Financial Crime World

Luxembourg’s 2018 Law: A New Era for Banking Secrecy

The 2018 Law in Luxembourg has introduced significant changes to the country’s banking secrecy laws, making it easier for credit institutions and payment services (PFS) to disclose information to third-party service providers, regulators, and intra-group entities.

Introduction

The 2018 Law amends Article 41 of the 1993 Law on the financial sector, which regulates banking secrecy. The amendments aim to strike a balance between maintaining confidentiality for clients and ensuring that credit institutions and PFS comply with regulatory requirements.

Changes to Banking Secrecy Exceptions

The law introduces several changes to the exceptions to banking secrecy:

Outsourcing of Services

  • Article 41(2bis) now allows credit institutions and PFS to outsource certain services to third parties, as long as the client has accepted in writing the outsourcing of relevant services and is informed of the country of establishment of the service provider.
  • This change enables credit institutions and PFS to take advantage of specialized expertise without compromising banking secrecy.

Disclosure of Information to Regulators

  • Article 41(3) has amended the communication channels for disclosing information to national and foreign regulators, including European regulators such as the ECB.
  • The conditions for disclosure remain the same:
    • The authority requesting the information must act within their legal competences to supervise the financial sector.
    • The information disclosed must be subject to professional secrecy of the receiving authority.
    • The transfer of information must take place through the intermediary of the parent company or shareholder of the credit institution/PFS, which is itself subject to prudential supervision.

Intra-Group Disclosure of Information

  • Article 41(4), first sub-paragraph now contains more lenient rules for the disclosure of information to the parent company of, or shareholders having a qualifying holding in, a Luxembourg credit institution or PFS.
  • The information protected by banking secrecy can be communicated to these persons not only to ensure sound and prudent management but also to allow risk assessment on a consolidated basis.

Interactions between the 2018 Law and Data Protection Legislation

  • The 2018 Law maintains an exception to banking secrecy when credit institutions and PFS are subject to the General Data Protection Regulation (GDPR).
  • This exception ensures that credit institutions and PFS continue to be regulated by both banking secrecy rules and GDPR.

Conclusion

The 2018 Law has introduced significant changes to the exceptions to banking secrecy in Luxembourg, making it easier for credit institutions and PFS to disclose information to third-party service providers, regulators, and intra-group entities. The law also ensures that credit institutions and PFS continue to be regulated by both banking secrecy rules and GDPR.