A Matter of Privacy

Scenario: The CEO, chairman, and outside counsel of Security State Bank huddle in a private conference room in the bank’s executive offices. An angry telephone call has just confirmed their worse fears: A borrower that had a loan request rejected from the bank wants to meet with CEO Bob Johnson. It seems that long-time director Tom McCoy has leaked parts of the board’s discussion about the shortcomings of the loan request, including the directors’ comments on the borrower’s business acumen and his character.

After the bank’s attorney briefs CEO Johnson on how to proceed with the borrower, the discussion moves to how the board should deal with McCoy’s actions.

“Wow! As Doctor Laura would say, ‘How could you do that!’ The offending director not only had an apparent lapse of consciousness but also a lapse of conscience.

Well, there is only one thing to do: summarily discharge the director from his seat on the board (if this is possible in consideration of ownership positions). Hopefully this action, in concert with appropriate apologies, will placate the offended client and preclude the situation from becoming a liability nightmare for the bank.

However, there is a greater question that begs to be asked of this institution as a whole. What is the status of the board’s education, ethics, and sensibilities in a broader sense? If such a glaring breach of ethics could occur, what other evils may lurk in the recesses of the boardroom? With this misdemeanor as an indicator, I feel that management and the governing body must take an active and aggressive role in some serious self-evaluation to assess their own fitness. In a situation such as this it may be appropriate to bring in an outside educator as a facilitator in this process.

One would hope that, in the past, management has been more diligent reviewing its D&O liability insurance policy than it has been in instituting board education and self-criticism.

John C. Davis


The First National Bank in Trinidad

Trinidad, Colorado

“While this may not be a violation of any specific provision of law, this director has failed in his accepted duty of care and loyalty expected of any director of an insured institution. If this leak is a first-time offense and only involves the potential borrower, senior management and counsel should have an immediate discussion with the director about the seriousness of this breach of duty and secure a promise that it will never again occur.

If the director leaked the information to someone other than the borrower, the discussion should include the personal liability of the director and the liability of the bank itself. A director who cannot (or will not) maintain confidentiality about the bank’s business does not deserve to be a director, regardless of his or her tenure. Either vote the director off the board or set up a loan committee that does not include this director. Even if a lawsuit is avoided, leaks by a bank director will seriously damage the reputation of a bank and destroy customer confidence.”

Arthur L. Freeman


Department of Financial Institutions

Frankfort, Kentucky

“In this instance it is imperative that McCoy be counseled on the need to exercise good judgment. In addition, he should be reminded of his fiduciary duty to the shareholders and depositors of the bank.By divulging what should have been confidential information, he has placed both the bank and the board at unnecessary reputational risk, possibly involving money damages.

Given McCoy’s tenure, the CEO should attempt to ascertain whether this is the first time such a breach has occurred or whether it is just the first time it has come to the attention of bank management. Notwithstanding his tenure, the circumstances at hand may warrant a request for his resignation in order to demonstrate to the community at large that such leaks will not be tolerated.

Failure to take swift action to address irregular acts by directors can have an adverse impact on the future of the institution. In a best-case scenario, a written apology to the prospective borrower may suffice, if the leak had minimal impact on the customer’s reputation and ability to do business. In a worst-case scenario, the bank, the individual director, and the entire board may be liable for money damages.

The CEO should arrange a training session for all directors to emphasize the need to maintain confidentiality in the performance of certain duties and the potential liability that can result from the failure to do so. Finally, this matter should be reported to the full board, at which time appropriate resolutions should be adopted to prevent a recurrence of this situation.”

Daryl P. Stum

Regional Director

Federal Deposit Insurance Corporation

New York, New York

“Nothing short of removal of the director would be an acceptable resolution to this problem. McCoy has incurably breached one of the most basic standards that directors are to uphold:duty of care. Duty of care covers many different circumstances, but it ultimately boils down to whether the act involved negligence. Clearly this director should have known that disclosure of damaging, personal information on a loan customer was unacceptable conduct.

Perhaps a more overwhelming reason to remove the director is to protect the bank against future violations of confidentiality. I constantly harp to our directors about the confidentiality of ongoing merger discussions. Unfortunately, such leaks of information are common, with a majority of them coming from directors. In this situation, the remaining board members naturally would feel leery sharing critically sensitive merger information with McCoy. Breaches of confidentiality agreements and premature disclosure of merger discussions could lead to multimillion-dollar liability for the board.

