Regulation of Sharing Secret Information (“Regulation”) issued by the Banking Regulation and Supervision Agency (“BRSA”) was published in the Official Gazette dated 04.06.2021 to enter into force on 01.01.2022.
Regulation, introduces standards regarding the confidentiality obligation, exceptions to this obligation and the concept of customer secret within the scope of the Banking Law No. 5411.
The principles regarding the sharing of confidential information have been determined in detail in the Regulation and these principles have been regulated in accordance with the principles specified in Protection of Personal Data (“DPL“).
According to Regulation;
- Those who, by virtue of their positions or in the course of performance of their duties, have access to bank secret or customer secret are not permitted to disclose such confidential information to any person or entity other than the authorities explicitly authorized by law.
- Data belonging to real and legal persons, which are formed after establishing customer relations with banks specific to banking activities, become customer secrets.
- Any information showing that a real or legal person is a bank customer is considered as a customer secret.
- Information in the nature of customer secret cannot be shared with third parties in the country or abroad without a request or instruction from the customer, even with the explicit consent of the customer, except in cases that are exempted from the obligation to keep secrets.
- The customer’s explicit consent or request or instruction to share their information cannot be made a prerequisite for the services to be provided by the bank.
- The provisions regarding the cases exempted from the obligation of secrecy are regulated in such a way as to cover the principle of proportionality, limited only to the stated purposes and to include as much data as required for these purposes.
- Customer secrets and bank secrets, including the information to be shared within the scope of the exception, may be shared only to be limited to the stated purposes and to include as much data as required for these purposes in accordance with the principle of proportionality.
With the Regulation, banks are obliged to establish an Information Sharing Committee. As a minimum, this committee will consist of representatives of the business line, internal control unit, compliance unit and legal unit and related asset owners who request or are requested to share information. Information Sharing Committee will be responsible for coordinating the sharing of customer secrets and bank secrets by taking into account the principle of proportionality, evaluating the appropriateness of incoming sharing requests and recording them.
The job descriptions and working principles of Information Sharing Committee will be approved by the boards of directors of the banks.