Although the general public regards banks as depositories for their funds, the fact is that the commercial banking industry also has become a repository of extensive financial information detailing the private lives of customers. Due to federal regulations, technological advances, and additional documentation by banks, much information could be obtained from banks about customers unless there were some built-in legal protections.
Many bankers and most customers assume that records maintained by the bank are somehow protected from public scrutiny and federal agency access. However, in 1976, the United States Supreme Court, in the case of United States v. Miller, held that records maintained by financial institutions are the property of the institution rather than the property of the customer. The effect of the ruling is that a customer does not have a protected interest in bank records maintained and cannot prevent government access to such records. The court essentially ruled that Fourth Amendment protections against “unreasonable searches and seizures” were not applicable in such circumstances.
In response to this Supreme Court decision, the U.S. Congress enacted legislation to limit access to bank records. The legislation was based on the intent that bank customers should have a right to expect some degree of privacy from federal government agencies.
The Federal Right to Financial Privacy Act (hereinafter referred to as the “RFPA” or the “Act”) was passed into law in 1978, establishing procedures for government investigators requesting access to bank records concerning individuals. The procedures must be complied with by the government prior to a bank releasing legally protected customer information. The Act attempts to balance the interests of the government in performing its law enforcement duties against the interests of a bank customer’s expectations of privacy. In addition, there are federal statutes dealing with “tax privacy” situations. The tax privacy statutes allow for bank customers to object – and for banks to intervene – should there be problems encountered by an IRS request for information. Finally, Nebraska state law provides certain protections for banks and their customers in the disclosure of information deemed confidential.
The purpose of this article is to provide a background for bankers to refer to when questions arise regarding how to respond to government agency requests for customer financial records. As bankers, you should be aware that volumes have been written on this developing body of law. It would be impracticable to include all aspects of the financial privacy laws and court decisions within this Compliance Handbook. Therefore, bankers are reminded that although this article provides the highlights of both federal and state legislation, if specific questions arise which cannot be answered with certainty, bank legal counsel should be timely involved. As a banker, your attention to government agency requests for information should usually be focused on the following: (1) protect the customer from illegal or unwarranted governmental intrusion; (2) keep peace with the government; and (3) comply with the laws to protect the bank from being sued either by the customer or the government.
Bankers have often found privacy statutes difficult to comply with because of several reasons: (1) there are many exceptions to the RFPA and other federal statutes; and (2) government agencies may fail to obtain required certificates of compliance and do not use standardized forms in requesting information; and (3) requests for customer information do not always find themselves routed to the same bank personnel.
Some banks may not have formal procedures for what to do in such circumstances; for banks that do, employees may not be familiar with the procedure. Failure to respond under the law may expose both the bank and its employees to civil liability and criminal fInes.
To establish a proper compliance program in this regard, a bank should consider the following: (1) route requests for customer information to an appropriate or a central bank officer for review; (2) target and train those bank personnel who routinely have contact with the public, keep customer records, or receive mail.
NOTE: “Informal” Requests for Information by Government Agencies and Others: A bank should not respond to an informal request for access to the information contained in the financial records of any customer. Government agencies’ requests are covered by the Act. Request from non-governmental entities are generally covered by Nebraska or state law. As a rule, a bank officer should never discuss a customer’s business or finances. That not only is bad business, but it could lead to both officer as well as bank fines and civil liability.
I. RIGHT TO FINANCIAL PRIVACY ACT OF 1978
A. Introduction
The RFPA of 1978 was adopted by the U.S. Congress in response to the United States Supreme Court decision of United States v. Miller, 425 U.S. 435 (1976). The purpose of the act is to provide for procedures that federal governmental investigators must comply with in order to have access to bank generated records regarding customers.
The RFPA is somewhat of a misleading title: the Act involves a procedural law rather than a privacy law in that it allows for disclosures of information to government agencies upon compliance with the act. The Act also imposes duties on a bank and its personnel prior to any release of information suggested by government agencies.
The Act contains definitions, pertinent terms being: (1) “financial institution” – includes banks; (2) “financial records” – if the record maintained by the bank looks like a financial record then it will probably meet the definition; (3) “person” – individual or partnership of five or fewer people; corporations are not protected under the Act since such to not meet the definition of person; (4) “government authority” – any agency or department of the United States, or any officer, employee, or agent therefore; since the Act applies to “government authority” requests, state, local or non-federal agency requests are not covered by the law.
B. Ways to Access Customer Financial Records
The Act allows for several methods in which federal authorities or its agents may properly obtain access to bank customer records.
1. Customer Authorization
A bank customer may allow government agencies to access financial records by his or her own authorization. A customer authorization should be in writing, signed and dated by the customer. The authorization must identify the purpose of the disclosure, the records to be disclosed, and the agency to whom the disclosure is to be made and must state the right of the customer to revoke the authorization before disclosures are made. A customer authorization is good for three months under the Act. The law also states that a bank cannot require a customer authorization as a condition to doing business with such customer.
2. Subpoena or Summons
There are two types of subpoenas: administrative or judicial. The subpoena must be authorized by law with a reasonable belief that records being sought are relevant. A copy of the subpoena is to be served on the customer or mailed to the customer’s last known address prior to being served on the bank. A subpoena must have a notice to the customer on how to object to the production of records. The bank does not produce the records requested by subpoena until 10 days after the service of notice or 14 days after the notice has been mailed to the customer; however, upon receipt of the subpoena, the bank must begin assembling the records requested.
3. Search Warrant
A search warrant may be used by certain authorized government agencies so long as such agencies follow the federal rules of criminal procedure. In the case of a search warrant, the government does not have to give the customer notice until 90 days after the warrant has been served. Notice may be further delayed when the agency requests the proper authority to do so under certain emergency conditions.
4. Formal Written Request
Some federal government agencies do not have subpoena powers and cannot utilize search warrants. In such situations, Congress does allow “hybrid” procedures called “formal written requests”. There is no requirement per se for banks to respond to such requests until the government authority seeking such records certifies compliance with the Act in writing. The bank is not required to begin assembling customer records upon receipt of formal written requests. Rather than disregard such requests, the bank should consider contacting bank counsel for further advice and procedure.
C. Notice and Disclosure to Customer
The Act in no way obliges a bank to advise the customer that a government authority is seeking access to account information. Any duty of notice, is on the part of the government, which must certify compliance to the bank. Generally, there is no prohibition that the bank notify a customer, except under conditions described below:
D. Delayed Notice
The federal government agency may request before a federal court the authority to delay customer notice of a subpoena, search warrant or formal written request for up to ninety days, or in certain cases, indefinitely. The court must find such notice, if not delayed would: endanger the life/physical safety of any person; cause flight from prosecution; cause destruction of or tampering with evidence; result in the intimidation of potential witnesses; or jeopardize the investigation/official proceeding or unduly delay the trial/ongoing official proceeding.
