Banking secrecy: myth or legal reality?

Banking secrecy, the historic pillar of the bank-client relationship, is gradually being eroded. Once virtually absolute, it is now giving way to other imperatives such as tax transparency and the fight against money laundering. Between the protection of personal data and the demands of regulation, where does banking secrecy really stand in 2024?

Legal foundations of banking secrecy

The legal basis for banking secrecy can be found in Article L.511-33 of the French Monetary and Financial Code, which states: ". Any member of a board of directors or, as the case may be, of a supervisory board, and any person who in any capacity participates in the direction or management of a credit institution or who is employed by it, is bound by professional secrecy." 

Violation of this rule is a criminal offence punishable by one year's imprisonment and a €15,000 fine (article L.571-4 of the French Monetary and Financial Code).

The persons subject to this obligation are clearly identified:

• Managers and directors of banking institutions
• Banking staff at all levels
• Members of the Commission Bancaire
• Banque de France agents

This secrecy protects any confidential information entrusted to us by a customer, such as the existence of an account, its balance, the transactions carried out or even his or her status as a customer.

Legal limits to banking secrecy

The law provides for numerous exceptions to banking secrecy.

Article L.511-33 paragraph 2 of the French Monetary and Financial Code specifies that ". professional secrecy may not be invoked against the Commission Bancaire, the Banque de France or the judicial authorities acting in criminal proceedings." 

The main exceptions are :

1. The criminal judicial authorities Banking secrecy does not apply to criminal investigations carried out on the basis of a letter rogatory issued by an examining magistrate or on the instructions of the public prosecutor. On the other hand, police officers acting as part of a simple preliminary investigation are bound by secrecy.
2. The tax authorities Article L.83 of the French Tax Procedures Code allows the tax authorities to obtain bank documents without being bound by professional secrecy.
3. Declaration of suspicion As part of the fight against money laundering, article L.561-1 of the French Monetary and Financial Code requires banks to report suspicious transactions to the public prosecutor.
4. The heirs Case law has established that universal heirs and legatees may access the deceased's banking information (Cass. com. 25 Feb. 2003, no. 00-21.184).

Banking secrecy in litigation

The treatment of banking secrecy differs according to the nature of the procedure.

Before the civil and commercial courts, banking secrecy constitutes a "legitimate reason" or a "legitimate impediment" that justifies the banker's silence (Cass. com. 13 June 1995, no. 93-16.317).

However, this principle has undergone significant developments in case law. In a ruling dated 29 November 2017, the Cour de cassation held that: " The banking secrecy instituted by Article L. 511-33 of the Monetary and Financial Code does not constitute a legitimate impediment within the meaning of Article 145 of the Code of Civil Procedure where the application for disclosure of documents is directed against the credit institution not in its capacity as a confidential third party but as a party to the proceedings. " (Com. 29 Nov. 2017, no. 16-22.060).

This case law confirms that the bank involved in a dispute cannot hide behind banking secrecy to refuse to produce documents.

As part of insolvency proceedings, the official receiver may obtain financial information from banks about a company in difficulty, notwithstanding banking secrecy (article L.623-2 of the French Commercial Code).

A landmark decision by the CJEU on 16 July 2015 (Case C-580/13) established that banking secrecy could not be invoked "unlimitedly and unconditionally" to refuse to provide information about an account holder in the context of the protection of intellectual property rights.

Banking secrecy in the digital age: new challenges

The digitalisation of banking services is overturning the traditional concept of banking secrecy.

The aggregation of accounts, the proliferation of service providers (payment institutions, fintechs) and the sharing of banking data mean that we need to rethink the very notion of confidentiality.

The European Payment Services Directive (PSD2) has created a framework that allows customers to authorise access to their banking data by third parties, directly calling into question the scope of banking secrecy.

The risk of cyber-attacks adds an extra dimension. According to the French Supreme Court, the bank must prove that it has taken appropriate measures to preserve the confidentiality of information covered by banking secrecy.

The European Data Protection Regulation (RGPD) has added a new layer of complexity to the landscape by adding another layer of obligations for banking institutions.

So what happens to banking secrecy when your bank shares your data with a "business partner"? There is a fine line between informed consent and breach of confidentiality.

The current legal arsenal shows that the cursor has shifted from absolute secrecy to conditional protection of financial data.

Sources

• Monetary and Financial Code, articles L.511-33, L.511-34, L.571-4
• Court of Cassation, Commercial Division, 25 February 2003, No. 00-21.184
• Court of Cassation, Commercial Chamber, 29 November 2017, no. 16-22.060
• CJEU, 16 July 2015, Case C-580/13, Coty Germany
• French Commercial Code, article L.623-2
• Book of tax procedures, article L.83
• Regulation (EU) 2016/679 (RGPD)
• Directive (EU) 2015/2366 on payment services (PSD2)
• LASSERRE CAPDEVILLE J., "Le secret bancaire en 2009: un principe en voie de disparition?", AJ pénal 2009, Étude 165