While we cannot offer any specific advice as to the subpoena that the bank received, we can provide general guidance:
Information regarding the filing of a suspicious activity report (SAR) — or the fact that a SAR was or was not filed — should not be disclosed by a bank or any officer, employee or agent of a bank. See 31 CFR 1020.320(e)FIN-2012-A002 (March 2, 2012). (Currency transaction reports (CTRs) are not subject to this confidentiality requirement.) A bank should disclose information regarding the filing of an SAR only if it is requested by FinCEN or an appropriate law enforcement or bank supervisory agency.
If a bank receives as subpoena or other request for information regarding the filing of an SAR, the bank should “decline to produce the SAR or such information, citing this section and 31 U.S.C. 5318(g)(2)(A)(i), and shall notify FinCEN of any such request and the response thereto.” See 31 CFR 1020.320(e)(1). FinCEN’s guidance on SAR confidentiality more specifically states that a bank that has received a subpoena for a SAR should “immediately contact FinCEN’s Office of Chief Counsel at (703) 905-3590 as well as your primary federal regulator, as may be applicable in a corresponding SAR rule.” FIN-2010-A014 (November 23, 2010). Any bank filing a SAR is protected from liability for not making any disclosures contained in it, or for failure to disclose the fact that such a report was made.
Otherwise, both federal and Illinois privacy laws allow banks to disclose customer financial records in response to a subpoena. 205 ILCS 5/48.1(c)(2)15 USC 6802(e)(8). The Illinois law further requires that the bank mail a copy of the subpoena to the customer that is the subject of the subpoena, unless the subpoena specifically prohibits the bank from doing so. 205 ILCS 5/48.1(d).
Also, the Minnesota legislature has produced an analysis that explains how administrative subpoenas are defined and enforced under Minnesota law: http://www.house.leg.state.mn.us/hrd/pubs/adminsup.pdf.