How to Respond to an FDIC Subpoena During a Bank Investigation in Texas: Key Deadlines and Common Mistakes

How to Respond to an FDIC Subpoena During a Bank Investigation in Texas: Key Deadlines and Common Mistakes

FDIC subpoena response deadlines can be as short as 10–14 days from service, and missing them can trigger enforcement in federal court. In Texas, these subpoenas commonly arise during examinations or investigations of banks, institution-affiliated parties, and third-party vendors. This article explains key deadlines, what to preserve and produce, how FDIC subpoena enforcement works in Texas, and the most common (and costly) response mistakes.

What an FDIC Subpoena Is—and Why It Arrives So Fast

An FDIC subpoena is an administrative subpoena issued under federal banking law to obtain testimony, documents, and other information relevant to an FDIC examination, investigation, or enforcement inquiry. Unlike ordinary civil discovery, an FDIC subpoena is issued by a federal regulator and may be enforced through a federal court order if the recipient does not comply.

In Texas, recipients often include:

State or federally chartered banks and their holding-company affiliates doing business in Texas
“Institution-affiliated parties” (IAPs), such as directors, officers, employees, consultants, and certain contractors
Third parties—core processors, fintech partners, loan brokers, appraisal firms, title companies, auditors, and custodians
Individuals who had signatory authority, underwriting authority, or compliance responsibilities

Speed matters because FDIC subpoenas frequently set short production and testimony dates, and the agency’s next step is often subpoena enforcement in federal court—where judges tend to move quickly when the regulator shows relevance and procedural regularity.

Immediate Triage: 48-Hour Checklist After Service

The first two days after service are when most response errors are made. A disciplined triage helps preserve options for narrowing scope, asserting privilege, and negotiating deadlines.

1) Identify the “return date” and what is demanded

FDIC subpoenas typically require one or more of the following by a specified date: (a) production of documents/ESI, (b) written responses, and/or (c) appearance for investigative testimony (often under oath). Calendar every deadline, including internal milestones for collection and privilege review.

2) Determine who the client is—and who is not

If you represent a bank, an executive, or a vendor, conflict checks and clear engagement boundaries are critical. Joint defense arrangements can be useful, but they require careful planning to avoid privilege waiver or conflicts among the institution and individuals.

3) Issue a litigation/regulatory hold immediately

Implement a written hold that suspends auto-delete policies (email, chat platforms, cloud drives, mobile device backups, and ephemeral messaging). In bank investigations, regulators often scrutinize retention practices; avoid creating an appearance of spoliation.

4) Preserve data sources regulators commonly expect

Common FDIC subpoena targets include loan origination systems, underwriting notes, credit memos, exception logs, BSA/AML alerts, SAR support files (with special confidentiality rules), call reports support, board/committee materials, vendor oversight files, audit workpapers (where obtainable), and complaint/whistleblower records.

Key Deadlines in FDIC Subpoena Responses (Texas Recipients)

There is no single universal deadline for every FDIC subpoena; the subpoena itself controls the initial return date. That said, recipients frequently see production windows of roughly 10–14 days for targeted requests and 21–30 days for broader productions, especially when testimony is also demanded.

Document production deadlines

Most subpoenas set a “return date” for documents. If compliance is not feasible, counsel should request an extension promptly and in writing, proposing (1) a revised date, (2) a rolling production schedule, and (3) prioritized categories. Waiting until the eve of the deadline is a common mistake that undermines credibility and can precipitate enforcement.

Testimony dates

Investigative testimony may be set soon after service. If the date conflicts with counsel availability or preparation needs, seek a continuance early and offer alternative dates. Preparation includes understanding the investigation’s focus, building a timeline, identifying custodians, and addressing potential Fifth Amendment concerns for individuals.

Privilege logs and clawback planning

Even if the subpoena does not explicitly mention privilege logs, a robust privilege process is essential. Establish the format of any privilege log early and propose a clawback agreement or process to address inadvertent production of privileged material, especially with large ESI collections.

How FDIC Subpoena Enforcement Works in Texas Federal Courts

If the FDIC believes a recipient has not complied, it may seek enforcement in federal district court. In Texas, that generally means the U.S. District Court where the recipient resides, is found, or conducts business, or where compliance is required. Enforcement proceedings tend to be streamlined compared to typical civil litigation.