The federal court may order a bank not to disclose to the customer that records are being obtained or a request for information is being made.
E. Customer’s Right to Challenge After Advanced Notice
The customer is personally served with a notice in writing that the government agency wishes to obtain access to financial records. Within ten days of the date of service or fourteen days from the date of mailing such notice, the customer does have the right to challenge.
The customer is entitled to file a sworn statement in a United States District Court along with a motion to “quash” the request. The court then resolves the issue of financial records access. The challenge must be resolved within seven days after the government response to the customer motion. The customer does have limited appeal rights, but as a practical matter, records will be produced before the appeal has been effectuated.
F. Certificates of Compliance
Bank disclosures of customer records made pursuant to a legal demand by a government agency must be in compliance with specific procedures that the government agency is to certify are in compliance with the RFPA. It is important for bankers to note that the government must furnish the bank with a certificate of compliance before the bank may release those documents requested. So long as the bank exercises good faith reliance on a certificate of compliance, the bank should be protected from civil liability for particular disclosure. See, sample “Certificate of Compliance” form for a bank’s use should an agency not be familiar with its own financial privacy compliance requirements.
Note that the certificate of compliance given by the government agency must be in writing, signed by the agency officer, with a statement that the agency has complied with the RFPA. The bank may not release information before receiving such certificate.
There are certain exceptions or exemptions to the certificate of compliance. Also, the RFPA does not allow a bank from automatically releasing financial information collected by one federal agency to another federal agency without having the second agency comply with the provisions of the Act.
G. Reimbursement of Costs from Federal Governmental Authorities: Regulation S
The Federal Reserve Board issued Regulation S (12 C.F.R. Part 219) which provides for bank reimbursement of costs due to the searching, reproducing, and transporting of records sought by a government authority under the Financial Right to Privacy Act. “Government authority” is defined as any agency or department of the United States, or any officer, employee or agent thereof. A government authority, or a court issuing an order or subpoena in connection with grand jury proceedings, seeking access to financial records pertaining to a customer must reimburse the bank for reasonable necessary costs directly incurred in searching for, reproducing or transporting books, papers, records, or other data. If a bank has financial records stored at an independent storage facility that charges a fee to search for, reproduce, or transport particular records requested, these are considered direct reimbursable costs. A “financial record” is defined in the regulation to mean an original or copy of, or information known to have been derived from, any record held by a financial institution pertaining to a customer’s relationship with the financial institution. A “customer” is defined as any person or authorized representative of that person who uses any service of a financial institution, or for whom the financial institution acts or has acted as a fiduciary in relation to an account maintained in the person’s name (Note: the term “customer” does not include any corporations or those partnerships comprised of more than five persons and the term “person” is defined as an individual or a partnership of five or fewer individuals).
Regulation S provides a Reimbursement Schedule in Appendix A to § 219.3 as follows:
Reproduction:
Photocopy, per page - $.25
Paper copies of microfiche, per frame - $.25
Duplicate microfiche, per microfiche - $.50
Storage Media – Actual Cost
Search and Processing:
Clerical/Technical, hourly rate - $22.00
Computer Support Specialist, hourly rate - $30.00
Manager/Supervisory, hourly rate - $30.00
1. Search and Processing Costs
Search and processing costs cover the total amount of personnel time spent in locating, retrieving, reproducing, and preparing financial records for shipment, but do not cover analysis of material or legal advice. If a financial institution has financial records that are stored at an independent storage facility that charges a fee to search for, reproduce, or transport particular records requested, these costs are considered to be directly incurred by the financial institution and may be included in the reimbursement.
If itemized separately, search and processing costs may include the actual cost of extracting electronically stored records, based on computer time and necessary supplies; however, personnel time for computer searches may be paid for at the rates set for computer support specialist, set forth in Appendix A, but only when compliance with the request for information requires that the financial institution use programming or other higher level technical services of a computer support specialist in order to reproduce electronically stored information in the format requested by the government authority.
Rates for Search and Processing in Appendix A shall be recalculated on October 1, 2012, and on October 1 of each subsequent three-year period utilizing Bureau of Labor Statistics data or equivalent data.
2. Reproduction Costs
The reimbursement rates for reproduction costs for requested information as set forth in Appendix A are subject to the Conditions for Payment set forth in paragraph 4, below. Copies of photographs, films and other materials not listed in Appendix A to this section are reimbursed at actual cost.
3. Transportation or Delivery Costs
Reimbursement for transportation or delivery costs shall be for the reasonably necessary costs directly incurred to transport personnel to locate and retrieve the requested information, and to deliver such material to the place of examination.
4. Conditions for Payment
Payment shall be made only for costs that are both directly incurred and reasonably necessary to provide requested material. Search and processing, reproduction, and transportation or delivery costs shall be considered separately when determining whether the costs are reasonably necessary. Photocopying or microfiche charges are reasonably necessary only if the institution has reproduced financial records that were not stored electronically (i.e., where the information requested was stored only on paper or in microfiche), or where the government authority making the request has specifically asked for printed copies of electronically stored records.
Payments may not be made to the bank until it has satisfactorily complied with the legal process, the formal written request, or the customer authorization. To be reimbursed, a bank must submit an itemized bill or invoice specifically detailing its search and processing, reproduction, and transportation costs. Search and processing time should be billed in 15-minute increments. The court or government authority, following a service of legal process or requests, must notify the bank that an itemized invoice must be submitted for cost reimbursement and must furnish an address for this purpose.
When the legal process, formal written request, or the customer authorization is revoked, or where the customer successfully challenges disclosure to a grand jury or government authority, the bank will be reimbursed for the reasonably necessary costs incurred in assembling the requested financial records prior to the time the bank is notified of such event. The grand jury or government authority must promptly notify the bank of these facts as well as notify the bank that an itemized invoice must be submitted for costs incurred prior to the time of the notice.
The bank is not entitled to reimbursement for costs incurred in assembling or providing financial records or information generally related to requests not covered by the RFPA. See, Paragraph H. (below) for a general discussion of RFPA exceptions.
H. Types of Requests Not Covered by the Right to Financial Privacy Act
The RFPA lists certain situations in which government authorities are able to obtain financial records of the bank without having to satisfy the requirements of the law. Note that when a bank, rather than the customer, is being investigated, this Act does not apply.
As a general rule, the following types of requests avoid the application of either all or most of the provisions of the RFPA:
1. Disclosures That Do Not Identify Customer
Since the purpose of the RFPA is to protect the privacy of individual customers, when such privacy is not at stake, it is not generally covered. The Act does not cover the disclosure of “any financial records or information which is not identified with or identifiable as being derived from the financial records of a particular customer.” This exception may involve documents such as, statistical information or summaries, graphs, charts, types of accounts, or group of customers.
