Bank Duties to Respond to Requests for Customer Financial Information

Congress enacted the Right to Financial Privacy Act (“RFPA” or the “Act”) to safeguard customer information from itself, the federal government. Further, despite the RFPA’s significant protections afforded to customer information, the Act is far from a moratorium on revealing customer information. Due to several exemptions under the Act coupled with relatively recently enacted state information protections, banks often find themselves navigating a labyrinth of provisions in determining whether compliance with a request for customer information is mandatory. This article assists with making such determinations by discussing three main exemptions under the RFPA as well as certain type of requests outside the scope of the Act.

Before delving into exemptions and coverage, it is important to note that the RFPA only applies to requests for information made by the federal government. Accordingly, the Right to Financial Privacy Act does not prevent disclosure of information when a request is made by a private party, state, city, or a local government. While many states enacted provisions to address such requests, any party that is not a part of the federal government of the United States is outside the scope of the RFPA provisions.

The first exception under the Act is a judicial or administrative subpoena or summons. Any division of the federal government that obtains such a subpoena has no further requirements under the RFPA and a financial institution is required to comply with such a subpoena. Both types of subpoenas must be authorized by a judge of either civil, criminal, or an administrative court. Generally, it is not necessary for a bank to determine which type of court authorized a subpoena, as long the subpoena was authorized by a court. Certain courts and jurisdictions created processes allowing parties to issue subpoenas without the approval of a judge. While such subpoena are valid requests for information, they are not exempt from the RFPA and a financial institution would not be able to rely on such a subpoena in disclosing information under the RFPA, unless other exemptions allowing disclosure also apply to the request.

The second exception under the Act is a formal written request by a government agency made to a financial institution to release records of a customer. For this exemption to apply under the RFPA, a federal government entity must make a request in writing, where the entity certifies that: (1) the request is made by an entity of the federal government; and (2) it is not possible to obtain a judicial or an administrative subpoena. Under this exception, a bank is not required to further determine whether a subpoena cannot in fact be obtained and the bank is shielded from liability to a customer if in fact the federal government would have been able to obtain a subpoena but failed to do so.

The third exemption under the Act is an instance where a request is for information that is already required to be reported by a federal statute or rule. For example, the Bank Secrecy Act (BSA) requires reporting, among other types of information, suspected money laundering activities. An entity of the federal government may be in the process of investigating a customer and request information on a particular transaction that may establish the customer is laundering money. If the bank would ordinarily be required to report the details of such a transaction under the BSA, disclosure of the details of such a transaction to government, without further certification or a subpoena, would not violate the RFPA.

Lastly, requests for tax records of a customer are separately governed by the Taxpayer First Act in addition to the RFPA. While the Taxpayer First Act is beyond the scope of this article, any party requesting tax related information of a customer must comply with the provisions of the Taxpayer First Act, in addition to the RFPA, when a request is made by the federal government.

This article sets forth the main exemptions under the RFPA, under which a financial institution may disclose records of a customer with impunity. However, the RFPA contains a number of other provisions that may applicable, which the bank must also review in the event a request for information by the federal government is not covered by any of the exemptions discussed here.