Answer:
Thanks for the inquiry -- and I apologize for any confusion. There isn't anything "wrong" with your current practice -- but here are some things to think about.
When you conduct any type of investigation, particularly one that's serious enough to warrant filing a SAR, many folks within the institution know what you're finding as you find it. If all of your board members are also employees with functional responsibilities, I have no issue with distributing copies of the actual SARs to them at the monthly meetings. They likely already know the information, anyway.
If you have any "outside" directors -- non-employees -- and you've trained them appropriately regarding information security practices and their personal responsibility to keep secrets -- and that you've caused them to sign a confidentiality agreement at least annually --again, I have no issue with your practice.
My personal experience is that board members are perhaps the most common and deadly information leaks within the institution. They attend social events, they sit on other boards and they interact with a variety of people on a daily basis. They travel in different social and occupational circles. They "market" the institution every time they appear in public. If these board members have never been told what they can discuss with the general public and what they cannot -- they often talk about sensitive issues, unaware of the damage that their discussions may have upon ongoing investigations and pending legal matters. From my viewpoint, this type of director needs to have the least amount of information available -- to protect him/her, you and the institution.
First published on BankersOnline.com 5/20/02
print
share