Skip Header

Federal Deposit
Insurance Corporation

Each depositor insured to at least $250,000 per insured bank

Outside Counsel Deskbook, Legal Forms, and Related Links

PDF Help - Information on downloading and using the PDF reader.

The Outside Counsel Deskbook is now available exclusively in PDF format.

Outside Counsel Deskbook - PDF

Appendix C - Record Retention Guidelines for E-billing

Appendix C details FDIC requirements concerning record retention for E-billing by Outside Counsel.

The FDIC Legal Division has established E-billing guidelines for FDIC Outside Counsel, consistent with the FDIC Office of Inspector General’s audit requirements and the capabilities of commercially available time, billing and accounting software systems increasingly utilized by law firms. 

Audits of Outside Counsel have been an integral part of the Legal Division’s internal control and risk management program.  Beginning in 1999, the Legal Division recognized the need for a program of independent post-payment fee bill reviews to be conducted by an organization within the Legal Division.  To that end, the Risk Management Group (RMG) was tasked with implementing the Legal Division’s Post-Payment Review (PPR) Program to enhance the Legal Division’s internal controls over payments made to Outside Counsel and legal support services providers.  The Legal Division also determined that the RMG could effectively fulfill this Outside Counsel audit function by examining e-invoices and corresponding back-up documentation retained by Outside Counsel to ensure compliance with the Legal Division’s policies and procedures.

To facilitate such audit activities, you are required to:

The Legal Division has also concluded that time billing and accounting software available to the legal profession is able to provide basic internal control features that are consistent with generally accepted auditing standards. Controls deemed to be critical include the following:

(1) unique identifiers (user identification) and/or passwords for each user of the system;
(2) an access profile for controlling user access to each application;
(3) identification of the individual who entered, changed or deleted data;
(4) an audit trail that identifies dates of entry, change, or deletion;
(5) information that shows the extent of the change or the reason for the deletion; and
(6) provisions for a user identification code or other certification
when an E-invoice file is uploaded to the E-billing service provider. These critical internal controls are present in varying degrees in available software packages and formats, but particular weaknesses may exist regarding items (3) and (4) above.

To address these weaknesses and weaknesses created where otherwise adequate internal controls provided in the software are modified or not implemented, Outside Counsel may need to consider appropriate upgrading, supplementation or modification of the software or maintenance of alternative manual documentation as backup, in order to minimize or avoid significant questioned fees and expenses. The Legal Division reserves the right, should there be substantial questioned costs raised on audit based on deficiencies identified in a firm’s electronic timekeeping system, to impose additional documentation requirements to correct these deficiencies. These may include, without limitation, requirements to add specific internal controls through upgrades, supplemental programs, program modifications, or maintenance of alternative manual documentation as backup. 

These guidelines are effective for legal fees and expenses incurred on or after August 10, 2009, and are incorporated in the E-billing Deskbook

Skip Footer back to content