The Federal Reserve Board has ordered Goldman Sachs Group to pay a $36.3 million civil money penalty for the unauthorized use and disclosure of confidential supervisory information.

Confidential supervisory information includes reports of bank examinations and other confidential reports prepared by banking regulators.  It is illegal to use or disclose confidential supervisory information without prior approval of the appropriate banking regulator.

In levying the fine on Goldman Sachs, the Fed found that the firm's personnel improperly used confidential supervisory information it had provided in presentations to its clients and prospective clients in an effort to solicit business for the firm. It charges that from at least 2012, the firm did not have sufficient policies, procedures, or adequate employee training in place to ensure compliance with current laws prohibiting the unauthorized use or disclosure of confidential supervisory information. The order requires Goldman Sachs to put in place an enhanced program to ensure compliance with Board regulations concerning the receipt, use, and dissemination of confidential supervisory information.

“The Board expects all firms, including Goldman Sachs, to comply with all U.S. laws, rules, and regulations,” a statement from the board says. “The board of directors of Goldman Sachs must ensure that its senior management implements an effective compliance risk management framework and that potential compliance risk failures are appropriately brought to the attention of senior managers and addressed immediately. The Board will actively monitor Goldman Sachs' effectiveness in doing so.”

Additionally, the Board announced that it is instituting enforcement proceedings against Joseph Jiampietro, a former managing director at Goldman Sachs, seeking to impose a fine and permanently bar him from the banking industry stemming from his and his subordinates' unauthorized use and disclosure of confidential supervisory information.

The order prohibits Goldman Sachs from re-employing individuals involved in the improper disclosure of confidential supervisory information or retaining them as consultants or contractors. In November 2015, the Board permanently barred a former Goldman Sachs employee from the banking industry following his guilty plea for the theft of confidential supervisory information.

The order requires that within 30 days the board of directors of the firm must appoint a committee comprised of members of senior management to monitor and coordinate compliance. This committee should meet quarterly, keep detailed minutes of each meeting, and submit, on an annual basis, progress reports.

Within 90 days, the firm must submit to the Board of Governors an acceptable written plan and timeline for enhancing the effectiveness of internal controls and compliance functions regarding the identification, monitoring, and control of confidential supervisory information. This plan will be reviewed for effectiveness by the firm’s internal audit function and, at a minimum, address, consider, and include: enhanced policies governing the identification, receipt and use of confidential supervisory information; and controls necessary to ensure the proper identification and management of confidential supervisory information. The plan will also include measures to ensure management’s effective oversight of Goldman Sachs personnel’s compliance with policies, procedures, and internal controls, including monitoring of employee emails on internal email systems.

Within 90 days, a written plan and timeline for the training of all appropriate Goldman Sachs personnel regarding the restrictions, controls and legal requirements governing the use of confidential supervisory information is also required. At minimum, it should include a requirement that training be conducted and documented at least annually. It should include procedures to escalate to appropriate firm personnel if the unauthorized use of confidential supervisory information is identified.

Within 90 days, Goldman Sachs must certify to the Board of Governors that all documents containing confidential supervisory information have been de-referenced from the Firm’s internal systems and rendered inaccessible by personnel.