LAW

Published on
Malaysian Banking Law – Banking Secrecy, Confidentiality, Permitted Disclosures and Personal Data Protection
Introduction
Banking secrecy is one of the most important obligations imposed upon banks and financial institutions. It requires banks to keep confidential all information relating to their customers’ accounts and affairs.
The duty serves several purposes:
  • Protecting customer privacy;
  • Preserving confidence in the banking system;
  • Protecting sensitive financial and commercial information;
  • Encouraging customers to deal openly with banks; and
  • Ensuring disclosure occurs only where authorised by law.
In Malaysia, banking secrecy is governed primarily by:
  • Sections 132, 133 and 134 Financial Services Act 2013 (FSA 2013);
  • Sections 145 and 146 Islamic Financial Services Act 2013 (IFSA 2013);
  • Personal Data Protection Act 2010 (PDPA);
  • Contract law;
  • Equity; and
  • Tort law.
The general rule is confidentiality. Disclosure is the exception.


PART I: BANKING SECRECY UNDER THE FINANCIAL SERVICES ACT 2013
Section 132 FSA 2013 – Restriction on Inquiry into Customer Affairs
General Rule
Section 132 protects customers from arbitrary investigations into their banking affairs.
Neither:
  • The Minister of Finance; nor
  • Bank Negara Malaysia (BNM)
may ordinarily inquire specifically into the affairs or account of a particular customer.
The purpose is to safeguard customer privacy and confidence in the banking system.


Exception
BNM may investigate customer affairs where necessary for exercising its powers under:
  • The Financial Services Act 2013;
  • The Islamic Financial Services Act 2013; or
  • The Central Bank of Malaysia Act 2009.
Thus, confidentiality cannot be used to obstruct legitimate regulatory investigations.


Section 133 FSA 2013 – Duty of Secrecy
General Rule
Section 133 imposes a statutory duty of confidentiality on:
  • Financial institutions;
  • Directors;
  • Officers;
  • Employees;
  • Agents; and
  • Former directors, officers and agents.
These persons must not disclose any information relating to a customer’s affairs or account.
The duty survives termination of employment.


Scope of Protection
The protection extends to:
  • Savings accounts;
  • Current accounts;
  • Fixed deposits;
  • Financing facilities;
  • Investment accounts;
  • Credit information;
  • Customer identities;
  • Financial standing;
  • Transaction records; and
  • Any information acquired through the banker-customer relationship.


Exceptions under Section 133(2)
The secrecy obligation does not apply where the information:
(a) Is disclosed to BNM
For the purpose of exercising statutory powers and functions.
(b) Is disclosed in summary form
Provided no particular customer can be identified.
(c) Is already public information
Where the information has already been lawfully made available to the public from a source other than the financial institution.


Further Disclosure Prohibited
A person who knowingly receives information disclosed in breach of section 133 cannot further disclose it.


Penalty
Contravention may result in:
  • Imprisonment up to 5 years;
  • Fine up to RM10 million; or
  • Both.


Section 134 FSA 2013 – Permitted Disclosures
Section 134 provides the statutory exceptions to confidentiality.
A financial institution may disclose customer information:
  • Under Schedule 11; or
  • With written approval from BNM.
The recipient of such information must not further disclose it.
The court may also order proceedings to be held in camera and prohibit publication of information identifying the parties.


PART II: BANKING SECRECY UNDER THE ISLAMIC FINANCIAL SERVICES ACT 2013
The Islamic Financial Services Act 2013 contains provisions almost identical to those found in the Financial Services Act 2013.
The objective is likewise to preserve customer confidentiality within Islamic financial institutions.


Section 145 IFSA 2013 – Secrecy
General Rule
Section 145 prohibits disclosure of information relating to the affairs or account of a customer of an Islamic financial institution.
The duty applies to:
  • The Islamic financial institution;
  • Directors;
  • Officers;
  • Agents; and
  • Former directors, officers and agents.


Exceptions under Section 145(2)
The secrecy obligation does not apply where information:
(a) Is disclosed to BNM
For purposes connected with the exercise of BNM’s statutory powers.
(b) Is disclosed in summary or aggregated form
Provided no particular customer can be identified.
(c) Has already entered the public domain
Through lawful publication from another source.


Further Disclosure
A person who knowingly receives information disclosed in breach of section 145 cannot further disclose it.


Penalty
Contravention may result in:
  • Imprisonment up to 5 years;
  • Fine up to RM10 million; or
  • Both.


Section 146 IFSA 2013 – Permitted Disclosures
An Islamic financial institution may disclose customer information:
  • In the circumstances listed in Schedule 11; or
  • With written approval from BNM.
BNM may impose conditions upon disclosure.
Recipients are prohibited from making further disclosure.
The court may:
  • Hold proceedings in camera;
  • Restrict access to documents;
  • Prevent publication of identifying information; and
  • Make confidentiality orders.


Schedule 11 IFSA 2013 – Permitted Disclosures
The Schedule operates through two columns:
First Column
The purpose or circumstance under which disclosure is permitted.
Second Column
The persons to whom disclosure may be made.


1. Customer’s Written Consent
First Column
Documents or information disclosed with written permission from:
  • The customer;
  • Executor;
  • Administrator; or
  • Legal personal representative.
Second Column
Disclosure may be made to:
  • Any person authorised by the customer;
  • Executor;
  • Administrator; or
  • Legal personal representative.


2. Deceased Customer’s Estate
First Column
Disclosure connected with:
  • Faraid certificate applications;
  • Probate applications;
  • Letters of administration; or
  • Distribution orders under the Small Estates (Distribution) Act 1955.
Second Column
Disclosure may be made to:
Any person whom the Islamic financial institution genuinely believes is entitled to obtain:
  • The faraid certificate;
  • Grant of probate;
  • Letters of administration; or
  • Distribution order.


3. Bankruptcy, Winding-Up or Dissolution
First Column
Where the customer:
  • Has been declared bankrupt;
  • Is being wound up; or
  • Has been dissolved,
whether in Malaysia or elsewhere.
Second Column
Disclosure may be made to:
All persons to whom disclosure is necessary in connection with:
  • Bankruptcy;
  • Winding-up; or
  • Dissolution proceedings.


