¶1 Before us on discretionary review is an order requiring a bank to produce documents containing information about how the bank conducts internal monitoring and investigations to detect fraud and money laundering. Because such information is privileged from discovery under federal law, we conclude the trial court abused its discretion by ordering discovery and we remand for entry of a protective order.
¶2 Jose Nino de Guzman is a former U.S. Bank employee. In 2006, he left the bank to engage in real estate development in Peru through his investment company, NDG Investment Group LLC. Plaintiffs John and Kristine Norton invested $11 million. Some of the money they invested was deposited in accounts held by Nino de Guzman and his company at U.S. Bank.
¶3 In 2009, the Nortons discovered that Nino de Guzman had been running a Ponzi scheme and their money was gone. The Nortons brought suit against Nino de Guzman and NDG Investment to recover their losses. Neither Nino de Guzman nor NDG Investment is defending the action.
¶4 The Nortons added U.S. Bank as a defendant. Against the bank, the Nortons alleged that when Nino de Guzman left the Bank’s employ, he enlisted other employees and paid them bonuses and commissions to help him solicit investors; that the bank did not properly investigate or supervise its employees who were simultaneously working both for the bank and for Nino de Guzman; that money held by the bank in trust or fiduciary accounts was diverted into personal accounts of Nino de Guzman; and that in the summer of 2008, the bank initiated a money laundering investigation concerning Nino de Guzman and became aware of the possibility that he was engaging in criminal activity but took no action and continued to profit from his accounts. The Nortons’ complaint charged the bank with breach of fiduciary duty; securities violations; aiding and abetting fraud; conversion; unjust enrichment; consumer protection violations; and negligent hiring, retention, and supervision.
*453¶5 In response to discovery requests by the Nortons, U.S. Bank produced account statements and account opening documents for accounts belonging to Nino de Guzman and his company, copies of checks, and documentation of international wire transfers. According to the Nortons, these documents showed that Nino de Guzman opened over 30 accounts at U.S. Bank, through which he circulated investor money to Peru and then back to his accounts. Some of his checks were written to U.S. Bank employees. His accounts showed repeated overdrafts.
¶6 The Nortons believed that Nino de Guzman’s transactions aroused suspicion and caused the bank to monitor his accounts and the accounts of the employees. They made discovery requests for, generally, all documents generated by the bank in internal investigations relating to Nino de Guzman’s accounts. For example, an interrogatory asked the Bank to describe “any due diligence, investigation and/or inquiry conducted by or on behalf of U.S. Bank regarding the background and/or conduct of Nino de Guzman and/or his Affiliated Entities.” Another interrogatory asked for the reason any such investigation was initiated and asked the Bank to describe any action taken in response to such investigation. As well, the Nortons asked for disclosure of the bank’s methods and policies for monitoring suspicious activity and detecting money laundering.
¶7 The bank moved for a protective order on the ground that disclosure of material responsive to these requests was prohibited by the Bank Secrecy Act, 31 U.S.C. § 5318(g). The bank asked the trial court to
enter an order barring discovery of documents and information concerning (a) any alleged suspicious activity monitoring, investigation, or reporting conducted by U.S. Bank related to accounts held by Nino de Guzman or NDG at U.S. Bank, including but not limited to any documents or information that would reveal the existence or non-existence of any such investigation; and (b) the methods, policies and procedures U.S. *454Bank employs generally to monitor and detect for suspicious activity ....
The trial court denied the bank’s motion for a protective order and ordered the bank to respond fully.1 This order is before us on the bank’s motion for discretionary review.
¶8 The issue involves interpretation of a statutory privilege. Our review is de novo. Jane Doe v. Corp. of President of Church of Jesus Christ of Latter-Day Saints, 122 Wn. App. 556, 563, 90 P.3d 1147 (2004), review denied, 153 Wn.2d 1025 (2005).
