By the Division of Banks
1.0 APPLICABILITY AND SCOPE
This bulletin applies to all entities supervised by the Division of Banks (Division), including banks, credit unions, and entities licensed or registered by the Division.
2.0 CONFIDENTIALITY OF RECORDS OF DIVISION INVESTIGATIONS AND REPORTS OF EXAMINATION
All records of investigations and reports of examination by the Division, including but not limited to, work papers, information derived from the reports, responses to the reports, ratings, and any copies of the records in the possession of a regulated entity (collectively, Reports) are strictly confidential and privileged, shall not be subject to subpoena and shall not be public records. Reports are the property of the Division and, to the extent they are furnished to a regulated entity, must be kept confidential.
A regulated entity’s directors/trustees, officers, or employees may not disclose the Report or any portion of it to unauthorized persons or organizations. Unauthorized persons or organizations include anyone who is not an officer, director/trustee, employee, attorney, auditor, independent auditor, or parent holding company of the entity. The entity, or any authorized persons in possession of a Report, shall under no circumstances publish, or make public in any manner, a Report without prior written approval of the Commissioner. In conferring with authorized persons to address examination findings, an entity must have appropriate controls and procedures in place to ensure the continued confidentiality of the Report. The improper use of Reports will be considered a breach of fiduciary duty and a serious statutory violation.
A regulated entity must notify the Division’s Legal Unit immediately if the entity receives any requests for a copy of a Report, or is subject to a subpoena or other legal process calling for production of a Report. If an entity has shared a Report with an unauthorized third party without the Commissioner’s prior approval, the entity must retrieve the copies of the Report(s) and ensure that they are properly destroyed.
Each regulated entity must establish policies and procedures to ensure that Reports, as well as related non-public informal regulatory actions, are kept confidential. If the Division discovers any violations of confidentiality in the course of an examination, the Division may take appropriate measures against the entity, up to and including enforcement actions and administrative penalties.
3.0 HISTORICAL NOTES
The information in this bulletin was formerly contained in Regulatory Bulletin 1.1-101: Examination Policies and Procedures, dated March 27, 1998. The bulletin was revised on July 31, 2015.
G.L. c. 167, s. 2.