
    GRANT THORNTON, LLP, Petitioner v. OFFICE OF the COMPTROLLER OF THE CURRENCY, Respondent.
    No. 07-1003.
    United States Court of Appeals, District of Columbia Circuit.
    Argued Nov. 8, 2007.
    Decided Feb. 8, 2008.
    
      Stanley J. Parzen argued the cause for petitioner. With him on the briefs were Mark W. Ryan, Andrew J. Morris, and Miriam R. Nemetz.
    Jerome A. Madden, Counsel, U.S. Department of Treasury, argued the cause for respondent. With him on the brief was Horace G. Sneed, Director of Litigation.
    Before: HENDERSON and TATEL, Circuit Judges, and WILLIAMS, Senior Circuit Judge.
   Opinion for the Court filed by Senior Circuit Judge WILLIAMS.

Opinion concurring in the judgment filed by Circuit Judge HENDERSON.

WILLIAMS, Senior Circuit Judge:

Grant Thornton, LLP, an accounting firm, appeals a final decision and order of the Comptroller of the Currency that requires the firm to pay $300,000 in civil penalties for recklessly failing to meet Generally Accepted Auditing Standards (“GAAS”) in its audit of the First National Bank of Keystone. Grant Thornton also appeals the Comptroller’s cease and desist order mandating that the firm comply with a host of conditions whenever it audits depository institutions. We vacate the final decision and both orders, finding that when an accounting firm merely performs an external audit aimed solely at verifying the accuracy of a bank’s books, it is not “participat[ing]” or “engaging” in “an unsafe or unsound practice in conducting the business” or “the affairs” of the bank, as those terms are used in 12 U.S.C. §§ 1813(u)(4)(C), 1818(b)(1), and 1818(i)(2)(B)(i)(II).

In 1992 the First National Bank of Keystone, then a small rural bank in West Virginia, sought to increase its revenues, launching an ambitious loan securitization program. The bank bought subprime or high loan-to-value loans from large originators throughout the country. It then pooled these loans with loans it had originated itself. The bank bundled the loans into securities and sold them to institutional investors. Keystone hired asset servi-cers to collect the principal, interest, and penalties on the loans and to issue monthly checks of interest income to Keystone. By 1999 the bank’s assets of approximately $100 million had apparently skyrocketed to about $1 billion.

Examiners from the Office of the Comptroller of Currency (“OCC”) scrutinized the bank’s records periodically from 1992 through 1999. In a 1997 report, the examiners criticized the accuracy of the bank’s statements and the effectiveness of the securitization program’s management. Using a standard rating system, the OCC gave the bank very low marks for its overall condition and management quality.

Because of Keystone’s failure to address these concerns, the OCC initiated an enforcement action against the bank in May 1998. As a result, Keystone and the OCC formally agreed that the bank would retain a nationally recognized independent accounting firm to audit the bank’s mortgage operations, assess the accuracy of its financial statements, and determine the validity of the bank’s accounting for loans it purchased and bundled into securities. In July 1998 the bank hired Grant Thornton to conduct the agreed-upon external audit. In April 1999 Grant Thornton issued its audit opinion. The opinion acknowledged the firm’s duty to “obtain reasonable assurance about whether [Keystone’s] financial statements [for 1997 and 1998] are free of material misstatement,” and in effect stated that it had found such assurance.

In August 1999 OCC examiners uncovered Keystone’s fraud. The bank had inflated its interest income by nearly $98 million and its assets by about $450 million. These $450 million in assets supposedly belonging to Keystone were in reality those of another bank. The scheme masked the fact that Keystone had been insolvent since 1996. Several members of Keystone management were convicted of felonies for falsifying bank financial records, loan servicer reports, and remittances, as well as lying to auditors and regulators. After the OCC determined that Keystone was insolvent, it closed the bank.

On March 5, 2004 the OCC invoked the Financial Institutions Reform, Recovery, and Enforcement Act (“FIRREA”) of 1989, Pub.L. No. 101-73, 103 Stat. 183, and initiated an administrative proceeding claiming that Grant Thornton, in auditing Keystone’s financial statements, had “recklessly engag[ed] in an unsafe or unsound practice in conducting [Keystone’s] affairs.” 12 U.S.C. § 1818(b)(1); see also §§ 1813(u)(4), 1818(i)(2)(B). The government’s evidence showed, among other things, that Grant Thornton had relied on oral representations as to Keystone’s ownership of approximately $236 million of the $450 million at issue, even in the face of written communications suggesting the opposite. At the end of the hearing, however, the administrative law judge recommended that all charges be dismissed because she found that Grant Thornton had not acted recklessly.

On December 7, 2006 the Comptroller rejected the ALJ’s recommendation and fined Grant Thornton. Relying or purporting to rely on the evidence introduced by Harry Potter, the OCC’s audit wizard, the Comptroller found that Grant Thornton participated in an unsafe or unsound practice by recklessly failing to comply with GAAS in planning and conducting the Keystone audit. In a cease and desist order, the Comptroller limited Grant Thornton’s freedom to accept and conduct audits independently, hire accountants, and handle working papers.