¶9 Congress enacted the Bank Secrecy Act in 1970 to require national banks to assist the government in monitoring for financial crimes. In 1992, Congress gave the Comptroller of the Currency the power to require financial institutions to report suspicious transactions to the federal government. 31 U.S.C. § 5318(g)(1); Union Bank of Cal. v. Superior Court, 130 Cal. App. 4th 378, 389, 29 Cal. Rptr. 3d 894 (2005). The statute also provides that banks may not notify persons involved in the suspicious transaction that the transaction has been reported. 31 U.S.C. § 5318(g)(2)(A).
¶10 Under the comptroller’s regulations, each bank is required to “develop and provide for the continued administration of a program reasonably designed to assure and monitor compliance with the recordkeeping and reporting requirements” of the act. 12 C.F.R. § 21.21(b). When a bank detects a known or suspected violation of federal law or a suspicious transaction related to money laundering, the bank must file a “Suspicious Activity Report” (also known as SAR) to an officer or agency designated by the secretary of the treasury, using a form prescribed by the comptroller. 31 U.S.C. § 5318(g)(1), (4); 12 C.F.R. § 21.11(a), (b), (c). Specifically, banks must file a report when they suspect (1) a bank insider is involved, (2) violations aggregating $5,000 *455or more where a suspect can be identified, (3) violations aggregating $25,000 or more regardless of potential suspect, or (4) violations aggregating $5,000 or more involving potential money laundering or violations of the Banking Secrecy Act. 12 C.F.R. §§ 21.11(c)(l)-(4).
¶11 As provided by regulation, Suspicious Activity Reports are confidential. Banks are prohibited from responding to a discovery request for a Suspicious Activity Report or any information that would reveal the existence of a Suspicious Activity Report.
(k) Confidentiality ofSAJRs. A SAR, and any information that would reveal the existence of a SAR, are confidential, and shall not be disclosed except as authorized in this paragraph (k).
(l) Prohibition on disclosure by national banks — (i) General rule. No national bank, and no director, officer, employee, or agent of a national bank, shall disclose a SAR or any information that would reveal the existence of a SAR. Any national bank, and any director, officer, employee, or agent of any national bank that is subpoenaed or otherwise requested to disclose a SAR, or any information that would reveal the existence of a SAR, shall decline to produce the SAR or such information, citing this section and 31 U.S.C. 5318(g)(2)(A)(i), and shall notify the following of any such request and the response thereto:
(A) Director, Litigation Division, Office of the Comptroller of the Currency; and
(B) The Financial Crimes Enforcement Network (FinCEN).
12 C.F.R. § 21.11. The prohibition constitutes an “unqualified discovery and evidentiary privilege” that cannot be waived. Whitney Nat’l Bank v. Karam, 306 F Supp. 2d 678, 682 (S.D. Tex. 2004). As stated in the regulation, the privilege extends beyond the report itself to any information that would reveal whether such a report exists.
¶12 The comptroller has declared compelling policy reasons for maintaining the confidentiality of information that would reveal the existence of a Suspicious Activity Report:
*456For example, the disclosure of a SAR could result in notification to persons involved in the transaction that is being reported and compromise any investigations being conducted in connection with the SAR. In addition, the [Office of the Comptroller of the Currency] believes that even the occasional disclosure of a SAR could chill the willingness of a national bank to file SARs and to provide the degree of detail and completeness in describing suspicious activity in SARs that will be of use to law enforcement. If banks believe that a SAR can be used for purposes unrelated to the law enforcement and regulatory purposes of the [Bank Secrecy Act], the disclosure of such information could adversely affect the timely, appropriate, and candid reporting of suspicious transactions. Banks also may be reluctant to report suspicious transactions, or may delay making such reports, for fear that the disclosure of a SAR will interfere with the bank’s relationship with its customer. Further, a SAR may provide insight into how a bank uncovers potential criminal conduct that can be used by others to circumvent detection. The disclosure of a SAR also could compromise personally identifiable information or commercially sensitive information or damage the reputation of individuals or companies that may be named. Finally, the disclosure of a SAR for uses unrelated to the law enforcement and regulatory purposes for which SARs are intended increases the risk that bank employees or others who are involved in the preparation or filing of a SAR could become targets for retaliation by persons whose criminal conduct has been reported.
