Describe the private banking confidentiality obligations.

The Law on Commercial Banks provides that commercial banks establish regulations concerning information management and confidentiality, and prevent the client’s information from being used improperly. The Measures for the Administration of Bank Card Business stipulate that a card-issuing bank shall be responsible for keeping secret the credit information of the cardholders. In addition, the Measures for the Administration of Renminbi Bank Settlement Accounts stipulates that banks shall ensure the confidentiality of information about depositors’ bank settlement accounts. Banks shall have the right to decline any enquiries by institutions or individuals on deposits and other relevant information on bank settlement accounts for institutions or individuals, unless stipulated otherwise by the laws and administrative regulations. However, these rules are abstract and are not specific, which makes them hard to implement. Some important issues have not been resolved. For example, banks may disclose clients’ information in a lawsuit to protect the public interest. In the current situation, HNWIs may have reservations when handing over assets to financial institutions. In addition, some financial institutions have not recognised the importance of information protection, do not take measures to protect the clients’ information and have little knowledge of the relevant laws and regulations.


What information and documents are within the scope of confidentiality?

It varies depending on the specific agreement but usually includes personal information and asset information.

Expectations and limitations

What are the exceptions and limitations to the duty of confidentiality?

There are laws for financial institutions detailing their responsibility to protect information, but many exceptions are provided for the needs of the judicial and law enforcement departments, including the public security authority, procuratorate, courts, security bureau, customs, tax authorities and the People’s Bank of China. In practice, many of the aforementioned departments and other special organisations may also obtain clients’ information from financial institutions.


What is the liability for breach of confidentiality?

First, there is civil liability, including liability for breach of contract and infringement liability. The Contract Law stipulates that if a party fails to perform its obligations under a contract, or its performance fails to satisfy the terms of the contract, it shall bear the liabilities for breach of contract such as to continue to perform its obligations, to take remedial measures, or to compensate for losses. Thus, if a bank violates the confidentiality agreement and infringes the private rights of clients, the bank must bear the responsibility for stopping the infringement, compensating the loss, extending a formal apology, eliminating the adverse effects and restoring reputation.

Second, there is administrative liability, which includes two aspects. The first is for financial institutions, including confiscation of illegal gains, fines, suspending operation for rectification and revocation of the business licence. The second aspect relates to the person who has direct liability, where punishment includes fines, removal from the office held and of qualifications, and prohibiting them from future work in financial institutions.

Third, there is criminal liability. According to Amendment (VII) of the Criminal Law, whoever sells or provides any citizen’s personal information in violation of the relevant provisions of the state shall, in serious circumstances, be sentenced to imprisonment of not more than three years or criminal detention, in addition to a fine, or be given a fine only; in especially serious circumstances, the person may be sentenced to imprisonment of not less than three years but not more than seven years in addition to a fine.

Law stated date

Correct on

Give the date on which the information above is accurate.

16 June 2020.