The law firm of Andreas Coucounis & Co LLC is sharing an article co-authored by our partner Dimitria Coucouni Andreou as published on International Bar Association website.
England (Gwendoline Godfrey)
United States (Danforth Newcomb, Brian Burke, George Chen)
Austria (Niklas Schmidt, Eva Stadler)
Cyprus (Dimitria Coucouni)
Ireland (William Johnston)
Switzerland (Walter H Boss)
The rules around bank confidentiality continue to evolve, in many cases to the detriment of individuals but to the benefit of the public good. Since the global financial crisis, politicians in some jurisdictions have been increasingly keen to reduce levels of bank secrecy.
This article considers the similarities and differences concerning bank confidentiality, or the lack of it, in six jurisdictions, namely England, the United States, Austria, Cyprus, Ireland and Switzerland – the latter four not being major jurisdictions but those attracting deposits and/or financial services. Each jurisdiction, of course, has its own peculiarities.
Broadly, each jurisdictional contribution follows similar headings, outlining the duties or obligations of confidentiality or secrecy that banks owe to their customers and the ways in which banks may be obliged to disclose information in court proceedings or to assist the authorities. Exceptions, particularly in the area of tax, are set out, as are the consequences of violations.
It should be of interest not only to legal practitioners who may have cause to advise a client initially on the benefits and pitfalls of one of the jurisdictions, but also to state officials in formulating proposals for change of law and indeed academics.
The article is contributed by the panellists from the joint session, ‘Bank Confidentiality and International Exchange of Information’ at the IBA 2015 Annual Conference in Vienna. The session was organised by the IBA Banking Law Committee and the Individual Tax and Private Client Committee.
More information on this subject can be found in the IBA’s sponsored book on bank confidentiality, which considers 37 countries around the world. Published by Bloomsbury Professional, it was initially edited by former IBA President Francis Neate and is now edited by Gwendoline Godfrey. The fact that this publication is now in its sixth edition is testament to its relevance for IBA members and others.
Under English law, a bank owes a duty of confidence to its customer. The basic duty arises under common law (see below) and applies to all types of customers. The right to confidence is that of the customer so that where a customer can be compelled to disclose his or her secrets, his or her bank can be compelled to do so as well. There is no precise definition of this basic duty. There are numerous exceptions to it, both under statutory and common law.
Over the years the number of statutory exceptions has increased where public policy has overridden the need to preserve confidence, such as international attempts to prevent the laundering of proceeds of crime, funding of terrorism and tax evasion.
Conversely, banks and most other UK businesses are subject to legislation designed to protect individuals with regard to the processing and transfer of personal data. The first European Union (EU)-wide directive was passed in 1995 and was implemented in England by the Data Protection Act 1998. The increasing use of electronic communications and the transfer of data for processing to other jurisdictions as part of outsourcing arrangements have resulted in significant interest from individuals, regulators and banks in privacy issues. A new General Data Protection Regulation is due to come into force in the EU in 2018.
Where a bank or other financial institution adopts the Lending Code, the duty owed to the relevant customers is reinforced by express statements about treating personal information as private and confidential. The Lending Code provides customers with a complaints procedure for breaches with recourse to the Financial Ombudsman Service.
Banks may enter into confidentiality agreements or undertakings with customers under which express contractual obligations arise.
Regulatory and legal requirements are placing different obligations on banks to request and retain some information and, at the same time, not to keep or misuse information.
Accordingly, banks have to try to reconcile a number of different rights and obligations in their day-to-day dealings with their customers.
Under English law, the contract between a bank and its customer is governed by the laws of the place where the account is kept, in the absence of agreement to the contrary. The duty of a bank to keep its customer’s affairs confidential is often an implied term of the contract between the bank and customer or an equitable duty. The duty is subject to an increasing number of exceptions, but otherwise it extends to all information that the bank has about its customer.
The starting point is a case called Tournier v National Provincial and Union Bank of England. Atkin LJ described the basic duty of confidence in his judgment as follows:
‘It clearly goes beyond the state of the account, that is, whether there is a debit or a credit balance, and the amount of the balance. It must extend at least to all the transactions that go through the account, and to the securities, if any, given in respect of the account, and in respect of such matters it must, I think, extend beyond the period when the account is closed, or ceases to be an active account… I further think that the obligation extends to information obtained from sources other than the customer’s actual account, if the occasion upon which the information was obtained arose out of the banking relations of the bank and its customers, for example, with a view to assisting the bank in coming to decisions as to its treatment of its customers… in this case, however, I should not extend the obligation to information as to the customer obtained after he had ceased to be a customer.’
Where the Lending Code, a confidentiality undertaking or relevant legislation applies, then they specify the facts and information covered.
The basic duty requires the bank, its officers, employees and agents to abide by the duty of confidentiality. A confidentiality undertaking may specify those bound by it.
Regulated financial services firms in the UK (including banks) have a responsibility for safekeeping customer data. These regulatory obligations cannot be delegated or contracted out if the bank outsources any of its functions to a supplier. The bank must ensure that the supplier protects any confidential information relating to the bank and its customers.
Where a customer is an individual, the processing of personal data will be subject to the Data Protection Act 1998. There must be appropriate technical and organisational security measures and data may not be sent to destinations outside the European Economic Area (EEA) unless the relevant country has an adequate data protection legislation regime in place. Adequacy may be established in various ways, one of which was the ‘safe harbor’ agreed between the EU and the US. This has been declared invalid by the European Court of Justice and it is to be replaced by an EU–US Privacy Shield.
There are various exceptions, limits and qualifications to the basic duty of confidence and contractual confidentiality undertakings contain express exceptions.
The limits of the basic duty are to be ascertained in accordance with common sense. It has been held that it was neither sensible nor necessary to impose a duty on a bank to withhold information from a person who the bank would expect to be already in possession of it under a statutory scheme.
Tournier’s case set out the following qualifications:
If a bank notifies a customer that it proposes or is entitled to disclose specified information and the reason, and actually receives consent (preferably in writing) from the customer, there will be no breach of duty. If notice is given to a customer by the bank and the customer does not reply, the bank will not necessarily be entitled to assume implied consent.
Under the Data Protection Act 1998 explicit consent is only required for sensitive data and implied consent is sufficient for other data about individuals. As a practical matter, consent can be difficult to prove and may easily be withdrawn.
Express provisions consenting to the disclosure of information can be important in documentation for loans where lenders may wish to transfer their interests in the future and in intercreditor deeds where banks with separate relationships may want to share information on customers.
There is little decided case law on what constitutes implied consent. There had been a well-established practice of banks giving references on customers to other banks on the basis of implied consent. However, Turner v Royal Bank of Scotland plc held that the practice was not sufficiently notorious to constitute an implied term of the banker–customer contract. Recent case law shows that bank references should be drafted and given with care to protect the bank.
Credit reference agencies collect information on the creditworthiness of individuals and then sell it to subscribers. There is some doubt as to which exception to the duty is applicable. Where the Lending Code applies, it sets out the circumstances in which a bank may give information to credit reference agencies.
The implementation of section 4 of the Small Business, Enterprise and Employment Act 2015 means that nine designated banks are obliged to provide information about their small and medium-sized business customers to three designated credit reference agencies, which are obliged to provide information to finance providers. However, this will only apply if a customer has agreed to these disclosures.
The Financial Services and Markets Act 2000 requires the Financial Conduct Authority (FCA) to monitor regulated firms (including banks). The FCA is also required to cooperate with other regulators, including, where appropriate, to supply information to them.
The FCA needs to have access to a broad range of information. It receives notifications and reports from firms themselves and they are required to be open and cooperative. It has statutory powers to require the provision of information to it.
There are certain limitations on the FCA’s powers. However, it may require the disclosure of information subject to banking confidentiality to its investigators. It will not itself disclose confidential information without lawful authority, but there are circumstances when onward disclosure may be made.
HM Revenue & Customs (HMRC) has wide investigatory powers if it suspects non-compliance with statutory provisions regarding tax avoidance through the transfer of assets abroad. HMRC also has other powers to obtain information, particularly if it suspects tax fraud. These include powers to oblige third parties, including banks, to disclose documents in relevant circumstances.
The UK is cooperating with the US government with regard to the US Foreign Account Tax Compliance Act (FATCA). Effectively, FATCA seeks to require entities outside the US to report information to the US Internal Revenue Service (IRS) about their US account holders and owners. To overcome various legal restrictions (including bank confidentiality and data protection) the US Treasury has developed an alternative FATCA framework for ‘foreign financial institutions’ (FFIs) in a country that enters into an intergovernmental agreement (IGA) with the US. The UK has entered into an IGA with the US,which is being implemented by Compliance Regulations, with related HMRC guidance.
The UK Crown Dependencies (Jersey, Guernsey and the Isle of Man) and the UK Overseas Territories (Anguilla, Bermuda, British Virgin Islands, Cayman Islands, Gibraltar, Montserrat and Turks and Caicos Islands) entered into automatic tax information agreements (IGAs) with the UK. Financial institutions in the Crown Dependencies and Overseas Territories will provide information relating to the affairs of UK resident customers to HMRC.
The UK is also party to other agreements and arrangements under which tax authorities exchange account information including the Organisation for Economic Co-operation and Development (OECD)’s global standard for automatic and multilateral exchange of financial information between tax authorities, known as the Common Reporting Standard (CRS), and the EU Council Directive that implements the CRS and is known as the Directive on Administrative Co-operation (DAC).
The Compliance Regulations came into effect on 1 January 2016 for the purposes of the CRS and the DAC and the Crown Dependencies and Overseas Territories will report under the CRS (and not under the IGAs referred to above) for 2016 and subsequent years. The Compliance Regulations unify as far as possible the due diligence and reporting requirements of financial institutions with regard to the FATCA, CRS and DAC.
