On January 27, 2015, the Consumer Financial Protection Bureau ("CFPB") issued a Compliance Bulletin 2015-1 (the "Bulletin") reminding supervised financial institutions about regulatory requirements surrounding Confidential Supervisory Information ("CSI"), specifically the requirement to keep such information confidential. In the Bulletin, the CFPB offers examples of what constitutes CSI, including: (1) CFPB examination reports and supervisory letters; (2) information related to an institution's supervisory rating, information, and communications; (3) communications between the supervised institution and the CFPB related to the CFPB's supervisory activities; and (4) information created by the CFPB in the exercise of its supervisory authority. See CFPB Compliance Bulletin 2015-01 at 3. The CFPB explains that these categories encompass all workpapers, information requests, institution responses, and memoranda of understanding created during the course of the CFPB's supervision of an institution, as well as oral communication. Id. at 3. Moreover, the Bulletin reminds supervised entities that they must obtain written approval by the Associate Director for Supervision, Enforcement, and Fair Lending prior to disclosing CSI to any party that is not a subject of the applicable exceptions contained in 12 C.F.R 1070.42(b).1 Of note, these exceptions do not include disclosure of CSI to other state or federal agencies.

In addition, the Bulletin aims to eliminate any doubt that the CFPB is entitled to information it requests in the course of examinations, regardless of measures taken by institutions to protect information from disclosure. The Bulletin, and press release, emphasize that non-disclosure agreements ("NDAs") entered into between supervised entities and thirdparties that aim to restrict the information shared with the CFPB are ineffective. In fact, according to the CFPB, reliance on NDAs to justify an institution's failure to provide information "is a violation of the law for which the CFPB will pursue all available remedies." Id. at 5.

The Bulletin does not add new requirements for supervised institutions regarding CSI, but serves as a warning shot to entities subject to CFPB supervisory authority.

Footnote

1. Exceptions to the CSI non-disclosure rule include affiliates of the supervised entity and the following individuals to the extent that the disclosure of such confidential supervisory information is relevant to the performance of such individuals' assigned duties: (i) the directors, officers, trustees, members, general partners, or employees of the supervised financial institution; and (ii) the directors, officers, trustees, members, general partners, or employees of affiliates of the supervised financial institution. 12 C.F.R. §1070.42(b)(1). Any supervised financial institution or affiliate that is lawfully in possession of CSI of the CFPB may disclose such information to: (i) its certified public accountant, legal counsel, contractor, consultant, or service provider; or (ii) another person, with the prior written approval of the Associate Director for Supervision, Enforcement, and Fair Lending. 12 C.F.R. §1070.42(b)(2).

Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Morrison & Foerster LLP. All rights reserved