Describe the private banking confidentiality obligations.

There is no specific statutory regime on banking secrecy in the UK. However, there is a non-statutory or common-law duty of confidentiality, arising from the contractual relationship between a bank (including a private bank) and its customers. Under English common law, a bank owes a duty of confidentiality to its customer, and it is an implied term of the contract between the bank and its customer that the bank will keep the customer’s information confidential. However, firms customarily include express (as opposed to implied) confidentiality obligations in the terms of business and other contractual agreements between the customer and the private bank, that are entered into at the start of the relationship and prior to the provision of any services.


What information and documents are within the scope of confidentiality?

The implied duty of confidentiality duty is subject to a number of exceptions, but otherwise it extends to all information that the bank has about its customer, which is likely to include personal and financial information. Under Tournier v National Provincial and Union Bank of England (1924), the basic duty of confidence was expressly stated to cover:

  • the state of the account (credit or debit balance);
  • the amount of the balance;
  • all the transactions that go through the account; and
  • the securities (if any) given in respect of the account.


This applies both for the duration of the account being open, but also beyond the period when the account is closed or ceases to be an active account. The obligation also extends to information obtained from sources other than the customer’s actual account, if the time at which the information was obtained arose out of the banking relationship between the bank and its customer.

Expectations and limitations

What are the exceptions and limitations to the duty of confidentiality?

There are some established exceptions or limitations to the English common law duty of confidentiality. The case of Tournier v National Provincial and Union Bank of England (1924) established that a bank may divulge information about its customer in the following circumstances:

  • where the bank has the customer’s (express or implied) consent to disclose the information;
  • where the bank is compelled by law (court orders, statute or regulation) to disclose the information;
  • where the bank has a public duty to disclose the information; or
  • where disclosure of the information is required to protect the bank’s own interests.


However, while the principles in Tournier are generally accepted, they should also be considered in the context of other legal principles that govern confidential information specifically such as the General Data Protection Regulation. Furthermore, if there are express contractual obligations that permit the disclosure of the customer’s information in certain circumstances, then the obligations under Tournier will not apply in those circumstances.

There are also certain statutory exemptions that exist that would allow a bank to disclose confidential information in particular circumstances. For example:

  • the Financial Conduct Authority (FCA) has statutory powers to require the provision of information to it in certain circumstances; HMRC has wide investigatory powers if it suspects non-compliance with statutory provisions in respect of tax; and
  • AML and counter-terrorist financing (CTF) legislation can require banks to disclose information where there are reasonable grounds to suspect that a customer is involved in AML or CTF offences.


If, for example, the FCA required the disclosure of such information to its investigators as part of an ongoing investigation, it will not itself make an onward disclosure of the confidential information without legal authority (and there are certain circumstances in which the FCA may do so.)

A duty of confidentiality will also not apply to information that is already in the public domain or is common knowledge because that information is, by definition, public and not confidential. 


What is the liability for breach of confidentiality?

A private bank can be the subject of an injunction or a legal claim for breach of contract or breach of common law. If a customer considers that there is either about to be a breach, or there has been a breach, of the duty of confidentiality then they can: (1) apply to the court for a temporary or permanent injunction to refrain or restrain disclosure or a repetition of a previous disclosure; and (2) seek damages for a breach of contract, assuming there are express confidentiality obligations, or for a breach of the common law duty of confidentiality.

Law stated date

Correct on

Give the date on which the information above is accurate.

27 May 2020.