Posted by Post Authored By: Ryan Mill
On February 20, 2022, Credit Suisse – a global investment bank and financial services firm based in Switzerland – experienced a data leak. The leak exposed 70 years-worth of client information, around 30,000 hidden accounts, and over $100 billion in assets. Notably, these 30,000 accounts belonged to former clients accused of money laundering, drug trafficking, and torture. The leak in February demonstrated the pernicious effects of bank secrecy laws when applied to large banks.
Origins and Pervasiveness of Bank Secrecy Laws
Bank secrecy laws are no new phenomenon. In 1648, the Treaty of Westphalia ended the bloodiest Protestant-Catholic conflict in European history called the Thirty Years’ War. Shortly after, in the early 18th century, French Catholic kings founded the quaint city-state of Geneva between the mountainous Alps and Lake Geneva. The city-state was perfectly located for Catholic royalty, who traveled there to conceal their dealings with Protestant bankers in the heated aftermath of the Thirty Years’ War.
Surging popularity for concealed transactions prompted the Geneva government to enact laws that banned bankers from revealing certain details about clients. Those legal protections established the basis for bank secrecy laws. Since then, many jurisdictions have adopted similar laws, including Hong Kong, Ireland, Lebanon, Luxembourg, Monaco, and Singapore.
In the early 20th century, Switzerland codified the first modern bank secrecy laws under the Swiss Banking Act of 1934. The Act legally protected two aspects of bank secrecy. The first aspect criminalized the disclosure of confidential client information to third parties without the client’s consent. Confidential client information included a bank’s dealings with individual clients, the existence of accounts, and any transactions undertaken by clients. The second aspect prohibited banks from disclosing their clients’ income tax-related information to foreign governmental authorities. In effect, this second aspect facilitated various tax evasion strategies for persons with Swiss bank accounts.
Comparing Switzerland’s Bank Secrecy Law with Other Jurisdictions
Policy imbalance in Switzerland’s bank secrecy laws contributed to the Credit Suisse leakage. In Switzerland, bank secrecy laws prioritize individual client privacy over deterring criminal transactions. Swiss policies protecting bank client privacy make sense given the original concerns following the Thirty Years’ War and the country’s foreign policy of neutrality. However, these policies also prevented Swiss-based banks like Credit Suisse from identifying problematic account holders, like the ones whose information was leaked in February 2022.
Different policy concerns prompted the U.S. Congress to enact the Bank Secrecy Act in 1970. Unlike Switzerland, U.S. bank secrecy rules primarily aim to deter money laundering, tax evasion, and criminal financing. To do so, the U.S. Bank Secrecy Act requires financial institutions to – among other things – report to the U.S. Treasury Department suspicious transactions by clients that exceed $10,000 USD. This automatic exchange of information geared towards crime deterrence contrasts with the Swiss approach where automatic reporting is generally triggered after a client is discovered to commit tax fraud.
Another example of bank transparency requirements comes from Luxembourg. Under Luxembourgian law, client banking information may be disclosed in one of four situations: (1) compulsion of law, (2) public interest, (3) the bank’s own interest, or (4) where the client gives consent. In general, the public interest situation arises when a client is allegedly involved in criminal activity. This represents yet another contrast to the Swiss approach where there is no analogous legal basis to require disclosure of client information solely based on public interest.
Thoughts & Lessons from the February 2022 Leak
What can be learned from the February 2022 information leak and how does it shed light upon the morality of bank secrecy laws in general? When examining this question, the bank’s intent is the most important aspect. For instance, was the bank purposefully using secrecy laws to help clients evade taxes, or was the bank simply protecting its client’s confidential information as required by the Swiss Banking Act of 1934 (or similar local statute)?
Despite Credit Suisse denying allegations that it purposefully harbored the assets of criminals, circumstantial evidence points in the other direction. Credit Suisse claimed that after reviewing many accounts potentially associated with the allegations of criminality, around 90% of them were either closed or in the process of closing prior to press inquiries. The bank further claimed that 60% of the hidden accounts were closed prior to 2015. However, since most of the criminal accounts were opened after 2000, many assumed that Credit Suisse actively facilitated criminal activity.
To improve bank secrecy laws going forward, there must be a more effective policy balance between protecting client confidentiality and deterring criminal activity. For example, Switzerland and similar jurisdictions could enact legislation that creates minor transparency reporting requirements aimed at deterring criminal financing and money laundering, such as the U.S. Bank Secrecy Act rules.
In summary, the massive leak creates several lessons. The first key takeaway is that without some barebone government-imposed disclosure rules, bank secrecy laws will inevitably incentivize immoral decisions, such as tax evasion. Whether purposeful, or simply a lack of due diligence, the Credit Suisse case demonstrates how insufficient governmental oversight leads to criminal and fraudulent activities slipping between the cracks. The second key takeaway is the broader problem from bank accounts in jurisdictions that have similar bank secrecy laws. The Credit Suisse incident is simply a domino that will most likely initiate a chain reaction of repealing – or, at least narrowing the scope of – overprotective bank secrecy laws.
About the Author:
Ryan Mill is a J.D. candidate at the Chicago-Kent College of Law, a member of the Chicago Bar Association’s YLS Business Litigation Committee, and he currently serves as a law clerk at Doherty & Progar LLC.