NOTE: Records regarding a particular customer or group of customers may be disclosed if the bank deletes the customer’s name, address, business connections or other code or symbols prior to disclosure to avoid identification of particular customers. Should the disclosure of documents, even after identifying information is deleted, indirectly identify a customer or group of customers, the bank may consider whether other more specific exceptions to the RFPA apply or insist that the government comply with RFPA procedures to insure customer privacy.
2. Information Furnished to File a Bankruptcy Claim, Perfect a Security Claim, Collect a Debt for Itself or as a Fiduciary
Financial records may be released to any court or government authority “as an incident to perfecting a security interest, proving a claim in bankruptcy, or otherwise collecting on a debt owing either to the financial institution itself or in its role as a fiduciary.”
3. Information Incident to Government Loan Application, Loan Insurance Agreement, Loan Guarantee or Otherwise in Connection With Government Loan Agreement
This exception covers information or documents that the bank should, in its regular course of business, report to a government authority as originator, guarantor, or insurer of a loan at government risk. Congress recognized that the government has a continuing need to “monitor the expenditure of Federal funds to assure against fraud, misuse of funds, or failure to meet program requirements associated with loan and loan insurance programs.” Thus, the exception also covers information about threatened and actual defaults and other incidental information in processing a loan default.
4. Violations of Law
A bank may report information relevant to a suspected violation of a statute or regulation. This exception relates to voluntary disclosures by the bank and does not permit the federal authority to force disclosure without complying with the RFPA. The bank may report: the names and addresses of persons suspected of violating the law and their relationship with the bank; the bank or bank office involved; the suspected offense that occurred, will occur, or continues to occur; the account numbers and type of accounts, including names and addresses of account holders suspected of violations; and other suspicious transactions, including dates and circumstances. Reporting suspected illegal activity does not mean that the bank has license to provide the government with wholesale disclosure of financial information, but allows the bank to provide, in good faith, the necessary information for the government to commence a procedural request or order for information. Information regarding either suspected illegal insider transactions or money laundering activities are also exempted from the RFPA.
5. Disclosures Regarding Supervisory Investigations and Proceedings
The RFPA was not intended to cover the examination or investigation of a bank, since the privacy rights of customers are not at risk. The Act exempts disclosures to supervisory agencies in the exercise of their supervisory, regulatory, or monetary duties, including the conservatorship or receivership functions in regard to a bank, bank holding company or any bank or bank holding company subsidiary or affiliated party. Included in the definition of supervisory authorities are the FDIC, OCC, FRB, NCUA, OTS, RTC, SEC, Federal Housing Finance Board or FHLB, Secretary of Treasury regarding the Bank Secrecy Act and Currency and Foreign Transactions Reporting Act, and any State banking or securities department or agency.
NOTE: Regarding State agencies, the bank should consider Nebraska disclosure laws and their application before disclosing information to State and local authorities, since the RFPA does not directly apply to State government authorities.
6. IRS Requests (Requests Subject to the Internal Revenue Code - See, Tax Privacy Acts at heading II)
7. Grand Jury Subpoena, Subpoena Issued by an Administrative Law Judge or Under Federal Rules of Criminal Procedure if the Government Agency and the Customer Are Parties to an Action
8. Information Required by Federal Statute or Regulation
9. Records Produced for GAO in Connection With Government Agency Audits
10. Information Disclosed to the Department of Treasury, Social Security Administration or Railroad Retirement Board
As Congress continues to enact further layers of exceptions to the Act (e.g., in 1986, 1988 and 1989) easing previous restrictions, you would be well-advised to obtain a copy of the most current exemptions from your federal regulator.
I. FDIC
An FDIC issuance discussed the following amendments:
1. A 1988 enacted exception to the RFPA is allowed for records relating to suspected crimes against financial institutions by an insider (“insider” is defined as any officer, director, employee or controlling shareholder or a major borrower acting in concert with an insider; “major borrower” is deemed to be a borrower whose aggregate debt obligations, direct or indirect, total $500,000 or more or would have a material effect on the financial condition of the bank if placed in default). Crimes against financial institutions include theft, misapplication of bank funds, false entries, money laundering, and some offenses under the Bank Secrecy Act. Banks or supervisory agencies may provide any financial record of any insider, or any major borrower from such institution who is believed to be acting in concert with such insider, to the Attorney General (Department of Justice), a state law enforcement agency or, where appropriate, the Department of the Treasury, if there is reason to believe that the record is relevant to a possible violation of criminal statutes. Banks are permitted to attach records relating to insiders suspected of violating criminal statutes to the standard criminal referral form, “Report of Apparent Crime" (NOTE: Since this issuance, new rules apply to the use of the Suspicious Activity Report).
2. The 1989 FIRREA amendments expand the supervisory agency exception to include the credit granting functions of the Federal Reserve Board and the conservatorship and receivership functions of both FDIC and RTC.
3. FIRREA also prohibits financial institution officials from notifying customers that a federal grand jury subpoena has been received for their records.
J. OCC
The OCC published (Banking Bulletin 90-3) a helpful summary of five circumstances under which banks are not required to notify or are expressly prohibited from notifying under the terms of the RFPA. The five circumstances listed by OCC are the following:
K. Customer Notification Prohibited: Anti-Money Laundering Act of 1992
The Annunzio-Wylie Anti-Money Laundering Act (the “Act”) also amended disclosure provisions relating to banks receiving federal grand jury subpoenas. Effective December 20, 1992, the Act expands the type of investigations in which a bank is automatically prohibited from notifying a person named in a federal grand jury subpoena of the subpoenas’ existence. Prior to the Act, a bank could notify its customer of either the receipt or existence of a federal grand jury subpoena except where FIRREA-related crimes were involved or pursuant to court order.
The Act adds money laundering and drug crimes to the types of investigations and includes a violation of the Controlled Substances Import and Export Act, 18 U.S.C. §§ 1956 or 1957, 31 U.S.C. §§ 5313, 5316 and 5324, or § 60501 of the Internal Revenue Code of 1986.
This additional layer of nondisclosures of certain federal grand jury subpoenas emphasizes the need to carefully scrutinize these documents upon receipt. When in doubt regarding permissible disclosures, seek the advice of your bank’s counsel.
L. Record Retention
The RFPA contains no specific record retention requirements. The bank is advised to retain copies of all administrative and judicial subpoenas, search warrants and formal written requests by federal agencies or departments along with the written certification required. The bank must also retain a record of any disclosure to a federal government authority pursuant to customer authorization (contents of such record are in paragraph B. 1. above). As a general rule, the customer has the right to inspect that record (See, 12 U.S.C. § 3404).
