Banks and banking transactions are a fundamental pillar of the financial world. However, in order to maintain confidence and credibility in banks, the protection of customers’ secrets is imperative. In Turkey, this obligation for banks to maintain secrecy is based on the principle of protecting individuals’ private lives set out by Article 20 of the Constitution.
The protection of customer secrets is guaranteed under the Criminal Code, the Banking Law and the Central Bank Law. Moreover, a new draft of the Law on Customer, Trade and Banking Secrets provides details of such secrets and any exceptions.
The criminal liability of banks and their employees for any breaches of confidentiality in relation to customer secrets is regulated by the Banking Law and the Criminal Code.
‘Customer secrets’ are defined in the draft Law on Customer, Trade and Banking Secrets as “secrets consisting of information and documents which have been obtained by corporations and which concern the financial, credit and cash positions of customers”. In this regard, all information obtained both before and after the conclusion of a banking contract –including that relating to the asset situation of a customer, guarantee letters, sureties, bills of account and other personal information (eg, identification data, address and phone numbers) – is regarded as customer secrets.
According to Article 76 of the Banking Law, all persons or legal entities to which a bank provides services can be regarded as customers of that bank. Accordingly, anyone who makes a payment at a bank counter is regarded as a customer, even if he or she does not hold an account with the bank.
According to Article 73/3 of the law, customer secrets may be obtained by bank officers and other employees as a result of their duties, as well as by third-party responsible individuals. Under the law’s preamble, ‘responsible individuals’ include bank board members, bank managers, notaries, public officers, debt enforcement officers, inspectors, sworn auditors, independent auditors and other institutions authorised by law to obtain customer secrets.
For an offence to occur, customer secrets must be shared or explained to unauthorised persons, or used by the individual responsible for his or her or another’s benefit. The oral transfer of customer secrets is also regarded as an offence. Proof of damage is not required.
This offence rests on the principle of general intent. However, according to Article 159/2 of the Banking Law, in relation to the “disclosure of customer secrets on the purpose of own or others benefit”, a motive must be proven. An offence will not occur if a bank employee discloses a customer secret accidentally. For example, a bank employee may not be penalised in circumstances where his or her comment is overheard or seen by third parties incidentally.
Article 159 of the Banking Law and Article 239 of the Criminal Code regulate the disclosure of customer secrets. Under Article 159 of the law, anyone who discloses bank customer secrets will be sentenced to between one and three years in prison, and to a judicial fine of 1,000 to 2,000 days. In contrast to the code, no complaint is required for prosecution under this offence.
Moreover, under Article 239 of the code, anyone who releases banking, trade or customer secrets obtained as a result of his or her duties or occupation will be sentenced to between one and three years in prison, and to a fine of 5,000 days on a complaint being proven.
The aggrieved party may file a suit for damages against the bank, since the bank is also liable as an employer for the tortious acts of its employees within the scope of Articles 49, 66 and 116 of the Law on Obligations. In such case the bank may seek recourse from the employee responsible for disclosing the secret.
The obligation for banks to maintain secrecy is unrestricted, but exceptions do apply. For example, under Article 73 of the Banking Law, bank associates, board members and employees may disclose customer information to credit institutions and finance institutions. The secrecy obligation will also cease to apply where a customer has given consent for information to be disclosed.
The draft Law on Customer, Trade and Banking Secrets defines the terms ‘trade secret’, ‘banking secret’ and ‘customer secret’ and regulates the exceptions to confidentiality. According to Article 3 of the draft law, when a customer agrees to the disclosure of information or a legal obligation must be fulfilled, it is not regarded as the disclosure of customer secrets. Articles 4 and 5 of the draft law regulate the cases under which customer secrets may be (and must be) disclosed. Under Article 4, secrets may be disclosed when revealed:
- in parliamentary enquiry sessions (which are kept confidential);
- in enquiries and prosecutions conducted by the courts;
- during audits made in the name of the treasury; and
- where provided for by other laws.
Under Article 5, banking, trade and customer secrets must be disclosed to:
- the Grand National Assembly of Turkey;
- the courts; and
- the public prosecution offices.
Secrets must also be revealed in relation to financial and administrative audits, provided that:
- the information is related to the duty;
- it is limited to the purpose of the audit; and
- disclosure of such information is an obligation.
The draft law is under discussion before Parliament. Despite its provisions concerning secrecy, the probability of companies being held liable for damages as a result of the disclosure of corporate information has been criticised. Some institutions have introduced an indemnification clause for corporate damages.
The protection of confidence in banking transactions is provided by law. Moreover, if the abovementioned draft law is enacted, the terms and regulations concerning trade, banking and customer secrets, as well as the limits of banks’ obligation to keep customers’ information secret, will be clarified and determined.