Describe the private banking confidentiality obligations.

Banks incorporated in Switzerland, as well as Swiss branches and representative offices of foreign banks, are bound by a statutory duty of confidentiality towards their clients (ie, banking secrecy). The disclosure of client information to third parties, including parent and affiliated companies, is prohibited in this context.

Banking secrecy is, however, not absolute and may be waived or does not apply under certain exceptional circumstances. In recent years, the importance and scope of Swiss banking secrecy has been subject to intense discussion following pressure of foreign countries. The situation has, however, changed as regards tax matters with the implementation of the automatic exchange of information.

Since the entry in force of Financial Institutions Act of 2020 (FinIA) on 1 January 2020, wealth managers newly subject to supervision are to comply with a statutory duty of confidentiality (similar to banking secrecy; see above) towards their clients.

Besides the above, clients’ data is also protected by the provisions of the Data Protection Act (DPA), which is generally in line with European legislation on data protection. Currently, the DPA is under revision in order – at least in theory – to harmonise it with the new data protection standards adopted by the EU (ie, the EU General Data Protection Regulation 2016/679 (GDPR) and EU Directive 2016/680). At the time of writing, the Swiss legislator has not yet published a time frame for this reform, which will allow Switzerland to uphold its status as a country providing for an equivalent level of data protection and to be recognised as such by EU member states.


What information and documents are within the scope of confidentiality?

Swiss banking (and professional) secrecy encompasses all information and documents that pertain to the contractual relationship between the bank (respectively the wealth manager) and its clients. That said, Swiss case law and scholars make it clear that purely internal notes and instructions of a bank (ie, not specifically relating to a client or containing client-identifying information) pertain to the bank’s own private sphere and are not covered by banking secrecy.

Likewise, the contractual confidentiality provisions within asset management agreements usually cover a similar scope of information.

For the purposes of data protection, the term ‘personal data’ comprises any information that relates to an identified or identifiable person (ie, the data subject), it being understood that Swiss law adopts a ‘relative’ approach to the identification, in the sense that the ability to identify a data subject from the data is assessed relative to the person processing the data, by reference to legal means to access other data that may be correlated to the dataset under review, and not merely based on the theoretical ability of any person to reverse engineer a dataset.

Expectations and limitations

What are the exceptions and limitations to the duty of confidentiality?

Swiss banking (and professional) secrecy does not apply in certain exceptional situations. This is the case when a bank (or a regulated wealth manager) is under a disclosure of information duty to Swiss public or judicial authorities, in accordance with relevant Swiss procedural regulations. Further, communication of information for the purposes of consolidated supervision over a banking group to which a Swiss bank belongs (provided that such communication is necessary and fulfils further conditions) may be allowed despite banking secrecy. Finally, banks and other institutions subject to the FinIA are authorised to disclose client-related data provided the client has given his or her consent. To be valid, the secrecy waiver is to be expressly given in writing and the client is to be specifically informed on the consequences of such a waiver. Further, its scope is to be clearly defined.

In terms of data protection, the exceptions and limitations in relation to the processing or communication of personal data generally rely on the data subject’s consent, a legal obligation or a prevailing public or private interest. Certain limitations also apply in the event of a transmission of data abroad, namely in the event that the foreign country to which the data is transmitted does not offer an adequate level of data protection.


What is the liability for breach of confidentiality?

Under Swiss law, a breach of banking or professional secrecy is considered as a breach of the relationship with the client, and may give rise to criminal and civil liability.

The potential sanction for an intentional breach of banking and professional secrecy is a fine of up to 540,000 Swiss francs or a jail sentence of up to three years for the individuals involved. In cases where a pecuniary advantage was obtained for the individual involved or a third party through the breach, the potential jail sentence is up to five years or a fine. In the case of negligence, the sanction is a fine of up to 250,000 Swiss francs. Further, an intentional breach may be considered as an activity contrary to proper banking practice (article 3, paragraph 2(c) Banking Act). In practice, the Swiss bank and its management would run a risk of sanctions and may ultimately lead to the withdrawal of the Swiss banking licence, as well as personal bans from exercising any managerial roles in regulated entities for the individuals. The same considerations would apply in our view to wealth managers newly subject to supervision.

Finally, the Swiss bank or wealth manager would also incur a civil liability based on breach of contract towards its clients for any financial prejudice suffered by them as a result of the disclosure information. The extent of liability for breach of contract will depend on the terms of the contractual agreement, in particular any indemnification or limitation of liability provisions.

For the rest, the potential sanctions in the case of intentional breach of certain provisions of the DPA is a fine capped at 10,000 Swiss francs.

Law stated date

Correct on

Give the date on which the information above is accurate.

30 June 2020.