Advising Banks: the CSI Peril

In his Employment Issues column, Philip M. Berkowitz writes: What are the risks of misusing confidential supervisory information? A recent matter involving a former Federal Reserve Bank of New York examiner and a Goldman Sachs banker is instructive.

Your bank client calls to let you know of a new whistleblower matter. A senior risk officer has retained counsel who claims that the bank is retaliating against her client because he complained, in oral and written reports to the Bank, the Federal Reserve Bank of New York (Federal Reserve), the Office of the Comptroller of the Currency (OCC), and the New York Department of Financial Services (DFS), that the Bank is allegedly shirking its obligations to monitor and report suspicious customer activity that in the whistleblower’s view has the indicia of money laundering and terrorist financing. The whistleblower’s complaints are contained in reports he made to the Federal Reserve, OCC and to DFS.

Counsel has sent to the Bank a draft complaint alleging unlawful retaliation under the Dodd-Frank Act and the Bank Secrecy Act, which, she claims, protects her client from retaliation for having made good faith complaints, both to the Bank and the bank’s regulators, about conduct he reasonably believes constitutes a violation of law.

The whistleblower, you learn, has met with the agencies on numerous occasions—they have been on-site at the Bank’s offices for months, conducting a routine examination of compliance with numerous banking laws and regulations. The whistleblower has exchanged emails with the examiners and with individuals in the agency’s enforcement divisions. The emails detail not only the retaliation he has allegedly suffered (his job performance has been unfairly criticized during performance reviews, and he is being ostracized by his supervisors), but also the underlying control deficiencies.

Prior to receiving the letter from counsel, your client commenced an internal investigation of the underlying allegations of misconduct. The Bank has prepared reports concerning the internal investigation, which it plans to provide to the regulators. The client also explains that the regulators themselves have made requests for information from the Bank that appear to have a bearing on the allegations of alleged retaliation and the allegedly unlawful practices.

Due Diligence

You need to understand these claims in order to respond to the employee’s counsel and defend the employment litigation that appears to be just around the corner, and so you ask your client to email to you the reports the employee has provided to the agencies (on at least some of which he has copied the Bank), the investigation report the Bank has prepared for the agencies’ review, and any communications from the agencies to the Bank which may comment on these allegations or the underlying, alleged violations of anti-money laundering laws.

You also ask to schedule a call between your firm’s e-discovery team and the Bank’s IT department so that you can being the process of gaining access to the Bank’s network and thereby obtain copies of any other reports or analyses the employee may have provided in the normal course of doing his job, which includes providing materials to the regulatory agencies.

Easy enough so far, yes?

Well, no. Your Bank client may be prohibited by relevant regulations from providing many of these documents to you for your review, unless it seeks and obtains the prior approval from the relevant agencies. Many of the documents you are seeking from your client could be protected by the “bank examiner’s privilege”—which means that not only are they, ab initio, shielded from discovery in litigation, but the Bank may be prohibited from providing them to its own counsel for the purpose of obtaining legal advice without first obtaining and receiving permission from the relevant regulatory agencies.

What is the bank examiner’s privilege? “Stated broadly, the bank examination privilege is a qualified privilege that protects communications between banks and their examiners in order to preserve absolute candor essential to the effective supervision of banks.” The privilege “arises out of the practical need for openness and honesty between bank examiners and the banks they regulate, and is intended to protect the integrity of the regulatory process by privileging such communications.” Wultz v. Bank of China Ltd., 61 F. Supp. 3d 272, 281-83 (S.D.N.Y. 2013) (citations and quotations omitted).

What are the risks of misusing confidential supervisory information (CSI)? A recent matter involving a former Federal Reserve Bank of New York examiner and a Goldman Sachs banker is instructive. In 2016, each individual pleaded guilty to a charge of theft of government property and consented to an order banning them from banking. The banker had wrongfully obtained approximately 35 documents containing CSI from his former subordinate at the Federal Reserve Bank of New York. The banker then used those documents, as well as documents relating to examinations of a Goldman bank client which it was advising about a potential transaction, for purposes of furthering his career at Goldman. Upon learning of these issues, Goldman fired the banker and a managing director with supervisory responsibility, and self-disclosed the misuse of CSI to its regulators.

Despite these actions, Goldman paid a $50 million fine to DFS, agreed to a three-year abstention from any consulting arrangements that would require disclosure of CSI under New York law, and further agreed to pay a $36 million fine to the Federal Reserve. The Federal Reserve’s Order asserted that the firm had inadequate policies, training, controls, and risk management oversight related to handling of CSI, and required implementation of an enhanced compliance program pertaining to CSI. The Federal Reserve also brought a civil enforcement action against the managing director fired by Goldman, alleging violations of law as well as breach of fiduciary duty. See C. Stanford, “Toward a Coherent and Consistent Framework for Treatment of Confidential Supervisory Information,” 22 N.C. Banking Institute 41 (2018).