Grant Thornton attacks the Comptroller’s decision and orders on multiple grounds. We need address only one. We find that the Comptroller exceeded his statutory authority in characterizing Grant Thornton’s external auditing activity as “participating] in ... [an] unsafe or unsound [banking] practice,” see § 1813(u)(4), and as “engaging ... in an unsafe or unsound practice in conducting [Keystone’s] business,” see § 1818(b)(1), and in “conducting [Keystone’s] affairs,” see § 1818(i)(2)(B)(i)(II). Those conclusions end the case.

We review the OCC’s interpretation of FIRREA and related statutory provisions de novo because multiple agencies besides the Comptroller administer the act, including the Board of Governors of the Federal Reserve Board, the Federal Deposit Insurance Corporation, and the Office of Thrift Supervision in the Treasury Department. See Proffitt v. FDIC, 200 F.3d 855, 863 n. 7 (D.C.Cir.2000); Rapaport v. Department of Treasury, 59 F.3d 212, 215-17 (D.C.Cir.1995); Wachtel v. Office of Thrift Supervision, 982 F.2d 581, 585 (D.C.Cir.1993) (“[§ 1818(b)] is ... also administered by the Federal Reserve Board, the Comptroller of the Currency, and the FDIC, and thus deference under Chevron ... is inappropriate.”); see also Collins v. NTSB, 351 F.3d 1246, 1253 (D.C.Cir.2003) (noting Congress’s observation that “more than one agency may be an appropriate Federal banking agency with respect to any given [type of banking] institution,” citing § 1813(q)).

The relevant statutory structure is unusual to say the least. It is a bit as if provisions penalizing theft started by defining a “thief’ as “a person who commits theft, to wit, one who intentionally takes away the property of another,” etc., and then imposed penalties on any “thief who intentionally takes away the property of another,” etc. The upshot obviously involves a good deal of linguistic duplication; and imposition of a penalty requires that the accused be shown both to fit the statutory definition and to have committed the acts actually triggering punishment.

Here the crucial definition is that of an “institution-affiliated party” (“IAP”), which includes

(4) any independent contractor (including any attorney, appraiser, or accountant) who knowingly or recklessly participates in—
(C) any unsafe or unsound practice, which caused or is likely to cause more than a minimal financial loss to or a significant adverse effect on, the insured depository institution.

12 U.S.C. § 1813(u)(4). We assume without deciding that an accounting firm like Grant Thornton can qualify as an independent contractor.

The relevant substantive provisions of FIRREA echo the definition. Under 12 U.S.C. § 1818(b)(1), the Comptroller of the Currency may issue a cease-and-desist order if a bank or IAP “is engaging or has engaged ... in an unsafe or unsound practice in conducting the business of [an] insured depository institution”; and under § 1818(i)(2)(B)(i)(II) the Comptroller may impose civil monetary penalties when a depository institution or IAP “recklessly engages in an unsafe or unsound practice in conducting the affairs of [an] insured depository institution” which causes a more than minimal loss to the bank or meets other aggravating circumstances.

While the definitional section doesn’t specify that the accused must have engaged in the “unsafe or unsound practice” in “conducting the business of the bank, § 1818(b)(1), or in “conducting the affairs of the bank, § 1818(i)(2)(B)(i)(II), the OCC doesn’t dispute that, to prevail under the substantive provisions, it must show that Grant Thornton’s audit activity amounted to such “conducting.” See OCC Br. at 4.

Nor does the Comptroller contest that the phrase “unsafe or unsound practices,” in all its appearances here, means “unsafe or unsound banking practices.” The latter is, indeed, the formulation that the Comptroller uses in his Notice of Assessment of a Civil Monetary Penalty, at 17-18 and his Final Decision and Order, at 17. That reading (besides being undisputed and according with conventional banking terminology) harmonizes the definitional section, § 1813(u)(4), with the two substantive sections penalizing one who recklessly participates or engages in “an unsafe or unsound practice in conducting the business” or “the affairs” of a depository institution. § 1818(b)(1), (i)(2)(B)(i)(II).

Although the OCC’s Notice of Charges for Issuance of an Order to Cease and Desist might be read as claiming that the “unsafe or unsound practice” in which Grant Thornton allegedly engaged was Keystone’s own fraud, see id. at 20, its final decision identified the practice as Grant Thornton’s conduct of the audit: “Clearly, Grant Thornton itself ‘participated’ in an unsafe or unsound practice when it violated GAAS in carrying out its audit.” Final Decision and Order, at 17; see also id. at 20. Thus, the Comptroller’s orders rest on the idea that recklessly conducting a non-GAAS audit of a bank constitutes participation in an unsafe or unsound practice in conducting the business or affairs of the bank. But however incompetently or recklessly the audit may have been performed, conduct of the audit cannot be shoehorned into the controlling statutory language.