M. Compliance Note
Because there are so many exceptions to the RFPA, some observers have remarked that the Act may be as much exception as law. Bankers should exercise considerable caution when facing circumstances involving the Act and its amendments.
II. TAX PRIVACY ACTS
In the Tax Reform Act of 1976, two sections added to the Internal Revenue Code address the issue of access by federal agencies to records held by banks and other “third-party” recordkeepers. These provisions (26 U.S.C.§ 7609 and 26 U.S.C.§ 7610), were passed in response to the U.S. Supreme Court decision of United States v. Miller and Fisher v. United States whereby taxpayers were found to have no Fourth Amendment privacy rights in records that are physically the property of third parties. The Congress enacted the Tax Privacy Acts in response to these decisions in order to give taxpayers the standing to challenge the seizure of those records the IRS attempt to obtain through administrative summons or other procedures.
The Tax Privacy Acts are similar to the RFPA. For example, the government must give the taxpayer a notice of summons accompanied by a waiting period whereby the taxpayer may attempt to prevent disclosure.
B. Coverage
The main difference between the Tax Privacy Acts and the RFPA exist in regard to definitions. The definition of “third-party recordkeepers” includes commercial banks. The definition of “person” includes individuals, trusts, estates, partnerships, associations, companies or corporations. Therefore, in comparison to the RFPA (which protects only individuals and partnerships of five or fewer persons), the Tax Privacy Acts protect virtually every legal entity.
C. IRS Summons
1. Summons Which Are Covered by the Tax Privacy Acts
The Tax Privacy Acts cover certain summons that must be issued in compliance with specific sections of the Internal Revenue Code and identify the persons whose records are sought in the summons. The summons must be relevant or material to an inquiry for one or more of the following reasons: (a) ascertaining the correctness of a tax return; (b) making a return where none has been made; (c) determining the liability of any person for any tax under the Internal Revenue Code; (d) determining the liability of a transferee or a fiduciary of any person in respect to any Internal Revenue Acts; (e) collecting any Internal Revenue Tax liability; and (f) ascertaining the correctness of certain claims for refunds regarding taxes on gasoline, lubricating oils or aircraft use. The IRS may additionally use an administrative summons to inquire into any offense connected with the administration or enforcement of the internal revenue laws.
2. IRS Summons That Are Not Covered by the Tax Privacy Acts
The laws exempt summons that are issued for the sole purpose of determining the identity of a person having a numbered account or similar arrangement with a bank. If the IRS issues such a summons requesting the name of a person holding a specific numbered or coded account, it need not notify the customer or wait for the statutory period to run before demanding compliance. The bank may wish to notify the customer of the summons in such a case unless it is precluded from doing so by a court order.
A second exemption addresses IRS summons served on a taxpayer whose tax liability is the issue. A third exemption deals with summons issued to collect a tax liability of a taxpayer already determined by assessment or judgment.
A “John Doe” summons is also not covered by the Tax Privacy Acts. A “John Doe” summons does not name a particular person. The IRS must prove before an appropriate court, and the court must find the following: (a) the summons relates to an investigation (any person or ascertained group or class); (b) have a reasonable belief that the person, ascertained group or class may fail to comply with internal revenue laws; and (c) the information being sought from the records are not obtainable from other sources. This type of proceeding is not subject to the laws of ordinary notice and waiting period procedures.
There are also incidences of “unofficial” summons (sometimes referred to as “pocket summons”) or IRS “circular letters” under which the bank has no obligation to produce the records pursuant to the unofficial request.
D. Procedure for Service of and Compliance with IRS Summons
1. Notice
The IRS must give a notice of the summons to the person whose records are requested within three days from the day on which the summons is served on the third-party recordkeeper, but no later than the twenty-third day before the compliance date. A copy of the summons must be sent with the notice with instructions for bringing an action to “quash” the summons. Notice of the summons may be provided by the IRS in any of the following ways: (a) served in the same manner as a summons would be served; (b) mailed by certified of registered mail to the last known address of the person to whom the records pertain; (c) if no last known address is available, the IRS may leave notice with the third-party recordkeeper; and (d) if a fiduciary is involved, the IRS may mail the notice by certified or registered mail to the last known address of the fiduciary.
2. Customer Objection
The customer may stay compliance with the summons if it meets three conditions: (a) the customer commences a proceeding by petitioning the United States District Court (petition to “quash” summons); (b) the petition must be filed within twenty-one days of notice of summons and a copy of the petition to quash the summons must be mailed to the bank by certified or registered mail before the end of the twentieth day; and (c) a copy of the petition to quash must be mailed by certified or registered mail before the end of the twenty day period to the appropriate IRS official. Once this commences, the bank should not produce records until a copy of a court order requiring such production is received.
3. Records Assembly
When the bank receives the notice of summons, it must begin the assembly of records requested regardless of subsequent court proceedings. The bank must be able to at least produce the records on the date given in the summons, however, the Tax Privacy Acts expressly prohibit the examination of the records required to be produced during the waiting period or when there is a proceeding to quash the summons.
In spite of a proceeding to quash, however, the records could be examined if a court order having jurisdiction with the proceeding issues such order or with the consent of the person initiating the proceeding to quash. Where there is no court order or customer’s consent, the bank must not disclose the customer’s records or any information contained therein during the waiting period.
4. Certificate of Compliance
If no legal proceeding has been initiated, the bank should request a certificate of compliance from the IRS. Once the certificate has been received, if the bank relies on the summons or court order in good faith, the bank should not be held liable for disclosures so long as any appropriate waiting periods are observed.
5. Bank’s Right to Intervene
If the customer challenges the IRS by petition, the bank may intervene in such a case. The common reasons for bank intervention are as follows: (a) the request for information is too broad; (b) the request involves a significant burden on the bank; or (c) there has been an insufficient description of the records or the customer given by the IRS.
E. Recovery of Costs
Section 7610 of the Internal Revenue Code does allow the recovery of costs of complying with a third party summons. Reimbursement is for such costs that are reasonably necessary which have been directly incurred in searching for, reproducing or transporting books, papers, records or other data required to be produced by the summons.
IRS regulations allow the recovery of the costs of personnel time required to locate records or information at the rate of $8.50 per hour, but if information requested is stored on a computer, the bank may recover the actual cost of retrieving that information based on computer time and necessary supplies. The personnel time for the computer search is to be compensated at the per person hourly rate of $8.50. IRS regulations allow the payment of $0.20 per page for reproduction costs, photographs, films or other materials.
To transport the requested information to the place of examination, IRS regulations allow banks to recover the actual cost of such transportation by common carrier, a car mileage rate of $0.25 per mile and a $50 per day travel expense. No reimbursement is allowed until the information is produced.
