On January 29, the U.S. Court of Appeals for the D.C. Circuit held that the OCC and the Federal Reserve Board (FRB) improperly prohibited a bank director from participating in future banking activities of several institutions based on an agreement the director made to avoid state-level prosecution on perjury charges. DeNaples v. OCC, No. 12-1162, 2013 WL 322531 (D.C. Cir. Jan. 29, 2013). Under Section 19 of the Federal Deposit Insurance Act, banking regulators can prohibit an individual from participating in the affairs of an insured depository institution if the individual has been convicted of certain criminal offenses, or if the individual has entered into a “pretrial diversion or similar program” related to those criminal charges. In this case, the OCC and the FRB determined that a bank director could not participate in the affairs of several institutions with which he was affiliated because the director entered an agreement with state prosecutors by which the prosecutors withdrew perjury charges in exchange for certain actions taken by the bank director. The agencies determined the agreement constituted a “pretrial diversion or similar program.” When the bank director refused to halt his participation, the OCC and the FRB issued cease and desist orders requiring the director to terminate his relationship with the institutions. On appeal, the court held that the regulators applied an improper definition of “pretrial diversion or similar program” when they reasoned that the ordinary meaning of the phrase extends to any conditional agreement to withdraw charges. The court held that the definition must require more than any quid pro quo, and that the regulators should consider whether an agreement to avoid charges includes a voluntary agreement for treatment, rehabilitation, restitution or other noncriminal or nonpunitive alternatives. The court vacated the agencies’ orders and directed the agencies to determine on remand whether the conditions required by the state-level agreement fit within the parameters of a “pretrial diversion or similar program,” as established by the court.

On December 28, the U.S. Court of Appeals for the Fourth Circuit affirmed a district court holding that a bankruptcy trustee lacked standing to sue former directors of an insolvent bank holding company for alleged mismanagement of a failed subsidiary bank. In re Beach First Nat’l Bancshares, Inc., No. 11-2019, 2012 WL 6720911 (4th Cir. Jan. 2, 2013). The district court determined previously that the directors and officers of the holding company and the subsidiary bank were one and the same, and that the harm caused to the bankrupt holding company was the direct result of the failure of the subsidiary bank. As such, the district court held that the trustee’s claims on behalf of the holding company are derivative claims that can only be pursued by the FDIC as receiver for the failed subsidiary. On appeal, the trustee argued that the claims are direct, not derivative, claims that fall outside of the FDIC’s purview, and, in the alterative, the claims are proper even if derivative because the FDIC has declined to act. The appeals court agreed with the district court and held that the trustee pled mainly claims deriving from defalcations at the subsidiary bank level, and not a distinct and separate harm specific to the holding company. Further, the appeals court held that the FDIC retains its statutory authority to act, and, in any event, has no statutory authority to transfer to another party its right to act on behalf of the failed subsidiary. The appeals court reversed the district court with regard to one of the trustee’s claims, holding that the trustee’s claim that the directors caused the holding company to improperly subordinate its equity interest in a company that owned real property could proceed on remand as a direct claim against the directors because the alleged actions caused damages unique to the holding company.

On November 19, the U.S. District Court for the Northern District of Illinois held that the FDIC, as receiver for a failed bank, is not entitled to memoranda prepared by a law firm in connection with the firm’s representation of two directors of the failed bank. FDIC v. Belongia Shapiro & Franklin, LLP, No. 12-2889, 2012 WL 5877559 (N.D. Ill. Nov. 19, 2012). The FDIC petitioned the court to enforce an administrative subpoena seeking legal opinions the firm provided to the bank in which the firm counseled the bank to pay the legal fees of bank personnel in three lawsuits. The court held that even though the FDIC stands in the shoes of the bank and generally holds any privilege the firm may assert, the firm was not required to turn over its legal advice provided to two of the bank’s directors who faced an administrative enforcement action by the FDIC. The court reasoned that because the firm was providing advice to the directors and not to the bank, the FDIC does not hold the attorney-client privilege. Further, the court explained that even though the firm provided advice to the bank before it represented the individual directors, such representation does not establish a joint-client or common interest exception to the privilege. Moreover, the bank’s payment of the firm’s fees does not entitle the bank to be privy to the firm’s communications with the directors. The court did require the firm to produce materials regarding two other matters in which the firm provided advice to the bank.

On October 31, the Federal Financial Institutions Examination Council (FFIEC) issued a revised Supervision of Technology Service Providers Booklet (TSP Booklet). The revised TSP Booklet, which is part of the FFIEC Information Technology Examination Handbook, provides guidance for examiners and financial institutions on the supervision of technology service providers by describing the federal banking regulators’ statutory authority to supervise third-party service providers, outlining the regulators’ risk-based supervision program, and providing the Uniform Rating System for examinations. The TSP Booklet clarifies that outsourced activities should be subject to the same risk management, security, privacy, and other internal controls and compliance policies as if such functions were performed internally, and that a financial institution’s board of directors and management have the responsibility for ensuring that outsourced activities are conducted in a safe and sound manner and in compliance with applicable laws and regulations.