First, Grant Thornton didn’t participate in an “unsafe or unsound [banking] practice” because an audit of the sort conducted here is not a banking practice. Grant Thornton was fulfilling the classic reporting function of external auditors — examining the company’s books from the outside and verifying the accuracy of its records and the adequacy of its internal controls. This sort of outside look into a bank’s activity is not a “practice” of a depository institution or bank. FIRREA defines a “depository institution” as “any bank or savings association.” § 1813(c)(1). It defines a “bank” as “any national bank and State bank, and any Federal branch and insured branch.” § 1813(a)(1)(A). As this definition is in part circular, itself depending on the meaning of the word “bank,” Congress evidently relied on common understanding to fill the gap. The language of Webster’s Third New International Dictionary (1981), identifying a bank as “an establishment for the custody, loan, exchange, or issue of money, for the extension of credit, and for facilitating the transmission of funds by drafts or bills of exchange,” id. at 172, seems apt. A review of a bank’s books is quite distinct from the “custody, loan, exchange, or issue ... of money” or “facilitating the transmission of funds.” Id. We do not attempt to define the full universe of activities that encompass “banking practices.” Yet we are certain that an external auditor whose sole role is to verify a bank’s books cannot be said to be engaging in a “banking practice.” We do not answer the question of whether an internal auditor with an equally limited role (if there be any such) is conducting the bank’s business.

In oral argument, Comptroller’s counsel advanced the idea that because § 1831m(f)(l) requires that banks, in order to stay in business, undergo GAAS-compli-ant audits on an annual basis, it follows that such audits are necessarily part of a bank’s business. See Oral Argument, 45:24-45:38; see also § 1831m(a)-(f). This seems to us a complete non-sequitur. That a bank must engage outsiders to perform services does not necessarily turn such providers into bankers. In the case of auditors, of course, the need to enlist their services comes in part from the law, in part from the practicalities of raising the bank’s own capital, but it is hard to see why the element of legal compulsion should change the matter. It makes as much sense to say that Grant Thornton was conducting Keystone’s business as it is to say that an Underwriters Laboratories representative who inspects a toaster is “engaged in conducting the manufacture of toasters,” or that a Department of Agriculture representative checking a smokehouse for compliance with meat safety laws is “engaged in conducting the operation of a smokehouse.”

Second, we have some assistance from the Supreme Court on the meaning of a phrase closely parallel to those in question here. In Reves v. Ernst & Young, 507 U.S. 170, 113 S.Ct. 1163, 122 L.Ed.2d 525 (1993), the Court construed the following language from RICO: “to conduct or participate, directly or indirectly, in the conduct of [an enterprise’s] affairs.” Id. at 177-79, 113 S.Ct. 1163 (discussing 18 U.S.C. § 1962(c)). Reasoning that Congress meant something broader than “conduct [the enterprise’s] affairs,” but narrower than merely “participate in [its] affairs,” the Court concluded that a covered party “must have some part in directing [the enterprise’s] affairs.” Id. at 179, 113 S.Ct. 1163. Grant Thornton played no such directive role in Keystone’s affairs.

A directing role can, of course, be a minor one. In Cavallari v. Office of Comptroller of the Currency, 57 F.3d 137, 140 — 41 (2d Cir.1995), the court affirmed the Comptroller’s classification of an attorney as an IAP because he provided oral and written advice to a bank that exchanging loan guaranties, resulting in the bank’s gaining an interest in a financially unsound company, was in the bank’s best interest. The court’s holding also rested on the fact that the lawyer drafted the paperwork needed to complete the transaction. Thus he advised the bank, in a forward-looking capacity, on how to conduct the bank’s own business — lending. By actively encouraging a dubious transaction, he played a part in conducting the bank’s business in a way that was “contrary to accepted standards for banking operations.” Id. at 143. In contrast, while Grant Thornton’s audit may have been “strikingly incompetent,” as described at length by the concurring opinion, it neither proffered advice on nor assumed any directive role in Keystone’s conduct of its affairs. The Comptroller nowhere suggests that Grant Thornton was in cahoots with Keystone’s fraudulent managers.

Judge Henderson’s concurrence describes our opinion as a “rejection” of accountant liability as an IAP under § 1818(b)(1) and § 1818(i)(2)(B)(i)(II). Op. of Henderson, J., at 1336. Insofar as she may suggest a categorical rejection, the description is wide of the mark. Our discussion above makes clear that an accountant who plays an active role in directing a bank’s unsafe or unsound practices, or its wrongful transactions, as the lawyer in Cavallari did, can be sanctioned as an IAP; he would then have actually participated in an unsafe or unsound practice in conducting the business or affairs of a bank.

