Confidential Supervisory Information (CSI) in the United States

Definition

Pursuant to authority granted under the Dodd-Frank Act (12 U.S.C. § 5512(c)(6)(A)), the Consumer Financial Protection Bureau (CFPB) has issued regulations that govern the use and disclosure of confidential supervisory information (CSI). See 12 CFR Part 1070. In addition to the confidentiality protections afforded by the Consumer Financial Protection Bureau’s regulation, confidential supervisory information may also be subject to other laws regarding disclosure, including the bank examination or other privileges, privacy laws, and other restrictions.

Under the Consumer Financial Protection Bureau’s regulations, “confidential supervisory information” means:

• Reports of examination, inspection and visitation, non-public operating, condition, and compliance reports, and any information contained in, derived from, or related to such reports;
• Any documents, including reports of examination, prepared by, or on behalf of, or for the use of the Consumer Financial Protection Bureau or any other Federal, State, or foreign government agency in the exercise of supervisory authority over a financial
  institution, and any supervision information derived from such documents;
• Any communications between the Consumer Financial Protection Bureau and a supervised financial institution or a Federal, State, or foreign government agency related to the Consumer Financial Protection Bureau’s supervision of the institution;
• Any information provided to the Consumer Financial Protection Bureau by a financial institution to enable the Consumer Financial Protection Bureau to monitor for risks to consumers in the offering or provision of consumer financial products or services, or to assess whether an institution should be considered a covered person, as that term is defined by 12 § U.S.C. 5481, or is subject to the Consumer Financial Protection Bureau’s supervisory authority; and/or
• Information that is exempt from disclosure pursuant to 5 U.S.C. § 552(b)(8) (12 CFR 1070.2(i)).

Confidential supervisory information does not include documents prepared by a financial institution for its own business purposes and that the Consumer Financial Protection Bureau does not possess. (12 CFR 1070.2(i)(2)).

General Prohibition of Disclosure of Confidential Information

Subject to limited exceptions, supervised financial institutions and other persons in
possession of confidential supervisory information of the Consumer Financial Protection Bureau may not disclose such information. See 12 CFR 1070.41(a) (providing that “[e]xcept as required by law or as provided in this part, no . . . person in possession of confidential information … shall disclose such confidential information by any means (including written or oral communications) or in any format (including paper and electronic formats), to: (1) [a]ny person who is not an employee, contractor, or consultant of the Consumer Financial Protection Bureau; or (2) [a]ny Consumer Financial Protection Bureau employee, contractor, or consultant when the disclosure of such confidential information . . . is not relevant to the performance of the employee’s, contractor’s, or consultant’s assigned duties”); see also 12 CFR 1070.42(b) (setting forth exceptions relating to the disclosure of “confidential supervisory information of the Consumer Financial Protection Bureau” which is “lawfully in [the] possession” of any “supervised financial institution”).

Exceptions to General Prohibition on Disclosure of Confidential supervisory information

There are certain exceptions to the general prohibition against disclosing confidential supervisory information to third parties. A supervised financial institution may disclose confidential supervisory information of the CFPB lawfully in its possession to:

• Its affiliates;
• Its directors, officers, trustees, members, general partners, or employees, to the extent that the disclosure of such confidential supervisory information is relevant to the performance of such individuals’ assigned duties;
• The directors, officers, trustees, members, general partners, or employees of its affiliates, to the extent that the disclosure of such confidential supervisory information is relevant to the
  performance of such individuals’ assigned duties;
• Its certified public accountant, legal counsel, contractor, consultant, or service provider (12 CFR 1070.42(b)).

Supervised financial institutions may also in certain instances disclose confidential supervisory information to otherswith the prior written approval of the Associate Director for Supervision,
Enforcement, and Fair Lending, or his or her delegee (Associate Director) (12 CFR 1070.42(b)(2)(ii)). The recipient of confidential supervisory information shall not, without the prior written approval of the Associate Director, utilize, make, or retain copies of, or disclose confidential supervisory information for any purpose, except as is necessary to provide advice or services to the supervised financial institution or its affiliate (12 CFR 1070.42(b)(3)(i)). Moreover, any supervised financial institution or affiliate disclosing confidential supervisory information
must take reasonable steps as specified in the regulations to ensure that the recipient
complies with the rules governing confidential supervisory information. (12 CFR 1070.42(b)(3)(ii)).

Confidential information made available by the Consumer Financial Protection Bureau pursuant to 12 CFR Part 1070 remains the property of the Consumer Financial Protection Bureau. There are other important requirements relatingto the disclosure of confidential information, including disclosure pursuant to third party legally enforceable demands, such as subpoenas or Freedom of Information Act requests. Among a number of other requirements, a recipient of a demand for confidential information must inform the Consumer Financial Protection Bureau’s General Counsel of the demand (12 CFR 1070.47).

Non-Disclosure Agreements Do Not Supersede Federal Legal Requirements

The Consumer Financial Protection Bureau recognizes that some supervised financial institutions may have entered into third-party Non-Disclosure Agreements that, in part, purport to:

• restrict the supervised financial institution from sharing certain information with a supervisory agency; and/or
• require the supervised financial institution to advise the third party when the institution shares with a supervisory agency information subject to the Non-Disclosure Agreement.

However, such provisions in Non-Disclosure Agreements between supervised financial institutions and third parties do not alter or limit the Consumer Financial Protection Bureau’s supervisory authority or the supervised financial institution’s obligations relating toconfidential supervisory information.

A supervised financial institution should not attempt to use an Non-Disclosure Agreement as the basis for failing to provide information sought pursuant to supervisory authority. The Consumer Financial Protection Bureau has the authority to require supervised financial institutions and certain other persons to provide it with reports and other information to conduct supervisory activities, pursuant to the Dodd-Frank Act (12 U.S.C. §§ 5514, 5515). Failure to provide information required by the Consumer Financial Protection Bureau is a violation of law for which the Consumer Financial Protection Bureau will pursue all available remedies. See 12 U.S.C. § 5536(a)(2) (making it unlawful for a supervised financial institution “to fail or refuse, as required by Federal consumer financial law, or any rule or order issued by the Consumer Financial Protection Bureau thereunder — (A) to permit access to or copying of records; . . . or (C) to make reports or provide information to the Bureau.”).