1.0: Published January 16, 2015

Version Affected
number Date Reason pages
1.1 December 28, Clarified applicability to federal branches and agencies 1
2018
Clarification regarding supervisory guidance, sound risk 1, 4–7, 12,
management practices, or legal language 15–17
Edited for clarity 1, 3, 5, 7–10,
12, 19
Updated for consistency with booklets in the Examination 2–3, 5, 8–11,
Process series of the Comptroller’s Handbook 14–16, 18
Consolidated discussion of compliance risk 2–3
Updated for consistency with OCC Bulletin 2017-43 4, 6, 15, 17
Third-party risk management guidance and examination 4, 7, 16
procedures (OCC Bulletins 2013-29, 2017-7, and 2017-21)
Updated for consistency with “Compliance Management 5
Systems” booklet of the Comptroller’s Handbook
Consolidated discussion of Class Action Fairness Act 6
Clarified applicability to bank subsidiaries 6
Added or updated reference to statutes or regulations 6, 9–10
Added or updated references to OCC issuances 7
Update “References” section for consistency with the 20–21
content of the booklet

Comptroller’s Handbook 22 Litigation and Other Legal Matters