Confidentiality of Suspicious Activity Reports, 75 Fed. Reg. 75,576, 75,578 (Dec. 3, 2010). As one court has stated, permitting the release of a Suspicious Activity Report through civil discovery jeopardizes the law enforcement interests the act was intended to promote. “Release of an SAR could compromise an ongoing law enforcement investigation, tip off a criminal wishing to evade detection, or reveal the methods by which banks are able to detect suspicious activity. Furthermore, [a] bank[ ] may be reluctant to prepare an SAR if it believes that its cooperation may cause its customers to retaliate. Moreover, the disclosure of an SAR may harm the privacy interests of innocent *457people whose names may be contained therein.” Cotton v. PrivateBank & Trust Co., 235 F. Supp. 2d 809, 815 (N.D. Ill. 2002).
¶13 Conscious of the policy concerns that justify the privilege, courts have refused to limit its coverage to documents that explicitly refer to Suspicious Activity Reports. The comptroller has specifically recognized Cotton, Whitney, and Union Bank as cases that carry out the policy of the law — “namely, the creation of an environment that encourages a national bank to report suspicious activity without fear of reprisal.” Confidentiality of Suspicious Activity Reports, 75 Fed. Reg. at 75,579 & n.23.
¶14 In Cotton, questions arose about how a bank handled securities that were supposed to be held in trust to fund periodic payments under a structured settlement agreement. The securities were liquidated, and the funds were diverted out of the trust. The bank became a defendant in a lawsuit in federal court. Discovery requests were made to the bank for documentation of any internal investigations of the account, including a request for all Suspicious Activity Reports filed by the bank and for all documents relating to “any inquiry or investigation or review” conducted by the bank concerning accounts of the parties involved. Cotton, 235 F. Supp. 2d at 811.
¶15 Like here, the bank resisted discovery based on the Bank Secrecy Act and the issue came before the court on a motion to compel. The court denied the motion, noting first that Suspicious Activity Reports are absolutely privileged. Cotton, 235 F. Supp. 2d at 814-15. The court next observed that under the regulations, a bank is required to maintain files of Suspicious Activity Reports and “ ‘any supporting documentation’ ” for five years. Cotton, 235 F. Supp. 2d at 815, quoting 12 C.F.R. § 103(18)(d). The court divided “supporting documentation” into two categories. In the first category are factual documents which give rise to suspicious activity. These items include “transactional and account documents such as wire transfers, statements, checks, and *458deposit slips.” Union Bank, 130 Cal. App. 4th at 391, citing Cotton, 235 F. Supp. 2d at 814. These documents are to be produced in discovery “because they are business records made in the ordinary course of business.” Cotton, 235 F. Supp. 2d at 815. In the second category are documents that are not to be produced in discovery “because they would disclose whether a SAR, has been prepared or filed.” Cotton, 235 F. Supp. 2d at 815. This second category includes drafts of Suspicious Activity Reports or “other work product or privileged communications that relate to the SAR itself.” Cotton, 235 F. Supp. 2d at 815. The documents at issue in Cotton were in the second category and therefore were held not discoverable.
¶16 In Whitney, law enforcement officials suspected the plaintiffs were involved in illegal lending activities. The plaintiffs sued Whitney National Bank for defamation on the theory that the bank had falsely accused them of illegal activity in its communications to the government. They made a discovery request for communications between the bank and government agencies relating to their activities. The bank resisted, and the issue came before the court on the bank’s motion for a protective order. The plaintiffs acknowledged that they were not entitled to receive copies of Suspicious Activity Reports or any information that would reveal the existence of such a report, but they argued that other communications between the bank and enforcement agencies were outside the scope of the privilege. The court rejected the argument and granted the bank’s motion, finding that “the line defendants seek to draw is not one the cases recognize.” Whitney, 306 F. Supp. 2d at 682. The court held that the privilege protects “a broader range of communications from production.” Whitney, 306 F. Supp. 2d at 682. Communications to government agencies or officials about suspected violations of the law are protected even if they do not culminate in the filing of a Suspicious Activity Report:
The Whitney Bank Parties are protected from the production of communications they made to governmental agencies or offi*459cials reporting possible or suspected violations of laws or regulations by the defendants, or pertaining to such reports. Such communications may consist of a SAR itself; communications pertaining to a SAR or its contents; communications preceding the filing of a SAR and preparatory or preliminary to it; communications that follow the filing of a SAR and are explanations or follow-up discussions; or oral communications or suspected or possible violations that did not culminate in the filing of a SAR. The Whitney Bank Parties must produce documents produced in the ordinary course of business pertaining to the defendants’ banking activities, transactions, and accounts, but may not produce documents or information that could reveal whether a SAR or other report of suspected or possible violations has been prepared or filed or what it might contain, or the discussions leading up to or following the preparation or filing of a SAR or other form of report of suspected or possible violations.