Anti-money laundering (AML) and anti-terrorism legislation and regulations require banks to disclose confidential information if there are reasonable grounds to believe that a customer is engaged in any one of a number of specified offences or upon suspicion of money laundering.
Problems can be caused for banks by their statutory obligations not to pay out moneys pursuant to their client’s instructions pending consent from the authorities and not to ‘tip off’ individuals whom they suspect of such offences.
In most circumstances, banks will not be liable for losses suffered by customers (who are the subject of notifications) due to a delay in implementing their instructions as long as a genuine and honest suspicion of money laundering is held by the relevant bank officer.
Other legislation provides the police with powers to obtain information for the purposes of a criminal investigation. The Director of the Serious Fraud Office can require information to be produced where there is a suspected offence that appears to involve a serious or complex fraud.
The exception to allow disclosure in the interests of the bank was illustrated in Tournier’s case by an example of a bank issuing a writ claiming payment of an overdraft stating its amount. Disclosure under this exception must be limited strictly to information necessary to protect the bank’s interests, for example, if there is litigation between the bank and its customer or if the bank brings an action against a guarantor.
It is the ‘disclosure by compulsion of law’ exception that has had the greatest effect in eroding the duty. This exception can arise as a result of court orders, as well as statutes and regulations (some of which have been mentioned above).
Banks can be compelled to disclose information by the English courts, for example, where a bank is party to civil litigation. The courts also have the power to order non-parties to litigation to provide evidence.
There can be extraterritorial aspects to disclosure by compulsion of law. An overseas claimant in proceedings can seek to obtain confidential information from a bank in England and the reverse situation can occur. The position varies depending upon whether the proceedings are civil or criminal and also upon what international treaties or conventions apply.
With regard to the final exception, the duty to the public to disclose, Bankes LJ said in Tournierthat many instances might be given where a bank is justified in disclosing its customers’ affairs on the grounds that there is a duty to the public to do so. Scrutton LJ said that a bank ‘may disclose the customer’s account and affairs… to prevent frauds or crimes’. The duty to the public to disclose has been recognised and imposed by statute in various respects.
Where a customer fears that his bank is about to breach, or has already breached, its duty of confidence, he has two remedies available to him. He may sue for damages after disclosure or for an injunction to restrain disclosure or a repetition of a previous disclosure. For example, a customer obtained damages when a bank inadvertently disclosed its customer’s mark-up, leading to the loss of a line of business. The bank was ordered to pay the lost profit that the customer could prove resulted. More recently, there have been cases where the court has awarded ‘gain-based damages’ or ‘negotiating damages’.
Before granting an injunction, the court will need to be satisfied that an award of damages will not be an adequate remedy. In practice, damages will rarely be an adequate remedy. Once disclosure has taken place, the damage is done and, in many cases, it is difficult to measure the customer’s loss in monetary terms.
The main protection for the customer is his ability to obtain an injunction restraining the bank from making disclosure. However, the court will not grant an injunction without some evidence that a disclosure is threatened. The customer may have a problem because disclosure can very easily take place before he knows about it.
US law on bank confidentiality is a patchwork of judicial decisions, state laws and federal statutes that developed over time to form somewhat of an incoherent regime on financial privacy. Initially, US rules on financial privacy were created through court decisions arising from customer claims that their banks breached an implied contract or tort duty of confidentiality by handing over account information to government investigators. In almost all of these cases, the aim was to limit perceived government encroachment into a loosely defined zone of customer privacy.
Eventually, court decisions gave way to state, then federal, statutes designed to balancethe right to individual privacy with legitimate investigation methods and objectives. So-called ‘fishing expeditions’ by government agencies to find previously undetected offences were prohibited, while collecting records to investigate known or suspected crimes was not only permitted, but deemed essential to combat financial crimes and international terrorism. In recent years, the discourse has expanded to address access to financial information not just by domestic government agencies, but by private parties and foreign governments as well. The resulting picture is one where ‘bank confidentiality’ still exists to some degree in the US, but various laws and regulations place significant limitations on an individual’s right to privacy.
While it is outside the scope of this article, a far more comprehensive, coherent and explicit body of law has developed with respect to a US financial institution’s duty to collect and retain customer information under federal AML laws and regulations. These regulations are often in tension with bank confidentiality rules to the extent that the former is premised on information gathering while the latter seeks to protect legitimate privacy interests. The tension is most acute in circumstances where AML regulations obligate US financial institutions affirmatively to disclose customer information that would otherwise be protected to comply with suspicious activity reporting requirements.
From 1970 onwards, federal statutes have become the dominant source of US law with respect to a bank’s confidentiality obligations. Two of the most significant federal statutes in this regard are the Right to Financial Privacy Act (RFPA) and the Gramm-Leach-Bliley Act (GLBA). Congress enacted the RFPA in 1978 in response to the Supreme Court’s decision in US v Miller two years earlier,which held that depositors have no constitutional protection from government investigation into their bank records. The RFPA prohibits US financial institutions from disclosing customer records to the federal government (but not to state or local governments) unless the customer is notified and certain procedures are followed. While the procedures are relatively easy for the government to satisfy, the RFPA effectively put an end to the prior practices of informal requests for information and unsupervised scanning of files by federal agents. Notably, the RFPA was amended in 1988 and again following the 11 September terrorist attacks in 2001 to expand the scope of permitted access by the government.
Until 1999, federal statutes did not restrict private litigants or state or local officials from obtaining customer information held at financial institutions (with the limited exception that suspicious activity reports filed by financial institutions are not discoverable in private litigation). This changed in 1999 with the passage of the GLBA, which, among other things, prohibits a US financial institution from disclosing a customer’s non-public personal information to non-affiliated third parties – including private litigants and state and local officials – unless the financial institution first satisfies certain notice and opt-out requirements. The key aspect of the GLBA lies in the fact that a customer has the right to opt out and thereby prevent the external disclosure and use of his or her data. The restrictions under the GLBA apply not only to banks but also to insurance companies, broker-dealers, mortgage lenders, payday lenders, finance companies, mortgage brokers, non-bank lenders, account servicers, cheque cashers, wire transferors and other financial service providers.
Despite the thrust of protecting unauthorised disclosure, both the RFPA and GLBA include exceptions that limit a customer’s right to financial privacy. As noted above, the RFPA does not prohibit disclosure to state or local authorities, and it allows disclosure to federal authorities as long as relatively straightforward procedures and notification requirements are followed. In addition, the GLBA’s restrictions do not apply to customers that are companies or to individuals who obtain financial products or services for business, commercial or agricultural purposes. The GLBA also allows a financial institution to disclose information to its affiliates, which includes any company that controls, is controlled by or is under common control with the financial institution. Moreover, under the GLBA, a financial institution is allowed to disclose non-public personal information in connection with:
More generally, customers cannot prevent a US financial institution from filing a suspicious activity report with the federal government under AML regulations (provided that the report is made in good faith), even if the report contains information that would otherwise be protected from disclosure. (Indeed, far from requiring notice to the customer, a financial institution is strictly prohibited from informing a customer that he or she is the subject of a suspicious activity report.)
Most of the early common law decisions addressed only whether a customer has any legal protection over disclosure and did not reach the question of proper remedies; however, as the law developed, remedies were codified in statutes. The RFPA requires a financial institution or government agency that makes an unlawful disclosure to pay:
Injunctive relief may also be available.
The penalties for violating the GLBA are more severe. US financial institutions can be fined up to US$100,000 for each violation, and responsible officers and directors can be fined up to US$10,000 for each violation. Additionally, criminal penalties can include imprisonment for up to five years.
Notwithstanding these penalties, the best and most effective ‘remedy’ is always to challenge any anticipated disclosure before it happens, as post-disclosure challenges can be difficult and costly.
As with many matters of US law, financial privacy finds its source in a variety of laws and regulations rather than one comprehensive code. In addition, the question of whether a violation has occurred is fact-specific and requires careful analysis in each instance. Nevertheless, from the earliest court decisions to the most recent regulations, the aim has always been to strike a reasonable balance between an individual’s privacy interests and the government’s ability to investigate illegal behaviour. Although there is no definition of what constitutes a reasonable balance, it is safe to assume that a rising trend in global terrorism and financial crime will cause the scale to lean decisively in favour of the government’s ability to obtain information.
Austria’s rules on bank confidentiality (Bankgeheimnis) are a highly cherished tradition and a very emotional topic for the public at large. Bank confidentiality was introduced into statutory law in 1979. Although the provisions were originally quite strict, they have been progressively loosened in the last few years, mainly owing to pressure from abroad regarding taxation. The starting point for this development was certainly the passing of EU Council Directive 2003/48/EC of 3 June 2003 on taxation of savings income in the form of interest payments (EU Savings Directive). In 2009, this was followed by the OECD’s push for facilitating the cross-border exchange of banking information upon request between tax authorities, and in 2014, by the expanded initiative to exchange such information automatically between tax authorities under what is known as the ‘Common Reporting Standard’. Finally, in 2015, as a direct result of the concessions made in an international context by granting foreign tax authorities access to Austrian banking information, the scope of Austrian bank confidentiality in a purely domestic tax context was also dramatically eroded. Today, bank confidentiality in Austria pales in comparison with former times.
The Austrian rules on bank confidentiality are contained in section 38 of the Austrian Banking Act (Bankwesengesetz – BWG). While this provision is materially not part of constitutional law, its amendment requires a quorum of at least 50 per cent and a majority of two-thirds of the deputies of the first chamber of the Austrian Parliament (Nationalrat), that is, procedural safeguards that are usually reserved for changes of Austrian constitutional law.
