Secrecy and Confidentiality

In the UK, secrecy and confidentiality in relation to banks and bank accounts are primarily governed by a long-established legal principle known as the duty of confidentiality. This means that a bank is legally required to keep all information about its customers, including account details, transactions, and personal data, strictly private. This duty arises automatically when a customer opens an account and forms a contractual relationship with the bank. The obligation was established in case law, most notably in Tournier v National Provincial and Union Bank of England (1924), which confirmed that banks must not disclose customer information without proper justification.

However, this confidentiality is not absolute. UK law allows certain exceptions where banks are permitted or required to share information. These include situations where disclosure is required by law, such as in cases involving criminal investigations, anti-money laundering regulations, or court orders. Banks may also disclose information if there is a public duty to do so, if the customer has given consent, or if it is necessary to protect the bank’s own interests, for example in legal disputes.

In addition to common law, confidentiality in banking is reinforced by statutory regulation, particularly through the UK General Data Protection Regulation and the Data Protection Act 2018. These laws require that personal and financial data is processed securely, fairly, and only for legitimate purposes. Financial institutions must also comply with strict regulatory frameworks set by authorities such as the Financial Conduct Authority (FCA), which impose additional obligations regarding customer data protection and transparency.

Overall, confidentiality in UK banking means that customer information is strongly protected, but it can be lawfully disclosed under specific and regulated circumstances.

Under the laws of Gibraltar, Electronic Money Institutions (EMIs), payment service providers, and partner banks operating IBAN account structures are subject to strict banking secrecy, data protection, and confidentiality obligations. All customer-related information, including personal and corporate identification data, IBAN and account details, transaction records, balances, payment history, as well as KYC, AML, and compliance documentation, is treated as confidential and protected under applicable Gibraltar law and regulatory requirements.

Such information may not be disclosed to any third party except where disclosure is required by applicable laws or regulations, mandated by a court order, requested by a competent authority such as a regulatory, supervisory, judicial, or law enforcement body, necessary for compliance with anti-money laundering, counter-terrorist financing, sanctions, or regulatory reporting obligations, or expressly authorised by the customer.

These confidentiality obligations are applied in accordance with the regulatory framework of the Gibraltar Financial Services Commission (GFSC) and relevant data protection and financial services legislation. Banking secrecy does not prevent the lawful exchange of information between regulated entities, service providers, correspondent partners, or technology platforms where such exchange is required for operational purposes, regulatory compliance, or risk management, provided that appropriate legal, technical, and organisational safeguards are in place.

Under the laws of Singapore, banks, payment institutions, and fintech service providers operating accounts, wallets, or payment structures are subject to strict banking secrecy, data protection, and confidentiality obligations. All customer-related information, including personal and corporate identification data, account or wallet details, transaction records, balances, payment history, and KYC, AML, and compliance documentation, is treated as confidential and protected under applicable Singapore law and regulatory requirements. Such information may not be disclosed to any third party except where disclosure is required by applicable laws or regulations, mandated by a court order, requested by a competent authority such as the Monetary Authority of Singapore (MAS) or other regulatory, supervisory, judicial, or law enforcement bodies, necessary for compliance with anti-money laundering, counter-terrorist financing, sanctions, or regulatory reporting obligations, or expressly authorised by the customer.

These confidentiality obligations are applied in accordance with the regulatory framework of the Monetary Authority of Singapore, including the Payment Services Act, the Banking Act, and applicable data protection legislation such as the Personal Data Protection Act (PDPA). Banking secrecy does not prevent the lawful exchange of information between regulated entities, service providers, correspondent partners, or technology platforms where such exchange is required for operational purposes, regulatory compliance, or risk management, provided that appropriate legal, technical, and organisational safeguards are in place.