Yes, we believe your trust department may share its customer list with other employees of the bank. Regulation P only limits the disclosure of nonpublic personal information to third parties. Since the trust department is a division of your bank, sharing information with other employees should not be treated as sharing the information with a third party. Moreover, in situations like this, there typically are employees in other departments that need this information, such as for BSA/AML compliance, OFAC scrubs, enterprise-wide risk assessments, etc., as well as for oversight purposes by senior management and possibly some committees of the board of directors.
For resources related to our guidance, please see below:
- Regulation P, 12 CFR 1016.10 (limitations on information sharing apply only to information shared with “a nonaffiliated third party”)