As we have previously noted, bank officers, directors and legal counsel should pay heed to the FDIC’s warning in its Financial Institution Letter dated March 19, 2012 (FIL-14-2012), that copying and removing financial institution and supervisory records from an institution "… is a breach of their fiduciary duty to the institution and an unsafe and unsound banking practice, which may also violate applicable laws and regulations … ."
State and federal laws require strict confidentiality with regard to the treatment of confidential supervisory information, or "CSI," with very limited exceptions. The FDIC letter appears directed to those situations where copying and removal of CSI and confidential bank information is "… in anticipation of an institution’s failure …" in violation of applicable law and regulation – the FDIC emphasizes that such actions represent a de facto breach of director and officer fiduciary obligations to the institution and an unsafe and unsound banking practice for which there could be significant potential civil money penalties and perhaps criminal sanctions. The letter also cautions bank legal counsel with regard to their own "… fiduciary duty, both legally and ethically, … to advance only the interests of the institution."
Although the warning seems to focus on copying and removing records in anticipation of litigation or regulatory enforcement actions, the letter does not clearly distinguish between that situation and potential consequences of customary board or management practices in the treatment of confidential information (including CSI). Financial institutions all recognize the long-standing agency restrictions on distribution of CSI outside the institution. However, could simply copying bank records and regulatory documents containing CSI for board meeting packages or for auditors or other consultants in the ordinary course be considered a de facto breach of fiduciary duty and/or an unsafe and unsound banking practice, particularly in the 20-20 hindsight of a subsequent failure of the institution? It is difficult to assess at this time the ultimate scope and impact of this warning in such contexts.
Issues relating to what constitutes permissible disclosure of CSI have long been problematic in the context of due diligence and securities law "full disclosure" requirements. The FDIC letter now provides an additional dimension of concern for institutions and their counsel to carefully consider.
(Published in the Summer 2012 issue of The Bankers' Statement.)