2B Advice
TEL: +49 (228) 926165100
Data Privacy Knowledge

What is bank secrecy exactly?

Rules of conduct of banks

by R. Olschewski

Banks, companies and data protection officers often refer to the need for bank secrecy with regard to the protection of personal data in the context of business relationships with financial institutions. However, if you then look, for example, in the German Banking Act or the laws on data protection you won’t find anything. So what is it exactly?

Swiss bank secrecy is also mentioned in connection with the much discussed double taxation treaty.

So what is bank secrecy?

Bank secrecy is an expression of data protection in the context of client-related information arising from the business relationship between natural persons and legal persons of a credit institution. Despite its vital importance, bank secrecy is not explicitly regulated by law, even though its history can be traced as far back as 1619.

The Federal Supreme Court (XI ZR 384/03) in Germany established that banks have a general confidentiality obligation regarding the financial circumstances of their clients with respect to third parties, over which a disclosure obligation only takes precedence in cases explicitly provided for by law. In my opinion, it is therefore an element which is not regulated by law but is recognized by legal convention, whose purpose is to protect the privacy of individuals and which interestingly in practical terms often takes precedence over the German Federal Data Protection Act.

However, all bank users should be aware that this protection has now been eliminated at several levels. In particular, the Treasury has been granted far-reaching rights with the account screening procedure. The U.S. security authorities have also asserted far-reaching inspection rights within the framework of the SWIFT (Society for Worldwide Interbank Financial Telecommunication) payment handling procedure and exercise them more or less without control. SWIFT itself reports over 20 million bank details a year to the U.S. security authorities.

Bank secrecy is also often invoked by bank employees on the basis of the banks’ rules of conduct. In this context, as a company one can go ahead and ask whether bank secrecy or data protection laws are really relevant. Usually, the bank employee is unable to explain where bank secrecy is regulated.

Further information is available at:

  • juris.bundesgerichtshof.de/cgi-bin/rechtsprechung/document.py?Gericht=bgh&Art=en&Datum=Aktuell&nr=39007&linked=pm
  • juris.bundesgerichtshof.de/cgi-bin/rechtsprechung/document.py?Gericht=bgh&Art=en&sid=c0975ed4e5bf6d9adeb4d0b6f31ba682&nr=35317&pos=0&anz=1

Similar Blog Posts

Information Needed For Companies for the Whistleblower Directive Information Needed For Companies for the Whistleblower Directive

Initially, the EU Whistleblower Directive was supposed to be effective by December 17, 2021. However, the legislative process failed.

Right of Access by the Data Subject Right of Access by the Data Subject

The right of access, enshrined in Art. 15 of the GDPR, gives data subjects the right to obtain from the controller.

Subject Access Request Automation Subject Access Request Automation

Individuals have the right to access their personal data, commonly referred to as subject access. But can this process be automated?


Blog Categories