4. Civil or Criminal Proceedings
First Column
Proceedings involving the Islamic financial institution and:
  • Its customer;
  • Surety;
  • Guarantor;
  • Competing claimants to money in the account; or
  • Persons claiming rights over property in which the institution has an interest.
Second Column
Disclosure may be made to:
All persons to whom disclosure is necessary for the purpose of those proceedings.


5. Garnishee Orders
First Column
Compliance with a garnishee order attaching money in a customer’s account.
Second Column
Disclosure may be made to:
All persons to whom disclosure is required under the garnishee order.


6. Court Orders
First Column
Compliance with an order made by a court not lower than the Sessions Court.
Second Column
Disclosure may be made to:
All persons to whom disclosure is required under the court order.


7. Requests by Enforcement Agencies
First Column
Compliance with requests or orders made by enforcement agencies under written law for investigation or prosecution purposes.
Second Column
Disclosure may be made to:
  • Investigating officers authorised under written law;
  • Prosecuting officers; or
  • The court.


8. Functions of Malaysia Deposit Insurance Corporation (PIDM)
First Column
Performance of PIDM’s statutory functions.
Second Column
Disclosure may be made to:
  • Directors;
  • Officers of PIDM; or
  • Persons authorised by PIDM to receive the information.


9. Approved Trade Repository Functions
First Column
Disclosure by a licensed Islamic bank for the performance of approved trade repository functions under the Capital Markets and Services Act 2007.
Second Column
Disclosure may be made to:
Officers of the approved trade repository authorised to receive the information.


10. Inland Revenue Board (IRB)
First Column
Information required by the Inland Revenue Board under section 81 of the Income Tax Act 1967 for tax information exchange purposes.
Second Column
Disclosure may be made to:
Officers of the Inland Revenue Board authorised to receive the information.


11. Credit Reporting Agencies
First Column
Disclosure of customer credit information for credit reporting business.
Second Column
Disclosure may be made to:
Officers of registered credit reporting agencies authorised to receive the information.


12. Supervisory Authorities Outside Malaysia
First Column
Performance of supervisory functions by foreign authorities exercising functions similar to BNM.
Second Column
Disclosure may be made to:
Authorised officers of the relevant supervisory authority.


13. Centralised Functions within a Financial Group
First Column
Conduct of centralised functions including:
  • Audit;
  • Risk management;
  • Finance;
  • Information technology; and
  • Other centralised functions.
Second Column
Disclosure may be made to:
  • Head office;
  • Holding company;
  • Persons designated by the head office; or
  • Persons designated by the holding company to perform those functions.


14. Due Diligence Exercises
First Column
Board-approved due diligence exercises relating to:
  • Mergers and acquisitions;
  • Capital raising exercises; or
  • Sale of assets, business or part of the business.
Second Column
Disclosure may be made to:
Any person participating in or involved in the due diligence exercise.


15. Outsourced Functions
First Column
Performance of outsourced functions of the Islamic financial institution.
Second Column
Disclosure may be made to:
Persons engaged by the institution to perform the outsourced function.


16. Consultants and Adjusters
First Column
Disclosure to consultants or adjusters engaged by the Islamic financial institution.
Second Column
Disclosure may be made to:
The consultant or adjuster engaged by the institution.


17. Suspicion of Criminal Activity
First Column
Where the Islamic financial institution has reason to suspect that an offence under any written law has been, is being or may be committed.
Second Column
Disclosure may be made to:
  • Officers of another Islamic financial institution; or
  • Relevant associations of Islamic financial institutions authorised to receive the information.


Key Difference Between Sections 145–146 IFSA and Sections 133–134 FSA
In substance, both regimes provide nearly identical protection.
Both:
  • Impose a strict duty of secrecy;
  • Cover all customer affairs and account information;
  • Continue after employment ends;
  • Permit disclosures only under specified exceptions;
  • Provide criminal sanctions of up to RM10 million fine and/or 5 years imprisonment.
The objective of both statutes is the same:
To preserve public confidence in the financial system by ensuring that customer information remains confidential unless disclosure is authorised by law.


Summary
Under Malaysian Banking Law, banking secrecy applies to both conventional and Islamic financial institutions. Sections 133–134 FSA 2013 and sections 145–146 IFSA 2013 establish comprehensive confidentiality regimes. Customer information remains protected indefinitely and may only be disclosed in carefully defined circumstances. Schedule 11 IFSA 2013 specifically links each permitted purpose of disclosure (First Column) with the persons entitled to receive the information (Second Column), ensuring that disclosure remains limited, controlled and consistent with the objective of protecting customer confidentiality.

Picture
Published on
Malaysian Banking Law – Banking Secrecy, Confidentiality, Personal Data Protection and Banker’s Duties
Introduction
Banking secrecy is one of the most fundamental obligations imposed upon banks and financial institutions. It protects confidential information entrusted by customers to banks and forms a cornerstone of the banker-customer relationship.
The duty serves several important purposes:
  • Protecting customer privacy;
  • Preserving confidence in the banking system;
  • Promoting trust in financial institutions;
  • Protecting sensitive commercial information; and
  • Ensuring disclosure only where authorised by law.
In Malaysia, banking secrecy is governed primarily by:
  • Section 132 Financial Services Act 2013 (FSA 2013) – Restriction on inquiry into customer affairs;
  • Section 133 FSA 2013 – Statutory duty of secrecy;
  • Section 134 FSA 2013 – Permitted disclosures and exceptions; and
  • Personal Data Protection Act 2010 (PDPA) – Protection of personal data handled by commercial organisations, including banks.
These statutory duties are supplemented by:
  • Contract law;
  • Tort law;
  • Equity; and
  • Regulatory obligations.
As a result, a bank may incur:
  • Criminal liability;
  • Civil liability;
  • Regulatory sanctions; and
  • Equitable remedies
for improper disclosure or misuse of customer information.