Banks may not disclose or exploit secrets that were entrusted to them, or to which they received access, solely based on the business relationship with clients. ‘Secrets’ are understood as any facts known to a limited group of persons only and to which other persons can either not gain access at all or only with difficulty. Typical secrets include information on the composition of a securities account, bank account balances, confirmed lines of credit, their collateralisation and utilisation, but also the fact that a banking relationship as such exists (in the latter case except if the customer has made this information publicly available by, for example, including such information on stationery or invoices). While ‘disclosure’ means making a secret known, as well as allowing a secret to become known, to a person that did not know it before, ‘exploitation’ is the economic usage of a secret to the detriment of the client. Bank confidentiality is unlimited in time; it therefore applies irrespective of the termination of the business relationship with the client and the client’s death or liquidation. Bank confidentiality ends when facts previously considered a secret have become public knowledge or when a secret has become known to the bank outside the business relationship with a client.
Bank confidentiality must mainly be complied with by credit institutions, that is, entities authorised to conduct banking transactions within the sense of section 1(1) of the Austrian Banking Act. Apart from credit institutions, and their respective shareholders, their (management and supervisory) board members, their employees as well as other persons working for them, such as outside counsel or other banks in their capacity as subcontractors, are subject to bank confidentiality.
Bank confidentiality, inter alia, does not apply:
Regarding the last two points, it should be noted that under various legal instruments, foreign authorities can also apply to Austria for legal assistance in criminal matters and may request that bank confidentiality is lifted.
Finally, there is also an exception not contained in statutory law, but stipulated by the courts: bank confidentiality does not apply if, based on a balancing of the bank’s and the client’s interests, the bank’s interests clearly prevail (eg,if the bank or its employees would incur criminal liability by non-disclosure).
The most significant exceptions to bank confidentiality apply in the area of tax, which is where most changes have occurred in the last few years.
First, pursuant to the Austrian Act on the Implementation of Administrative Assistance (Amtshilfe-Durchführungsgesetz), an exception applies for information requests from other tax authorities regarding information falling under the bank confidentiality rules. If such a request is based on a legal instrument containing an express provision whereby Austria shall in no case be permitted to decline to supply information solely because the information is held, inter alia, by a bank, then the credit institution has to provide the information to the Austrian Minister of Finance, who will subsequently exchange it with the foreign competent authority. Currently, the following legal instruments fulfil this criterion:
Secondly, an exception applies for the purposes of the automatic exchange of information regarding bank accounts pursuant tothe Austrian Act on the Implementation of the Common Reporting Standard for Automatic Exchange of Financial Account Information (Bundesgesetz zur Umsetzung des gemeinsamen Meldestandards für den automatischen Austausch von Informationen über Finanzkonten). This Act implements into Austrian law Austria’s international obligations in this respect. Pursuant thereto, Austrian banks have to report to the Austrian tax authorities certain information regarding interest income, dividends, gross proceeds from the sale of financial assets, other income and account balances of their customers, which is then exchanged automatically with other countries.
As has already been noted above, the erosion of bank confidentiality towards the tax authorities of other countries consequently also led to the desire of the Austrian tax authorities to have better access to financial information. Finally, in 2015, two new statutes were passed, which provide for additional exceptions to bank confidentiality, this time to the benefit of the Austrian tax authorities:
In case of a breach of bank confidentiality, clients may seek damages and/or injunctive relief before the civil courts and may also be entitled to terminate their contractual relationship with immediate effect. Individuals disclosing or exploiting facts covered by bank confidentiality with the intent of harming somebody or of enriching themselves or a third party are subject to criminal punishment, namely imprisonment for up to one year or a monetary fine amounting to up to 360 per diemrates, but only upon application of the person whose interest in confidentiality was violated. Finally, breaches of bank confidentiality may theoretically also lead to the revocation of a bank’s licence by the Austrian Financial Markets Authority.
For decades, bank confidentiality has been a right enjoyed and relied upon by all customers of banks and financial institutions, and an important factor enhancing the trust of such relationships, as well as a cornerstone for the promotion of business and investment worldwide.
Over the years, Cyprus has been a jurisdiction where confidentiality has been strongly upheld in several areas of life and enterprise. In line with a strong legal professional privilege, the protection of corporate information (in Cyprus, a public registry exists only for registered shareholders but not for ultimate beneficial owners) and trustee confidentiality, there is also a strong duty of confidentiality on banks and bank secrecy is upheld under Cyprus banking law.
For any bank licensed to operate in Cyprus as a credit/financial institution, under Article 29(1) of the Operations of Credit Institutions Law (Law 66(I)/1997), it is forbidden for any of its directors, chief executive officers, managers, officers, employees or representatives and any other person who has access in any way to bank records to provide, communicate, divulge or use to their own benefit any information (personal data, account information, transactions, economic activity, financial status, etc) as regards the account of any customer (physical or legal person), including guarantors and/or providers of security, both during their employment or professional relationship with the bank and also after its termination.
In the event of breach of this statutory duty of bank confidentiality, the penalty is five years’ imprisonment or a fine not exceeding ˆ500,000 or both.
Exceptions to bank confidentiality are specified under Article 29(2) of Law 66(I)/1997 as follows:
In relation to tax matters, the duty of confidentiality is upheld with the exception of instances of:
The majority of Cyprus’ double taxation treaties include provisions for the exchange of information similar to Article 26 of the OECD Model. However, strict requirements have been set providing substantial safeguards. In relation to an enquiry through state tax authorities’ communications and relating to information that may be held by a banking institution in Cyprus, it has been made clear that fishing expeditions will not be permitted. Article 6(7) of the Assessment and Collection of Taxes Law 1978 provides that the country authority seeking information must produce a substantiated request providing:
Most importantly, the prior consent of the Attorney-General is required and this is provided if there is a justified, well-founded suspicion of tax fraud or other international crime.
Since 2013, a landmark bank crisis year, Cyprus has had to undergo substantial legal reforms. Several legislative updates have been made over a number of laws governing the regulatory framework of banks in line with EU law that have enabled the banking sector in Cyprus to recover from the crisis, update its practices and bring the sector in line with current European requirements.
Transparency is a major issue worldwide and the drive to improve international tax compliance and preventing tax evasion is now the focus of the majority of countries all around the world, including Cyprus.
While bank confidentiality as a manifestation of the right of privacy that is a fundamental human right is protected in Cyprus and still maintained, one cannot overlook the fact that this has, to an extent, been eroded as Cyprus is a compliant EU Member State that is also moving towards more transparency.
Banks have been in compliance with the EU Savings Directive and have also sought compliance with FATCA. Cyprus has further implemented EU Directive 2011/16/EC and adopted the requirements in relation to the mandatory exchange of information between EU Member States in relation to income from employment, director fees, pensions, life insurance products not covered by other directives and the ownership of and income from immovable property effective as of 1 January 2015. In 2012, the Law on Administrative Cooperation in the field of Taxation (Law 205(I)/2012) was enacted to determine the rules and procedures on the basis of which the relevant authority in Cyprus will provide to or request from another Member State cooperation for the exchange of information that is of importance to the implementation of their respective tax laws and/or to transmit information collected through such process to a third state if the information is believed by the authorities in Cyprus as being of importance to the implementation of the said third state’s tax laws, provided the state from which the information originally emanated provides its consent. Law 205(I)/2012 specifically states that certain provisions of the Data Protection Law are curtailed to safeguard the implementation of this Law and the financial interests of the state and the EU.
The CRS, as initiated by the OECD and as implemented by the EU countries on the basis of Directive 2014/107EU, now further requires banks and credit institutions to submit information on accounts held directly or indirectly by account holders/tax residents of countries that implement the CRS. Being one of the ‘Early Adopters’ to sign the OECD/Group of 20 (G20) standard on the automatic exchange of information, Cyprus has committed to implement the standard on a reciprocal basis with all interested jurisdictions aiming at launching the first information exchanges by September 2017 relating to year 2016.
Under the CRS, authorised credit and financial institutions in Cyprus will need to collect information on accounts of both individuals and entities to be submitted to the Cyprus Tax Department, which, in turn, will annually forward this information automatically to the tax authorities of the country of residence of each account holder provided such countries also implement the CRS.
The Assessment and Collection of Taxes Law 1978 has been amended and arrangements are now in place allowing the Commissioner of Tax in Cyprus to provide information obtained from any person to implement agreements for the automatic exchange of information between Cyprus and other countries (both EU Member States but also non-EU Member States) irrespective of any obligations to confidentiality or other limitation on the provision and use of information including the limitation imposed by bank or professional privilege.
As of 1 January 2016, on the basis of harmonisation with the Directive, through the December 2015 Decree (Regulatory Administrative Act (RAA) 477/2015 as amended by RAA 161/2015 of 20 May 2016) issued by the Minister of Finance in Cyprus implementing the CRS and the Multilateral Competent Authority Agreement on the Automatic Exchange of Financial Account Information, the framework has been put in place to regulate how banks and financial institutions in Cyprus are to collect and transmit information to the Cyprus tax authorities.
The decree indicates the rules relating to accepting new clients, matters of due diligence to be observed and reporting. It defines the entities and products within the scope of the CRS and also the timeframes for reporting and the penalties in the instance of non-compliance with these obligations. In the process of identifying the tax residence of the individuals and entities the credit and financial institutions are required to obtain from the direct and indirect account holders self-certifications that include their country of tax residence and their tax identification number to enable them to submit information to the Cyprus Tax Department, which, in turn, will forward this to the foreign tax authorities. The timeframe for banks to report the information to the Cyprus tax authorities has been set as 30 June of the year following the calendar year to which the information relates.
It is not yet clear how the system of transmitting information under the CRS will be handled and who may ultimately have access to this both at the reporting and receiving state level in any given year and/or while all this information accumulates over time and/or whether substantial safeguards will be in place to secure the receiving, storing and use of the information in line with the right to respect for private life (also upheld by the Cyprus Constitution) and protection of personal data of the EU Charter of Fundamental Rights (Articles 7 and 8).
