On July 20, The New York Times reported that the New York State Department of Financial Services has stepped up its investigation of Promontory Financial Group, a leading global financial services consulting firm. Promontory is under the department's scrutiny for having allegedly doctored a report on international sanctions compliance, which Promontory prepared for a client bank to submit to federal and state regulators. If New York takes action against Promontory, it would be the third major consulting firm in as many years that the regulator will have punished for sanitizing problematic regulatory reports in response to bank pressure. The department has already fined Deloitte $10 million and imposed a one-year ban on agency-related work for similar misconduct, and has likewise fined PricewaterhouseCoopers $25 million and imposed a two-year agency ban.

This demonstrated capture of the consulting industry is a serious issue. Without exaggeration, a consultant's lack of independence and objectivity can threaten the efficacy of financial regulation and the integrity of financial markets. This fact is no secret, nor has it gone unnoticed.

In April 2013, the U.S. Senate Banking Subcommittee on Financial Institutions and Consumer Protection held a hearing to address the obvious problem: financial regulators rely for critical information on consulting firms that are paid by the very same banks that they are engaged to evaluate. As recent history shows, this conflict of interest has repeatedly proven toxic. A consultant's allegiance too often goes to the client that pays the bills.

Although the New York enforcement actions have punished such breaches of public trust by imposing significant penalties after the fact, they have not provided a regulatory framework that can more reliably bring about systemic change. To achieve that goal, the consultant must be directly accountable not only to the bank — as is presently the case — but to the regulator as well. And that accountability must include the potential for criminal liability. Anything less invites a dangerous cost/benefit analysis, i.e., consultants weighing the significant adverse impact on client revenue for refusing to compromise a regulatory report against the historically low risk of incurring reputational and possibly civil liability if caught doing so.

In this respect, the efforts by the Office of the Comptroller of the Currency to better supervise the work of consultants have largely failed. Following the Senate hearing in 2013, the OCC issued a bulletin entitled, "The Use and Review of Independent Consultants in Enforcement Actions." For the most part, this agency guidance for bankers merely reduced to a formal written policy longstanding industry practices for: (1) screening consultants regarding potential conflicts; and (2) setting a consultant's obligations under a contract of engagement. To its credit, the OCC insisted upon having the authority to meet privately with consultants to foster open and frank discussion about the bank's conduct. It also insisted on having the power to terminate consultants. But the bulletin is otherwise toothless when it comes to holding consultants directly accountable to the OCC — even for the most egregious misrepresentations.

The threat of criminal liability would fill the gap. It is not just a stick for regulators to use against wayward consultants. Importantly, it is also a stick that ethical consultants could use to repel overbearing clients. Indeed, structured correctly, a framework that requires consultants to submit regulatory reports to an agency subject to the penalty of perjury should actually provide all consultants with great comfort. If all consultants were held to that legal standard, it would significantly diminish a bank's economic leverage in the consultant-client relationship. In other words, it would level the industry playing field, thereby making it much harder for banks to shop around for the most malleable consultant. Consultants could compete on depth of expertise or service levels or even price rather than ethical flexibility.

This argument finds analogous support in the auditing industry. When issuing a report on a company's financial statements, an independent auditor must designate its opinion as "unqualified," "qualified," "adverse," or "disclaimed." These legal categories describe a company's level of compliance with Generally Accepted Accounting Principles, and anything other than an "unqualified" opinion marks an increasingly material GAAP deviation in the company's financial records. The threat of receiving a "qualified" opinion or worse from an independent auditor often prompts far greater transparency by the audited company into its financial transactions because negative audit reports can have devastating business implications.

A similar approach should have ready application in the consulting industry. At the very least, regulators should require consultants to designate their reports as either "unqualified" or "qualified" based on the quality of information and cooperation received from the subject bank. If a bank withholds information, obstructs the investigation, or improperly tries to change a report, the consultant should be legally bound to issue a "qualified" report. If a consultant designates a report as "qualified," it should provide a detailed explanation for that conclusion so that a regulator has a full understanding of any potential impact on the report's findings. Presumably, banks will want to avoid receiving "qualified" reports, and therefore act accordingly.

To make this control truly effective, though, regulators should require that consultants verify, subject to the penalty of perjury, that an "unqualified" report is true and accurate to the best of their knowledge and belief. As an additional check, regulators should also require that a member of the bank's executive management team, such as the chief compliance officer, also verify under the penalty of perjury that he or she has no reason to believe the consultant's findings are incorrect or based on incomplete or otherwise inadequate information. People are far more hesitant about what they sign when they know that they could be held criminally responsible for textual misrepresentations. The Sarbanes-Oxley regime is grounded on this premise.

These simple changes could have a profound effect on the integrity of the regulatory consulting industry and, by direct extension, to the effectiveness of financial regulators. Because it is already a criminal violation to file false reports with federal and state authorities, these changes could be implemented almost immediately. There is no reason to wait.

Daniel S. Alter is an adjunct professor and senior fellow in the corporate compliance and enforcement program at New York University Law School, and a former general counsel at the New York State Department of Financial Services.