Discovery and CSI

The court in Wultz v. Bank of China explained that the bank examiner privilege belongs solely to the banking regulatory entities. The court noted that if documents requested in civil litigation discovery fall within the privilege, a court can only override the privilege if the requesting party demonstrates “good cause”—i.e., that it is necessary to promote the paramount interest of the government in having justice done between litigants, or to shed light on alleged government malfeasance, or in other circumstances when the public’s interest in effective government would be furthered by disclosure.

To evaluate claims of good cause in the context of discovery requests, courts balance the competing interests of the party seeking the documents and those of the government,” taking into account factors such as (1) the relevance of the evidence sought to be protected; (2) the availability of other evidence; (3) the seriousness of the litigation and the issues involved; (4) the role of the government in the litigation; and (5) the possibility of future timidity by government employees who will be forced to recognize that their secrets are violable.

The court in Wultz considered a request by parties suing that bank for documentation that allegedly constituted CSI. The court rejected OCC’s claim that the documentation constituted CSI. The court noted that it was the OCC’s burden to establish that the documents constituted privileged CSI, and applied the privilege to a relatively narrow category of documentation that the bank had provided to the OCC in communications regarding Matters Requiring Attention (MRAs), generally referring to issues that may deviate from sound bank governance or noncompliance with law. (A full discussion of MRAs and that term’s definition under various bank regulatory laws is outside the scope of this article.)

The court also rejected the OCC’s attempts to assert the bank examination privilege over the entirety of its bank examination reports, stating that its “position contradicts the well-established principle that factual materials fall outside the bank examination privilege, and the consistent finding by numerous courts that the OCC’s bank examination reports are at least partly factual … .” (citations omitted).

The court further considered the public interest in disclosure of documents in rejecting in part the OCC’s position that the documentation was protected by the privilege.

Advice of Counsel and CSI

What about the importance of permitting the bank to receive advice of counsel regarding an ongoing matter in which it may be at risk both from an employee whistleblower who claims that its banking practices violate the law and that he or she has been retaliated against for complaining about them, and from the regulator itself, who may be assessing the bank’s compliance with law and indeed whether it has treated the whistleblower fairly? Surely the client’s need for advice of counsel under the Constitution should override these concerns?

Alas, the view of the various regulators regarding this issue is far from uniform. The Federal Reserve permits legal counsel to review the confidential supervisory information, but only on the premises of the supervised financial institution. The regulations provide that counsel may not make or retain any copies of such information. 12 CFR §261.20(g).

The FDIC permits disclosure of CSI to directors, officers, employees, or agents of the regulated entity who have a need for such records in the performance of their official duties, but does not include attorneys in this category. 12 CFR §309.6.

On the other hand, the OCC permits a national bank, Federal savings association, or holding company, or any director, officer, or employee thereof, “when necessary or appropriate for business purposes,” to disclose CSI to certain categories of individuals, including outside counsel or independent auditors, without requiring prior written approval. 12 CFR §4.37(b)(2).

The Consumer Financial Protection Bureau (CFPB) also permits disclosure of CSI to “certified public accountant[s], legal counsel, contractor[s], consultant[s] or service provider[s],” by excepting these individuals from the general prohibition on disclosure or CSI. 12 CFR §1070.42(b). For further examination of the lack of consistency among bank regulators regarding this issue, see E. O’Keefe, “Navigating the Complexities of CSI.”

DFS takes the position that that agency must grant a financial institution a “limited waiver” from the requirements of §36.10 before the institution may disclose CSI to the institution’s own counsel—even where counsel have been hired to represent the institution before DFS and federal financial regulatory agencies. P. Raice and D. Nofziger, “NY Regulator’s Untenable Authority Over Confidential Info,” Law360 (Nov. 3, 2017).

Dealing with these issues may present significant quandaries and challenges to counsel and the client when information counsel requires constitutes CSI. Counsel needs to be sure that they and their client are fully informed and cognizant of these issues before taking actions that could cause a regulatory agency to feel that the privilege has been violated. To avoid getting off on the wrong foot with a regulator, counsel should have open, candid discussions with them and try to reach agreement concerning the need for access to the information.

Read full article here:

Philip M. Berkowitz is a shareholder of Littler Mendelson and co-chair of the firm’s U.S. international employment law and financial services practices. Shareholder Jonathan Shapiro, co-chair of the firm’s financial services industry group, assisted in the preparation of this article.


Reprinted with permission from the January 09, 2019 edition of the New York Law Journal©

2019 ALM Media Properties, LLC. All rights reserved.

Further duplication without permission is prohibited. – 877-257-3382 -