Client Confidentiality
Client confidentiality is the principle that an institution or individual should not reveal client information received in connection with their position to a third party without the consent of the client or a clear legal reason. This article focuses on the obligation of banks relating to client and bank confidentiality regulated under Banking Law no. 5411 ("Law"), the boundaries thereof and the exceptions in other legislation to this obligation. For this purpose, (i) the context of confidential information, (ii) the definition of other related terms, (iii) the context of authorization by law, and (iv) a non-exhaustive list of laws expressly authorizing various authorities shall be examined.
Context of Confidential Information
Article 73, Clause 3 of the Law stipulates that banks' partners, board members, employees, representatives and officials as well as the institutions to which banks outsource services and the employees of such institutions are not allowed to disclose secrets of the banks or their clients that enter into their possession due to their capacities and positions to persons other than the authorities explicitly authorized by law.
According to this clause, the aforementioned persons are forbidden from sharing confidential information relating to any bank or client with third parties. The same clause, however, states that the confidential information relating to banks and clients may be shared under certain conditions with the authorities expressly authorized by law.
If such information is shared with third parties outside the purview of the law, the bank and the relevant employees shall be subject to criminal sanctions according to Article 159 of the Law and Article 239 of Turkish Criminal Code no. 5237 ("TCC"). People not abiding with this obligation shall be sentenced to imprisonment from one (1) year to three (3) years and a judicial fine from 1,000 days up to 2,000 days (judicial fines determine the amount to be paid by the perpetrator each day based on income and other socioeconomic factors). The violation of this obligation also has consequences within private law, such as tort liability and termination of the contract with just cause in favor of the other party.
Related Terms
Under the Law, banks are divided into three groups in accordance with the operations they perform; (i) deposit banks, (ii) participation banks operating in accordance with Islamic principles and (iii) development and investment banks that provide banking services (especially loans to commercial parties) without accepting deposits.
Although client is not defined under the provisions of the Law, it is inferred from Article 76 of the Law, titled "client rights" that any real or legal personality to which the bank gives its services shall be considered a client.
It should also be noted that the reason confidential information pertaining to banks is within the scope of this article is that the confidential information pertaining to banks also includes confidential information pertaining to clients.
According to the Draft Law on Commercial Secrets, Banking Secrets and Client Secrets (Ticari Sır, Banka Sırrı ve Müşteri Sırrı Hakkında Kanun Tasarısı) ("Draft Law"), the information available to the management and audit boards of the bank and to the other employees concerning finances, economics, credit and liquidity of the bank, and information or documents relating to customer potential, credit extension, deposit collection, fundamentals of management and other services and activities related to banking and risk positions are defined as confidential information pertaining to banks.
According to Article 73 of the Law, confidential information pertaining to banks shall not be disclosed by the Banking Regulation and Supervision Agency ("BRSA"), its related employees, or banks' partners, board members, employees, representatives and officials and the institutions to which banks outsource services and the employees of such institutions, as well as any person who has received such information in connection with their position and duties.
The term "in connection with their position and duties" is to be interpreted broadly, such that it includes information received by coincidence or during a casual conversation. Neither the bank nor its employees may use the information in their own favor.
The bank may consent to disclose its confidential information. Article 26 of the TCC stipulates that no punishment is given to a person acting with the consent of a person relating to a right that can be granted by that person. Accordingly, disclosing confidential information about a bank which has given its consent would not be punished under either the TCC or the Law.
According to the Draft Law, the confidential information pertaining to clients shall be defined as any information or any document obtained directly or indirectly by commercial organizations and companies, banks, insurance companies, intermediary firms operating in capital and financial markets relating to the personal, economic, financial, liquidity and credit status of the client within the context of their field of operation.
Confidential information pertaining to clients is also to be interpreted broadly to include any information received in connection with the client before or after an agreement. BRSA stated in a notice that the name, phone number or address of a client cannot be shared with third parties without their consent. Even when an agreement is not finalized, the information received shall be treated as a part of the obligation of banks relating to confidential information.
Context of Authorization by Law
In general terms, "law" may refer to regulations and communiqués beside laws in the strict sense of the concept. Through a close interpretation, however, BRSA concluded that an institution cannot request confidential information based on authority given by a regulation. Within this line, the authorization given to the Istanbul Stock Exchange ("ISE") to request all kinds of information and documents from its members under the Regulation on the Istanbul Stock Exchange, Article 9, subparagraph (f) is not valid. The ISE is not authorized by law to request information from its banks and other intermediary firms constituting its members.
An institution authorized by law shall not examine the bank's records in their entirety. Their authorization is restricted to the subject of the authorizing law at hand. In practice, therefore, institutions state the law and the article from which they derive their authorization when requesting such confidential information.
Institutions Authorized by Law
Within the scope of the Law and the other relevant legislation, the institutions authorized to request such confidential information and other documents are as follows:
- BRSA is authorized, by paragraph 8 of Article 95 of the Law, to request and investigate all information and documents, including confidential information, from banks, their subsidiaries, the undertakings where they hold qualified shares, the undertakings they control jointly, their branches and representative offices, institutions to which they outsource services and other real and legal persons. According to Article 96, these aforementioned institutions and persons are obliged to provide the information.
- The following chart includes a non-exhaustive list of other institutions which are authorized under various laws to request confidential information from banks relating to their clients and legal persons.
|
Military Prosecutors |
Establishment of Military Courts and Procedure Law no. 353 Article 97 |
|
Bankruptcy and Enforcement Offices |
Bankruptcy and Enforcement Law no. 2004 Article 367 |
|
Tax Auditors |
Tax Procedural Law no. 213 Article 148 |
|
Capital Markets Board |
Capital Markets Law no. 2499 Article 45 |
|
Treasury Board |
Law on the Organization and Functions of the Undersecretariat of the Treasury and Undersecretariat of Foreign Trade no. 4059 Article 5 |
|
The Saving Deposit Insurance Fund |
Law Article 123 |
|
Turkish Competition Authority |
Act on the Protection of Competition no. 4054 Article 14 |
|
State Planning Organization |
Decree Law on the Organization and Functions of the State Planning Organization no. 540 Article 23 |
|
State Supervisory Council |
Law on the Foundation of State Supervisory Council no. 2443 Article 7 |
|
Turkish Republic Central Bank |
Turkish Republic Central Bank Law no. 1211 Article 43 |
|
Turkish Statistical Institute |
Turkish Statistical Law no. 5429 Article 7 |
CONCLUSION
This article examines the obligation of banks not to disclose any confidential information relating to banks and clients, its content and exceptions.
From the Law and the above chart it is evident that authorization must be given by law, in the strict sense of the concept, to the institution requesting confidential information pertaining to banks and the clients thereof.
Based on the relevant legislation, in order to evaluate whether the request to disclose confidential information pertaining to banks and their clients raises any obligation to disclose such information without violating legal obligations, the institution that directly demands the information and its purpose for requesting such confidential information must clearly be stated. The statement must clearly indicate that all the requested information falls within the authorization of the related law. Such clarification is necessary to avoid any inappropriate disclosures and thus any sanctions that could be imposed on the bank and its employees.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