The concurring opinion also invokes legislative history to cast doubt either on our interpretation of the relevant provisions, or possibly on our opinion’s non-existent categorical rejection of accountant liability. In any event, the proposed use of legislative history doesn’t work. First, the text of the statute is clear enough that resort to legislative history is unnecessary. See Claybrook v. Slater, 111 F.3d 904, 907 (D.C.Cir.1997) (“If statutory language is clear ... it is both unnecessary and inappropriate to track legislative history.”). Second, even if mining legislative history were necessary to interpret the provisions, the section of the House Report commenting directly on § 1813’s IAP definition unsurprisingly tracks the statute’s actual language. It notes that “[appraisers, accountants, and attorneys have participated in some of the serious misconduct in banks and thrift institutions.” H.R.Rep. No. 101-54(1), at 466 (1989), reprinted in 1989 U.S.C.C.A.N. 86, 262 (emphasis added); see also id. (stating that independent contractors are liable under the provisions “only if they participate in the conduct of the affairs of ... insured financial institutions”). Then it distinguishes between an attorney who provides a bank advice or services in good faith and an attorney who also “knowingly participates in other activities which result in serious misconduct,” saying that the former is not a target for enforcement action, whereas the latter is. Id. at 467, 1989 U.S.C.C.A.N. at 263.

Third, the legislative history cited in the concurring opinion, highlighting the role of “poor quality audit work” in the banking scandals of the late 1980s, appears in the preliminary, narrative sections of the House Report; it doesn’t specifically comment on particular provisions of FIRREA, let alone any part of §§ 1813 or 1818. Id. at 300-01, 1989 U.S.C.C.A.N. at 96-97. Nothing links Congress’s apparent concern that poor auditing “delayed regulatory action” and thus “raised the ... cost of resolving thrift failures” to the sections at issue here. Id. at 301, 1989 U.S.C.C.A.N. at 97. Certainly other provisions of FIR-REA seem responsive to this general concern. Some, for example, imposed stricter auditing requirements on banks and required banks to give the Comptroller access to “books, records, accounts, reports, files, and property ... used by ... an independent certified public accountant retained to audit” banks or their funds. 12 U.S.C. § 1827(d)(2); see also 12 U.S.C. § 1441a(k)(l)(B) (1989) (a FIRREA provision that contained language identical to that of § 1827(d)(2), though the language was removed in a 1991 amendment); FIR-REA, §§ 220, 501. And Congress’s commissioning of a feasibility report on means of enhancing transparency between audits and the bank regulatory agencies, id. § 1001, 12 U.S.C § 1811 note, also appears aimed in part at reducing the risk of defective audits. In short, assigning the provisions in dispute their ordinary-language meanings creates no inconsistency with the House Report.

Finally, we note that Congress has given the Comptroller wide latitude to punish accountants who transgress GAAS in their audits of depository institutions:

In addition to any authority contained in [12 U.S.C. § 1818], the Corporation or an appropriate Federal banking agency may remove, suspend, or bar an independent public accountant, upon showing of good cause, from performing audit services required by this section.

12 U.S.C. § 1831m(g)(4)(A). While Congress added this provision after adoption of FIRREA (as part of the Federal Deposit Insurance Corporation Improvement Act, Pub.L. No. 102-242, § 36, 105 Stat. 2236, 2244 (1991)), its presence makes clear that giving the words of FIRREA their ordinary meaning leaves the banking authorities ample power to sanction delinquent auditors. Here, of course, we need not address the application of § 1831m(g)(4)(A) to Grant Thornton, as the Comptroller has not tried to rest its case on that section.

We vacate the Comptroller’s final decision and orders for the reasons stated.

So ordered.

KAREN LECRAFT HENDERSON, Circuit Judge,

concurring in the judgment:

I agree with my colleagues that we should vacate the civil monetary penalty and cease and desist order the Office of the Comptroller of the Currency (OCC) imposed on Grant Thornton; however, I am not persuaded by their reasoning and therefore concur in the judgment only. The Congress enacted the Financial Institution Reform, Recovery and Enforcement Act of 1989 (FIRREA), Pub.L. 101-73, 103 Stat. 183 (1989), as a direct response to the savings and loan crisis of the late 1980s. See H.R. Rep. No 101-54, at 291-92 (1989), as reprinted in 1989 U.S.C.C.A.N. 87. The House Banking, Finance and Urban Affairs Committee Report (House Report) accompanying the legislation discusses the causes of that crisis. Among them, the Report highlights “poor quality audit work” as one of the primary ones. The House Report explains:

The public accounting industry and certified public accountants (CPAs) played a major role in masking the insolvency of many failed thrifts, and often did not report fraud and insider abuse by thrift managements to thrift regulators. In a study of failed S & L’s [sic] under the supervision of the Federal Home Loan Bank of Dallas, the GAO reported,
For six of the eleven failed S & L’s [sic] we reviewed, CPA’s [sic] did not adequately audit or report the S & L’s financial condition or internal control problems in accordance with professional standards.
Independent audits are an integral part of the system of controls designed to identify and report problems in thrift’s [sic] when they arise. A lack of professionalism and poor quality audit work by CPA’s [sic] helped mask the presence of fraud at a number of failed thrifts. In many instances auditors did not notify regulators about poor management practices at failing thrifts, which ultimately delayed regulatory action against many unscrupulous thrift managements. This delay has significantly raised the ... cost of resolving thrift failures.