As a final note, removal of a director is not an easy process. Review your bylaws and consult legal counsel prior to initiating such discussions. Of course, if the director wants to amend for his or her actions, resignation would be the best decision for all.”

Richard F. Maroney Jr.


Austin Associates Inc.

Toledo, Ohio

“Breaches of confidence outside the boardroom are a serious matter. The old adage ‘what happens inside the boardroom, should stay within the boardroom’ is good advice for all directors to follow. Generally speaking, directors have a fiduciary duty to maintain confidenceu00e2u20ac”particularly important in the case of a customer’s right of privacy.

Assuming that this director’s serious error in judgment does not result in legal action, at a minimum, McCoy should be sanctioned for his inappropriate behavior. If the bank has not adopted a policy on confidentiality, perhaps now is a good time to do so. A presentation by legal counsel stressing the importance of confidentiality, both as to customer business and material nonpublic information about the bank, will serve the directors, the bank, its customers, and shareholders well. Finally, this proactive step may help the CEO to apologize to the customer for the director’s action.

Stephen M. Klein

Attorney/Banking Department Chair

Graham & Dunn P.C.

Seattle, Washington

“The board of directors at our bank has ‘zero tolerance’ for a director or any employee who does not maintain the bank’s policy on confidentiality.

Our procedure is similar to a court of law, where the defendant is innocent until proven guilty. After compiling evidence and confirming statements that the director was in fact at fault, the group would confront the director and ask him or her to defend the allegation or confess to it. The chairman of the board would ask for the director’s resignation on the basis of inappropriate behavior befitting a member of the board.

Our articles of incorporation allow a director to be removed from office for cause only. In this case, cause is defined as ‘an intentional infliction of harm to the Corporation or its shareholders.’ Because our directors are aware of the bank’s significant financial liability, the chairman of the board would call a special shareholders’ meeting to remove the director if the financial risks outweighed the reputation risks of publicly disclosing the director’s or the bank’s improper action(s).”

Curt Hecker

President and CEO

Panhandle Bancorp

Sandpoint, Idaho

“Why is there even a debate here? It’s bad enough that McCoy has potentially damaged the bank’s hard-earned reputation. But the fact that this clown has just put me, the board, and the bank in jeopardy because he doesn’t know enough to keep sensitive board information confidential, supports not only kicking him off the board, but resurrecting the once-popular punishment of public flogging.

Just imagine that you’re a customer of the bank and you not only find out that your most private financial information is being discussed around town, but ‘Mr. Joe Director’ thinks that your business ethics are questionable and that you might be inclined to renege on repayment of the loan. Even I would consider becoming a lawyer if all the cases were going to be this easy and profitable.

As I take a deep breath to relax, however, I realize that this breach of duty probably does happen at one time or another to many boards across the country. It’s imperative that all directors, like myself, remind their constituents about the liability of breaching their fiduciary responsibilities.”


Name and address withheld

“This long-time director has violated the most important canon of boardroom ethics by discussing board business outside the confines of the boardroom with people that have no need to know. This extreme lapse in judgment is tantamount to an attorney violating a client’s confidentiality or a priest divulging information from the confessional.

There is only one course available to the CEO and the board if they expect to maintain the confidence and loyalty of their customers: to request that the loose-lipped director resign from the board immediately. Should the director refuse to voluntarily resign, then a special stockholders’ meeting should be called to remove and replace the offending director.

The bank’s customers must be reassured immediately that their business and financial information will be handled in a professional and confidential manner and that anyone who violates these standards will not be tolerated. To do otherwise jeopardizes the future of the bank itself. If a bank loses the trust of its customers, it might as well close its doors.

G. Thomas Daugherty


Maryland Bank and Trust Company

Lexington Park, Maryland

[Editor’s note] We welcome your involvement in “Boardroom Perspectives.” Readers interested in suggesting topics or offering comments can contact Bank Director at 2 Maryland Farms, Suite 123, Brentwood, TN, 37027, fax to (615) 371-0899, or email to [email protected].

Join OUr Community

Bank Director’s annual Bank Services Membership Program combines Bank Director’s extensive online library of director training materials, conferences, our quarterly publication, and access to FinXTech Connect.

Become a Member

Our commitment to those leaders who believe a strong board makes a strong bank never wavers.