PART I – STATUTORY FRAMEWORK UNDER THE FSA 2013
Section 132 FSA 2013 – Restriction on Inquiry into Customer Affairs
General Rule
Section 132 protects customers from arbitrary governmental interference.
Neither:
  • The Minister of Finance; nor
  • Bank Negara Malaysia (BNM)
may ordinarily direct an inquiry into the affairs or account of a particular customer.
The purpose is to safeguard banking privacy and prevent unjustified investigations.


Exception
BNM may inquire into customer affairs where necessary to exercise its statutory functions under:
  • The Financial Services Act 2013;
  • The Islamic Financial Services Act 2013; or
  • The Central Bank of Malaysia Act 2009.
Thus, banking secrecy cannot be used to obstruct legitimate regulatory investigations.


Case Scenario
Facts
A customer receives several unexplained overseas transfers amounting to RM20 million.
BNM suspects money laundering and requests the customer’s account records from the bank.
The customer argues that disclosure breaches banking secrecy.
Solution
The argument fails.
Section 132(2) expressly permits BNM to obtain such information when exercising regulatory powers.
Critical Analysis
The provision balances:
  • Customer privacy; and
  • Financial system integrity.
Without such powers, regulators would be unable to investigate fraud, money laundering and terrorism financing.


Section 133 FSA 2013 – Statutory Duty of Secrecy
General Rule
Section 133 imposes a strict statutory duty of confidentiality upon:
  • Banks;
  • Financial institutions;
  • Directors;
  • Officers;
  • Employees;
  • Agents; and
  • Former employees and agents.
No such person may disclose information relating to a customer’s affairs or account.
The obligation continues indefinitely, including after employment ends.


Scope of Protection
The duty covers:
  • Savings accounts;
  • Current accounts;
  • Fixed deposits;
  • Financing facilities;
  • Investment accounts;
  • Credit information;
  • Transaction histories;
  • Customer identities;
  • Financial standing; and
  • Any information acquired through the banker-customer relationship.
The protection extends beyond account balances and includes all information concerning the customer’s affairs.


Public Information Exception
The secrecy obligation does not apply where information:
  • Has already become lawfully available to the public;
  • Is disclosed to BNM for statutory purposes; or
  • Is disclosed in anonymous or aggregated form.


Criminal Liability
A person who breaches section 133 commits an offence punishable by:
  • Imprisonment up to 5 years;
  • Fine up to RM10 million; or
  • Both.


Further Disclosure Prohibited
Section 133(3) prohibits a person who knowingly receives unlawfully disclosed information from making any further disclosure.
Thus liability may extend beyond the original wrongdoer.


Section 134 FSA 2013 – Permitted Disclosures
Although secrecy is the general rule, section 134 recognises that confidentiality cannot be absolute.
A bank may disclose information:
  • Under Schedule 11; or
  • With written approval from BNM.


The 18 Permitted Disclosures under Schedule 11
1. Customer’s Written Consent
Disclosure authorised by the customer.
2. Deceased Customer’s Estate
Disclosure for probate, administration and faraid purposes.
3. Bankruptcy and Winding-Up
Disclosure involving bankrupt individuals and insolvent companies.
4. Litigation Involving the Bank
Disclosure in civil or criminal proceedings involving:
  • Customers;
  • Guarantors;
  • Sureties; and
  • Competing claimants.
5. Garnishee Orders
Disclosure necessary to comply with garnishee proceedings.
6. Court Orders
Disclosure pursuant to orders of courts not lower than the Sessions Court.
7. Enforcement Agencies
Disclosure for investigations conducted under written law.
8. PIDM
Disclosure for performance of statutory functions by PIDM.
9–10. Capital Market Authorities
Disclosure involving:
  • Securities Commission;
  • Stock exchanges;
  • Clearing houses; and
  • Trade repositories.
11. Inland Revenue Board
Disclosure for tax administration and international information exchange.
12. Credit Reporting Agencies
Disclosure to registered credit reporting agencies.
13. Supervisory Authorities
Disclosure to local and foreign regulators performing supervisory functions.
14. Centralised Group Functions
Disclosure for:
  • Audit;
  • Risk management;
  • Compliance;
  • Finance; and
  • Information technology.
15. Due Diligence Exercises
Disclosure relating to:
  • Mergers;
  • Acquisitions;
  • Capital raising; and
  • Disposal of business assets.
16. Outsourcing Arrangements
Disclosure to outsourced service providers.
17. Consultants and Adjusters
Disclosure to professional advisers engaged by the bank.
18. Suspicion of Criminal Activity
Disclosure where the bank reasonably suspects that an offence has been, is being or may be committed.


Confidentiality During Court Proceedings
Even when disclosure is permitted, the court may:
  • Conduct proceedings in camera;
  • Restrict access to documents;
  • Prohibit publication; and
  • Make confidentiality orders.
The objective is to minimise unnecessary disclosure.


PART II – CONFIDENTIALITY UNDER CONTRACT AND EQUITY
Tan Eng Seong v Malayan Banking Bhd
Principle
Disclosure of customer information to the customer’s brother constituted a breach of the implied contractual duty of confidentiality.
Significance
  • Confidentiality is an implied contractual term.
  • Relatives remain third parties.
  • Nominal damages may be awarded.


Wong Yeng Mun v CIMB Bank Berhad
Principle
The bank negligently sent account statements to the wrong address.
The statements were opened by the customer’s wife.
Significance
  • Confidentiality belongs to the customer.
  • Negligent disclosure may create liability.
  • Banks must maintain proper safeguards.


Tan Lay Soon v Kam Mah Theatre Sdn Bhd
Principle
Confidentiality belongs to the customer.
Consent to disclosure may be:
  • Express; or
  • Implied.
Disclosure necessary to implement a customer-authorised transaction is lawful.


PART III – EXTRA-TERRITORIAL DISCLOSURE
Attorney General of Hong Kong v Zauyah Wan Chik
Principle
Banking secrecy legislation does not automatically operate outside Malaysia.
Disclosure compelled by foreign court proceedings may not create criminal liability in Malaysia.
Significance
The administration of justice may justify disclosure.


