31.217—Confidentiality of information.
(a)
Nonpublic information
defined. Any information that Treasury
provides to a retained entity under an
arrangement, or that the retained entity obtains
or develops pursuant to the arrangement, shall be
deemed nonpublic until the Treasury determines
otherwise in writing, or the information becomes
part of the body of public information from a
source other than the retained entity.
(1)
Disclose nonpublic information to anyone
except as required to perform the retained
entity's obligations pursuant to the arrangement,
or pursuant to a lawful court order or valid
subpoena after giving prior notice to
Treasury.
(2)
Use or allow the use of any nonpublic
information to further any private interest other
than as contemplated by the arrangement.
(c)
Retained entity's
responsibility. A retained entity shall take
appropriate measures to ensure the confidentiality
of nonpublic information and to prevent its
inappropriate use. The retained entity shall
document these measures in sufficient detail to
demonstrate compliance, and shall maintain this
documentation for three years after the
arrangement has terminated. The retained entity
shall notify the TARP Chief Compliance Officer in
writing within five business days of detecting a
violation of the prohibitions in paragraph (b),
above. The security measures required by this
paragraph shall include:
(1)
Security measures to prevent unauthorized
access to facilities and storage containers where
nonpublic information is stored.
(2)
Security measures to detect and prevent
unauthorized access to computer equipment and data
storage devices that store or transmit nonpublic
information.
(3)
Periodic training to ensure that persons
receiving nonpublic information know their
obligation to maintain its confidentiality and to
use it only for purposes contemplated by the
arrangement.
(4)
Programs to ensure compliance with federal
securities laws, including laws relating to
insider trading, when the arrangement relates to
the acquisition, valuation, management, or
disposition of troubled assets.
(5)
A certification from each management
official performing work under the arrangement and
each key individual stating that he or she will
comply with the requirements in section 31.217(b).
The retained entity shall obtain this
certification, in the form of a nondisclosure
agreement, before a management official or key
individual performs work under the arrangement,
and then annually thereafter.