Bankers’ Duties and Data Privacy Principles: Global Trends, and Asia-Pacific Comparisons
Chapter in Sandra Booysen & Dora Neo (Eds), Can Banks Still Keep a Secret? Bank Secrecy in Financial Centres Around the World, Cambridge, 2017, pp. 31-61
24 Pages Posted: 2 Jun 2017
Date Written: December 30, 2015
An examination of the relationship between the traditional duties of banks to their customers and data privacy laws is of increasing international relevance because of the growing ubiquity of data privacy laws. At the end of the 1980s the Vienna Convention required state parties to criminalise money laundering, and the Financial Action Task Force (FATF) started development of its ’40 recommendations’ including ‘suspicion-based reporting’ to a state authority, exemption of banks from any consequent breaches of bank-customer confidentiality, and similar exemption of international requests for mutual assistance. The enactment by legislatures across the world of those recommendations, and subsequent recommendations concerning measures for reporting of ‘suspicious transactions’, counter-terrorist financing, anti-sanctions avoidance, and anti-corruption, have led to the global retreat of the banker’s traditional duty of confidentiality in an increasingly wide and complex range of circumstances, beyond the acronym ‘AML-CTF’.
However, since the 1970s a somewhat inconsistent development to which banks (among other entities) were subject gradually became ‘globalised’: the development of ‘data privacy’ laws (also called ‘data protection’ and ‘information privacy’ laws), which imposed on banks an overlapping but very different range of obligations from the traditional duties owed by banks to their customers.
This chapter first explains both the contours of the increasingly global phenomenon of data privacy laws, and that these laws have considerable uniformity in their content. The core principles of data privacy laws are then examined, using examples from jurisdictions in the Asia-Pacific, comparing those principles with the duties of bankers. Conclusions are drawn about the extent to which the two differ or are similar, and the overall approach that banks might take to dealing with the diversity of data privacy laws.
Banks everywhere will increasingly have to take into account data privacy laws, in addition to their traditional duties. The breadth of obligations imposed by these laws, while often in parallel with traditional duties, are generally of much broader scope, and will require new accommodations in banking practice, particularly for banks with multinational operations. However, the statutory exceptions to data privacy laws, particularly in relation to law enforcement and revenue protection, will very often apply to banks, and the specific statutory provisions concerning AML-CTF will usually override the requirements of data privacy laws. The standards imposed by data privacy laws, and penalties for their breach, are becoming stronger, and that is likely to continue to occur.
Keywords: privacy, banking, secrecy, Asia
Suggested Citation: Suggested Citation