Such information is personal and of the utmost importance as it is directly related to the private person and their circumstances in terms of private business, decisions, investments and holdings, and private wealth. The protection of this fundamental human right of privacy of one’s private assets and transactions does not seem elevated to the same level of importance as the argument that greater transparency will inevitably lead to greater much-needed revenues for countries around the world. While this may be understandable in a world that has suffered/and is still going through a major economic crisis it is impossible to overlook the risks and potential harm that may well arise for the individual should such information become publicly available or fall in the hands of inappropriate persons or organisations who may stop at nothing to secure access to such information and ultimately use it for extortion, blackmail or kidnapping in satisfaction of their own needs and aims to secure funding for their own ‘illegal’ activities.
While arguments put forward for the need for greater transparency are justified given the ultimate aim of combating money laundering, tax evasion and securing more funds for governments to use – ultimately for the benefit and welfare of their counties and citizens – one cannot overlook the fact that the fundamental and constitutional human right of privacy is being sacrificed for this greater purpose and it is questionable whether this will be allowed to exist.
Irish law imposes a duty of confidentiality on a bank in relation to dealings with its customers. This obligation derives, for the most part, from common law, which implies a duty of confidentiality on a bank in its relationship with its customer, unless the terms of the contract with the customer otherwise provide. A bank’s obligation of secrecy does not terminate when the account of a customer is closed. Once a bank has obtained information by virtue of its relationship with its customer, the duty of confidentiality applies unless one of the exceptions can be invoked. Increasingly, the legislature and the judiciary have laid out significant exceptions to the duty of confidentiality.
A banker’s duty of confidentiality was reaffirmed by the High Court in Walsh v National Irish Bank Limitedwhere the court held that it is an implied term of any contract between a banker and its customer that the banker will not divulge to third parties, without the customer’s express or implied consent, the state of the customer’s account or the amount of his or her balance, the securities offered and held, the extent and frequency of transactions or any information acquired by the bank during or by reason of its relationship with the customer. In so deciding the court noted that this principle of law had been recognised by the Supreme Courtand followed the authority of the English Court of Appeal’s decision in Tournier v National Provincial and Union Bank of England Ltd.Thus, in Ireland, confidentiality is an implied term in a contract between a banker and its customer.
This duty though is not absolute, but qualified. InChestvale Properties Ltd and Hoddle Investments Ltd v Glackin, the High Court stated: ‘It is common case that the customary and contractual right of a client to confidentiality from his banker is and always has been subject to a very wide range of exceptions.’ InWalsh v National Irish Bank Limited the court held that the obligation of secrecy was qualified in the following circumstances:
All facts, other than those in the public domain, that come to the knowledge of the bank in its dealings with its customers are covered by bank confidentiality.
Every bank and financial institution owes a duty of confidentiality to its customers. Each bank must ensure its officers, employees and agents abide by that duty.
The duty of confidentiality of a bank in respect of its customers’ affairs may be disapplied where the customer consents to the disclosure in question. A consent for this purpose may be express or implied. In the case of implied consent, it is difficult to determine the scope of the exception and whether it applies will depend on the particular circumstances of each case. One circumstance in which implied consent to disclosure has been traditionally inferred is where the customer provides a third party with the name of its bank for the purpose of the bank providing a reference in relation to the customer. However, in view of the English Court of Appeal’s decision in Turner v Royal Bank of Scotland plc, it is unclear whether the Irish courts would consider a customer has impliedly consented. The customer’s implied consent will not protect the bank if it is negligent when providing information when giving a reference.
There is uncertainty as to whether consent is implied by a debtor where a bank discloses the state of the debtor’s account to a person who has guaranteed the repayment of monies owed by the debtor to the bank. However, the Irish Banking Federation’s Data Protection Guide of May 2013 states: ‘Persons to whom personal data may potentially be disclosed include... persons guaranteeing repayment of a facility to a customer, particularly in respect of arrears and recoveries, and limited to data in relation to the facilities guaranteed by the guarantor.’
Some banks insert express provisions in their mandates and application forms permitting them to make, in relation to dealings with customers, intra-group disclosures, disclosures to regulators (including regulators outside Ireland) and, in a few cases, disclosures to other third parties and to a credit reference bureau. Standard home loan mortgage documentation usually contains a consent by the customer to disclosure for the purpose of a securitisation by the lender. The Central Bank of Ireland (the ‘Central Bank’) has issued a Code of Practice for such transactions.
In the case of disclosure of information relating to customers who are not in default, it is unlikely that the exception would apply and the bank should have the consent of the customer before disclosing information in such circumstances. Standard documents used by some of the banks expressly provide for this.
In relation to any licensed bank where the Central Bank identifies information:
A bank is required to provide ‘such information and returns’ concerning its business as and when requested by the Central Bank provided the Central Bank considers it necessary to have that information or return for the proper performance of its functions or the proper exercise of its powers. Furthermore, a bank is required also to permit an authorised officer of the Central Bank to enter the bank’s premises, inspect and take copies of documents, remove and retain documents.
New wide-ranging powers of obtaining information from banks have been granted to the Central Bank by the Central Bank (Supervision and Enforcement) Act 2013. The Central Bank may require information and records from a bank, ‘where it is necessary to do so for the purpose of the performance of the [Central] Bank’s functions under financial services legislation relating to the proper and effective regulation of financial service providers’.
Extensive powers have been granted to the Central Bank to appoint authorised officers to search and inspect premises, obtain information and records and to require any person to facilitate access to records stored in any data equipment or computers.
For the purpose of enabling banks to make better informed lending decisions, as well as to assist the Central Bank in its supervision function and for other reasons, a central credit register is to be established, maintained and operated by the Central Bank. The Credit Reporting Act 2013 is due to be fully operational in 2016. The act represents a significant exception to the confidential relationship between a bank and its customer, as a bank is required to report to the Central Bank information on credit applicants and credit agreements. This applies not only where the customer is a borrower but also where the customer is a guarantor. A bank may apply to the Central Bank to access information about a person who has applied for credit (depending on the amount of credit that can be varied by ministerial order) or about a person who is proposing to give a guarantee or indemnity in connection with a credit application.
In recent years, the Revenue Commissioners have been given very extensive statutory powers to obtain information of a customer’s account with its banker or indeed Irish-owned subsidiary banking institutions.
The comprehensiveness of the legislation enabling the receipt of information by the Revenue Commissioners is illustrated by the requirement for a financial institution to afford an authorised officer of the Revenue Commissioners reasonable assistance, including information, explanations and particulars, in relation to the use of all the electronic or other automatic means, if any, by which the books, records or other documents, insofar as they are in a non-legible form, are capable of being reproduced in a legible form and any data equipment or any associated apparatus or material.
However, fishing expeditions are not encouraged as a notice cannot be served on a financial institution by an authorised officer ‘without having reasonable grounds to believe that the financial institution is likely to have information relevant to a liability’ of the particular taxpayer concerned.
A bank may be required by the High Court to disclose details of a customer’s account on the application of an inspector or other duly authorised officer of the Revenue Commissioners. Where the judge is satisfied that there are reasonable grounds for the application being made, the judge may order the financial institution:
A further Revenue power to breach the secrecy of a bank account was implemented in 1999. An authorised officer of the Revenue Commissioners may apply to the court, and provided the judge is satisfied that there are reasonable grounds for suspecting an offence is being, has been or is about to be committed, which would seriously prejudice the proper assessment or collection of tax, and a bank has material that is likely to be of substantial value to the investigation, the judge may authorise the authorised officer to inspect and take copies of any entries in books, records and other documents of the bank.
Under additional powers granted in 2004, the Revenue Commissioners can investigate accounts not only of financial institutions, but institutions that are associated with the financial institutions, essentially these are foreign subsidiaries of Irish resident banks. It was not uncommon for persons to place funds in the Isle of Man, Cayman Islands and other locations outside Ireland. Many of those placing such funds preferred to place the funds in subsidiaries of Irish banks. The effect of these provisions and the court orders obtained on foot of them by the Revenue Commissioners has caught many such a depositor who has been required to pay tax, interest and penalties on the interest earned from such deposits and in some cases tax, interest and penalties where the funds of the deposit constituted undeclared income. However, more recently, this element of disclosure has been tempered by the High Court’s decision inWalsh v National Irish Bank Ltd.
The Revenue Commissioners’ powers of enforcement were further enhanced in 2007 by the amendment of the tax legislation to the effect that a judge may issue a warrant to enable the Revenue Commissioners to enter the designated premises within a month, search, examine, seize and retain goods, documents, records, operate any computer and require any person on the premises to facilitate access to a computer, including the giving of passwords and to produce information in a form that can be visible, legible and removed.
A bank, when making a payment of interest in respect of a deposit, is required to deduct from that payment the standard rate of tax. The bank is required to make a return to the Collector-General of the relevant interest paid by it and of the appropriate tax in relation to the payment of that interest (but it is not required that such return contain details of the recipients of the interest payments). That tax is known as the Deposit Interest Retention Tax (DIRT).
EU Council Directive (2003/48/EC of 3 June 2003) on the Taxation of Savings Income in the form of Interest Payments and Related Matters was implemented into Irish law by the Finance Act 2004. The purpose of the Directive is to ensure that interest payments made in one EU Member State to an individual resident for tax purposes in another Member State are taxed according to the law of the resident state. Thus, bank paying agents are obliged to establish the identity and residence of all individuals to whom they make interest payments. In addition, the paying agent is required to take reasonable steps to identify the beneficial owner if the paying agent has any information that suggests that an individual is not the beneficial owner of an interest payment. The paying agent is also required to report these details concerning the individuals, together with details of the interest payments, to the Revenue Commissioners. The Revenue Commissioners are required to send this information to the relevant authorities in the appropriate Member State. Similar arrangements have been put in place with some non-EU Member States, namely Andorra, Liechtenstein, Monaco, San Marino and Switzerland.
A bank that knows, suspects or has reasonable grounds to suspect, on the basis of information obtained in the course of carrying on business as a designated person, that another person has been or is engaged in an offence of money laundering or terrorist financing is required to report to the Garda Siochana and the Revenue Commissioners that knowledge or suspicion or those reasonable grounds.
