The following article is the 6th of a series of 10 articles on cross border transactions and remittances. These articles will explore the rules and regulations that monitor these transactions, the requirements Malaysian individuals or companies must fulfill when undertaking such payments via banks. They will also look into how sufficient the existing systems are in ensuring transparency in cross border remittances and the role banks and financial institutions play in the traceabillity of the funds, and their obligations to their clients in the event of returned remittances.
Today’s article looks at the Confidentiality Acts that prevent banks from disclosing information to third parties and how that becomes a huge hurdle when clients seek pre-action evidence such as transaction records, SOPs from banks.
There are huge challenges but there are also solutions when it comes to accessing bank records in disputes reolution, says Raymon Ram, Managing Principal, Graymatter Forensic Advisory Sdn Bhd.
“Malaysian companies often need bank records (transaction logs, customer profiles, internal policies) to pursue contractual or fraud claims. However, banks are bound by strict confidentiality laws – notably s.133 of the Financial Services Act 2013 – that prohibit disclosure of customer information except in narrow circumstances.
“In practice, banks will generally only release documents under formal legal compulsion (e.g. a court order or subpoena). This creates friction for companies seeking pre-action evidence, because simply asking a bank to volunteer records usually fails,” Ram said.
The strict secrecy laws, namely FSA 2013, Islamic FSA, PDPA and the Banker’s Books Evidence Act imposes a statutory duty of secrecy on banks. Permitted disclosures under Schedule 11 of the FSA (2013) generally cover regulatory requirements or compliance with court orders – not routine civil discovery.
In effect, unless a legal exception applies, a bank will refuse to hand over transaction statements, KYC files or audit logs. As one court noted, disclosure to comply with a court order is allowed, but nothing in the law creates a freestanding right to demand bank records absent litigation.
Sometimes, even after winning an winning an order, banks’ internal processes can slow things down. Retrieving archived records, verifying signatures (s.129 Evidence Act), and clearing documents through compliance review takes time. Fees may be charged. Importantly, documents like internal SOPs or AML manuals are treated as proprietary.
“Banks will generally withhold them unless a court explicitly orders disclosure on a tight schedule,” Raymon said.
Then there is the risk of informaion leakage as pre-action discovery is not ex parte, banks (and even the target of the investigation) may learn of the claim before it is filed. Defendants can then remove or hide assets. Lawyers often must apply for a Mareva (freezing) injunction simultaneously to prevent dissipation.
Former Bank Negara Malaysia officer Muhamad Nazri Shaidon emphasized that the protection of customer information is a critical legal obligation imposed on all financial institutions under the banks’ secrecy laws and the policy document on Mangement of Cusotmer Information and Permitted Disclosure issued by the central bank.
This duty of confidentiality applies to all forms of customer data and transactions records among others.
He agreed that this, however, also creates a significant legal hurdle for corporate clients seeking to collect pre-action evidence such as transaction records or internal SOPs from banks that cannot freely release these information.
To improve the efficiency of dispute resolution, Malaysian regulators, courts and banks could consider several measures, Raymon said.
As Bank Negara Malaysia’s 2023 MCIPD already details when and how customer data may be disclosed, a supplement or FAQ could clarify how banks should handle civil or regulatory evidence requests – for example, by listing the steps to follow upon receiving a court order or explaining how internal policies will be assessed.
Clear guidance from the regulator would reassure banks that assisting legitimate legal inquiries is consistent with their obligations, he said.
“Banks should publish clear procedures for evidence requests. For instance, they could require lawyers to submit requests via a standard legal-letters procedure, with a list of required documentation (litigation papers, s.129 certificate, etc.), expected processing time, and fee schedule.
“Designating a specific legal/compliance officer or unit for such requests would create a “single point of contact” and avoid confusion. This approach would speed up responses and make the process more predictable for clients and their lawyers,” he added.
–WE