What the FDIC must show

While details vary by case, courts typically look at whether:

The subpoena was issued for a lawful purpose within the agency’s authority
The information sought is reasonably relevant to that purpose
The demand is sufficiently specific and not unduly burdensome
Required administrative steps were followed

Common defenses and limitations

Successful challenges usually focus on scope and burden rather than attempting to litigate the merits of any underlying banking issues. Depending on facts, counsel may argue overbreadth, undue burden, lack of reasonable relevance, privilege, or constitutional protections for individuals. Courts often narrow requests, set protective conditions, or order staged production—especially where recipients propose practical alternatives rather than refusing outright.

Special Texas Considerations: Banks, Vendors, and Multi-Regulator Investigations

Texas matters often involve overlapping oversight from federal and state regulators, including the Texas Department of Banking, the Federal Reserve, or the OCC (depending on charter and structure). That overlap can create sequencing problems: a response crafted for one regulator may increase exposure with another if it contains inconsistent narratives, incomplete timelines, or careless admissions.

For fintech and vendor recipients operating in Texas, FDIC subpoenas frequently emphasize:

Third-party risk management files (due diligence, SOC reports, audit rights, SLAs)
Transaction monitoring and fraud controls
Marketing and lead-generation practices for loans or deposit products
Complaint handling and escalation to the bank partner

Responding Correctly: A Practical, Defensible Production Plan

A strong response is organized, traceable, and designed to reduce misunderstandings. It also anticipates how the FDIC will read your production: as a narrative about governance, controls, and credibility.

Step 1: Clarify scope through prompt outreach

Contact the FDIC staff member or counsel listed on the subpoena. Ask what the investigation is about, which requests matter most, and whether the agency will accept narrowing parameters (timeframes, product lines, account types, specific geographies, or custodian-based searches). Confirm all agreements in writing.

Step 2: Build a custodian and systems map

Create an inventory of likely custodians (executives, underwriters, compliance, audit, vendor management) and data systems (email, Teams/Slack, shared drives, LOS, CRM, core banking, GRC tools). A systems map helps prevent “silent gaps,” such as failing to search a legacy shared drive or a former employee’s mailbox.

Step 3: Collect and review with auditability

Use forensically sound collection methods for key custodians where stakes are high. Track chain-of-custody, date ranges, search terms, and exclusion criteria. If you later need to explain your process to the FDIC—or a court—this documentation is invaluable.

Step 4: Produce in a regulator-friendly format

Agree on formats (native files vs. PDF/TIFF, load files, metadata fields). For spreadsheets and databases, regulators often prefer native format to preserve formulas and filters. Ensure Bates labeling (if applicable) and a clear index describing what is produced and what is withheld.

Privilege, Confidentiality, and Sensitive Banking Materials

Privilege is frequently mishandled in FDIC subpoena responses, especially when business and legal advice are mixed in the same communications.

Attorney-client privilege and work product

Segregate legal advice from business communications where possible. Implement a privilege review protocol and define what will be logged. If you represent an institution, be precise about who the “client” is for privilege purposes and who was included on privileged communications.

SAR-related confidentiality (BSA/AML)

Suspicious Activity Reports and information that would reveal whether a SAR was filed are subject to strict confidentiality rules. Subpoena requests touching BSA/AML must be handled carefully to avoid unlawful disclosure. Work with counsel to determine how to respond, what can be produced, and how to describe withheld materials without revealing SAR status.

Customer data and privacy

FDIC investigations often involve customer loan files, deposit records, and complaint materials. Apply redactions and protective handling where appropriate, and consider whether a protective order or confidentiality designation is needed—especially when producing personally identifiable information at scale.

Common Mistakes That Trigger Escalation (and How to Avoid Them)

Mistake #1: Treating it like a “regular subpoena” and responding casually

Administrative subpoenas from regulators carry different risk. A casual response—missing categories, unorganized files, or inconsistent explanations—can cause the FDIC to broaden requests or pursue testimony. Use a structured production plan and counsel-led communications.

Mistake #2: Delaying the extension request

Silence is interpreted as noncompliance. If the deadline is unrealistic, ask early with a concrete alternative: “We can produce Categories 1–4 by X date and Categories 5–9 on a rolling basis weekly thereafter.”

Mistake #3: Incomplete holds and accidental deletion

Auto-delete settings and device churn (employee departures, phone upgrades) are frequent spoliation traps. Include IT in hold implementation and confirm preservation of cloud data, chat, and mobile backups.

Mistake #4:

Scroll to Top