Thus, all banks have a clear obligation to ensure that each relevant employee knows to whom that employee should report any suspicions and that there is a clear reporting chain under which those suspicions will be passed without delay to the Money Laundering Reporting Officer. Failure to report a suspicious transaction carries monetary penalties and possible imprisonment for up to five years. A bank that reports a suspicious transaction will incur no liability to its customer for breach of its duty of confidentiality to its customer.
A bank (its directors, officers and employees) that knows or suspects that a report is required to be made shall not make any disclosure ‘that is likely to prejudice an investigation that may be conducted following the making of the report’. Thus, a bank is required to inform on its customer without alerting its customer to the fact of its disclosure.
A bank is required to have systems in place to enable it to respond fully and promptly to enquiries from the Garda Siochana:
An authorised officer of the Central Bank may enter any premises at which the business of the bank is being carried on, inspect and take copies of documents, remove and retain documents.
The Criminal Assets Bureau Acts 1996 and 2005 allow a judge to issue a search warrant for the search of any place or person in that place, if the judge is satisfied that there are reasonable grounds for suspecting that evidence of or relating to assets or proceeds deriving from criminal activities, or to their identity or whereabouts, is to be found in that place. The acts provide that the court order will have effect notwithstanding any other obligation as to secrecy or other restriction on disclosure of information imposed by statute or otherwise.
Under the Companies Act 2014, if it appears to the liquidator in the course of a voluntary winding-up that any past or present officer or member of the company has been guilty of any offence in relation to the company for which he is criminally liable, he or she shall report the matter to the Director of Public Prosecutions and the Director of Corporate Enforcement.
Following such report, if the Director of Public Prosecutions or the Director of Corporate Enforcement institutes proceedings, it is the duty of every past and present banker to the company ‘to give all assistance in connection with the prosecution which he is reasonably able to give’. In applying the principles outlined by Costello J inRe Chestvale Properties Ltd and Hoddle Investments Ltd, Glackin v Trustee Savings Bank and Mclnerney, a bank would be required to disclose details of such accounts as are required by the Director of Public Prosecutions in the course of his proceedings.
Access to the banker’s book by Garda Siochana and Director of Corporate Enforcement
The legislature has endeavoured to assist the Garda Siochana, and more recently the Director of Corporate Enforcement, in bringing to justice persons who may have committed a criminal offence by permitting them access to documentation held in a bank.
The Bankers’ Books Evidence Act 1879 provides that a court or judge may make an order that an applicant or another member of the Garda Siochana, or office of the Director of Corporate Enforcement, as the case may be, be ‘at liberty to inspect and take copies of any entries in the banker’s book, or inspect and take copies of any documentation associated with or relating to an entry in such book, for the purpose of investigation of the offence’.
The expressions ‘banker’s book’ and ‘documentation’ include ‘any records used in the ordinary business of a bank’, including microfilm, magnetic tape and other records in any non-legible form (by the use of electronics or otherwise) capable of being reproduced in a permanent legible form. The courts have adopted a cautious approach in permitting this act to be used.
A bank that is compelled by subpoena to produce bank statements to a court will not breach its contractual duty of confidentiality by doing so without obtaining the customer’s consent. This may pose problems for a bank in deciding whether or not it should inform its customer, as it may be entitled, for its own protection or compelled by public duty, to refrain from informing its customer.
The Companies Act 2014 provides that in certain circumstances a company may have an inspector appointed to it to investigate its affairs. Subject to the court’s approval, an inspector appointed to investigate the affairs of a company may also investigate the affairs of any other body corporate that is related to such company. All officers and agents of a body corporate whose affairs are being investigated are required to produce to the inspectors all books and documents relating to the body corporate.
The problem that this part of the Companies Act 2014 (and formerly its predecessor the Companies Act 1990) poses for banks was highlighted in the correspondence leading up to the application ofChestvale Properties Ltd, Hoddle Investments Ltd v Glackin and Ansbacher Bankers Ltd, Noel Smyth and Partners and the A-G. Following the request to the bank from the inspector to deliver certain documents relating to the applicants, the applicants’ solicitors wrote to the bank’s solicitors stating: ‘If your client [the bank] now complies with the demands and it is subsequently deemed that your client [the bank] was not obliged to do so then our clients [the applicants] would have an appropriate remedy.’
The unenviable predicament for bankers was highlighted a month later by Murphy J inChestvale Properties Ltd & Hoddle Investments Ltd v Glackin, when he said:
‘Obviously the Bank and the Solicitor are in an awkward position; if they neglect to produce books or documents which should properly have been produced they expose themselves to the risk of penalties which might be imposed on them for contempt of court. On the other hand, if they hand over books or records which do not fall within the terms of the Act they may be liable to their clients for damages for breach of contract.’
The impact of this predicament was felt by the bank a month later inRe Chestvale Properties Ltd and Hoddle Investments Ltd, Glackin v Trustee Savings Bank and Mclnerney. When the bank was requested by the inspector to supply documents, it contended that without its customer’s consent, or a High Court order, it could not comply with the inspector’s request without breaching the duty of confidentiality that it owed to its customer. The court held that not only did the bank have to supply the documents but also to pay the inspector his costs of the hearing.
The words of Costello J inRe Chestvale Properties Ltd and Hoddle Investments Ltd, Glackin v Trustee Savings Bank and Mclnerney should be heeded, namely:
‘It seems to me that the bank has misunderstood its statutory duty... It is a duty to give assistance if requested to do so under the Act… It is not permitted to refuse assistance, because of a contractual arrangement with a customer which may have involved a term of confidentiality.’
The second qualification to a banker’s duty of confidentiality is where there is a duty to the public to disclose. There had been a dearth of case law to illustrate this principle until the Supreme Court’s decision inNational Irish Bank Ltd and National Irish Bank Financial Services Ltd v Radio Telefis Eireann. In that case, the defendants sought to publish information showing that certain named customers of the plaintiffs had, at the suggestion of the plaintiffs, used their monies on deposit (with the plaintiffs) for the purpose of investing in an Isle of Man company, the result of which, the defendants alleged, enabled the return on such monies to evade tax that would otherwise have been payable on the deposit accounts. Although it was not proved that the customers intended to evade tax and the plaintiffs denied it was the intention of the scheme to evade tax, the Supreme Court held by a three to two majority that the defendants could disclose to the public at large the information that they possessed, including the names of individual customers (albeit at the risk of a claim for defamation from the customers).
The principle of this exception to the duty of confidentiality was set out by Lynch J in his majority judgment, where he said:
‘There is no doubt that there exists a duty and a right of confidentiality between banker and customer as also exists in many other relationships such as for example doctor and patient and lawyer and client. This duty of confidentiality extends to third parties into whose hands confidential information may come and such third parties can be injuncted to prohibit the disclosure of such confidential information. There is a public interest in the maintenance of such confidentiality for the benefit of society at large. On the other hand there is also a public interest in defeating wrong doing and where the publication of confidential information may be of assistance in defeating wrong doing then the public interest in such publication may outweigh the public interest in the maintenance of confidentiality.’
In applying the principle in the case, Lynch J held:
‘the allegation which [the defendants] make is of serious tax evasion and this is a matter of genuine interest and importance to the general public and especially the vast majority who are law abiding taxpayers and I am satisfied that there is a public interest that the general public should be given this information.’
In applying the Supreme Court’s decision, the High Court held inBeverly Cooper Flynn v RTE that the duty and right of confidentiality is not absolute and must in an appropriate case be weighed and balanced against countervailing rights, obligations and entitlements, including the public interest in defeating wrongdoing where the publication of confidential information might be of assistance in bringing that about.
The Supreme Court’s decision was applied in The Minister for Enterprise, Trade and Employment and Ansbacher (Cayman) Limited on the application of the Revenue Commissioners, where a report of inspectors appointed to investigate the affairs of Ansbacher (Cayman) Limited was presented to the court and the Revenue Commissioners were permitted access to the report. The Revenue Commissioners now sought access to further documents that the inspectors had acquired in the course of their investigation but that were not included in the report. In granting the application (although limiting it somewhat), the President of the High Court stated:
‘In the circumstances of the present case it is appropriate to have regard to the contractual duty of confidentiality which exists between a bank and its customer and to the constitutional right to privacy and to balance these rights against the interests sought to be vindicated by the applicant for an order. However, the public interest is paramount… limited disclosure such as disclosure of tax evasion to the Revenue Commissioners, the recipient of such disclosure having a particular interest as opposed to disclosure to the world at large, will almost inevitably result in the court finding the balance in favour of the disclosure.’
An interesting feature here is that the High Court President seems to have called for limited disclosure to interested parties rather than the public at large.
The High Court President held:
‘I must have regard to the interests of the persons affected by the order sought and in particular to their contractual right of confidence in their dealings with their bank and their constitutional right to privacy. I must balance the interests of such persons against the public interest, in this case the effective functioning of the Revenue Commissioners. The disclosure sought is not to the public at large but is limited to the applicant who has a special interest in obtaining the same... The affairs of the company were conducted in a manner which disabled the applicant from assessing and collecting taxes, I am satisfied that the public interest in the assessment and collection of taxes outweighs the contractual right to confidentiality and the constitutional right to privacy of the individuals and companies mentioned in the report.’
It was held subsequently by the High Court inEMI Records (Ireland) Limited v Eircom Limited, which concerned details of internet accounts, that ‘a right to confidentiality, whether arising by statute, by contract or at common law, could not be relied on by a wrongdoer or a person against whom there was evidence of wrongdoing to protect his or her identity. The right to privacy or confidentiality had to give way where there was prima facie evidence of wrongdoing’.
The High Court President’s decision may reflect a more balanced approach to the use of the duty to the public exemption. This can be seen also from the court’s decision inLeech v Independent Newspapers (Ireland) Limited where in refusing an order for discovery the High Court held that, while the obligation of confidentiality to the participants in anad hoc inquiry could not, of itself, outweigh the public interest in full disclosure being made, there were cases where confidentiality was itself in the public interest.