Id. at 301, 1989 U.S.C.C.A.N. at 97. In light of the Congress’s express conclusion that “poor quality audit work” played a large role in causing the savings and loan crisis, which crisis produced FIRREA, I cannot join in the majority’s holding that “when an accounting firm merely performs an external audit aimed solely at verifying the accuracy of a bank’s books, it is not ‘participating]’ or ‘engaging’ in ‘an unsafe or unsound practice in conducting the business’ or ‘the affairs’ of the bank as those terms are used in 12 U.S.C. §§ 1813(u)(4)(C), 1818(b)(1), and 1818(i)(2)(B)(i)(II).” Maj. Op. at 1329. As the majority itself notes, the statutory interplay among these subsections is “unusual to say the least” and “obviously involves a good deal of linguistic duplication.” Maj. Op. at 1331. But 12 U.S.C. § 1818(b)(1) and 12 U.S.C. § 1818(i)(2)(B)(i)(II) expressly include an Institution Affiliated Party (IAP) within their respective sanctions so that there must be some way in which an IAP accountant “participates” or “engage[s]” in “an unsafe or unsound practice in [the] eonduct[ ]” of the “business”/“affairs” of a bank. The Second Circuit has decided as much with regard to an IAP attorney. Cavallari v. OCC, 57 F.3d 137, 142-43 (2d Cir.1995). Because an IAP accountant can be sanctioned under section 1818(b)(1) and section 1818(i)(2)(B)(i)(II), I believe that the majority’s rejection of such a result here is wrong.

The OCC’s sanctions levied against Grant Thornton should nonetheless be vacated. The same House Report makes clear that the Congress did not intend FIRREA to be used to levy a firm-wide penalty against an IAP unless “most or many of the managing partners or senior officers of the entity have participated in some way in the egregious misconduct.” H.R.Rep. No. 101-54, at 467, 1989 U.S.C.C.A.N. at 263. During the hearings before the House Banking, Finance and Urban Affairs Committee (Committee), several organizations, including the American Institute of Certified Public Accountants and the American Bar Association’s Business Law Section, expressed

[e]oncern ... that [the OCC] could obtain enforcement orders against a corporation, firm, or partnership, such as a large accounting, appraisal, or law firm, since the term “person” includes entities as well as individuals, and that therefore enforcement orders would not be limited to those individuals who may have been responsible for the wrongful action.

Id. at 466-67, 1989 U.S.C.C.A.N. at 262-63. In response, the Committee explained:

[T]he Committee expects the [OCC] to limit enforcement actions in the usual case to individuals who have participated in the wrongful action, to prevent unintended consequences or economic harm to innocent third parties.
However the Committee strongly believes that [OCC] should have the power to proceed against such entities if most or many of the managing partners or senior officers of the entity have participated in some way in the egregious misconduct. For example, a removal and prohibition order might be justified against the local office of a national accounting firm if it could be shown that a majority of the managing partners or senior supervisory staff participated directly or indirectly in the serious misconduct to an extent sufficient to give rise to an order. Such an order might well be inappropriate if it was taken against the entire national firm or other geographic units of the firm, unless the headquarters or these units were shown to have also participated, even if only in a reviewing capacity.

Id. at 467, 1989 U.S.C.C.A.N. at 263 (emphases added). At the time of the Keystone audit, Grant Thornton had approximately 300 partners and 3,500 other employees in 40 offices throughout the United States. Hr’g Tr. 2160, Nov. 23, 2004. The failure of Grant Thornton’s Keystone audit, however, was caused by the actions of only two individuals. The OCC made no finding that the flaws in the Keystone audit resulted from any systemic problem within Grant Thornton. Nor is there any evidence in the record that “most or many of the managing partners or senior officers of [Grant Thornton] ... participated ... in the egregious misconduct” which produced the deficient audit. See H.R.Rep. No. 101-54, at 467, 1989 U.S.C.C.A.N. at 263. Therefore, I agree that the sanctions against Grant Thornton should be vacated.

