Bank secrecy and the transfer of credits



Bank secrecy has its origin in the Portuguese Republic’s Constitution, which imposes effective protection against the abusive acquisition or use, contrary to human dignity, of information regarding individuals and their families, namely in the context of their personal identity and their right to privacy, which is also protected by article 80 of the Portuguese Civil Code.

As stated by the Portuguese Constitutional Court, “the economic situation of any citizen, which is reflected in their bank account… is part of the sphere of one’s privacy rights, as provided in no. 1 of article 26 of the Constitution, with the duty of bank secrecy acting as an instrument for the protection of this right”. The court further stated that, “in fact, in a time characterised by the generalisation of banking relations, in which the majority of citizens acquire the status of banking clients, the elements held by the banking establishments, notably regarding bank accounts and transactions, and banking, currency and financial transactions, constitute an essential aspect of one’s constitutionally protected right to privacy”.

In accordance with the Portuguese Legal Framework of Credit Institutions and Financial Companies (RGICSF), “the members of the management or supervisory bodies of credit institutions, their collaborators, representatives, commissioners, or any other individuals rendering services to them on a permanent or occasional basis, must not disclose or use information on facts or elements regarding... the relationship between this [institution] and its clients which have come to their knowledge exclusively through the exercise of their functions or rendering of their services”, and as a consequence, “the clients’ names, their deposit accounts and respective operation and any other banking operations” are subject to the obligation of secrecy.

However, the RGICSF provides some exceptions to the duty of bank secrecy – notably when the due authorisation for the disclosure has been provided by the relevant client, or when such disclosure is for the purpose of providing information to the Bank of Portugal, the Portuguese Securities Market Commission and other regulatory entities, judicial authorities, tax authorities or whenever there is a legal provision which expressly limits the duty of bank secrecy.

One must keep in mind that bank secrecy exists not only to protect the client’s privacy, but also – since bank secrecy is a crucial element for those who use banking services – to protect the banking activity itself, which relies upon the client’s trust. And this explains the narrow range of situations expressly provided in the law limiting the duty of secrecy.

This notwithstanding, the truth is that Portuguese law does not include any express reference whatsoever to the transfer of credits by credit institutions within the limitations upon the duty of bank secrecy. And the fact is that credits are considered an asset which may be transferred by their holder, independently of the consent of the relevant debtor. This has its source in the constitutional right to property, and to its disposal.

So, the question is: does the duty of bank secrecy imposed on credit institutions limit the right of these entities to dispose of their credits?

We understand that this may not be an issue in those cases where the agreement with the client expressly provides for the transfer of the credit by the credit institution. This may be considered an implicit consent to the disclosure of the elements required for the transfer of the credit. Moreover, following the authorisation of the client for the credit transfer, it would not be logical for such a transaction to be prevented by virtue of the application of the bank secrecy rules (a client should not expect that the credit transfer would not require the disclosure of certain elements relating to the asset). In any case, the entity having access to the information should undertake to keep it confidential in order to avoid any issues.

Yet, in the event that the agreement with the client does not expressly provide for the transfer of the credit by the credit institution, there is no implicit or explicit authorisation provided by the client for the disclosure of data regarding the relevant credit, which is then subject to bank secrecy.

We recognise that those situations may be deemed as a case of collision of rights – the constitutionally protected right of a credit institution to dispose of its property (which includes the disposal of the credits to which it is entitled) and the protection granted to the client under the bank secrecy rules. In the understanding that neither of those rights is of greater importance in relation to the other, each of the parties would have to compromise to the extent required in order for all rights to produce their effect without a greater detriment to any of the parties, in compliance with the three requirements of the principle of proportionality – adequacy, necessity and the prohibition of excess.

The disclosure by credit institutions of the data covered by the duty of secrecy, to other entities which are under exactly the same duty, may be considered adequate, considering the intended purpose – i.e., the transfer of the credit, under the constitutional protection of the right to private property and to its transfer.

Also, it is clear that the transfer of the credit would not be possible without the transfer to the transferee of the elements that constitute the credit.

Finally, we understand that no excess would arise, since the relevant right could onlypossibly suffer marginal damage. What would be at stake would be the access to the data, but not an infringement of the right of bank secrecy itself and the corresponding non-disclosure of the data since the transferee, as a regulated entity subject to exactly the same framework as the assignor, would be obliged to maintain secrecy under the same terms as those applicable to the transferor.

It would therefore be difficult to assess the detriment to the debtor in those cases, given that the relevant data would still be subject to a duty of secrecy imposed on the transferee. It would be unclear to what degree the credit institution should compromise, so that it could in some way exercise its right without the client’s right suffering a lesser detriment. In fact, both rights may be exercised, to their full extent, simultaneously, with no significant detriment whatsoever for any of the parties, by: (i) the transfer of the credit (and information regarding the credit) by a credit institution to another credit institution, or entity subject to the same bank secrecy duties; and (ii) the maintenance of the duty of bank secrecy regarding, specifically, the client’s name, bank accounts and their operation, and other banking transactions. This is because the transferee is legally bound, to exactly the same degree as the transferor, and under exactly the same legal and supervisory framework.

In any case, such disclosure should respect the limits of proportionality, and therefore be restricted to the essential matters to enable, on the one hand, the assessment and appreciation of the transaction by the prospective transferee and, on the other, the essential matters for the transfer of the credit (only the information and documents regarding the relevant credit must be disclosed, and not the information regarding other transactions of the client).

Of course, one may not completely rule out the possibility of a judicial or regulatory authority adopting a more literal reading and interpretation of the applicable legal provisions, and thus coming to a different understanding; notably due to the absence of an express legal provision, in line with what was pointed out above.

One other situation is non-performing credits. In these cases, we understand that the creditor, by virtue of the debtor’s behaviour, acquires the right to the judicial or extrajudicial enforcement of its credit, as applicable. Consequently, and since the enforcement may be subject to a procedure of a public nature, it should be considered that the debtor’s breach also determines the end of the legal protection granted up until that moment.


Mafalda Almeida Carvalho is a senior associate at Uría Menéndez – Proença de Carvalho. She can be contacted on +35 121 092 0102 or by email:

© Financier Worldwide


Mafalda Almeida Carvalho

Uría Menéndez – Proença de Carvalho

©2001-2019 Financier Worldwide Ltd. All rights reserved.