I work for a US branch (an FBO) of an Hong Kong bank.

Our Head Office has been told by their regulator (HKMA) that they have to perform a QC function on our closed Alerts and Cases. As part of the Head Office’s QC function they are asking for Customer CDD/EDD information and copies of documents (e.g., checks), which our local management does not wish to share, based on privacy concerns, and how the OCC will react to a US based FBO sharing customer information with a non-US bank (even if it is our Head Office).

We do share SARs with our Head Office under a Confidentiality Agreement; they want to implement a similar procedure for customer data and transactions.

Our HO has indicated that they will drop their request, if we can supply them proof that we are not allowed to share the information with them. Short of going to the OCC, can anyone give any guidance or suggestions.

Thank you

And why isn't your internal legal staff involved?

Good point. I will answer that question off line via PM

Well, if this is information on your corporate customers, unless their information is protected under State law, I am not sure what you can point to. If this is consumer information, it would have to be addressed in your privacy disclosures.

Thank you. It is both consumer and corporate.

Thank you for your assistance