A breach of the duty of confidentiality by a bank may result in damages being awarded to the relevant customer. In Slattery v Friends First Life Assurance Company Limited, when assessing the level of damages, McGovern J stated:
‘In this case, the plaintiff has not established any special damage arising out of the breach of confidence. But that is not a bar to the plaintiff recovering damages. It is clear from such authorities… that the Court is vested with a discretion to award compensatory damages, including aggravated damages, notwithstanding any failure to explicitly plead the latter category. Indeed, it would run contrary to what McCarthy J in McIntire v Lewis referred to as the “dynamism that characterizes the common law” for this Court to hold itself as being artificially restricted in granting the plaintiff a remedy.
The breach of confidence was a serious one and was deliberately intended to cause harm to the plaintiff’s business interests if he did not become more compliant with the wishes of the defendant. It was a quite improper use of information gathered in the course of a fiduciary relationship. The plaintiff is entitled to be compensated for the deliberate and conscious breach of his right to confidentiality, involving an extraordinary, wilful and totally inappropriate dissemination of this information...
The plaintiff is entitled to damages, including aggravated damages, for breach of confidentiality and I measure these at ˆ100,000…’
Although the plaintiff had not established any special damage arising out of the breach of confidence, the awarding of ‘aggravated damages’ highlights the seriousness with which the court will take a breach of confidence. Although the award of damages was set aside in the Court of Appeal, on the grounds that the acts of the plaintiff did not warrant damages, the award is nonetheless the first of its kind.
Bank confidentiality in Switzerland – or the bank–client confidentiality law – was codified in 1934 in the course of the enactment of the Swiss Federal Banking Act. However, Swiss bank confidentiality existed long before as customary law. It derives from the pronounced relationship of trust between banks and their customers that became a matter of course during the economic liberalism of the 19th century. Nowadays, Swiss bank confidentiality is an inherent part of the Swiss legal system, enshrined in different laws and regulations. However, the main legal basis still is Article 47 of the Swiss Federal Banking Act.
However, a federal popular initiative has been launched aimed at incorporating bank confidentiality in the Federal Constitution. The referendum thereon is still pending.
Swiss bank confidentiality establishes professional confidentiality comparable to that of lawyers, doctors or priests. All data stemming from the business relationship between the bank and client is covered by Swiss bank confidentiality. Therefore, not only is all data concerning assets protected but also all information on the client as a private individual and the banking relationship per se. Moreover, even information regarding third parties that came to the knowledge of the bank in the course of its business activities falls under the protection of Swiss bank confidentiality. Eventually, not only the disclosure of data but also the confirmation of already known data as well as the release of negative information are covered.
All members of the bank’s bodies, the bank’s employees, mandataries and auditors, as well as liquidators are obliged parties to bank confidentiality. With regard to the selection, instruction and control of its mandataries, the bank is obliged to take the necessary precautions in order to guarantee compliance with bank confidentiality.
There are several justifications allowing a deviation from Swiss bank confidentiality. Primarily, of course, the customer may waive bank confidentiality and allow the bank to disclose information to specified recipients – for instance, to the IRS in the context of FATCA.
Furthermore, there are several reporting obligations based on law that override bank confidentiality. As a principle, this is actually determined in the main legal basis for bank confidentiality itself. Article 47 paragraph 5 of the Swiss Federal Banking Act states: ‘Federal and Cantonal regulations concerning the obligation to testify and to furnish information to a government authority shall apply.’ However, a duty to disclose such information has to be based on a respective statutory provision. Therefore, general disclosure of information protected by bank confidentiality to regulators is not permitted. Yet, there is also a (rare) possibility to deviate from bank confidentiality in a situation of necessity according to Article 17 of the Swiss Criminal Code. This was widely discussed in the context of the Swiss Financial Market Supervisory Authority’s order of 18 February 2009, which allowed UBS to deliver customer data to the US authority.
Eventually, the duty to disclose information protected by Swiss bank confidentiality may also arise from bilateral agreements between Switzerland and another state – primarily from double taxation agreements.
With regard to exceptions in tax matters, a distinction needs to be drawn between the domestic and international environment.
Within Switzerland, there is no duty of disclosure for the bank via-à-vis the tax authority. It is the duty of the taxpayer to submit the relevant information and documentation to the tax authority. However, the tax authority has no permission to gather information on taxpayers from the bank directly. Only in cases of tax fraud (falsification of documents with the purpose to evade taxes) or justified suspicion of serious tax offences may the tax authorities gain access to bank data. In this context, the duty to hand over information protected by bank secrecy arises from the criminal procedure law that overrides bank secrecy. Still, in the case of simple tax evasion (non-declaration of assets or income in the tax return), there is no legal basis allowing for a deviation from bank secrecy.
In the international context, the situation is completely different and has evolved rapidly within the last few years. International mutual legal and administrative assistance became one of the major limitations of Swiss bank confidentiality.
Since 2009, administrative assistance in the case of tax evasion has been part of Swiss double taxation agreements in accordance with Article 26 of the OECD Model Tax Convention. Hence, in an international environment, bank confidentiality can be abolished in both cases, tax fraud and tax evasion, pursuant to the respective clause on information exchange in the bilateral tax treaty. The Federal Act on International Administrative Assistance in Tax Matters governs the implementation of mutual administrative assistance in accordance with the relevant double taxation agreement. In this regard, difficult interpretation issues have been raised in connection with the differentiation between permitted group inquiries and forbidden ‘fishing expeditions’. Furthermore, reference can be made to the fact that the law should be amended within a short timeframe. In the future, the Swiss authority should take up requests for assistance even if the foreign requesting state based its request on originally stolen data, but only if the state gained access to the respective data by way of ordinary administrative assistance or through publicly accessible sources. The legislative amendment aims at clarifying the legal situation and adapting to international standards.
Furthermore, Switzerland has agreed to establish the OECD Automatic Exchange of Information (AEOI). Under the AEOI, tax information will in future be automatically sent to the tax authorities of participating countries on a yearly basis. With this procedure, bank confidentiality cannot be abused by foreign clients to evade taxes in their country of residence; however, bank confidentiality remains a professional confidentiality under the AEOI in that Swiss bankers are still bound to an obligation of secrecy with regard to their clients and their accounts. The legal foundations for introducing the AEOI in Switzerland are due to come into force on 1 January 2017 and the first data exchange should take place one year later. Switzerland has already signed bilateral treaties for the introduction of the automatic exchange of information with several states, and also with the EU.
To sum up, in an international environment, Swiss bank confidentiality no longer protects tax evaders. However, the situation within Switzerland is different. The pending federal popular initiative, which aims at incorporating bank confidentiality into the Federal Constitution, would even manifest the current status and, in particular, avoid an automatic information exchange of bank data from domestic banks to domestic tax authorities.
Besides tax matters, there are several other exceptions to bank confidentiality. The various disclosing and reporting obligations arise from different laws. For example, in the following cases, a bank can be obliged to provide customer data: in civil proceedings, such as inheritance or divorce proceedings; in debt recovery and bankruptcy proceedings; in criminal proceedings; or in financial market authority proceedings.
Moreover, the reporting duty according to the Federal Act on Combating Money Laundering and Terrorist Financing is of significant practical importance. According to Article 9 of the law, (inter alia) every bank must immediately file a report with the Money Laundering Reporting Office if the bank knows or has reasonable grounds to suspect that assets involved in the business relationship are connected to certain criminal offences. In this regard, reference can be made to a recent amendment of the respective law, whereupon tax evasion now qualifies as a predicate offence for money laundering if the evaded taxes amount to CHF 300,000 or more per tax year.
The legal consequences of a violation of Swiss bank confidentiality are governed by Article 47 of the Swiss Federal Banking Act. A breach of bank confidentiality can be punished by imprisonment of up to three years and/or a monetary penalty. The amount of a monetary penalty is based on the income of the delinquent and may come to 360 daily rated fines of a maximum of CHF 3,000 each. In case of negligence, the consequence of a violation of Swiss bank confidentiality is a fine of up to CHF 250,000.
Furthermore, since 1 July 2015, the maximum period of imprisonment has increased to five years if the violation of bank confidentiality provides the perpetrator with a financial gain. The change of the law is a result of cases where a bank employee sold data to a foreign state. The stricter provision aims at strengthening clients’ confidence in the Swiss financial industry.
Additionally, a breach of bank secrecy can imply a liability of the bank for damages according to contract law.
[*] Gwendoline Godfrey is a partner, Banking & Finance with DMH Stallard in the United Kingdom and a former Co-Chair of the IBA Banking Law Committee. Danforth Newcomb is of counsel, Brian Burke a partner and George Chen a legal intern at Shearman & Sterling in the United States. Dr Niklas Schmidt is a partner and Dr Eva Stadler is a senior associate at Wolf Theiss in Vienna. Dimitria Coucouni is a senior partner at Andreas Coucounis & Co in Larnaca. William Johnston, solicitor, is a consultant in Arthur Cox, Dublin and a former Co-Chair of the IBA Banking Law Committee. &Buob in Zurich.
 Gwendoline Godfrey and Francis Neate (eds), Neate and Godfrey: Bank Confidentiality (6th edn, Bloomsbury Professional 2015).
 This section looks at the aspects of this topic under English law. It reflects the position as at 15 June 2016. It is based on the English chapter of Neate and Godfrey: Bank Confidentiality (6th edn) published by Bloomsbury Professional in association with the IBA.
 Directive 95/46/EC of the European Parliament and the Council of 24 October 1995.
 The Lending Code is a voluntary code of practice that sets standards for financial institutions when dealing with personal and small business customers in the UK. It was last revised in September 2015. It is available at www.lendingstandardsboard.org.uk.
