Can we provide an Auditor with a copy of an FDIC Report of Exam based on 12 CFR 309.6?

We have a difference of opinion at our bank.

Disclosure prohibited. Except as provided in paragraph (b) of this section or by 12 CFR part 310, 2 no person shall disclose or permit the disclosure of any exempt records, or information contained therein, to any persons other than those officers, directors, employees, or agents of the Corporation who have a need for such records in the performance of their official duties....


Part of your auditor's official duties is to validate management's responses to prior audits and exams to ensure that the responses were effective and addressing the finding. This task is impossible without reading the exam report.

Yes, you can provide your exam report to an internal or external auditor.

Anon is correct. You can let them look at it, as they are operating as your agents. However, they should not retain a copy of it.

The technical citation (for OCC banks at least) that permits an auditor or consultant to review your exam reports is 12 CFR 4.37(b)(2), which says:

"When necessary or appropriate for business purposes, ...[an OCC regulated institution] may disclose non-public OCC information, including .... OCC reports of examination, to a person or organization officially connected with the bank or Federal savings association as officer, director, employee, attorney, auditor, or independent auditor. A[n OCC regulated institution] may also release non-public OCC information to a consultant [if certain conditions are met - see 12 CFR 4.37(b)(2).]