III. OTHER STATE AND FEDERAL LAWS – REFERENCES
A. Nebraska Privacy and Disclosure of Confidential Information Laws
Preceding this article in the NBA Compliance Handbook is an article entitled Nebraska Privacy Laws that covers Nebraska State Laws on invasion of privacy (Neb.Rev.Stat. § 20-203), employee privacy (Neb.Rev.Stat. § 86-702) and the disclosure of confidential information (Neb.Rev.Stat. § 8-1401-1402).
B. Federal Privacy of Consumer Financial Information Laws – Title V of the Financial Modernization Act and Regulation P
Immediately following this article in the NBA Compliance Handbook is an article entitled Federal Privacy of Consumer Financial Information Laws – Title V of the Financial Modernization Act and Regulation P that covers the privacy provisions of the Gramm-Leach-Bliley Financial Modernization Act. Title V of this Act and Regulation P (which implements Title V privacy provisions as such relates to financial institutions) allows consumers to exercise an affirmative “opt-out” in order to prevent a financial institution from disclosing nonpublic personal information to third parties that are not affiliated with the institution. Financial institutions are also required to provide customer notification of their privacy policies and practices.
C. Federal HIPAA, FACT Act and Children’s Online Privacy Issues
Following the article entitled Federal Privacy of Consumer Financial Information Laws – Title V of the Financial Modernization Act and Regulation P is an article regarding the Fair and Accurate Credit Transactions Act (FACT Act), that addresses the “Proper Disposal of Consumer Information.”
Other articles in this section of the NBA Compliance Handbook, in turn, cover various issues, such as the Privacy of Business Associates Contracts under Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its impact on financial institutions, the Children’s Online Privacy Protection Act and Identity Theft and Pretext Calling, which cites other relevant federal laws and the protection of customer information.
D. Federal Security, Suspicious Activity Reports, Bank Secrecy Act, USA PATRIOT and other Money Laundering Laws
Also found in Volume I of the NBA Compliance Handbook, Security Section, are a series of articles under the main title of “Information System Security” that discuss federal privacy-related issues in the safeguarding and security of customer information contexts. These articles touch on areas of customer privacy, safeguarding information, security breaches and responses, identity theft and other fraudulent schemes using electronic banking opportunities and sharing of customer information.
Note also that the Security Section also covers Suspicious Activity Reports, the Bank Secrecy Act, the USA PATRIOT laws and other money laundering or financial fraud laws that are either exceptions to or give safe harbors from other state and federal laws and regulations.
E. Federal FACT Act Laws relating to Lending and Privacy Issues
In Volume III of the NBA Compliance Handbook, Lending Section, there are several articles that also address federal privacy-related issues in the lending context, including “Information Blocking and Repollution Prevention,” the “Protection of Medical Information” and in Volume I, Privacy Section, the “Proper Disposal of Consumer Information.”
IV. FINANCIAL PRIVACY ISSUES: STATE, LOCAL OR NON-FEDERAL AGENCY REQUESTS; PRIVATE PARTY REQUESTS
Third parties (usually government, business or individuals) may ask a bank to release information about its customer. The inquiry may be reasonable and beneficial to (and expected by) the customer. Often, the inquiry serves only the third party’s interest and is unknown to the customer. This latter disclosure of information may result in the bank’s liability for damages to the customer. The purpose of this article is to address financial privacy issues in the context of non-federal agency request for information. For federal government agency requests, please refer to the previous articles I and II in this same article of the NBA Compliance Handbook.
To avoid such liability requires the bank’s consideration of three issues:
1. The relationship existing between the bank and customer;
2. The obligations of confidentiality existing between the customer and the bank; and
3. The transactions in which the duties of confidentiality may unexpectedly arise.
B. The Parties (Relationships Between the Bank and the Customer)
1. Lender
The relationship between bank and customer is that of debtor and creditor governed by the loan agreement and applicable law. E.g., TEW v. Chase Manhattan Bank, 728 F. Supp. 1551, 1564 (S.D. Fla. 1990) (“A Bank stands in a creditor-debtor relationship with its customer”).
2. Depositor
The customer is a contracting party with the bank and the contract creates an obligation of the bank to pay to the customer, upon its terms and conditions, the amount which the customer deposits. The deposit creates a debtor-creditor relationship (except the bank is the debtor). Questions concerning the relationship between bank and customer should be answered by reference to the contract (deposit agreement), executed by and between the bank and customer.
a. Suburban Trust Company v. Waller, 408 A.2d 758, 762 (Md. 1979) (“At common law, the relationship of a bank to its customer was ...that of a debtor and his creditor.”).
b. TEW, supra.
c. Southern Electrical Supply Co. v. Raleigh County, Nat. Bank, 320 S.E.2d 515, 519 (W.Va 1984) (“A bank account creates a contractual debtor-creditor relationship between bank and depositor.”).
d. Peterson v. Idaho First National Bank, 367 P.2d 284, 288 (Idaho 1961) (“It is generally stated that the relationship between a bank and its general depositor is that of debtor and creditor”.).
3. Depository
The bank is the agent of the customer as well as a debtor of the customer. Generally, this agency requirement imposes upon the bank the duty to follow the instructions of its principal, i.e., the customer, within the scope of the agency. As an agent, the bank is to perform according to the orders of its depositors, e.g., withdrawals, honoring checks and renewing certificates of deposits. The duty of the bank as an agent is set forth in the deposit agreement supplemented by state or federal laws and regulations.
a. Peterson, supra at 288, 289 (“But it is also said that in discharging its obligation to a depositor a bank must do so subject to the rules of agency”).
4. Fiduciary
The bank is not a fiduciary of its customer unless it expressly assumes such a role, e.g., trustee of a testamentary trust, meaning that the bank has no duty to its customer independent of that set forth in the contract or applicable law or regulations.
a. Suburban Trust Company, supra (“At common law, the relationship of a bank to its customer was not considered fiduciary in nature, but rather as that of a debtor and his creditor”).
b. TEW, supra at 1565 (“Providing clearing services does not, without more, impart a fiduciary duty upon the bank”).
c. Lash v. Cheshire County Savings Bank, Inc., 474 A.2d 980,982 (N.H. 1984) (“This is not to say that either a confidential relationship or the normal trustee/beneficiary status is imposed upon banks in their dealings when the law does not specifically otherwise so provide”).
d. But see, Reid v. Key Bank of Southern Maine, Inc., 821 F.2d 9, 17-18 (1st Cir.) (“A good working relationship between two parties, however, is not sufficient evidence for a finding of the existence of the special legal obligations of a confidential [i.e., fiduciary] relation. ... The only concrete facts alleged to show a relationship going beyond the ordinary bank/customer situation were the recommendations by Traill that Reid use a particular supplier of paint and a particular accountant. ... Finally, plaintiffs rely on Reid’s inexperience and the “disparity of position” between Reid and the bank as supporting a finding of a confidential [i.e., fiduciary] relation. ... Nor was there any evidence of the kind of diminished emotional or physical capacity or the “letting down of all guards and bars” that is implied by the use of the term “disparity of position” in the context of confidential [i.e., fiduciary] relations in Maine).