PART IV – ILLEGALLY OBTAINED INFORMATION
Wako Merchant Bank v Lim Lean Heng
Principle
Information obtained in breach of banking secrecy provisions remains admissible if relevant.
Significance
The law distinguishes between:
  • Criminal liability for disclosure; and
  • Admissibility of evidence.
The evidence remains admissible despite unlawful disclosure.


PART V – PUBLIC INFORMATION
Hj Salleh Hj Janan v Financial Information Services Sdn Bhd
Principle
Publicly available court records are not confidential.
Information published in:
  • Court records;
  • Newspapers; or
  • The Gazette
may be restated without liability.
Significance
Banking secrecy protects confidential information, not information already in the public domain.


PART VI – BANKER’S PROFESSIONAL DUTY
Bank Utama (M) Bhd v Insan Budi Sdn Bhd
Facts
The plaintiff obtained an international trade facility to finance the importation and sale of raw sugar.
The plaintiff instructed the bank to issue a confirmed irrevocable transferable SWIFT Telegraphic Transfer.
The bank used the wrong transmission procedure and attempted to send the SWIFT instruction by facsimile.
As a result:
  • The overseas bank could not process the transaction;
  • The supplier terminated the contract;
  • The downstream sale failed; and
  • The plaintiff suffered losses.
The plaintiff sued for:
  • Breach of contract; and
  • Negligence.


Held
The Court of Appeal held the bank liable.
Principle 1 – Concurrent Liability
A professional adviser may be liable simultaneously:
  • In contract; and
  • In negligence.
Principle 2 – Duty to Advise
The bank possessed specialist knowledge regarding SWIFT procedures.
The customer could not reasonably be expected to understand technical banking processes.
The bank therefore had a duty to advise the customer that SWIFT transfers cannot be transmitted by facsimile.
Significance
Modern banks are not merely executors of instructions.
They are professional service providers expected to exercise reasonable care and expertise.


PART VII – BANKING SECRECY AND THE PERSONAL DATA PROTECTION ACT 2010 (PDPA)
Relationship Between Banking Secrecy and Personal Data Protection
Banking secrecy and personal data protection operate alongside one another.
While the FSA 2013 protects confidential banking information, the Personal Data Protection Act 2010 (PDPA) protects personal data handled by commercial organisations, including banks.
The PDPA makes it unlawful for commercial organisations to:
  • Sell personal information;
  • Misuse personal data; or
  • Permit unauthorised third parties to access such information.
The legislation is particularly important in relation to:
  • Retail banking customers;
  • Consumer financing;
  • Guarantors;
  • Corporate borrowers; and
  • Credit facilities.


Criminal Penalties under the PDPA
Depending on the nature of the offence, penalties may include:
Section 141(2)
  • Fine up to RM100,000;
  • Imprisonment up to 1 year; or
  • Both.
Section 130(7)
  • Fine up to RM500,000;
  • Imprisonment up to 3 years; or
  • Both.
Non-compliance with the data protection principles may constitute a criminal offence.


The Seven Personal Data Protection Principles
Banks must comply with seven statutory principles.


1. General Principle (Section 6)
Personal data must:
  • Be processed lawfully;
  • Be necessary for the intended purpose; and
  • Generally be processed with the customer’s consent.
The information collected must also be adequate and not excessive.


2. Notice and Choice Principle (Section 7)
Customers must be informed:
  • Why data is collected;
  • How it will be used; and
  • Their rights regarding the data.
Customers should be given choices regarding certain uses of their personal information.


3. Disclosure Principle (Section 8)
Personal data must not be disclosed without consent unless authorised by law.
This principle closely complements banking secrecy obligations under section 133 FSA 2013.


4. Security Principle (Section 9)
Banks must implement appropriate security measures to protect data.
Examples include:
  • Password protection;
  • Encryption;
  • Secure databases;
  • Restricted access systems; and
  • Workplace security controls.


5. Retention Principle (Section 10)
Personal data must not be retained longer than necessary.
Once the purpose has been fulfilled, unnecessary data should be destroyed or anonymised.


6. Data Integrity Principle (Section 11)
Personal data must remain:
  • Accurate;
  • Complete;
  • Current; and
  • Up to date.


7. Access Principle (Section 12)
Customers must generally be allowed to:
  • Access their personal data; and
  • Request corrections where information is inaccurate.


Alliance Bank v AmBank Dispute (2018)
Facts
Alliance Bank commenced legal proceedings against AmBank alleging misappropriation of sensitive information.
The dispute involved former Alliance Bank employees who had joined AmBank.
Alliance Bank alleged that electronic records showed confidential internal information being transferred to a former employee after his departure.
The information allegedly reached senior personnel within the competing bank.
The dispute was subsequently resolved amicably.


Significance
The case illustrates that confidentiality obligations extend beyond customer information.
Banks must also protect:
  • Internal business information;
  • Commercial strategies;
  • Trade secrets; and
  • Sensitive operational data.


Chia Sun Huat v United Overseas Bank (Malaysia) Bhd
Facts
A purchaser agreed to buy property from a vendor whose property was charged to UOB.
To complete the purchase, the purchaser requested a redemption statement from UOB.
The vendor could not be contacted.
Although a purported letter of authority existed, the bank could not verify its authenticity.
UOB refused to release the redemption statement.
The purchaser sued.


Held
The High Court held that UOB was not liable.
The bank was bound by its duty of secrecy and could not release confidential information without proper authority.


Legal Principle
A bank is entitled to refuse disclosure where:
  • Authority cannot be verified; and
  • Disclosure would reveal confidential customer information.
The duty of secrecy prevails unless a recognised exception applies.


Comprehensive Case Scenario
Facts
A purchaser requests a redemption statement from a bank concerning a property owner who cannot be contacted.
The purchaser presents an unsigned authority letter and insists that the transaction cannot proceed without disclosure.
The bank refuses.
The purchaser alleges obstruction and negligence.


Solution
Applying Chia Sun Huat v UOB:
The bank is entitled to refuse disclosure.
The redemption statement contains confidential customer information.
Without verified authority or a statutory exception under section 134 FSA 2013, disclosure would breach banking secrecy.