I also firmly disagree with the majority’s vacillating assessment of the audit Grant Thornton conducted. See Maj. Op. at 1333 (“while Grant Thornton’s audit may have been ‘strikingly incompetent,’ ...” (emphasis added)). A fuller exposition of the facts will prove my point: The First National Bank of Keystone (Keystone) had operated for years as a small, community bank in Keystone, West Virginia. In the early 1990s, however, Keystone changed its business focus and became heavily involved in the business of purchasing and securitizing sub-prime mortgages. Its new business, so it appeared, increased the value of its loan portfolio from $100 million in 1992 to over $1 billion by 1997. Reality was much different — Keystone was losing money as it was being looted by its management. To preserve the illusion of profitability, Keystone’s management fraudulently misrepresented its financial condition. At the center of the fraud was a business arrangement Keystone entered into with United National Bank (United) of Wheeling, West Virginia. Under the arrangement Keystone was to act as a mortgage purchasing agent for United. Keystone canvassed the market for available mortgages and notified United on a daily basis of its findings. When suitable mortgages were available, United provided Keystone with the funds to purchase the mortgages on United’s behalf. Keystone then arranged for two outside firms, Compu-Link and Advanta, to service the mortgages for United while the mortgages were prepared for securitization. After purchasing the mortgages with funds provided by United and arranging for servicing and securitization, Keystone included the mortgages on its books as assets despite the fact that United owned them. See OCC Dec. at 4-5.

During the 1990s, the OCC repeatedly investigated Keystone. The investigations never uncovered the full extent of the Keystone fraud; however, they did reveal irregularities in Keystone’s management and accounting practices reflected in the quarterly reports Keystone was required to file with the OCC. On May 8, 1998 the OCC informed Keystone that it was considering imposing a civil monetary penalty after Keystone filed an inaccurate report for the third quarter of 1997; however, Keystone forestalled the penalty by entering into a formal Supervisory Agreement with the OCC which required Keystone to strengthen internal accounting controls and retain a national accounting firm to “audit the bank and correct the accounting and internal control deficiencies” the OCC had noted during its earlier examinations of Keystone. OCC Dee., Findings of Fact (FF) 133.

In July 1998, Keystone hired Grant Thornton to perform the required audit. Before performing any work, Grant Thornton representatives attended a meeting between the OCC and Keystone to discuss the OCC’s earlier investigations of Keystone. The OCC representatives explained that Keystone had overstated its assets by about $90 million (almost 10% of its reported assets) in three earlier quarterly reports. Grant Thornton assigned one partner, Stanley Quay, and one associate, Susan Buenger, — both from its Cincinnati office — to perform the Keystone audit. During the pre-audit planning the two became aware of several additional facts manifesting that the Keystone audit required heightened scrutiny, to wit:

(1) in a short period of time Keystone had grown rapidly in asset size and profitability (FF 82, 83); (2) Keystone was heavily involved in significant and complex securitizations (FF 82-114); Keystone faced significant liquidity risk (FF 148, 149, 167); (4) Keystone was troubled and undercapitalized (FF 135, 167); (5) Grant Thornton had been retained by Keystone in order to comply with the OCC Formal Agreement that required the bank to retain an external auditor to resolve the bank’s accounting inaceura-cies and deficiencies and to establish an internal control structure (FF 132-134); (6) The OCC had just downgraded the bank to an unacceptable composite “4” CAMELS rating, and downgraded Keystone’s management to the lowest rating of “5” (FF 150); (7) the FBI had investigated [Keystone’s “senior vice president” and “controlling officer”] Ms. Church with respect to illegal “kickbacks” related to the bank’s residential lending (FF 171); (8) Mr. Michael Graham, a vice president of KMC [Keystone Management Company (a Keystone subsidiary)], was cited by the OCC as being responsible for an unexplained $31 million “input error” in the bank’s accounting for residual assets (FF 139); (9) Keystone recently had recorded ownership of $44 million in trust accounts even though they were not Keystone assets (FF 139); (10) Keystone also recently had claimed ownership of $16 million in residual interests in securitizations even though Keystone had pledged those interests to other parties (FF 139); (11) the bank had a history of filing inaccurate Call Reports, key insiders had been assessed CMPs [civil monetary penalties] in connection with those inaccuracies, and the OCC was considering additional CMPs against these same insiders (FF 151); and (12) the OCC examiners had accused Ms. Church of manipulating Call Reports so that the bank’s “well capitalized” status under FDICIA [the Federal Deposit Insurance Corporation Improvement Act] continued to be reported even though inaccurate (FF 140).

OCC Dec. 10-11. Despite these obvious red flags, Quay and Buenger began with what Grant Thornton’s audit manual termed a “Basic” audit. FF 176-77, 182-83. Performing only a “Basic” audit, Quay and Buenger were to (1) obtain written confirmation from Compu-Link and Ad-vanta that they were in fact servicing the loans Keystone had reported on its balance sheet and (2) verify Keystone’s claimed $98 million in interest income for the year 1998. The original Keystone audit plan called only for a “test of reasonableness.” OCC Dec. 38. At some point after the audit plan was prepared, however, a Grant Thornton supervisor in a different local office reviewed the plan and determined that Keystone should be classified “maximum risk.” See FF 184, 186, 188. According to Grant Thornton’s audit manual, in auditing a maximum risk client, an auditor is required to perform a “Comprehensive” audit, including a “test of details” to verify the accuracy of the client’s interest income. FF 185-89. Despite Keystone’s classification as “maximum risk,” the original audit plan was not amended and Quay and Buenger proceeded with the “Basic” audit.

