Violation of bank secrecy

Apply for SearchInform DLP TRY NOW

After a formal agreement on the provision of financial services between the citizen and the bank financial institution is responsible for the safety of customer information (bank secrecy). The transfer of customer data to third parties is prohibited by law. However, in practice, bank employees are not always responsible for fulfilling their obligations to protect information, especially if the client has a debt. Therefore, the issue of liability for disclosing bank secrets is becoming increasingly important.

Bank secrecy concept

Banking secrecy includes information about the client's banking operations, his deposits, loans and accounts. In accordance with the legislation of the Russian Federation, banks are obliged to preserve confidential information about the identity of the client and the movement of funds through his accounts. The client (individual or legal entity) has the right to demand compensation for material and moral damage through the court if an employee of a financial institution distributes materials related to bank secrecy.

Who has access to bank secrecy

All banking agreements contain a clause on the permission of an individual to process his personal data and the possibility of transferring this information to third parties. The law establishes an exhaustive list of individuals and organizations that can receive data related to banking secrecy:

  • the client himself or another person by his power of attorney;
  • credit bureaus (CRB), but only one;
  • deposit insurance organization;
  • state executors (bailiffs);
  • tax police;
  • Pension Fund (PF) of the Russian Federation;
  • social insurance;
  • customs Service.

The procedure for transferring information about the client

Individuals or organizations entitled to familiarize themselves with information related to bank secrecy are required to send an official request to the financial institution. Such a request shall indicate: the grounds for issuing information and a detailed description of the violation that caused the request for movement on the client's accounts.

The request must contain a link to the client's connection with the bank to which the request is submitted.

Responsibility for disclosure of confidential information

The disclosure of banking secrets implies the responsibility of the employee of the financial institution who declassified it. If the client has information about the disclosure of his personal data or the movement of accounts, he has the right to apply to the court with a statement of claim. The defendant in such a case can be not only a bank, but also organizations or individuals who, by law, have access to bank secrets.

In 2015, amendments were made to the Criminal Code of the Russian Federation aimed at tightening the liability for illegal receipt and disclosure of information constituting bank secrecy. Such amendments are aimed at increasing the personal responsibility of ordinary bank employees when working with personal information of clients.

Since mid-2015, criminal liability under Article 183 of the Criminal Code of the Russian Federation for illegal collection and disclosure of information related to commercial, tax or banking secrets has increased:

  • for obtaining information - fines increased from eighty to five hundred thousand rubles;
  • for distribution - from one hundred twenty thousand to one million rubles;
  • the same actions committed for the purpose of profit or entailing losses on a large scale - from two hundred thousand to one and a half million rubles.

In addition to penalties for the disclosure of bank secrets, which caused serious consequences, liability is provided in the form of imprisonment (up to seven years).

Financial executives support the tightening of accountability as timely and relevant at a time of heightened competition for clients, financial market fluctuations and increased demand for confidential information. Such measures contribute to the formation of a civilized and transparent banking market in which banking secrecy is reliably protected.

Lawyers also advocate for increased liability for the disclosure of bank secrets. Such amendments, in their opinion, will become an effective preventive mechanism in the fight against illegal collection and dissemination of personal information.

Disclosure threat: two perspectives on the problem

For financial institutions, issues related to the disclosure of classified information are unpleasant, and they do not like to comment on such incidents. Most bank executives say they have not personally encountered a successful unauthorized attempt to obtain or transmit information that constitutes bank secrecy. Rare and unsuccessful attacks on bank secrecy are associated, according to the administration of banks, with a high-quality system of protection of the client database. Protection of financial information is based on the separation of access rights to it, the use of encryption and automated database security systems, including the monitoring and analysis of suspicious events.

Lawyers do not share such optimism, reporting that in their practice there have been a sufficient number of cases related to the unauthorized dissemination of bank secrets. However, it can be problematic to prove such a fact in court. And most of the clients refuse litigation with a dubious ending. But lawyers call the work of banks to ensure the safety of personal information of clients mediocre. Most often, according to lawyers, information about a loan debt or the amount of a deposit is under threat of disclosure. The problems associated with the disclosure of confidential information are caused by the connivance of the management of banking institutions. For example, in the United States or Western Europe, an employee who is suspected of unfair treatment of classified data is subject to dismissal.


According to the majority of heads of financial institutions, the threat of misuse of information related to banking secrecy arises in two cases:

Unintentional disclosure of data on the negligence of bank employees. The best method to counter such violations is software that monitors and analyzes the data of emails and their attachments, as well as printed documents.

Deliberate cyberattack. The bank can be secured by technical equipment aimed at analyzing information flows, capable of reacting to deviations in the operation of the system and preventing network and virus attacks.

Thus, it is more expedient to direct the efforts of banks not to punish the perpetrators, but to preventive measures. Constant updates of the technological support of banks will not only improve the level of customer service, but also protect confidential information.