Whitney, 306 F. Supp. 2d at 682-83.
¶17 In Union Bank, the plaintiffs were investors who alleged they were defrauded in a Ponzi scheme. They sued the bank that opened and operated the trust accounts that were allegedly looted, making claims similar to the Nortons’. The plaintiffs first attempted, unsuccessfully, to obtain any Suspicious Activity Reports the bank had filed with the government. In the course of discovery, the plaintiffs discovered that the bank had its own internal procedures to identify, register, and describe what might constitute suspicious activity. In particular, the bank had its own “Form 00244” for internal communications about suspicious activity. Union Bank, 130 Cal. App. 4th at 386. The plaintiffs made a discovery request for every Form 244 related to the accounts at issue. The bank resisted, and the issue came before the trial court on the plaintiffs’ motion to compel. The trial court granted the motion, reasoning that a routine bank form used by the bank for internal purposes would not necessarily reveal that a Suspicious Activity Report had been prepared or filed.
*460¶18 The California Court of Appeals granted discretionary review and directed the trial court to vacate its order. Looking at the substance of Form 244, the court concluded that it was part of the process the bank used to comply with the comptroller’s regulations that require reporting suspicious activity. Union Bank, 130 Cal. App. 4th at 394-95. “Unlike transactional documents, which are evidence of suspicious conduct, draft SAR’s and other internal memoranda or forms that are part of the process of filing SAR’s are created to report suspicious conduct.” Union Bank, 130 Cal. App. 4th at 391. “A bank’s internal procedures may include the development and use of preliminary reports subject to various quality control checks before the bank prepares the final SAR that will be filed. Revealing these preliminary reports, the equivalent of draft SAR’s, would disclose whether a SAR had been prepared.” Union Bank, 130 Cal. App. 4th at 392.
¶19 The Union Bank court was mindful of the general rule that “evidentiary privileges should be narrowly construed because they prevent otherwise admissible and relevant evidence from coming to light.” Union Bank, 130 Cal. App. 4th at 392. Accordingly, the court observed that a bank “may not cloak its internal reports and memoranda with a veil of confidentiality simply by claiming they concern suspicious activity or concern a transaction that resulted in the filing of a SAR.” Union Bank, 130 Cal. App. 4th at 392. The Nortons cite this language as authority for their argument that the privilege does not cover internal investigations and monitoring. What they overlook is that the Union Bank court proceeded to hold that the privilege does cover the bank’s internal reports of its investigations of suspicious activity, even if the internal reports are not communicated to federal authorities. Union Bank, 130 Cal. App. 4th at 392.
¶20 The comptroller states that the Bank Secrecy Act privilege reaches “to material prepared by the national bank as part of its process to detect and report suspicious *461activity.” Confidentiality of Suspicious Activity Reports, 75 Fed. Reg. at 75,579. The cases discussed above support the comptroller’s interpretation. The privilege is not limited to documents that contain an explicit reference to a Suspicious Activity Report. It covers documents related to a bank’s internal inquiry or review of accounts at issue (see Cotton, 235 F. Supp. 2d at 811), communications between a bank and law enforcement agencies relating to transactions conducted by the person suspected of criminal activity (see Whitney, 306 F. Supp. 2d at 682-83), and internal forms used in a bank’s process for detecting suspicious activity that must be reported (see Union Bank, 130 Cal. App. 4th at 395).