Critical Analysis
The decision demonstrates the strict nature of banking confidentiality.
Commercial convenience cannot override a bank’s legal obligations.
Banks must verify authority before releasing customer information, even where refusal may delay a transaction.


Key Examination Principles
Section 132 FSA 2013
  • Restricts arbitrary inquiries.
  • Allows BNM investigations.
Section 133 FSA 2013
  • Creates the statutory duty of secrecy.
  • Covers all customer information.
  • Continues after employment ends.
  • Breach attracts criminal sanctions.
Section 134 FSA 2013
  • Creates exceptions to secrecy.
  • Contains 18 permitted disclosures.
  • Allows disclosure with BNM approval.
PDPA 2010
  • Protects personal data.
  • Imposes seven statutory principles.
  • Creates additional criminal liability for misuse of personal information.
Important Case Principles
Tan Eng Seong
  • Confidentiality is an implied contractual duty.
Wong Yeng Mun
  • Negligent disclosure creates liability.
Tan Lay Soon
  • Confidentiality belongs to the customer.
  • Consent may be implied.
Zauyah Wan Chik
  • No automatic extra-territorial effect.
Wako Merchant Bank
  • Illegally obtained evidence remains admissible.
Hj Salleh Hj Janan
  • Public facts are not confidential.
Bank Utama
  • Banks may be liable concurrently in contract and negligence.
  • Professional duty may include a duty to advise.
Chia Sun Huat
  • Banks may refuse disclosure where authority is uncertain.
  • Confidentiality overrides commercial convenience.


Conclusion
Malaysian banking secrecy law is built upon a comprehensive framework comprising sections 132–134 FSA 2013, the Personal Data Protection Act 2010, contractual obligations, equitable principles and tortious duties. The law protects customer information not only from unauthorised disclosure but also from misuse, mishandling and improper processing. The various cases demonstrate that confidentiality belongs to the customer, extends beyond account balances to all customer affairs, survives termination of employment, and remains enforceable through criminal, civil and equitable remedies. At the same time, carefully defined statutory exceptions ensure that secrecy does not obstruct justice, regulatory supervision, legitimate commercial transactions or the public interest.

Picture
Published on
Malaysian Banking Law – Banking Secrecy, Confidentiality and Banker’s Duties
Introduction
Banking secrecy is one of the most fundamental obligations in Malaysian banking law. It protects information relating to a customer’s affairs and account and forms an essential component of the banker-customer relationship.
The duty of confidentiality serves several important objectives:
  • Protecting customer privacy;
  • Preserving confidence in the banking system;
  • Facilitating honest disclosure between banks and customers; and
  • Ensuring that confidential information is disclosed only in circumstances recognised by law.
In Malaysia, banking secrecy is principally governed by:
  • Section 132 Financial Services Act 2013 (FSA 2013) – Restriction on inquiry into customer affairs;
  • Section 133 FSA 2013 – Statutory duty of secrecy; and
  • Section 134 FSA 2013 – Permitted disclosures and exceptions to secrecy.
These statutory provisions are supplemented by contractual obligations, equitable principles and common law duties of care.


Part I – Statutory Framework
Section 132 FSA 2013 – Restriction on Inquiry into Customer Affairs
General Rule
Section 132 protects customers from arbitrary investigations into their banking affairs.
Neither:
  • The Minister of Finance; nor
  • Bank Negara Malaysia (BNM)
may ordinarily inquire specifically into the affairs or account of a particular customer.
The purpose is to ensure that customer information remains protected from unnecessary governmental intrusion.


Exception
BNM may inquire into a customer’s affairs where necessary for exercising its statutory functions under:
  • The Financial Services Act 2013;
  • The Islamic Financial Services Act 2013; or
  • The Central Bank of Malaysia Act 2009.
Thus, confidentiality cannot be used to obstruct lawful regulatory investigations.


Case Scenario
Facts
A licensed bank reports suspicious money transfers involving one of its customers.
BNM commences an anti-money laundering investigation and requests account information.
The customer objects, claiming banking secrecy.
Solution
The objection fails.
Section 132(2) expressly authorises BNM to obtain such information for regulatory and supervisory purposes.
Principle
Banking secrecy protects privacy but does not prevent legitimate regulatory oversight.


Section 133 FSA 2013 – Duty of Secrecy
General Rule
Section 133 imposes a statutory duty of secrecy on:
  • Financial institutions;
  • Directors;
  • Officers;
  • Employees;
  • Agents; and
  • Former directors, officers and agents.
These persons must not disclose any information or document relating to a customer’s affairs or account.
The obligation continues even after employment or office ends.


Scope of Protection
The duty covers:
  • Account balances;
  • Transaction records;
  • Loan facilities;
  • Fixed deposits;
  • Securities accounts;
  • Credit information;
  • Customer identities;
  • Financial standing; and
  • Any information acquired through the banking relationship.


Public Information Exception
The duty does not apply where information:
  • Has already lawfully entered the public domain; or
  • Is presented in statistical or aggregated form without identifying individual customers.


Criminal Liability
A breach of section 133 may result in:
  • Imprisonment up to 5 years;
  • Fine up to RM10 million; or
  • Both.


Prohibition on Further Disclosure
A person who knowingly receives information disclosed in breach of section 133 is prohibited from further disseminating that information.


Section 134 FSA 2013 – Permitted Disclosures
Although secrecy is the general rule, section 134 recognises that confidentiality cannot be absolute.
A financial institution may disclose customer information:
  • Under Schedule 11 FSA 2013; or
  • With written approval from BNM.


