Confidential Supervisory Information Disclosure Rules
Community bankers routinely handle confidential and sensitive information. Typically, confidential information is related to the institution’s own books and records or information about its customers, shareholders, or employees. However, there is another category of confidential information that requires special treatment: supervisory ratings and other nonpublic supervisory information.
The federal banking agencies have long-standing rules that address the disclosure of confidential supervisory information. To remind institutions of the importance of protecting this information, on February 28, 2005, the Federal Reserve, the Office of the Comptroller of the Currency, and the Federal Deposit Insurance Corporation (the agencies) issued the Interagency Advisory on the Confidentiality of the Supervisory Rating and Other Nonpublic Supervisory Information.1 As noted in the advisory and the relevant rules and regulations, except in very limited circumstances, financial institutions are prohibited by law from disclosing their CAMELS or RFI rating and other nonpublic supervisory information to nonrelated third parties without written permission from the appropriate federal banking agency. This includes prohibitions on disclosure to insurers that are underwriting directors and officers liability insurance coverage, potential buyers, and consultants (other than certain certified public accountants or legal counsel, discussed below) engaged by the financial institution for any purpose not specifically permitted by regulation, as well as disclosure in response to a private litigant subpoena.
The Board of Governors of the Federal Reserve System (Board) has published rules regarding the disclosure of confidential supervisory information by financial institutions supervised by the Federal Reserve. These rules are published in the Code of Federal Regulations at Subpart C of 12 C.F.R. Part 261, Rules Regarding Availability of Information.2 The rules provide that any supervised financial institution lawfully in possession of confidential supervisory information may disclose such information to its directors, officers, and employees and to its parent holding company and its directors, officers, and employees. In addition, the supervised financial institution may also disclose such information to any certified public accountant or legal counsel that it employs, subject to certain conditions.3
Any person who is not included in the class of permissible recipients in 12 C.F.R. §261.20(b) and who seeks access to confidential supervisory information about a state member bank, a bank or financial holding company, a savings and loan holding company, or another entity supervised by the Federal Reserve must file a request for disclosure with the general counsel of the Board, following the requirements set forth in 12 C.F.R §261.22. From a practical perspective, the institution may choose to coordinate the communication with the Board’s general counsel through the local Reserve Bank. Further, if an examination is conducted jointly with state banking regulators, the report of examination is owned jointly by both regulators. Therefore, written permission to disclose confidential supervisory information about that examination must be obtained from the state banking department in addition to the Board.
As an initial response to a request for confidential supervisory information, financial institutions that receive such requests should consider referring requesters to publicly available information that may address the request. This could include, for example, any of the following:
- Quarterly regulatory reports filed with the agencies, such as the Call Report for banks or the FR Y-9C report for bank holding companies
- The Uniform Bank Performance Report (UBPR), which is available on the FFIEC’s website at www.ffiec.gov/ubpr.htm.
- Publicly available filings, if any, filed with the appropriate federal banking agency or with the Securities and Exchange Commission
- Reports and documents maintained in the financial institution’s public Community Reinvestment Act (CRA) file
- Reports on or ratings of the institution compiled by private companies that track the performance of financial institutions or issue ratings on public debt issued by an institution
- Information on formal enforcement actions, as reported on the agencies’ websites
- Any reports or other sources of information on an institution’s performance or internal matters created by the institution that do not contain information prohibited from release by law or regulation
Institutions supervised by the Federal Reserve should contact their primary contact for banking supervision matters at their local Reserve Bank for additional information on applying the interagency advisory and 12 C.F.R. §261.20.
Disclosing Confidential Information
OK to Disclose
- Directors, officers, employees
- Parent company directors, officers, employees
- Certified public accountant
(subject to limitations)
- Legal counsel (subject to limitations)
Check with Appropriate Agency
- Rating agencies
- General public
- Potential acquirers
- 1 The complete interagency advisory is available in SR Letter 05-4,"Interagency Advisory on the Confidentiality of Nonpublic Supervisory Information," on the Federal Reserve’s website at www.federalreserve.gov/boarddocs/srletters/2005/SR0504.htm.
- 2 See 12 C.F.R. Part 261 at the U.S. Government Printing Office’s website at www.gpo.gov/fdsys/pkg/CFR-2012-title12-vol4/pdf/CFR-2012-title12-vol4-part261.pdf.
3 See 12 C.F.R. §261.20(b) at www.gpo.gov/fdsys/pkg/CFR-2012-title12-vol4/pdf/CFR-2012-title12-vol4-sec261-20.pdf.