5. Privacy Duty
The bank has a duty not to invade the privacy of its customers. Although the privacy interests of persons may differ from state to state, the duty generally means a bank is to not publicize the private affairs of a customer without a legitimate public concern.
a. Indiana National Bank v. Chapman, 482 N.E.2d 474, 477 (Ind. 1985) (“[T]he court defined the right of privacy as: ‘... the publicizing of one’s private affairs with which the public has no legitimate concern ...’”.)
b. Schoneweis v. Dando, 231 Neb. 180 (1989).
C. The Duty of Confidentiality
1. Lender in a Creditor/Debtor Relationship
No duty of confidentiality should exist merely because of the relationship. With respect to a loan, “it was not information that the borrower would normally expect would be kept confidential. One who defaults on his debts owed to a merchant cannot expect that his default will be kept a secret... I see no basis, therefore, for implying an agreement of confidentiality to the relations of a bank with its borrowers.” Schoneweis, supra at 191, [Quotations omitted.] However, various statutes have come into existence which affect this relationship:
a. Right to Financial Privacy Act of 1978, 12 U.S.C. §§ 3401-3422
The application of the statute with respect to confidentiality is restricted to:
(1) Disclosure to the federal government;
(2) of records;
(3) concerning individuals and small partnerships (not only consumers);
(4) except pursuant to written customer authorization, administrative subpoenas and summonses, search warrants, judicial subpoenas, or formal written requests. See, § 3402.
b. Fair Debt Collection Practices Act, 15 U.S.C. §§ 1692 et seq With respect to confidentiality the statute is restricted to:
(1) independent debt collectors;
(2) respecting consumer debt; and
(3) limits any communications to the consumer, the consumer’s attorney, a consumer reporting agency, the creditor, the creditor’s attorney, and the debt collector’s attorney, except when necessary, and limited to, locating the debtor.
c. Tax Reform Act of 1976, IRC § 7609 and 7610 The records of a bank regarding a customer are the bank’s property and the customer has no privacy right (as opposed to a privacy interest) which protects records from search and seizure by the government. The Act limits the ability of the IRS to seize such records before the customer has an opportunity to challenge the disclosure of the information. The law applies to:
(1) a person, defined to include most legal entities;
(2) with records in the possession of a third party record-keeper, defined to include financial institutions; and
(3) a summons not intended to merely identify a taxpayer, determine a taxpayer’s tax liability, or collect a tax liability.
2. Depository in a Creditor/Debtor Relationship and an Agency Role
The courts acknowledge that “modern society demands that persons have a bank account. ‘In a sense a person is defined by the checks he writes. By examining them ... [one] get[s] to know his doctors, lawyers, creditors, political allies, social connections, religious affiliation, educational interests, the papers and magazines he reads, and so on ad infinitum.’” Suburban Trust Company, supra at 762. The courts have developed duties of confidentiality based upon the following as well as the duties of confidentiality imposed by the statutes referred to above in 1.
a. Implied Covenant of Confidentiality Contained in the Deposit Agreement
(1) Suburban Trust Company, supra at 763 (“I have no doubt that it is an implied term of a banker’s contract with his customer that the banker shall not disclose the account or, transactions relating thereto, of his customer ...”)
(2) Peterson, supra at 290 (“It is implicit in the contract of the bank with its customer or depositor that no information may be disclosed by the bank or its employees concerning the customer’s or depositor’s account ...”)
(3) Milohnich v. First National Bank of Miami Springs, 224 So.2d 759 (Fla. 1969) (involved a corporate customer)
(4) Indiana National Bank, supra
b. Natural Incident of Agency Relationship “Unless otherwise agreed, an agent is subject to a duty to the principal not to use or to communicate information confidentially given him by the principal or acquired by him during the course of or on account of his agency or in violation of his duties as agent, in competition with or to the injury of the principal, on his own account or on behalf of another, although such information does not relate to the transaction in which he is then employed, unless the information is a matter of general knowledge.” Peterson, supra at 289, quoting Restatement of Law of Agency 2nd, Section 395.
3. Bank Where a Special Relationship has Arisen
The bank will be expected, in matters of confidentiality “to act in good faith and with due regard to the interests of the one reposing the confidence.” Lash, supra at 982. A special relationship will be found “wherever influence has been acquired and abused or confidence has been reposed and betrayed.” Id. at 981.
4. Bank as a General Legal Entity
The bank must avoid the invasion of a customer’s or other party’s privacy. An invasion of privacy may require that:
a. The matter be sufficiently published “to the public at large, or to so many persons that the matter must be regarded as substantially certain to become one of public knowledge.” Schoneweis, supra at 670.
b. The publicized matter must be false. Id.
c. The matter must be an expression of fact or mixed opinion, because “pure opinion” is constitutionally protected speech. Id.
d. The matter must not be in furtherance of a legitimate public concern for ten it is not an actionable communication. Indiana National Bank, supra.
D. The Contest Between Parties
Crucial to the privacy issues is understanding the nature of the privacy interests and understanding when the matters may be disclosed to third parties. Whatever the basis of the privacy interest, the following are universally accepted instances when information about a customer or depositor may be disclosed:
1. When customer has so authorized in a writing;
2. Under legal compulsion;
3. When the bank must protect itself against claims by a customer or depositor;
4. When the third party is duly acting on behalf of the customer or depositor; and
5. If the concern of confidentiality is only with respect to the invasion of someone’s privacy, then when a legitimate public purpose is served.
A policy can be made that will take the various relationships of a financial institution with its customers into consideration and that will require, in the event of any disclosure of information to a third party, that the disclosure be consistent with one of the above-listed exceptions.
