Judgment by the European Court of Justice (ECJ) in the case of Bundesanstalt für Finanzdienstleistungsaufsicht v Baumeister (Case C-15/16) (19 June 2018) has confirmed that not all information held in the file of a financial supervision authority (competent authority (CA)) is necessarily confidential, and that information which might constitute business secrets can lose its secrecy when it is at least five years old.
Summary of the issues
Following a reference from a German court regarding a Ponzi scheme case, the ECJ was asked to clarify the scope of Article 54(1) of Directive 2004/39 (MiFID I) with regard to the obligation of professional secrecy imposed upon NCA’s who may not, other than in the situations exhaustively listed in MiFID I, disclose confidential information that it has received. Corresponding professional secrecy provisions are also contained in Article of 76 of Directive 2014/65/EU (MiFID II).
The ECJ considered three questions for preliminary ruling:
- whether Article 54(1) of MiFID I must be interpreted as meaning that all information relating to the supervised entity and communicated by it to the CA, and all statements of that authority in its supervision file, including its correspondence with other bodies, constitutes, unconditionally, confidential information that is covered by the obligation to maintain professional secrecy that is laid down in that provision
- whether Article 54(1) of MiFID I must be interpreted as meaning that the determination whether information relating to the supervised entity and transmitted to the CA is confidential depends on the date of that transmission and how that information is classified on that date; and
- whether Article 54(1) of MiFID I must be interpreted as meaning that information held by the CA which is at least five years old no longer constitutes business secrets or any other category of confidential information within the meaning of that provision.
The ECJ held that information relating to the supervised undertaking and communicated by it to the CA, and all statements of that authority in its supervision file, including its correspondence with other bodies, is not to be assumed to be confidential information which is subject to the obligation to maintain professional secrecy.
Information held by CAs established to perform the functions laid down by MiFID I that is information
- which is not public and
- the disclosure of which is likely to affect adversely the interests of the natural or legal person who provided that information or of third parties, or the proper functioning of the system for monitoring the activities of investment firms that the EU legislature established in adopting MiFID I
is to be classified as confidential information.
The confidentiality of information relating to an entity held by an CA must be assessed at the time a request for disclosure is made, irrespective of how that information was classified at the time when it was first communicated to the CA.
Significantly, the ECJ found that information that could constitute business secrets will generally lose its secret/confidential nature after five years. However, there will be an exception where the party relying on the secrecy can show that, despite its age, the information still constitutes an essential element of its commercial position or that of interested third parties. The burden is on the party asserting that the information remains commercially sensitive to establish the confidential nature of the information.
Although the judgment concerns the interpretation of MiFID I, it is of wider application as there are other pieces of EU financial services legislation that contain similar professional secrecy obligations, including MiFID II (Article 76) the UCITS Directive (2009/65/EC) (Article 102(1)) and the CRD IV Directive (2013/36/EU) (Article 53(1)).