14
(d)
for the banker’s
duty of confidentiality
only,
where it is
in the interests
of the bank
to make
disclosure.
Consent
2.10
Disclosure of
confidential information
is permissible
where the
Rights Holder
37
to the disclosure
of their confidential
information
38
(though limitations apply
to the validity of
consent
that can provided
by an employee, as
described in in
paragraph
:
).
39
Compulsion of law
2.11
Information
that
would
otherwise
be
confidential
may
be
disclosed
when
required
by
a
statutory
provision
40
41
2.12
To satisfy this compulsion of law exception it is likely that UBSLB would have to rely on UK statute
– a provision of US law, such as an SEC Rule, is unlikely to be sufficient for this purpose.
42
(a)
Whilst there are numerous statutory provisions that require the disclosure of information that
would otherwise be confidential,
43
none applies directly to this situation.
(b)
UBSLB is obliged to comply with the FCA’s
and PRA’s
general rules, as set out in the FCA
Handbook
and
PRA
Rulebook,
44
and
these
include
the
FCA’s
Principle
11
and
the
PRA’s
Fundamental
Rule
7,
which
require
UBSLB
to
“
deal
with
its
regulators
in
an
open
and
cooperative way...
”.
This requirement includes disclosure to
overseas regulators such as the
SEC.
45
However, there
are specific powers available to
the FCA and
PRA to oblige UBSLB
37
Where the banker’s duty of
confidentiality applies this will be the customer.
38
Due of the overlap
between bank confidentiality and data
protection laws (as discussed in
paragraph
), it would be
advisable to clarify
when obtaining consent that another, separate, legal basis applied to the processing
of the personal data under data protection laws.
39
Whilst it is possible to rely on
implied consent
, there
is likely to be a high ba
r to meet
in order to do so
.
In
Turner v Royal Bank of Scotland
Plc
[1999] 2 All E.R, regarding the banker’s duty of confidentiality, it
was decided that established market practice of sharing of customer
information between banks (which
practice was generally
known only to the
banks themselves) did not
amount to implied consent
of the
customer as this practice was not known by the customer.
To amount to implied consent, the practice under which disclosure is made must
be “
notorious, certain and reasonable
” (
Turner v Royal
Bank of Scotland Plc
[1999] 2 All E.R
664 at 670, Sir
Richard Scott VC quoting
from
Chitty on Contracts
(27th edn, 1994), vol I, para 13-014.)
The practice
of sharing
information with
local regulators
in order
to enable
banking business
to be
conducted within
the relevant
local
jurisdiction is, in our experience, well
established such that it might be considered
“
notorious, certain and reasonable
”.
In this context, it is
possible that
much of
the information
contained in
the Covered
Books and
Records would
be information
of a
sort that
customers (and
particularly more sophisticated customers of the
kind that would normally be
offered services by UBSLB in
respect of SBSs) may expect
would be shared with the SEC.
In part, the ability
to rely on implied
consent will depend
on the information
provided to customers when
UBSLB provides services
in SBSs.
If no information about the jurisdiction or regulators involved
is provided then UBSLB would rely on the customer’s
own understanding of
regulatory obligations on banks, the US nexus
and the SEC’s role
in these services.
Conversely, if customers are
informed that UBSLB’s
activity in SBSs is conducted on a cross-border basis
into the US and is subject to oversight by
the SEC then the ability to rely on
implied
consent increases.
Similarly, if customers are
informed that detailed information on all
aspects of UBSLB’s activity
in SBSs is subject to
examination by the SEC then the ability to rely on implied consent
increases further still.
40
Se
e the
example given
by Bankes
LJ in
Tournier
v National
Provincial &
Union Bank
[1924] 1
K.B 461
at 473
of the
Bankers’ Books
41
For the general duty
of confidentiality: E.g. a
subpoena duces tecum
issued by an English
court, as confirmed
in
Loyd v Freshfield and
Kaye,
Gents. Two, &c
(1826) 172 E.R. 147 at 329.
For the banker’s duty of confidentiality:
X AG and others v A bank
42
We
are not aware of any
case law dealing with
whether foreign statute can satisfy the
compulsion of law exception.
In
Bank
(Governor and
Company of
the
Bank of
England intervening)
[1992] 3
WLR 705
it
was held
that
there
would be
no breach
of
confidentiality where disclosure was ordered
by a United Kingdom
regulator (in this case
the Bank of England)
who would then pass
the
information over to a foreign regulator, in this case the US Federal Reserve Board.
However, the judgement emphasised it was the United
Kingdom regulator’s compelling power
under the Banking Act 1987,
not that of the US Federal
Reserve Board, which was decisive.
Whilst
this case applies to the banker’s duty of confidentiality,
it is also of relevance to the general duty of confidentiality.
.
43
For example under
s.175(5)(d) of the
FSMA
, by virtue
of which a
person owing
a banker’s duty
of confidentiality may
be compelled to
disclose confidential
information when
a specific
requirement is
imposed on
the Recipient
by an
investigating authority
to disclose
the
information.
Additionally, under s.330 of
the Proceeds of Crime Act
2002 it is an offence
for someone in the regulated sector
to disclose
knowledge or
suspicion of
money laundering
activities.
A banker
who suspected
or
became aware
of a
customer’s
money laundering
activities, although owing their customer a duty of confidentiality by virtue of their relationship to the customer, who be compelled by this
to disclose.
Disclosure in this circumstance would be an authorised use
and as such would not constitute a breach of confidence.
44
These are rules published by the FCA in the exercise of its power under section 137A (for
the FCA) and 137G (for the PRA) of
FSMA and
enforceable by the FCA and PRA, respectively, pursuant to Part XIV of FSMA.
45
Principles for Business
section of the FCA Handbook at
l. l.6G
.
0036335-0000808 UKO1: 2004471715.25