SELF-CRITICAL ANALYSIS PRIVILEGE OF FINANCIAL INSTITUTIONS CHAPTER 6-13 3
6-13-01. Definitions
In this chapter, unless the context or subject matter otherwise requires: "Commissioner" means the commissioner of financial institutions
1
"Compliance audit" means a voluntary, internal evaluation, review, assessment, audit, 2
or investigation for the purpose of identifying or preventing noncompliance with, or promoting compliance with, laws, regulations, orders, or industry or professional standards, which is conducted by or on behalf of a financial institution
"Compliance self-critical analysis audit document" means a document prepared as a result of or in connection with a financial institution's compliance audit. A compliance self-critical analysis audit document may include a written response to the findings of a compliance audit. A compliance self-critical analysis audit document may include, as applicable, field notes and records of observations, workpapers, findings, opinions, suggestions, conclusions, drafts, memoranda, drawings, photographs, exhibits, computer-generated or electronically recorded information, telephone records, maps, charts, graphs, and surveys, provided this supporting information is collected or developed for the primary purpose and in the course of a compliance audit. A compliance self-critical analysis audit document also includes: a
A compliance audit report prepared by an auditor, who may be an employee of the financial institution or an independent contractor, which may include the scope of the audit, the information gained in the audit, and conclusions and recommendations, with exhibits and appendices; c
b. Memoranda and documents analyzing portions or all of the compliance audit report and discussing potential implementation issues; An implementation plan that addresses correcting past noncompliance, improving current compliance, and preventing future noncompliance; or Analytic data generated in the course of conducting the compliance audit
d
"Financial institution" means any organization authorized to do business under state and federal laws relating to financial institutions, including a bank, the Bank of North Dakota, a savings bank, a trust company, a savings and loan association, or a credit union
4
6-13-02. Self-critical analysis privilege created - Scope
A compliance self-critical analysis privilege is created to protect the confidentiality of compliance self-critical analysis documents or communications in regard to their content relating to voluntary internal compliance audits conducted by financial institutions and persons in regard to activities regulated under title 6 or federal law, both to conduct voluntary internal audits of its compliance programs and management systems and to assess and improve compliance with state and federal statutes, rules, and orders. The compliance self-critical analysis privilege applies to all litigation or administrative proceedings pending on August 1, 2001
6-13-03. Compliance self-critical analysis document not discoverable or admissible
Except as provided in this chapter, a compliance self-critical analysis audit document is privileged information and is not discoverable or admissible evidence in any legal action in any civil, criminal, or administrative proceeding. The privilege is a matter of substantive law of this state and is not merely a procedural matter governing administrative, civil, or criminal procedures in the courts of this state
6-13-04. Application of privilege
If a financial institution, person, or entity performs or directs the performance of a compliance audit, an officer, employee, or agent involved with the compliance audit, or any consultant who is hired for the purpose of performing the compliance audit, may not be examined in any civil, criminal, or administrative proceeding as to the compliance audit or any Page No. 1 compliance self-critical analysis audit document. This section does not apply if it is determined under section 6-13-06 or 6-13-07 that the privilege does not apply
6-13-05. Submission to commissioner
1. Upon request of the commissioner, a financial institution must submit a compliance self-critical analysis audit document to the commissioner, or the commissioner's designee, as a confidential document under the provisions of section 6-01-07, without waiving the privilege set forth in this chapter to which the financial institution would otherwise be entitled. However, the provisions of section 6-01-07 permitting the commissioner to release confidential documents and make them accessible to federal financial institution regulatory agencies does not apply to the compliance self-critical analysis audit documents voluntarily submitted. To the extent the commissioner has the authority to compel the disclosure of a compliance self-critical analysis audit document under other provisions of applicable law, any report furnished to the commissioner may not be provided to any other person or entity and must be accorded the same confidentiality and other protections as provided above for voluntarily submitted documents. Any use of a compliance self-critical analysis audit document furnished as a result of a request of the commissioner, whether under a claim of authority to compel disclosure or not, is limited to determining whether any disclosed defects in a financial institution's policies or procedures or inappropriate treatment of customers has been remedied or that an appropriate plan for their remedy is in place. The commissioner may not impose any type of administrative fine or penalty as to any area addressed or matter covered in a compliance self-critical analysis audit document furnished at the commissioner's request, except when there is clear and convincing evidence that the financial institution failed to undertake reasonable corrective action, eliminate inappropriate treatment of customers, or failed to implement an appropriate plan to rectify any noncompliance with state and federal statutes, rules, and orders
A financial institution's compliance self-critical analysis audit document submitted to the commissioner remains subject to all applicable statutory or common-law privileges, including the work product doctrine, attorney-client privilege, or the subsequent remedial measures exclusion. A compliance self-critical analysis audit document submitted to and in the possession of the commissioner remains the property of the financial institution and is not subject to any disclosure or production under section 44-04-18
3. Disclosure of a compliance self-critical analysis audit document to a governmental agency, whether voluntary or pursuant to compulsion of law, does not constitute a waiver of the privilege with respect to any other person or any other governmental agency
2
6-13-06. Waiver of privilege by financial institution - Grounds for determination of privilege - Civil, administrative, or criminal proceedings