E. Various Arenas of the Contest
1. Deposit Accounts
Since the deposit is a contract, the bank may address the issue of disclosure of records within the deposit contract. Statutory protections to consumers cannot generally be waived however, and in general the bank cannot waive effectively its exercise of due care, although it may define that standard of reasonableness by which its actions are measured. The following are areas of a deposit contract in which privacy interests may be addressed:
a. Joint depositors Although likely implicit, the contract may provide assurances of the bank’s lack of liability to one joint depositor if records are provided to a third party who has dealt with the remaining join depositor.
b. Divorces An area in which the joint deposit agreement is most applicable, but should be extended to provide that a single depositor agrees that in any divorce proceeding, the records may be turned over upon receipt of subpoena without requirement of notice.
c. Subpoenas In Nebraska, a party to a civil action may subpoena the records of the other party without being required to notify the other party. The bank is not prohibited from notifying the customer of the receipt of the subpoena. The customer’s objection raises the specter of the bank being placed in the middle of the dispute although compliance with a subpoena is seemingly a recognized right of the bank. The contract might provide that, if the customer objects to the procedure, then it is incumbent upon the customer to immediately obtain an order precluding the bank’s compliance with the order and that it is not the bank’s obligation to provide notice of a subpoena to the customer except as a courtesy. Note: Under FIRREA, grand jury subpoenas are not to be disclosed by force of federal law and under penalty of imprisonment and fine.
d. Representatives/Agents Generally, no disclosure problems exist because the representatives are, for all practical purposes, the customer. Customers may revoke, without the bank’s knowledge, the authority of a representative or the customer’s beneficiaries may not agree with the representative’s disbursement of the proceeds. Thus, a clause permitting the bank’s unlimited disclosure of information to any party acting on behalf of the customer, pursuant to the customers executed instructions or a formal appointment (except upon receipt of a document of equal dignity) is desirable, i.e., the customer’s written instructions or a formal revocation of an appointment.
2. Loan Agreements
An opportunity for the bank to outline privacy issues with its commercial customers. The governing statutes for consumers provide clear compliance guidelines to be followed.
3. Depositions/Subpoenas
If not outlined in the contract with the customer, the response to requests for disclosure of a customer’s records in depositions or in response to subpoenas could be troublesome. Legal process has generally been recognized as sufficient compulsion or reason for disclosure of a customer’s records, but the procedural rules do not always account for the intervention of a third party or a court. A customer may object to the disclosure of information before the time a bank must comply. Then, the bank must balance competing interests and make a determination, i.e., “Who do I want to sue me” test. A policy requiring the matter to be addressed initially with the customer would obviate this “no win” test.
F. Powers of Attorney (POA)
1. Definition and Uses
“POA” is a written document by which one person (the “principal”) appoints another as his/her agent or attorney-in-fact (the “agent”) permitting the agent to act for the principal in accordance with the authority granted in the POA. The uses are several e.g., closing the sale or purchase of a home in absentia, or permitting a child to control the banking accounts of an aging parent. Assuming the POA is valid and the agent is acting with its scope, a third party may deal with the agent as if he/she were the principal and as if the principal were personally present.
2. Risks
The principal’s risk is that the agent may not trustworthy and will misuse the POA for his/her own advantage. For a bank, the risk is that after the agent has made off with the property, the principal will seek to recover any losses from the bank and the agent for wrongful use of the POA.
3. Types of POAs
a. General A general POA generally lists several powers and provides that the agent is granted “full power and authority in my name, place and stead, to do and perform every act, and exercise any and every power that I might or could do or exercise myself, as fully as I might or could do if personally present...” This gives the agent authority to act for the principal (risky from the principal’s position). (Query - Should a bank send a letter to the owner of an account upon receipt of a general POA advising the owner that it has been received and that in the future the agent will be authorized to do anything the owner could do, including remove all the funds, i.e. should the bank put the owner on notice of the risks of a general POA?) California requires a bold face warning on all printed form durable POAs sold in that state for use by a person who does not have legal counsel.
b. Special Special POAs are limited appointments, which permit the agent to perform only specific, enumerated acts. From the principal’s view these POAs generally involve less risk since an unfaithful agent could only misuse the limited power he/she was granted.
c. Durable Nebraska has adopted the Uniform Durable Power of Attorney Act, Neb.Rev.Stat. §§ 30-2664 to 30-2672 (the Act) which provides that a power of attorney created after January 1, 2013, is durable unless it expressly provides that it is terminated by the incapacity of the principal.
4. When the Bank is Presented with a POA
Generally, the bank’s front-line teller is presented with a POA who should either be trained to know what to look for or consult with supervisors. In any event the POA MUST BE READ, and the following determinations made:
a. The Agent must be Acting within the Scope of his/her Authority Does the POA permit the agent to do which he/she is trying to do on behalf of the principal? The POA must be in writing, but the bank should not provide a “form” POA nor provide legal advice to the customer regarding the need for or contents of the POA. Even with a POA on file, the principal may also continue to deal with his/her accounts personally.
b. The POA must not have Expired by its Express Provisions Some POAs specify a date of termination, after which the agent has no authority to act for the principal.
c. The POA must be Signed by the Principal Verify that the signature on the POA is that of the customer (the principal) by checking the signature card. If the POA is notarized or recorded, then the bank may conclude that the principal signed the POA. In Nebraska, a POA does not have to be recorded to be valid unless the agent is transferring title to real estate.
d. The Agent must have the Original POA or a Certified Copy The bank should review the original and keep a copy for its records, as well as verify that the person presenting the POA is in fact the agent named therein.
5. When the Bank Should Investigate the Facts Behind the POA
In addition to the above, the bank may have a duty to look behind the POA to see, for example, whether the principal really wants the agent to withdraw money, whether the principal is stillcompetent or alive, or whether the agent uses the money for the principal’s benefit.
a. Capacity of the Principal If the POA is not durable, it is revoked by the death, disability or incapacity of the principal (principal’s status may be difficult to determine, unless he/she accompanies the agent to the bank).
b. Solution to Questions of Revocation, Death and Capacity of the Principal Section 30-2669 the Act provides, in part:
As to acts undertaken in good faith reliance thereon, an affidavit executed by the attorney in fact under a power of attorney, durable or otherwise, stating that he or she did not have at the time of exercise of the power actual knowledge of the termination of the power by revocation or of the principal’s death, disability or incapacity is conclusive of the nonrevocation or nontermination of the power at that time. (Emphasis supplied)
Thus, if the affidavit is obtained, it is generally not necessary to investigate the Principal’s physical or mental condition at the time the POA is exercised.
c. Other issues The Act does not cover those situations in which the principal was not competent at the time he/she signed the POA nor does it deal with questions arising in situations in which the bank has some independent question or suspicion about the agent’s actions. The courts of several states have addressed the bank’s duty in those situations:
(1) Milner v. Milner, 395 S.E.2d 517 (W. Va. 1990)
FACTS: The terminally ill father, Mr. Milner, Sr., has for years maintained a joint savings account with his son, Gary. There had never been any withdrawals from that account. Shortly before his death, Mr. Milner, Sr., gave a general POA to his other son, Garfield. On the day he obtained the POA, Garfield took it to the bank and attempted to withdraw the $19,600 balance of the savings account, requesting a cashier’s check, payable to Garfield personally. Prior to delivering the funds to Garfield, the banker called both the bank’s attorney, to be sure the POA permitted the agent to withdraw funds (which it did), and the attorney who had notarized the POA to be sure it was signed by Mr. Milner, Sr. Having satisfied himself on these two points, the banker authorized the withdrawal. Before doing so he did not call Gary, the joint owner of the account who also had a general POA for his father, nor did he inquire about why Garfield was withdrawing the funds. He did attempt to contact the father at the hospital, but was unsuccessful. The money was promptly spent for Garfield’s benefit, and after his father’s death, Gary sued both Garfield (who, of course, by that time had nothing) and the bank (which, of course, had deeper pockets).
