Generally, a subpoena from the federal government must be honored once the bank receives a written certificate of compliance from the governmental authority. Customer privacy is generally not an issue, as federal and Illinois privacy laws allow banks to disclose customer financial records in response to a subpoena, subject to the limitations discussed below. 205 ILCS 5/48.115 USC 6802(e)(8). With that said, if you believe that there are any privacy issues or other concerns in responding to a subpoena, you may want to have your organization’s bank counsel discuss those concerns with the party making the subpoena request.
The Right to Financial Privacy Act states that a bank cannot release customer records in response to a request from the federal government “until the Government authority seeking such records certifies in writing to the financial institution that it has complied” with the law’s requirements (which involve mailing the subpoena to the customer and giving the customer time to respond to the subpoena). 12 USC 3403(b). It does not apply to most corporate customers. 12 USC 3401(5). However, you should begin preparing the records at the time you receive the request. 12 USC 3411. (You should also be reimbursed for any costs “reasonably necessary and which have been directly incurred in searching for, reproducing, or transporting” the requested information. 12 USC 3415.)
Although there are no record-retention requirements in the Act, the Federal Reserve’s Supervisory Manual recommends the following record-retention procedures: “[F]inancial institutions should retain copies of all administrative and judicial subpoenas, search warrants, and formal written requests given to them by federal government agencies or departments along with the written certification required.”
The FDIC’s Compliance Manual discusses the examination procedures relating to requests for financial information.