The Federal Deposit Insurance Corporation, the Board of Governors of the Federal Reserve System and the Office of the Comptroller of the Currency issued a joint statement setting out a coordinated approach for handling highly sensitive information during bank examinations. The statement does not create new expectations, but aligns supervisory practices across the agencies on how such information should be identified, reviewed and protected. The approach covers data with heightened disclosure risk, including technology and network diagrams, detailed penetration test results, technical details of specific information technology control weaknesses and succession planning materials. Banks are expected to identify requested information they believe is highly sensitive and raise it with examiners or their primary agency contact, after which the agencies may use alternatives such as on-site review, direct digital review from bank systems, or redacted or summarized documents to reduce agency collection and storage. Examiners may still decide, with supervisory approval, that the information is needed for the supervisory record, although redacted or summary versions may be accepted where legal requirements permit. The agencies also committed to notify affected banks of a potential or confirmed material compromise of confidential supervisory information as soon as practicable and no later than 72 hours after the impacted agency has a reasonable basis to believe a compromise occurred and has determined which banks are affected, subject to applicable legal considerations. Implementation will include written guidance and training for examiners. At the start of examination activities, examiners will tell supervised banks that management may identify information it considers highly sensitive and will explain escalation processes for concerns about how that information is classified and handled.