 United Pan-European Communications NV v Deutsche Bank AG  2 BCLC 461. This case was followed by the Court of Appeal in Novoship (UK) Ltd and Others v Nikitin and Others  All ER (D) 63 (Jul). A similar situation was dealt with in CF Partners (UK) LLP v Barclays Bank Plc and Another  EWHC 3049 (Ch).
  1 KB 461. This case has since been referred to in various cases including R (on the application of Prothero) v Secretary of State for the Home Department  EWHC 2830 (Admin), 155 Sol Jo (no 37) 37,  All ER (D) 156 (Sep); and Brandeaux Advisers (UK) Ltd v Chadwick  EWHC 3241 (QB),  IRLR 224,  All ER (D) 235 (Dec).
 Maximillian Schrems v Data Protection Commissioner, Case C-362/14, 6 October 2015.
 Christofi v Barclays Bank plc  4 All ER 437, N v S EWHC 3248 (Comm),  All ER (D) 318 (Oct) applied this case.
 See n 6 above.
  EWCA Civ 64,  1 All ER (Comm) 1057.
 Playboy Club London Limited and Others v Banca Nazionale del Lavoro SPA EWCA Civ 457.
 Small and Medium Sized Business (Credit Information) Regulations 2015 (SI 2015/1945) implemented on 1 April 2016.
 Agreement of 12 September 2012 between the UK and the US to improve International Tax Compliance and to implement the FATCA as amended by an exchange of notes of 3 and 7 June 2013.
 International Tax Compliance (Amendment) Regulations 2015 (SI 2015/1839), which came into effect on 20 November 2015 for FATCA purposes and amended the previous regulations relating to the FATCA (SI 2015/878).
 Directive 2014/1014/107/EU of 9 December 2014 on mandatory automatic exchange of information in the field of taxation.
 Bank of Scotland v A Ltd, B and C  3 All ER 58.
 Shah and Another v HSBC Private Bank (UK) Ltd  EWHC 1283 (QB).
 Police and Criminal Evidence Act 1984, s 9.
 Criminal Justice Act 1987, s 2.
 See n 6 above.
 Jackson v Royal Bank of Scotland  UKHL 3. The judgment contains an indication of the way the court will assess the damage caused to the customer.
 Force India Formula One Team Ltd v Malaysian Racing Team Sdn Bhd  EWHC 616 (Ch); Primary Group (UK) Ltd v Royal Bank of Scotland plc  EWHC 1082 (Ch), referred to in Absolute Lofts South West London Ltd v Artisan Home Improvements Ltd and Another  EWHC 2608 (IPEC),  All ER (D) 77 (Sept).
 The information presented here is current as of 1 July 2016.
 Friedrich Sommer and Christine Hirsch in Markus Dellinger (ed), Bankwesengesetz – Kommentar (2016) s 38 para 4. Regarding the status of bank confidentiality prior to the enactment of statutory provisions cf Peter Jabornegg, Rudolf Strasser and Hans Floretta,Das Bankgeheimnis (1985), 24 et seq.
 Niklas Schmidt and Eva Stadler, ‘Rules in Austria Relating to the Exchange of Information and Assistance in Tax Collection’, 44 Tax Management International Journal 549; Oliver-Christoph Günther and Friedrich Jergitsch, Aktuelle Rechtsfragen zum österreichischen Bankgeheimnis und dem internationalen Informationsaustausch in Steuersachen (ÖBA 2016), 106.
 Here, Austria just barely managed to wiggle through and to preserve its bank confidentiality: together with Belgium and Luxembourg, Austria was during a transitional period granted the right to levy a withholding tax at a rate of 15 per cent during the first three years, 20 per cent for the subsequent three years and 35 per cent thereafter on interest payments made to beneficial owners who are individuals resident for tax purposes in another EU Member State (instead of having to report such interest payments on an automatic basis to the tax authorities of the other EU Member States, which would have required giving up bank confidentiality in this respect).
 Niklas Schmidt,‘Automatic Exchange of Information’, ITPA Journal, vol XV, no 1; Wolfgang Lafite, Philip Vondrak and Philip Gruber, Spiel mir das Lied vom Tod, Bankgeheimnis! (ecolex 2010), 82.
 Austrian Federal Law Gazette (Bundesgesetzblatt) I No 116/2015. In this context it should be noted that Austrian tax residents holding a bank account in Austria are subject to a final withholding tax on all interest, dividends, capital gains and derivative income earned on such account, which means that they do not have to report such income in their income tax returns. Also, because there is no net wealth, inheritance or gift tax in Austria, the holding or transfer of such accounts, whether inter vivosor mortis causa, is normally not subject to any tax. Consequently, the tax authorities would only rarely need access to such individual’s bank account, eg,in case they suspect that income from self-employment, which was remitted to such account, has not been declared.
 Friedrich Sommer and Christine Hirsch in Markus Dellinger (ed), Bankwesengesetz – Kommentar (2016) s 38 para 28.
 S 38(5) of the Austrian Banking Act; cfRené Laurer in René Laurer, Rainer Borns, Johann Strobl, Melitta Schütz and Oliver Schütz, BWG (2009) s 38 para 31.
 S 38(1) of the Austrian Banking Act.
 Friedrich Sommer and Christine Hirsch in Markus Dellinger (ed), Bankwesengesetz – Kommentar (2016) s 38 para 29 et seq.
 Martin Oppitz in Leo Chini and Martin Oppitz (eds), BWG (2011) s 38 para 3.
 Stefan Tiefenthaler and Emanuel Welten,‘Austria’,in Francis Neate and Gwendoline Godfrey (eds), Neate and Godfrey: Bank Confidentiality (6th edn, Bloomsbury Professional 2015), 62.
 Friedrich Sommer and Christine Hirsch in Markus Dellinger (ed), Bankwesengesetz – Kommentar(2016) s 38 para 59.
 Pursuant to Friedrich Sommer and Christine Hirsch in Markus Dellinger (ed), Bankwesengesetz – Kommentar (2016) s 38 para 92, also entities conducting banking transactions without an authorisation are encompassed by the rules on bank confidentiality. Note that special rules apply to finance institutions, ie, entities authorised to conduct the transactions mentioned in s 1(2) of the Austrian Banking Act, such as leasing services.
 Eg,lawyers advising the bank, in which case they would be subject to a dual confidentiality undertaking, namely under s 38 of the Austrian Banking Act and under s 9(2) of the Austrian Attorneys Act (Rechtsanwaltsordnung); cf Martin Oppitz in Leo Chini and Martin Oppitz (eds), Bankwesengesetz (2011), s 38 para 8.
 S 38(2)(5) of the Austrian Banking Act. The prerequisite that consent has to be given expressly and in writing serves as a precaution against a customer’s rash decision; cf Martin Oppitz in Leo Chini and Martin Oppitz (eds), Bankwesengesetz(2011), s 38 para 17.
 S 38(2)(6) of the Austrian Banking Act. The disclosure of particular details (such as a company’s key performance indicators, account balances, information relating to the utilisation of lines of credit or bounced bills of exchange) is not permissible, while the disclosure of an imminent insolvency or unsatisfactory creditworthiness is possible; cf Martin Oppitz in Leo Chini and Martin Oppitz (eds), Bankwesengesetz(2011) s 38 para 17.
 S 38(2)(9) of the Austrian Banking Act.
 S 38(2)(2) of the Austrian Banking Act.
 S 38(2)(2) of the Austrian Banking Act.
 S 38(2)(2) of the Austrian Banking Act.
 René Laurer in René Laurer, Rainer Borns, Johann Strobl, Melitta Schütz and Oliver Schütz, BWG (2009) s 38 para 10.
 S 38(2)(3) of the Austrian Banking Act.
 S 38(2)(4) of the Austrian Banking Act.
 S 38(2)(7) of the Austrian Banking Act. This applies to legal action brought by a bank against its customer, but also vice versa; cf Martin Oppitz in Leo Chini andMartin Oppitz (eds), Bankwesengesetz (2011) s 38 para 17.
 S 38(3) of the Austrian Banking Act.
 S 38(2)(1) of the Austrian Banking Act.
 S 38(2)(1) of the Austrian Banking Act.
 See the overviews in René Laurer in René Laurer, Rainer Borns, Johann Strobl, MelittaSchütz and Oliver Schütz, BWG (2009) s 38 para 24 et seq and in Stefan Tiefenthaler and Emanuel Welten,‘Austria’,in Francis Neate and Gwendoline Godfrey(eds), Neate and Godfrey: Bank Confidentiality (6th edn, Bloomsbury Professional 2015), 68 et seq.
 Stefan Tiefenthaler and Emanuel Welten,‘Austria’, in Francis Neate and Gwendoline Godfrey(eds), Neate and Godfrey: Bank Confidentiality (6th edn, Bloomsbury Professional 2015), 65.
 S 2(3) of the Austrian Act on the Implementation of Administrative Assistance. Prior to its enactment, Austria only exchanged information falling under the bank confidentiality rules with other tax authorities in connection with initiated criminal proceedings due to intentional fiscal offences.
 Namely those with Bahrain, Belarus, Belgium, Bosnia and Herzegovina, Bulgaria, Canada, Chile, Cyprus, the Czech Republic, Denmark, Finland, France, Germany, Hong Kong, Ireland, Liechtenstein, Luxembourg, Mexico, Montenegro, the Netherlands, Norway, Qatar, Romania, San Marino, Serbia, Singapore, Slovenia, South Africa, Sweden, Switzerland, Taiwan, Tajikistan and the UK, each as in force. The new or revised double taxation treaties with Georgia, Libya, Syria and Turkmenistan are not yet in force.
 Namely those with Andorra, Gibraltar, Guernsey, Jersey, Mauritius, Monaco and St Vincent and the Grenadines.
 S 38(2)(10) of the Austrian Banking Act.
