Skip to main content
April 8, 2021

New York Streamlines Its Confidential Supervisory Information Rule


On April 7, 2021, the New York Department of Financial Services (NYDFS) issued its long-awaited update to its Confidential Supervisory Information Rule  (the CSI Rule). The NYDFS' CSI Rule largely adopts the same standards that exist under federal bank regulatory agencies confidentiality rules with certain notable exceptions.

Under the CSI Rule, a limited exception to the prior written approval requirement was adopted that permits a financial institution supervised by the NYDFS to share CSI with its legal counsel and auditors, provided that those entities (i) acknowledge the information received is confidential under Section 36.10 of the New York Banking Law; and (ii) agree not to further disseminate the CSI as required under the CSI Rule. The NYDFS also adopted a limited exception that allows financial institutions to share CSI with independent auditors as part of the independent auditor's acceptance of a new client engagement or the continuation of an existing annual audit engagement.

Notably, however, the NYDFS declined to extend this limited exception to consultants or service providers of attorneys and auditors, such as forensic consultants or technology providers. Accordingly, unlike under the CSI regulations maintained by the Office of the Comptroller of the Currency and the Federal Reserve Board, financial institutions supervised by the NYDFS must continue to seek prior written approval prior to providing CSI to consultants directly or indirectly through their attorneys or auditors.

In addition, under the CSI Rule, a financial institution must notify the NYDFS immediately if it receives a subpoena or other information request for CSI. Notification to the NYDFS is required even if the request is from other US government or foreign government agencies, including other supervisory agencies having direct supervisory authority over the financial institution. Requests for approval to share CSI must be submitted to both the Senior Deputy Superintendent for Banking and the General Counsel. The NYDFS' position on requiring the approval of the Senior Deputy Superintendent and General Counsel deviates from the approach taken by the Federal Reserve in its recent amendment to its CSI regulations, which permit the central point of contact to approve requests for the sharing of CSI to other supervisory agencies. The NYDFS also maintained its prohibition on sharing CSI without prior written approval in the context of a merger transaction.

We anticipate that there will be significantly fewer requests submitted under the amended CSI Rule. Accordingly, the NYDFS will likely be able to respond to CSI requests in a more timely fashion.

© Arnold & Porter Kaye Scholer LLP 2021 All Rights Reserved. This Advisory is intended to be a general summary of the law and does not constitute legal advice. You should consult with counsel to determine applicable legal requirements in a specific fact situation.