Taking counsel

  • 2005-09-07
  • By Inese Rendeniece [ LOZE, GRUNTE & CERS ]
Protection of bank client data

Since banks are credit institutions handling great amounts of confidential information on the financial state of, and transactions involving, legal entities and individuals, the security measures adopted by banks to protect such information are of utmost importance. It follows that we should know what to do if suspicions arise that there is an information leak in the bank.

Currently two laws exist in Latvia that ensure protection of client data in banks 's namely, the Personal Data Protection Law and the Credit Institutions Law. Both laws strictly state that disclosure of information to any third party is allowed only if the client has agreed in a mutually signed agreement. In practice, the safety of client data is guaranteed by computer-based security systems, employee codes, around-the-clock monitoring of information systems and a host of other measures undertaken by financial institutions.

In order to prevent money laundering and harmonize Latvia's laws with EU standards, in May this year some amendments were made to the laws affecting accessibility of bank client data. The range of persons under the Credit Institution Law who have legal right to access information regarding the client's account and situation with transactions has been expanded under the Credit Institutions Law. The list of persons and authorities who are authorized to claim confidential information from credit institutions includes the Prosecutor's Office, investigative agencies, the anti-corruption bureau and public notaries dealing with inheritance matters, to name a few.

Recently, the Law on the Prevention of Laundering of Proceeds Derived from Criminal Activity was amended as well, and with it an absolutely new definition appeared 's "true beneficiary" 's which may be a shareholder or any person in the interests of whom a transaction is performed. This amendment prescribes that it is the obligation of the bank to claim information regarding the "true beneficiary."

If a holder of the bank account is a legal entity, the owners of the entity have to be identified. A bank is also obliged to identify its client (1) in respect of financial transactions equivalent to or exceeding 15,000 euros; (2) if the client was not identified upon opening of the account or accepting resources in deposit; (3) on the basis of suspicion regarding laundering of money.

Possible information leak from banks may also cause anxiety. Often clients are not informed of legal restrictions on bank operations with respect to client data security, on the one hand, and mandatory information to be provided, on the other. If a bank improperly discloses client information or fails to perform the provisions of the Law On the Prevention of Laundering of Proceeds Derived from Criminal Activity, then the Financial and Capital Market Commission is entitled to impose sanctions on the bank in question.

The Credit Institutions Law states that if client information available to the bank is unlawfully disclosed, a penalty of up to 5,000 lats (7,140 euros) is imposed on the bank, while an individual for the same offense is held administratively or criminally liable.

In cases when the bank does not request its client complete a statement regarding the true beneficiary of the transaction, in accordance with the Credit Institutions Law, the Finance and Capital Market Commission may impose a fine of 5,000 's 10,000 lats on the bank. If the provisions of laws regulating operation of credit institutions are disregarded on a regular basis, the bank's license may be cancelled.

We can conclude that if a client of a bank learns that the bank has disclosed confidential information he may file an application with the police and request that a criminal case be brought against those guilty. Otherwise, a client may claim damages for losses incurred from information disclosure.

Inese Rendeniece is lawyer at the law firm Loze, Grunte & Cers in Riga.