At the commencement of the audit, Buenger attempted to independently verify the size of Keystone’s mortgage portfolio. Keystone’s records indicated that, as of December 31, 1998, Compu-Link and Advanta had serviced Keystone-owned accounts worth, according to Keystone, approximately $227.2 million and $242.6 million respectively. In reality, however, Compu-Link had serviced approximately $14 million in Keystone accounts and Ad-vanta had serviced approximately $6.3 million. Buenger asked Compu-Link and Advanta in writing to verify the size of Keystone’s loan portfolios. CompuLink verified, without explanation, that it had serviced just over $227 million “of Keystone loans.”

After receiving no response from Advan-ta for several weeks, Buenger followed up by telephone and fax. The Advanta manager in charge of the Keystone accounts, Patricia Ramirez, then sent Buenger a statement via FedEx indicating that Ad-vanta had serviced only approximately $6.3 million in Keystone mortgages in 1998 — a figure less than 1/38 of the $242 million Keystone reported. Several weeks later Buenger again telephoned Ramirez. Ramirez told Buenger that she had located another pool of “Keystone” mortgages worth approximately $236 million. Immediately after the call, however, Ramirez emailed Buenger stating that the $236 million in mortgages were owned by “Investor # 406,” identified in the email as “United National Bank.” Notwithstanding the ti tanic discrepancy, Buenger did not request a written clarification as required under Generally Accepted Auditing Standards (GAAS). Instead, relying on the earlier telephone call with Ramirez, Buen-ger simply concluded that the $242 million figure was accurate.

This was only the most eye-popping deficiency in the Keystone audit. Despite Keystone’s classification as “maximum risk,” Quay and Buenger used only the “test of reasonableness” to verify Keystone’s self-reported interest income figures. Their test of “reasonableness” was based on fraudulent financial information Buenger obtained directly from Keystone. They made no effort to independently verify the accuracy of the figures as they were required to do under GAAS and Grant Thornton’s own internal audit manual. In reality almost the entire $98 million that Keystone reported in interest income for 1998 did not exist — a fact that could have quickly been verified by requesting the monthly remittances Keystone received from its loan servicers. See FF 220-27. Nor does it appear that the auditors confirmed that any of the reported interest income was in fact deposited in Keystone’s account by reviewing Keystone’s general ledger. Compare Tr. 2502-10, Nov. 24, 2004 with FF 257.

Having failed to detect the Keystone fraud, Grant Thornton issued an unqualified audit opinion in April 1999 confirming that “the audit had been conducted pursuant to GAAS and that Grant Thornton had obtained reasonable assurance that the bank’s financial statements were free from material misstatements.” FF 253. Only four months later, however — in August 1999 — OCC examiners discovered that Keystone had fraudulently reported over $98 million in interest income, FF 259, and over $450 million in assets (approximately 50% of the total assets reported by Keystone), id., and was “hopelessly insolvent,” OCC Dec. 1. In September 1999, OCC ordered Keystone closed and appointed the Federal Deposit Insurance Corporation (FDIC) as receiver. The Keystone collapse cost the FDIC approximately $600 million to resolve. Tr. 351, Nov. 12, 2004.

The conduct of the two Grant Thornton auditors can only be described as strikingly incompetent. They failed to comply with GAAS as required under 12 U.S.C. § 1831m(f)(l). They failed to assess, in Grant Thornton’s own words, the “maximum risk” Keystone represented. They relied upon a telephone conversation regarding the loan amount Advanta had serviced despite the fact that Advanta advised them in writing at least twice that Advanta had serviced only a fraction of the amount of loans Keystone’s records showed. They failed to amend their audit plan to require a “test of details” — in violation of Grant Thornton’s own manual — after Keystone was classified a “maximum risk” audit.

Accountants and auditors perform a critical role in insuring the integrity of financial institutions. See H.R.Rep. No. 101-54, at 301 (“Independent audits are an integral part of the system of controls designed to identify and report problems in thrift’s [sic] when they arise.”). Although I recognize that “[a]uditors do not function as insurers and their reports do not constitute a guarantee,” OCC Dec. 2, nonetheless “bank regulators, the bank’s shareholders and the public,” id., expect to rely on an auditor’s professional competence and deserve better than what happened here. 
      