¶21 Against this background, the Nortons seek disclosure of documents relating to internal monitoring and investigations conducted by the bank to detect fraud and money laundering. They have requested the names of bank employees who were in charge of or involved in any internal investigation into the transactions involving Nino de Guzman and his company. They want the bank to divulge the details of the system of alerts it uses to track its customers’ banking activities. They contend that conflict with the regulations under the Bank Secrecy Act can be avoided by redacting from the documents any explicit reference to a Suspicious Activity Report.
¶22 The Bank Secrecy Act privilege cannot be enforced merely by redacting explicit references to the existence of a Suspicious Activity Report. Requiring U.S. Bank to disclose information about internal investigations or monitoring of the Nino de Guzman accounts in particular, or internal methods of tracking unusual patterns in banking activity in general, would reveal the existence of a Suspicious Activity Report and would undermine public policy. Just as disclosure of a Suspicious Activity Report “may provide insight into how a bank uncovers potential criminal conduct that can be used by others to circumvent detection,” Confidentiality of Suspicious Activity Reports, 75 Fed. Register *46275576-01, at 75578 (Dec. 3, 2010), so too will disclosure of what kinds of transactions trigger internal “red flag” alerts. Revealing the names of bank personnel involved in internal investigations potentially makes them targets for retaliation by persons whose criminal conduct has been reported.
¶23 The banks are required by statute to establish internal policies, procedures, and controls to detect and report money laundering. 31 U.S.C. § 5318(h); Union Bank, 130 Cal. App. 4th at 392. Any internal system a bank has established for detecting and investigating money laundering will, however it is labeled, be intertwined with the bank’s obligation to report suspicious activity to the government. Discovery into these matters will produce documents suggesting that a Suspicious Activity Report has been or might be under consideration or has already been filed. In Whitney, the court barred discovery of “discussions leading up to or following the preparation or filing of a SAR or other form of report of suspected or possible violations.” Whitney, 306 F. Supp. 2d at 683. Similarly here, and for the same reasons, we hold that U.S. Bank may not be ordered to describe or disclose its internal investigations, either generally or those specifically related to this case.
¶24 As discussed above, Cotton held that factual documents that support the filing of a Suspicious Activity Report are discoverable “because they are business records made in the ordinary course of business.” Cotton, 235 F. Supp. 2d at 815. The Nortons argue a bank’s reporting of suspicious activity should be discoverable to the extent it is done in the ordinary course of business. This is an unpersuasive attempt to escape the line drawn in Cotton. Internal reports and methods used to investigate suspicious activity are precisely the type of documentation Cotton indicated was within the second, undiscoverable type of supporting documentation.
¶25 The Nortons suggest that at a minimum, U.S. Bank should be required to submit documents concerning internal investigations for in camera inspection by a judge who *463would then determine whether the documents are privileged. But there is no reason to believe that the bank is withholding discoverable documents. The bank has produced ordinary business records, including wire transfers, statements, checks, and deposit slips. The bank has produced account opening statements displaying the names of the employees who were involved in opening the accounts. The bank has also produced some sections of its operating procedures manuals and employee training materials. The only type of information the bank has refused to produce that the Nortons claim is outside the privilege is information about the bank’s internal investigations and monitoring of suspicious activity. Under the Bank Secrecy Act, that information is privileged. We conclude the Nortons have not articulated a basis for requiring in camera review.
¶26 U.S. Bank moved to strike the Nortons’ brief of respondent under RAP 10.7 because it includes various extraneous, irrelevant, and unauthenticated materials from the Internet and from unrelated trial court proceedings that are outside of the record under review. We have not considered the materials that the Nortons improperly included in their brief, and we therefore need not address the motion to strike. The bank’s motion for attorney fees and sanctions under RAP 10.7 is denied.
¶27 Reversed and remanded for entry of a protective order as requested by the bank.
Dwyer and Lau, JJ., concur.Review denied at 180 Wn.2d 1023 (2014).
The trial court denied U.S. Bank’s request for oral argument. Given the complexity and sensitivity of the privilege issue, this is a case where oral argument likely would have been helpful.