Concurrent with the release of the updated TSP Booklet, the Federal Reserve Board, the FDIC, and the OCC issued new Administrative Guidelines for the Implementation of Interagency Programs for the Supervision of Technology Service Providers. The Guidelines are separate from the FFIEC IT Examination Handbook and describe how the agencies implement their interagency supervisory programs. The Guidelines are primarily a resource for examiners and include the reporting templates used by examiners.

On October 23, the U.S. District Court for the District of Puerto Rico denied motions to dismiss gross negligence claims against former directors and officers brought by the FDIC as receiver for a failed bank. The court further held that the FDIC as receiver is not precluded from recovering under the directors and officers’ insurance policies. W Holding Co. v. Chartis Ins. Co.-Puerto Rico, No. 11-2271, slip op. (D. Puerto Rico Oct. 23, 2012). The FDIC sued former officers and directors of the bank, alleging that they were grossly negligent in approving and administering commercial real estate, construction, and asset-based loans and transactions and seeking over $176 million in damages. The court concluded that the FDIC could not maintain claims for ordinary negligence against the former officers and directors because of the business judgment rule, but that the FDIC had stated sufficient facts to allege a plausible claim for gross negligence. The court held that (i) the FDIC’s complaint adequately specified which alleged misconduct was attributable to each director or officer, (ii) the claims should not be dismissed on statute of limitations grounds, and (iii) separate claims against certain former officers and directors concerning fraudulent conveyances should not be dismissed. In addition, the court denied the insurers’ motions to dismiss the FDIC’s claims for coverage under the directors and officers’ liability policies. The court held that the policies’ “insured versus insured” exclusion did not apply to an action by the FDIC as receiver because the FDIC was suing on behalf of depositors, account holders, and a depleted insurance fund.

On October 5, the U.S. District Court for the Central District of California dismissed several affirmative defenses invoked by a group of former bank officers sued by the FDIC as receiver for a failed bank, including their claim of protection from personal liability for business decisions. FDIC v. Van Dellen, No. 10-4915, 2012 WL 4815159 (C.D. Cal. Oct. 5, 2012). The FDIC sued the former officers, alleging that, in pursuit of bonuses for high loan origination volumes, the officers approved homebuilder loans to unqualified borrowers. As part of their defense, the officers claimed that the court should apply the law of the state of Delaware where the bank was incorporated, and not California law where the bank had its principle place of business. The officers sought to invoke Delaware law protecting officers from personal liability for business decisions. The court disagreed and held that (i) California law applies under any choice of law test and (ii) California’s business judgment rule, both as codified and its common law element, immunizes directors from personal liability but not officers. With regard to the officers’ defense that the FDIC claims were time barred as allegations of professional negligence, the court held that the gravamen of the complaint actually is breach of fiduciary duty, which has a longer statute of limitations. The court also reiterated a previous ruling that the officers could not invoke any defenses that would rely on imputing the bank’s pre-receivership conduct to the FDIC as receiver. The court did agree with the officers that any recoveries made by the FDIC in another case should be considered when assessing damages in this case, and that claims regarding certain loans approved by the bank’s federal regulator should be reviewed by a jury.

On July 11, four former bank officers and two of their former customers were indicted in the U.S. District Court for the Eastern District of Virginia on eighteen counts of fraud. Indictment, United States v. Woodard, No. 12-105 (E.D. Va.). The indictment alleges that in the run-up to the financial crisis, the bank more than doubled its assets primarily through brokered deposits, while the directors administered a lending program that violated industry standards and the bank’s internal controls. In connection with the financial crisis, the indictment states, the bank’s loan portfolio deteriorated and the directors conspired to conceal the institution’s financial condition. Ultimately, the bank failed, leaving the federal government insurance fund to cover approximately $260 million in deposits, the indictment claims. In addition to the criminal charges, the U.S. Attorney is seeking forfeiture of the defendants’ assets. Other bank officers, employees, and customers already have pled guilty to related charges.

On June 29, the U.S. Court of Appeals for the Seventh Circuit directed a D&O insurance provider to cover certain claims against defendants insured under the same policy as some plaintiffs despite an “insured vs. insured” exclusion from coverage under the insurance arrangement. Miller v. St. Paul Mercury Ins. Co., No. 10-3839 (7th Cir. June 29, 2012). The dispute began when five plaintiffs sued Strategic Capital Bancorp, Inc. (“SCBI”) for fraud and other state law claims flowing from SCBI’s alleged material misstatements relating to the company’s financial condition. Three of the plaintiffs were directors or officers covered under SCBI’s policy; the other two plaintiffs were not insureds under the policy. When SCBI notified its insurance carrier and requested indemnity and defense coverage under the insurance agreement, the carrier refused, citing the policy’s “insured vs. insured” provision. All parties to that initial lawsuit then filed a new action against the carrier in an effort to force it to provide coverage. The Seventh Circuit reversed the district court’s dismissal of those claims brought by the two non-insured plaintiffs. In a lawsuit involving both insured and non-insured plaintiffs, the court ruled, the insurance carrier must “provide indemnity for losses on claims by non-insured plaintiffs but not for losses on claims by insured plaintiffs.” The court reasoned that such a holding conforms to the parties’ expectations, minimizes the risk of arbitrary results, and discourages efforts to manipulate the result through strategic party joinder or case consolidation.