      . The OCC argues that this language limiting firm-wide liability applies only to "12 U.S.C. § 1818(e)'s removal and prohibition sanctions against professional firms.... There was no hint in the House Report that professional firms were not subject to [other] enforcement actions or that it would be inappropriate to impose non-prohibition remedial actions and [civil monetary penalties] against professional firms acting as IAPs.” OCC’s Br. 33. Not so. The House Report makes clear that the discussion of removal and prohibition sanctions is offered as simply one example of the "special” circumstances under which firm-wide liability might be applied. See H.R.Rep. No. 101-54(1), at 467, 1989 U.S.C.C.A.N. at 263.
     
      
      . In 1998 alone, Keystone purchased over $960 million in mortgages for United.
     
      
      . The Supervisory Agreement required that Keystone retain a national accounting firm to, inter alia,
      
      (1) “perform an audit of the Bank’s mortgage banking operations and determine the appropriateness of the Bank's accounting for purchased loans and all securitiza-tions”;
      (2) reconcile Keystone’s records and loan servicer records; and
      (3)assess the appropriateness of all carrying values of entries on the balance sheet and income statement.
      FF 133 (quoting OCC Ex. 353) (internal citations omitted).
     
      
      . At that time Quay had worked on over 600 financial institution audits. Tr. 2159, Nov. 23, 2004. Buenger had over four years of auditing experience with Grant Thornton. See Tr. 2590, Nov. 24, 2004.
     
      
      .Interest income can be verified in at least two different ways. See OCC Dec. 27-28 (discussing tests). The first method, a "test of reasonableness,” requires only that the auditor examine the bank’s self-reported figures and evaluate their reasonableness based on "expected relationships” with other information in the bank's financial statements. See FF 66-68, 180. The more searching method, a "test of details,” requires the auditor to review the bank’s "primary financial documents such as ... remittances and cash receipts” and to "trace! ] those items into bank records.” FF 63-65.
     
      
      . The Administrative Law Judge suggested that the reason for the discrepancy was that Keystone management influenced Compu-Link to pool the Keystone and United accounts when responding to Grant Thornton’s request. See ALJ Dec. 9-10.
     
      
      . Most of the mortgages were "high-loan-to value ... second and third mortgage loans.” FF 83.
     
      
      . The American Institute of Certified Public Accountants (AICPA) adopted Generally Accepted Auditing Standards to govern the performance of a financial audit. See Ferriso v. NLRB, 125 F.3d 865, 871 (D.C.Cir.1997). Under 12 U.S.C. § 1831m(f)(l) an auditor examining a federally insured depository institution is required to comply with GAAS. GAAS requires, inter alia, that an auditor exercise "due professional care” and "professional skepticism” in conducting an audit. See GAAS § .02 (2007); AICPA, Codification of Statements on Auditing Standards (AU) § 230.07 (2007). GAAS also specifies that “[w]henever the auditor has concluded that there is significant risk of material misstatement ... of the financial statements ... more experienced personnel!,] more extensive supervision [or] ... expanded] ... [auditing] procedures” may be required. See AU § 312A.17. GAAS also requires that all "significant” confirmations of financial data be obtained in writing. See AU § 330.29. Buen-ger’s reliance on her telephone conversation with Ramirez that Ramirez had located an additional $236 million in "Keystone loans” flagrantly violated the requirement that all "significant” confirmations of financial data be in writing.
     
      
      . See, e.g., FF 225 ("Grant Thornton did not follow the requirements of its audit manual to conduct a 'Comprehensive' audit that called for primary reliance upon a 'test of details’ in connection with the audit of interest income from loans serviced by third-party servi-cers.”); FF 230 ("Before an analytical test could be used for substantive purposes in place of a 'test of details,’ GAAS, as described in Grant Thornton's auditing manual, required Grant Thornton's auditors to identify and describe the internal controls pertinent to the assertions to be audited, test the controls to be relied upon, and re-evaluate such controls in light of the results to determine if reliance would be warranted.”); FF 232 ("Where an entity’s internal controls have not been tested for reliability, GAAS imposes a duty upon the auditor to independently verify all financial data generated internally or otherwise provided by the client's management before that data may be used for auditing purposes.”); see also FF 166, 179, 185-86, 233-36.
     
      
      .Had Quay and Buenger applied a "test of details” instead of a "test of reasonableness,” they would have almost certainly detected the Keystone fraud. When, some months after the Grant Thornton audit, the OCC learned from Compu-Link and Advanta that Keystone’s mortgage portfolios were grossly overstated, the OCC contacted Grant Thornton. Grant Thornton performed a "test of details” and uncovered the fraud in under one hour. See OCC. Dec. 30 (citing FF 226).
     
      
      . Recent litigation in the District of West Virginia resulted in the entry of a $25 million judgment against Grant Thornton for losses that " ‘but for’ Grant Thornton’s gross negligence, the FDIC would have avoided.” Grant Thornton LLP v. FDIC, Nos. 1:00-0655 et al., 2007 U.S. Dist. LEXIS 19379, at *100 (D.W.Va. Mar. 14, 2007).
     