This may seem a bit long-winded but I'm quoting from our policy. I hope this helps.
To gain access to customer’s records, the act requires, with certain exceptions, that the federal government agency obtain one of the following:
• An authorization signed and dated by the customer, which identifies the records being sought, the reasons the records are being requested, and the customer’s rights under the Right to Financial Privacy Act. The agency’s request should be on an official form and contain the required customer authorization.
• An administrative subpoena or summons
• A search warrant
• A judicial subpoena
• A formal written request by a government agency (to be used only if no administrative summons or subpoena authority is available)
If the Bank receives a request for information from a federal agency, the Bank may not release the financial records of a customer until the federal government authority seeking the records certifies in writing that it has complied with the applicable provision of the Right to Financial Privacy Act. Documents will not be furnished to the federal agency for at least 14 days after a request is received. However, the USA PATRIOT Act requires the Bank to respond immediately to Federal directives issued in connection with a list of known or suspected terrorists or organizations provided to the bank. (FinCEN Tracking List)