Subscribe to news digests

News Search

Industry News

Swiss banks get extra information exchange safeguards against developing countries

Tuesday, 20 June, 2017

Switzerland's implementation of the OECD's Common Reporting Standard (CRS), adopted on June 16, 2017, allows it to refuse to exchange confidential bank client information with certain countries on safety grounds.

The Swiss Bankers Association (SBA) successfully lobbied for the exemption, arguing that information could fall into the wrong hands if passed to countries "in regions such as South America or Africa where data protection standards can be weak".

The Swiss federal government announced, in May 2016, that it would be adopting CRS automatic exchange of information, though it has always said it will be restricted to specific bilateral agreements, rather than general information sharing. In December 2016, it launched a second consultation on bilateral automatic exchange from January 1, 2019 with a further 22 countries – including Uruguay, Argentina, Brazil, Mexico and Chile.

It was during this consultation that the SBA insisted on a general exemption on grounds of weak data protection. The SBA fears that some participating governments, or their officials, will leak Swiss bank account information to the media for political reasons. It also has concerns about criminal use of information. "Data could be sold or used to put pressure on clients or their families", said Yves Mirabaud, chairman of the Association of Swiss Private Banks.

The SBA issued a statement that it "expects Switzerland to insist on the OECD criteria and to ensure that the OECD will regularly monitor adherence to these criteria. Should any country not adhere to these rules, the Swiss government must exercise its right and immediately suspend the AEOI agreement with the country at fault".

This demand is reflected in the Swiss government's announcement of its CRS implementation last week (June 16, 2017). The Federal Council will prepare a situation report before the first exchange of data, which is planned for autumn 2019, and will now take place with 41 jurisdictions. In the process, it will check whether the jurisdictions concerned "effectively meet the requirements under the standard, especially those concerning confidentiality and data security." In a press briefing given by the SBA last week, South America was specifically mentioned as a region where some jurisdictions will be scrutinised especially carefully.

Automatic exchange will thus only be "activated" if the other jurisdiction's data protection standards are considered adequate. Although the CRS suggests that all jurisdictions must protect exchanged data to the international ISO-27000 standard, this is only an expectation and, in any case, cannot prevent deliberate leaks.