The 18 Permitted Disclosures under Schedule 11
1. Customer’s Written Consent
Disclosure authorised by the customer.
2. Deceased Customer’s Estate
Disclosure for probate, letters of administration, faraid certificates and distribution orders.
3. Bankruptcy or Winding-Up
Disclosure involving bankrupt customers or companies under liquidation.
4. Civil and Criminal Proceedings
Disclosure where litigation involves:
  • The bank and customer;
  • Guarantors;
  • Sureties; or
  • Competing claimants.
5. Garnishee Orders
Disclosure necessary to comply with garnishee proceedings.
6. Court Orders
Disclosure pursuant to orders issued by courts not lower than the Sessions Court.
7. Enforcement Agencies
Disclosure for investigations conducted under written law.
8. PIDM Functions
Disclosure to facilitate functions of the Malaysia Deposit Insurance Corporation.
9–10. Capital Market Authorities
Disclosure involving:
  • Securities Commission;
  • Stock exchanges;
  • Clearing houses; and
  • Trade repositories.
11. Inland Revenue Board
Disclosure for taxation and information-exchange purposes.
12. Credit Reporting Agencies
Disclosure to registered credit reporting agencies.
13. Supervisory Authorities
Disclosure to regulatory authorities performing functions similar to BNM.
14. Centralised Group Functions
Disclosure for:
  • Audit;
  • Risk management;
  • Compliance;
  • Information technology; and
  • Finance.
15. Due Diligence Exercises
Disclosure relating to:
  • Mergers;
  • Acquisitions;
  • Capital raising; and
  • Sale of business assets.
16. Outsourcing Arrangements
Disclosure to outsourced service providers.
17. Consultants and Adjusters
Disclosure to professional advisers.
18. Suspected Criminal Activities
Disclosure where the bank reasonably suspects that an offence has been, is being or may be committed.


Confidentiality During Court Proceedings
Even where disclosure is permitted, section 134 allows courts to protect customer privacy.
The court may:
  • Conduct proceedings in camera;
  • Restrict publication;
  • Seal documents; and
  • Make confidentiality orders.


Part II – Confidentiality under Common Law and Equity
Tan Eng Seong v Malayan Banking Bhd
Principle
Confidentiality is an implied contractual duty.
Disclosure of customer information to the customer’s brother constituted a breach of confidence.
Significance
  • Family members remain third parties.
  • Actual financial loss is unnecessary.
  • Nominal damages may be awarded.


Wong Yeng Mun v CIMB Bank Berhad
Principle
Confidentiality belongs to the customer.
Sending bank statements to the wrong address constituted a breach.
Significance
  • Negligent disclosure is sufficient.
  • Banks must maintain effective safeguards.


Tan Lay Soon v Kam Mah Theatre Sdn Bhd
Principle
Confidentiality belongs to the customer and may be waived.
Consent may be:
  • Express; or
  • Implied.
Disclosure necessary to complete a customer-authorised transaction is lawful.


Part III – Extra-Territorial Disclosure
Attorney General of Hong Kong v Zauyah Wan Chik
Principle
Banking secrecy legislation does not automatically have extra-territorial effect.
Disclosure compelled in foreign proceedings does not necessarily create criminal liability in Malaysia.
Significance
The administration of justice may justify disclosure outside Malaysia.


Part IV – Illegally Obtained Information
Wako Merchant Bank v Lim Lean Heng
Principle
Information obtained in breach of banking secrecy laws remains admissible if relevant.
Parliament criminalised unlawful disclosure but did not render such information inadmissible.
Significance
The court distinguishes:
  • Criminal liability for disclosure; and
  • Admissibility of evidence.
The two are separate issues.


Part V – Public Information
Hj Salleh Hj Janan v Financial Information Services Sdn Bhd
Facts
Financial Information Services Sdn Bhd provided information that the plaintiff had previously been adjudged bankrupt.
The information was based on court orders published in newspapers and the Gazette.
The plaintiff sued for libel.


Held
The claim was dismissed.
The defendant merely repeated information already contained in public court records.


Principle
A public fact is not confidential.
Information already published in:
  • Court records;
  • Newspapers; or
  • The Gazette
may be restated without breaching confidentiality.


Significance
Banking secrecy protects confidential information.
It does not protect information that has already entered the public domain.


Part VI – Banker’s Professional Duty and Concurrent Liability
Bank Utama (M) Bhd v Insan Budi Sdn Bhd [2009] 1 MLJ 148
Facts
The plaintiff obtained an international trade facility from Bank Utama for the import and sale of raw sugar.
To facilitate the transaction, the plaintiff instructed the bank to issue a confirmed, irrevocable, divisible, assignable and transferable cash-blocked SWIFT Telegraphic Transfer (STT).
The bank subsequently transmitted the SWIFT instruction using an incorrect procedure.
Instead of sending the SWIFT transfer through the proper SWIFT system, it was transmitted by facsimile.
As a result:
  • The overseas bank could not process the transaction;
  • The sugar supplier terminated the supply contract;
  • The plaintiff lost the downstream sale arrangement; and
  • Significant losses were incurred.
The plaintiff sued the bank for:
  1. Breach of contract; and
  2. Negligence.


Issue
Could the bank be liable simultaneously:
  • In contract; and
  • In tort (negligence)?


Held
The Court of Appeal dismissed the bank’s appeal.
The court held that the bank was liable.


Reasoning
Wrong Procedure Used
Evidence showed that the SWIFT transfer could not be processed because the bank used an incorrect transmission procedure.
The failure directly caused the collapse of the transaction.


Concurrent Liability Exists
The court held that professional advisers may owe duties:
  • Under contract; and
  • Under tort.
A bank is not immune from negligence simply because a contractual relationship exists.
Unless the contract expressly excludes tortious liability, both causes of action may coexist.


Professional Duty to Advise
The bank argued that it merely followed instructions.
The court rejected this argument.
The customer instructed the bank to issue a SWIFT transfer but did not understand the technical operation of the SWIFT system.
The bank officer, as a banking professional, ought to have known that:
A SWIFT message cannot be transmitted by facsimile.
The bank therefore had a duty to advise its customer of the correct procedure.


Hasan Lah JCA
The Court of Appeal adopted the modern principle that:
A professional adviser may be liable concurrently in contract and negligence unless the contract excludes tortious liability.
The court relied upon authorities from:
  • Canada;
  • New Zealand;
  • Singapore; and
  • Malaysia.


Legal Principle
Bankers are professionals.
Where a bank undertakes to perform specialised banking services:
  • It must exercise reasonable skill and care.
  • It may owe both contractual and tortious duties.
  • It may have a duty to advise customers regarding technical banking procedures.


