Financial Crime World

Luxembourg Weakens Banking Secrecy Laws with New Outsourcing Exemptions

In an effort to facilitate the use of outsourcing solutions in the financial sector, Luxembourg has made significant changes to its banking secrecy laws. The amendments aim to strike a balance between confidentiality requirements and regulatory compliance.

New Exemptions for Outsourcing

Expanding Professional Secrecy Obligations

Under Article 41 of the Law on the Financial Sector, institutions in the financial sector have been obligated to maintain professional secrecy with regard to client information since 1993. However, a recent amendment adopted on February 27, 2018, has introduced significant changes to this provision.

Exemptions for Entities Subject to Similar Obligations

Institutions in Luxembourg can now transfer confidential information to entities established within the country and supervised by:

  • Commission de Surveillance du Secteur Financier (CSSF)
  • European Central Bank
  • Commissariat aux Assurances

without requiring client consent. This includes entities that are subject to criminal sanctions for breaching professional secrecy obligations.

Conditions for Outsourcing Activities

For outsourcing activities to other types of entities – whether located inside or outside Luxembourg and regardless of their group affiliation – information covered by the banking secrecy obligation can be transferred under specific conditions:

  • Client Consent: Clients must agree in writing, through law or a method agreed upon by the parties, to the outsourcing of services, the type of information that may be disclosed, and the country where the provider is established.
  • Recipient Entity: The recipient entity must be subject to professional secrecy obligations or bound by a non-disclosure agreement.
  • Contractual Confidentiality Undertaking: A contractual confidentiality undertaking will suffice as an adequate guarantee at the level of the information recipient.

Impact on Insurance Companies and Payment Service Providers

These changes also extend to insurance companies and payment service providers, which are subject to similar professional secrecy obligations. Amendments have been made to relevant laws governing their activities.

By introducing these new exemptions, Luxembourg aims to promote the use of outsourcing solutions in the financial sector while maintaining a balance between confidentiality requirements and regulatory compliance.