1
2
3
The self-critical analysis privilege does not apply to the extent that it is expressly waived by the financial institution that prepared or caused to be prepared the compliance self-critical analysis audit document
In a civil or administrative proceeding, a court of record, after an in camera review, may require disclosure of material for which the privilege is asserted, if the court determines one of the following: a
b
In a criminal proceeding, a court of record, after an in camera review, may require disclosure of material for which the privilege is asserted, if the court determines one of the following: a
b
The privilege is asserted for a fraudulent purpose; or The material is not subject to the privilege
The privilege is asserted for a fraudulent purpose; The material is not subject to the privilege; or Page No. 2 c
The material contains evidence relevant to commission of a criminal offense, and all three of the following factors are present: (1) The commissioner, state's attorney, or attorney general has a compelling need for the information; (2) The information is not otherwise available; and (3) The commissioner, state's attorney, or attorney general is unable to obtain the substantial equivalent of the information by any other means without incurring prohibitive cost and delay
6-13-07. Determination of privilege - Procedure
1
If a person seeks from a financial institution communications involving a compliance audit or any compliance self-critical analysis audit document during the course of a pending civil or criminal proceeding, the financial institution may assert the self-critical analysis privilege and provide the information set forth in subsection 6 during the course of those proceedings just as any other privilege is asserted in the courts of this state. If the court is required to make a determination as to the privilege, the court shall follow the procedure and conditions set forth in subsection 5
If there is a pending administrative proceeding, or there is no pending civil or criminal proceeding, the commissioner, state's attorney, or attorney general may serve on a financial institution a written request by certified mail for disclosure of a compliance self-critical analysis audit document. Within thirty days after the commissioner, state's attorney, or attorney general serves on a financial institution a written request by certified mail for disclosure of a compliance self-critical analysis audit document, the financial institution that prepared or caused the document to be prepared may file with the appropriate court a petition requesting an in camera hearing on whether the compliance self-critical analysis audit document or portions of the document are privileged under this chapter or subject to disclosure. The court has jurisdiction over a petition filed by a financial institution under this subsection requesting an in camera hearing on whether the compliance self-critical analysis document or portions of the document are privileged or subject to disclosure. Failure by the financial institution to file a petition waives the privilege for only the specific request made
A financial institution asserting the compliance self-critical analysis privilege in response to a request for disclosure under this section shall include in its request for an in camera hearing all of the information set forth in subsection 6
2
3
5
4. Upon the filing of a petition under this section, the court shall issue an order scheduling, within forty-five days after the filing of the petition, an in camera hearing to determine whether the compliance self-critical analysis audit document or portions of the document are privileged under this chapter or subject to disclosure
The court, after an in camera review, may require disclosure of material for which the privilege is asserted if the court determines, based upon its in camera review, that any one of the conditions set forth in subsection 2 of section 6-13-06 is applicable as to a civil or administrative proceeding or that any one of the conditions set forth in subsection 3 of section 6-13-06 is applicable as to a criminal proceeding. Upon making such determination, the court may only compel the disclosure of those portions of a compliance self-critical analysis document relevant to issues in dispute in the underlying proceeding. A compelled disclosure may not be considered to be a public document or be deemed to be a waiver of the privilege for any other civil, criminal, or administrative proceeding. A financial institution unsuccessfully opposing disclosure may apply to the court for an appropriate order protecting the document from further disclosure
A financial institution asserting the compliance self-critical analysis privilege in response to a request for disclosure under this section shall provide at the time of making and filing any objection to the disclosure all of the following information: a
b
c
The date of the compliance self-critical analysis audit document; The identity of the entity conducting the audit; The general nature of the activities covered by the compliance audit; and 6
Page No. 3 d
An identification of the portions of the compliance self-critical analysis audit document for which the privilege is being asserted
6-13-08. Privilege - Burden of proof - Stipulation
A financial institution asserting the compliance self-critical analysis privilege set forth in this chapter has the burden of demonstrating the applicability of the privilege. Once a financial institution has established the applicability of the privilege, a party seeking disclosure has the burden of proving that the privilege is asserted for a fraudulent purpose. The commissioner, state's attorney, or attorney general seeking disclosure of the privilege has the burden of proving the elements set forth in subdivisions a and c of subsection 3 of section 6-13-06
The parties may at any time stipulate in proceedings under section 6-13-06 or 6-13-07 to entry of an order directing whether the specific information contained in a compliance self-critical analysis audit document is or is not subject to the privilege provided under this chapter. Any such stipulation may be limited to the instant proceeding and, absent specific language to the contrary, is not applicable to any other proceeding
6-13-09. Nonapplication of privilege
The self-critical analysis privilege set forth in this chapter does not extend to: 1. Documents, communications, data, reports, or other information expressly required to be collected, developed, maintained, or reported to a regulatory agency pursuant to this title, or other federal or state law; Information obtained by observation or monitoring by any regulatory agency; or Information obtained from a source independent of the compliance audit
2
3
Page No. 4