Case Scenario
Facts
A customer instructs a bank officer to transfer funds through an international payment system.
The customer incorrectly believes the transfer can be completed through ordinary email.
The bank officer knows this is impossible but remains silent and follows the customer’s mistaken instruction.
The transaction fails and the customer suffers losses.
Solution
Applying Bank Utama v Insan Budi:
The bank may be liable:
  • For breach of contract; and
  • For negligence.
As a banking professional, the bank had a duty to advise the customer regarding the proper procedure.


Critical Analysis
This case significantly expands the traditional banker-customer relationship.
Traditionally, banks merely executed customer instructions.
However, where the bank possesses specialist knowledge unavailable to the customer, the court may impose a duty to advise.
The decision demonstrates that modern banks are not merely custodians of money but professional service providers expected to exercise expertise and reasonable care.


Key Examination Principles
Section 132 FSA 2013
  • Restricts arbitrary inquiry into customer affairs.
  • Permits BNM investigations.
Section 133 FSA 2013
  • Creates statutory secrecy obligations.
  • Covers all customer information.
  • Breach attracts criminal sanctions.
Section 134 FSA 2013
  • Creates exceptions to secrecy.
  • Contains 18 permitted disclosures.
  • Allows court protection of confidentiality.
Tan Eng Seong
  • Confidentiality is contractual.
  • Disclosure to relatives may be a breach.
Wong Yeng Mun
  • Confidentiality belongs to the customer.
  • Negligent disclosure creates liability.
Tan Lay Soon
  • Confidentiality may be waived.
  • Consent may be implied.
Zauyah Wan Chik
  • No automatic extra-territorial application.
Wako Merchant Bank
  • Illegally obtained information may still be admissible.
Hj Salleh Hj Janan
  • Public facts are not confidential.
Bank Utama v Insan Budi
  • Banks may be liable concurrently in contract and negligence.
  • Professional bankers owe duties of skill and care.
  • Banks may have a duty to advise customers regarding technical banking matters.
  • Failure to follow proper banking procedures may result in substantial liability.


Conclusion
Malaysian banking secrecy law combines statutory protection under sections 132–134 FSA 2013 with contractual, equitable and tortious principles developed by the courts. The cases demonstrate that confidentiality belongs to the customer and remains a cornerstone of banking law. At the same time, modern banking law imposes broader professional obligations on banks, including duties of care and advice. Consequently, a bank may face criminal liability for unlawful disclosure, civil liability for breach of confidence, and concurrent liability in contract and negligence where it fails to perform its professional functions with reasonable skill and care.

Picture
Published on
Malaysian Banking Law – Customers’ Rights, Customers’ Duties, the Macmillan Duty, Greenwood Duty, Estoppel, and Bank Liability for Forged Cheques
Case Scenario
Mega Builders Sdn Bhd maintains a current account with ABC Bank. Over several years, the company’s accounts manager forges numerous company cheques and fraudulently withdraws RM800,000 from the account. The bank honours the cheques and debits the company’s account accordingly.
In addition, one of the company’s directors orally instructs the bank to transfer funds from the company’s account on several occasions. These transactions appear in the company’s bank statements. The directors become aware of these transactions and certain irregularities but do not raise any complaint with the bank for almost eight years.
Eventually, an audit uncovers both the forged cheques and disputed debit transactions. Mega Builders commences legal proceedings against the bank seeking recovery of all monies withdrawn.
The bank argues that the company failed to report the irregularities promptly and should therefore be prevented from challenging the transactions. The bank further contends that the company failed to maintain adequate internal controls to prevent employee fraud.
The dispute raises issues concerning customers’ rights, customers’ duties, forged cheques, estoppel, and the extent of bank liability under Malaysian banking law.


Nature of the Banker-Customer Relationship
The banker-customer relationship is fundamentally contractual in nature.
As explained by Joachimson v Swiss Bank Corporation, a bank receives money from its customer not as trustee but as borrower. The money deposited becomes the bank’s property, and the bank undertakes to repay an equivalent amount upon demand by the customer.
The bank also undertakes:
  • to receive deposits;
  • to collect bills and other instruments for the customer;
  • to honour valid payment instructions;
  • to honour properly drawn cheques where sufficient funds exist; and
  • not to terminate the banking relationship without reasonable notice.
Correspondingly, the customer undertakes to exercise reasonable care when issuing written instructions so as not to mislead the bank or facilitate fraud.


Customers’ Rights
1. Right to Repayment
The customer has a contractual right to repayment of funds standing to the credit of the account.
The bank’s obligation is not to return the exact money deposited but to repay an equivalent amount upon a valid demand at the branch where the account is maintained.


2. Right to Draw Cheques
A customer with sufficient funds has the right to issue cheques against the available balance.
The bank owes a corresponding duty to honour properly drawn cheques unless:
  • there are insufficient funds;
  • the cheque is irregular;
  • payment is prohibited by law; or
  • the account has been lawfully restricted.


3. Right to Interest
Customers maintaining savings or deposit accounts are generally entitled to interest or returns in accordance with the terms governing the account.
Current accounts ordinarily do not attract interest unless specifically agreed.


Customers’ Duties at Common Law
A significant principle of banking law is that customers owe only limited duties to their bankers.
The Malaysian Supreme Court in United Asian Bank Bhd v Tai Soon Heng Construction Sdn Bhd confirmed that, at common law, customers owe only two recognised duties:
  1. The Macmillan Duty.
  2. The Greenwood Duty.
No wider duties are imposed unless expressly agreed by contract.


The Macmillan Duty
The first duty originates from London Joint Stock Bank v Macmillan and Arthur.
Under this duty, the customer must exercise reasonable care when drawing cheques and issuing written instructions.
The customer must not prepare a cheque in a manner that facilitates fraud or forgery.
Examples include:
  • leaving large blank spaces;
  • writing ambiguous amounts;
  • signing incomplete cheques; and
  • issuing instructions capable of easy alteration.
The purpose of the duty is to prevent the customer from misleading the bank or creating opportunities for fraud.