 Ie,on the one hand, the OECD’s Multilateral Competent Authority Agreement on Automatic Exchange of Financial Account Information and, on the other hand, EU Council Directive 2014/107/EU of 9 December 2014 amending Directive 2011/16/EU as regards mandatory automatic exchange of information in the field of taxation.
 S 3 et seq of the Austrian Act on the Implementation of the Common Reporting Standard for Automatic Exchange of Financial Account Information.
 The information to be exchanged shall pertain to taxable periods beginning on: (1) 1 January 2017 for all accounts; and (2) 1 October 2016 for accounts opened on or after 1 October 2016. In this context it should be noted that the Agreement between the Republic of Austria and the United States of America for Cooperation to Facilitate the Implementation of FATCA follows IGA Model 2 and thus does not provide for automatic information exchange.
 Regarding the repercussions of the Austrian tax authorities receiving such information for the exchange of information in an international context cfDaniel W Blum, ‘Kontenregistereinsicht und Kapitalabflussmeldung: Offene Fragen und Implikationen für den grenzüberschreitenden Austausch von Bankinformationen’, SWI 2016, 304.
 S 2 et seq of the Austrian Act on the Notification of Capital Outflows and Capital Inflows.
 S 5 et seq of the Austrian Act on the Notification of Capital Outflows and Capital Inflows.
 S 38(2)(13) of the Austrian Banking Act.
 S 1 and 2 of the Austrian Act on the Implementation of an Account Register and of Account Inspections.
 S 38(2)(12) of the Austrian Banking Act.
 S 8 and 9 of the Austrian Act on the Implementation of an Account Register and of Account Inspections.
 S 38(2)(11) of the Austrian Banking Act.
 Stefan Tiefenthaler and Emanuel Welten,‘Austria’,in Francis Neate and Gwendoline Godfrey(eds), Neate and Godfrey: Bank Confidentiality (6th edn, Bloomsbury Professional 2015), 63.
 S 101 of the Austrian Banking Act.
 S 70(4) of the Austrian Banking Act.
 Walsh v National Irish Bank Limited  2 ILRM 56.
  2 ILRM 56.
 National Irish Bank v RTE  2 IR 465.
  1 KB 461.
  3 IR 35.
  2 ILRM 56.
  2 All ER (Comm) 664.
 See www.centralbank.ie – Code of Practice on the Transfer of Mortgages; the Code does not apply to a transfer within the same corporate group.
 Central Bank Act 1942, s 33AK(4).
 Central Bank Act 1971, s 18.
 Criminal Justice (Money Laundering and Terrorist Financing) Act 2010, ss 75, 77.
 Central Bank (Supervision and Enforcement) Act 2013, s 22.
 Central Bank (Supervision and Enforcement) Act 2013, ss 24 to 29.
 Credit Reporting Act 2013, s 5(1); the General Scheme of Credit Reporting Bill 2012 indicated the purpose of the Credit Reporting Act 2013, s 5(1) is to support
(1) informed lending decisions; (2) supervisory activity of financial institutions including prudential supervision; (3) consumer protection; (4) competition in credit markets; (5) economic development; (6) the provision of accurate information to credit information users; and (7) the Central Bank in the discharge of its statutory functions and exercise of its powers.
 See Credit Reporting Act – Q&A – January 2014.
 Credit Reporting Act 2013, s 11(1); amounts of less than ˆ500 are exempt from reporting under s 11(5) and (6).
 Credit Reporting Act 2013, s 7.
 Credit Reporting Act 2013, s 15.
 Taxes Consolidation Act 1997, ss 899 to 912 (as amended).
 Taxes Consolidation Act 1997, s 906A(3).
 Taxes Consolidation Act 1997, s 906A(4).
 Taxes Consolidation Act 1997, s 908(5).
 Taxes Consolidation Act 1997, s 908A(2)(a).
 Taxes Consolidation Act 1997, s 908B as inserted by the Finance Act 2004, s 87.
  2 ILRM 56.
 Taxes Consolidation Act 1997, s 257.
 Taxes Consolidation Act 1997, s 258.
 Section 90 and Schedule 4, as amended by the Finance Act 2005, s 144(1); see Taxes Consolidation Act 1997, ss 898B to 898R.
 In July 2005, the Revenue Commissioners published detailed Guidance Notes for paying agents on the Irish legislation implementing the Savings Directive.
 Criminal Justice (Money Laundering and Terrorist Financing) Act 2010, s 42(1).
 Criminal Justice (Money Laundering and Terrorist Financing) Act 2010, s 42(9).
 Burns v Bank of Ireland  1 IR 762; Criminal Justice (Money Laundering and Terrorist Financing) Act 2010, s 47.
 Criminal Justice (Money Laundering and Terrorist Financing) Act 2010, s 49(1).
 Criminal Justice (Money Laundering and Terrorist Financing) Act 2010, s 56(1).
 Criminal Justice (Money Laundering and Terrorist Financing) Act 2010, ss 75, 77, in 2012 the Central Bank carried out 28 inspections of 26 financial institutions.
 Criminal Assets Bureau Act 1996, s 14A(6).
 Previously s 299 of the Companies Act 1990 as amended by s 51 of the Company Law Enforcement Act 2001.
  3 IR 55.
 See the Bankers’ Books Evidence Act 1879, s 7A.
 S 7A.
 As amended by the Central Bank Act 1989, s 131(d) and the Disclosure of Certain Information for Taxation and other Purposes Act 1996, s 14(c).
 L’Amie v Wilson  2 IR 130; Staunton v Counihan  92 ILTR 32.
  3 IR 35.
 (10 March 1992, unreported) HC.
  3 IR 55.
  2 IR 465.
  1 ILRM 208.
  3 IR 193.
 Ibidat 200 and 201.
 Ibidat 203 and 204.
  4 IR 148.
  3 IR 766.
  IEHC 136.
  IECA 149.
 See Günter Stratenwerth in Rolf Watter et al (eds), Basel Commentary on the Swiss Federal Banking Act(Basel: 2nd edn 2013), Art 47 para 2.
 Robert U Vogler, Swiss Banking Secrecy: Origins, Significance (Zurich: Myth 2006), 69.
 See Art 47 of the Swiss Federal Banking Act of 8 November 1934 or Art 43 of the Federal Stock Exchange Act of 24 March 1995.
 See Art 321 of the Swiss Criminal Code of 21 December 1937.
 See Günter Stratenwerth, n 126 above, Art 47 para 13.
 Beat Kleiner, Renate Schwob and Christoph Winzelerin Dieter Zobl et al (eds), Commentary on the Swiss Federal Banking Act (Zurich/Basel/Geneva 2014), Art 47 para 9.
 Art 47 para 1 Lit a of the Swiss Federal Banking Act.
 Swiss Financial Market Supervisory Authority (FINMA) Circular 2008/7, paras 21, 34.
 Günter Stratenwerth, n 126 above, Art 47 para 25.
 Ibid, Art 47 paras 29, 37.
 Federal Court Judgment No 137 II 431 of 15 July 2011, Cons 4.4.
 See Beat Kleiner, Renate Schwob and Christoph Winzelerin Dieter Zobl et al (eds), n 132 above, Art 47 para 301 with further references.
 See Günter Stratenwerth, n 126 above, Art 47 para 42d.
 Art 127 para 2 of the Swiss Federal Tax Law of 14 December 1990.
 Beat Kleiner, Renate Schwob and Christoph Winzeler, n 132 above, Art 47 para 116 et seq; Günter Stratenwerth, n 126 above, Art 47 para 36.
 See Beat Kleiner, Renate Schwob and Christoph Winzelerin Dieter Zobl, n 132 above, Art 47 paras 105, 115.
 Ibid, Art 47 para 130.
 Peter R Altenburger, Der internationale Informationsaustausch in Steuersachen (Zürich/St Gallen 2015), 139.
 Beat Kleiner, Renate Schwob and Christoph Winzeler, n 132 above, Art 47 para 301.
 See Decision of the Federal Administrative Court No A-6843/2014 of 15 September 2015.
 Erläuternder Bericht zur Änderung des Steueramtshilfegesetzes (gestohlene Daten) vom 2 September 2015, p 2; see also Peter Nobel,‘Entwicklungen im Bank- und Kapitalmarktrecht’ in SJZ 2016, p 10 et seq, 14.
 See Christoph Winzeler, ‘Das Schweizer Bankkundengeheimnis im Wandel – Totgesagte leben länger’ in SJZ 2011, p 97 et seq, 105.
 www.sif.admin.ch/sif/en/home/themen/internationale-steuerpolitik/automatischer-informationsaustausch.htmlaccessed 1 July 2016; see also Peter Nobel,n 148 above, p 10 et seq, 12 f.
 See Peter Nobel,n 148 above, p 10 et seq, 14 f.
 See Günter Stratenwerth, n 126 above, Art 47 paras 30 et seq.
 See Art 160 para 1 of the Swiss Civil Procedure Code of 19 December 2008.
 See, eg, Art 581 para 2 of the Swiss Civil Code of 10 December 1907.
 See, eg, Art 222 para 4 of the Swiss Debt Collection and Bankruptcy Act of 11 April 1889.
 See Art 162 et seq of the Swiss Criminal Procedure Code of 5 October 2007.
 See Art 29 of the Federal Act on the Swiss Financial Market Supervisory Authority of 22 June 2007.
 Günter Stratenwerth, n 126 above, Art 47 para 31.
 Art 305bis No 1 and 1bis of the Swiss Criminal Code. See also Peter Nobel, n 148 above, p 10 et seq, 10.
 Art 47 para 1 of the Swiss Federal Banking Act in connection with Art 34 of the Swiss Criminal Code.
 Art 47 para 2 of the Swiss Federal Banking Act.
 Art 47 para 1bis of the Swiss Federal Banking Act.
 Peter Nobel,n 148 above, p 10 et seq, 10.
 Beat Kleiner, Renate Schwob and Christoph Winzeler, n 132 above, Art 47 para 375.