The bank was not liable, because absent circumstances which might place a “reasonably prudent bank” on notice demanding additional inquiry, “when dealing with a broad power of attorney, there is no obligation on a third party to go behind the power.” In such instances, the bank may rely on the terms of the power of attorney to discern the authority of the Agent demanding a withdrawal of funds.
DISCUSSION: The court concluded that the bank had acted diligently to make certain Mr. Milner’s POA was authentic (that is, actually signed by Mr. Milner, Sr.) and that its scope permitted the Agent to withdraw the funds. It reasoned that the Principal and Agent are ultimately responsible for the actions arising out of the POA, not a third party who is without knowledge of any wrong doing.
COMMENT: Although not obtained in this instance, presumably because the Act had not yet been adopted in West Virginia, the affidavit would satisfy most of the court’s requirements in Milner. Beyond that, investigation is only necessary if a reasonably prudent bank would have done more.
(2) Bank IV v. Capitol Federal Savings & Loan Association, 1992 Kansas Lexis 70 (March 20, 1992)
FACTS: In June, 1987, Ms. Flinn signed a durable, general POA designating James (her nephew) and/or Martha Flanders (James’ wife) as her Agents. Shortly before Ms. Flinn’s death in January, 1988, Martha presented the POA, five of Ms. Flinn’s certificates of deposit, totaling $140,000, and a letter from Ms. Flinn that Martha was to cash the certificates. Thirty minutes later, she left the bank with cashier’s checks, some payable to her individually and some payable to Martha and James jointly. All the money was spent by the Flanders for their personal needs, and the administrator of Ms. Flinn’s estate sued the S&L.
HOLDING: A summary judgment granted by the trial court in favor of the S&L was affirmed, with the court ruling that the S&L had no duty (1) to investigate the capacity of Ms. Flinn when she executed the POA (this despite the fact that the dissenting opinion notes that in contrast to her signature card, Ms. Flinn’s signature on the POA was started twice, has only one hump in the “m” in “Mrs.,” and was weak and shaky), (2) to determine whether Ms. Flinn was alive at the time the POA was presented, or (3) to determine whether Martha was carrying out Ms. Flinn’s “true wishes.” The court held that the S&L’s duty was limited to (1) comparing the signature on the POA with the signature of the depositor to ensure it was authentic, (2) obtaining proper identification of the Agent, and (3) determining whether or not the requested transaction was within the scope of the POA.
DISCUSSION: The fact that Ms. Flinn’s signature was notarized satisfied the first duty, checking Martha’s identification satisfied the second, and the broad language of the POA satisfied the third. The court also ruled “[t]he lending institution has the right to assume the attorney in fact is acting lawfully in the performance of his or her duties in seeking the withdrawal of the funds in the specified form and is not liable to the principal for the attorney in fact’s subsequent misappropriation of the funds absent some participation therein and knowledge thereof.”
(3) Empire Trust Co. v. Cahan, 274 U.S. 473 (1927) – The father gave his son general POAs to draw checks for him at two banks. The son signed his father’s name by himself as attorney in fact on checks payable to the son. The son stole the money and the father sued the bank. The trial court and the Second Circuit held that the bank had sufficient notice that the son was misappropriating the money, and, consequently, the bank was liable. The Supreme Court reversed, noting that the checks were drawn pursuant to “an unlimited authority.” It held that the notice to the bank was notice only of the agency relation of the parties, and that it would be impractical to put the burden on bank to check each agency transaction to make sure the agent is acting within the scope of his authority and using the funds for a proper purpose. “The transactions of banking in a great financial center are not to be clogged, or their pace slackened, by over-burdensome restrictions.”
(4) Dockstader v. Brown, 204 S.W.2d 352 (Tex. Civ. App. 1947) – A sister gave her brother a general POA, pursuant to which he sold an oil and gas interest in his sister’s land. Later he withdrew the proceeds for his personal use. In ruling that the bank was not liable, the court held that the bank would be responsible only if it had notice of the wrongdoing.
(5) See also, Romero v. Sjoberg, 5 N.Y.2d 518, 186 N.Y.S.2d 246, 158 N.E.2d 828 (1959); Minto v. Minto, 207 S.W.2d 842 (Mo. 1947; Nashville Trust Co. v. Southern Buyers, Inc., 40 Tenn, App. 11, 288 S.W.2d 469 (1956). But see, First National Bank v. Cooper, 252 Ga. 215, 312 S.E.2d 607 (1984); Beaucur v. Bristol Federal Savings and Loan Association, 268 A.2d 679 (Conn. 1969).
Although some circumstances will require it, banks may be more prudent in not starting down the long and winding road of attempting to determine what may lie behind a POA. Unless there are facts or circumstances which would place a reasonably prudent bank on notice that something was awry, or unless the bank had actual knowledge of the unauthorized acts of the Agent, a bank is more protected if it follows the steps set forth in Section D above and obtains the affidavit from the Agent. One factor generally requiring further investigation would be the Agent’s use of the funds withdrawn using the POA to pay the Agent’s personal debt at that same bank. With Nebraska adopting the Act, the bank greatly increases its protection by obtaining the affidavit.
To sum up, it is generally not necessary to go behind the POA, or to contact the Principal or other joint account holders. (Frequently the bank is in a better position if it does not do so.) The prudence of the bank’s investigation will only be reviewed by the courts in those cases in which the Agent was untrustworthy. In such cases, using 20/20 hindsight, it will be easy to conclude that the bank’s investigation was not adequate. Once money is paid to the Agent, it is gone. The time to exercise caution is before the Agent utilizes the POA to withdraw the funds. Thus, the bank is ultimately dependent upon the common sense and good judgment of its customer contact personnel, who must be sensitized to these issues.
G. Conclusion
Understanding the relationships between a bank and its customers and the obligations for the privacy interest protections which arise out of these relationships is the key to developing policy to ensure compliance. A bank can define at the beginning of the relationship, the nature of the privacy obligation between it and the customer so that expectations are mutually defined and easily met to permit the maintaining of the customer’s confidences and that the customer’s confidence in the bank are also maintained.