The Greenwood Duty
The second duty originates from Greenwood v Martins Bank.
Once a customer becomes aware that forged cheques or unauthorised transactions have occurred, the customer must promptly notify the bank.
Failure to provide timely notice may result in the customer being unable to recover losses that could have been prevented had the bank been informed earlier.
The duty arises only after the customer acquires knowledge of the forgery or unauthorised transaction.


No General Duty to Prevent Employee Fraud
The law does not impose a wider obligation on customers to organise their business affairs so as to prevent forgery by employees.
This principle was firmly established by the Privy Council in Tai Hing Cotton Mill Ltd v Liu Chong Hing Bank Ltd.
In that case, an accounts clerk forged approximately 300 cheques amounting to HK$5.5 million. The Privy Council held that customers owe only the Macmillan Duty and Greenwood Duty.
There is no implied duty requiring customers to:
  • establish fraud-proof internal controls;
  • supervise employees to prevent forgery;
  • conduct audits specifically for the bank’s protection; or
  • take general precautions in the management of their business to prevent forged cheques.
The court refused to imply any broader duty into the banker-customer contract.


No General Duty to Inspect Bank Statements
Another important principle established in Tai Hing Cotton Mill and reaffirmed in United Asian Bank is that customers are not under a common law duty to inspect periodic bank statements merely to protect the bank.
Accordingly, absent an express contractual provision:
  • customers are not obliged to examine every statement;
  • customers are not required to verify every debit entry;
  • customers are not responsible for detecting forged signatures through statement review.
The burden of verifying payment instructions remains primarily with the bank.


Duty to Inform the Bank of Known Irregularities and Estoppel
Although there is no general duty to inspect statements, a different principle applies once the customer becomes aware of irregularities.
A customer who discovers an unauthorised transaction, forged cheque, or suspicious debit must notify the bank within a reasonable time.
Failure to do so may give rise to estoppel.
Estoppel prevents a person from asserting a legal claim where his conduct has induced another party to act to its detriment.
In banking law, where a customer remains silent despite knowing of unauthorised transactions, and the bank is prejudiced by the delay, the customer may be estopped from later challenging the transactions.


Proven Development Sdn Bhd v Hongkong and Shanghai Banking Corporation
Facts
In Proven Development Sdn Bhd v Hongkong and Shanghai Banking Corporation, the plaintiff company maintained a current account with the defendant bank.
One of the company’s directors gave oral instructions to the bank to debit the account on three occasions between 1976 and 1977 amounting to RM115,000.
Years later, the company challenged the debits on the basis that they lacked proper authority under the directors’ resolution.
However, the company had failed to raise any complaint concerning the transactions for approximately nine years.


Held
The High Court held that oral instructions given to the bank were capable of subsequent ratification by the directors.
More importantly, the court emphasised that once the company became aware of any alleged irregularity, it was incumbent upon the company to notify the bank promptly.
By waiting nine years before bringing legal proceedings, the company caused substantial prejudice to the bank, which could no longer produce certain documentary evidence because of the passage of time.
Accordingly, the company was estopped from asserting its claim against the bank.


Liability of Banks for Forged Cheques
Under common law, a forged cheque is legally void.
A bank has no authority to honour a forged instrument because the customer’s mandate is absent.
In United Asian Bank Bhd v Tai Soon Heng Construction Sdn Bhd, the Supreme Court held that:
  • liability for paying forged cheques arises under the tort of conversion;
  • conversion is a tort of strict liability;
  • the bank is liable even if it acted honestly;
  • the bank is liable even if it exercised reasonable care.
The forged instrument is a nullity, and payment upon it is unauthorised.


New Ace Digital Print Sdn Bhd v Public Bank Bhd
The Malaysian courts have continued to uphold this principle.
In New Ace Digital Print Sdn Bhd v Public Bank Bhd, the bank was held liable in damages for making payment based on a forged cheque.
The case reinforces the principle that the responsibility for verifying signatures and mandates generally rests with the bank.


Critical Analysis
The modern law seeks to balance customer protection with customer responsibility.
On one hand, banks are professional financial institutions entrusted with verifying payment instructions. Since forged cheques are nullities, the law places primary responsibility on banks that honour them.
On the other hand, customers cannot remain passive once they become aware of fraud or irregularities. The Macmillan Duty and Greenwood Duty ensure that customers do not contribute to losses through carelessness or silence.
The doctrine of estoppel further promotes fairness by preventing customers from delaying complaints until evidence has disappeared or the bank’s ability to defend itself has been prejudiced.
The combined effect of Macmillan, Greenwood, Tai Hing Cotton Mill, United Asian Bank, and Proven Development creates a balanced framework that protects both parties while preserving confidence in the banking system.


Solution to the Case Scenario
Forged Cheques
Mega Builders would likely succeed in recovering losses arising from the forged cheques.
The forged instruments are legally void, and the bank had no authority to honour them.
The bank remains primarily liable under the tort of conversion.


Employee Fraud
The bank cannot avoid liability merely by arguing that the company failed to maintain adequate internal controls.
Following Tai Hing Cotton Mill and United Asian Bank, customers owe no general duty to organise their business affairs to prevent employee fraud.


Delayed Complaint Regarding Debit Transactions
The position differs regarding the disputed debit transactions.
The directors became aware of the transactions but waited several years before raising any complaint.
Applying Proven Development, the company’s delay may create an estoppel if the bank has suffered prejudice because relevant records or evidence are no longer available.
The company may therefore be prevented from challenging those transactions.


Practical Application
For Customers
Customers should:
  • draw cheques carefully and clearly;
  • immediately report forged signatures;
  • notify the bank promptly upon discovering irregular transactions;
  • maintain reasonable internal controls;
  • retain banking records and supporting documents.
Although there is generally no duty to inspect statements, regular review remains prudent commercial practice.


For Banks
Banks should:
  • verify signatures rigorously;
  • maintain effective fraud detection systems;
  • retain transaction records for appropriate periods;
  • investigate reported irregularities promptly;
  • recognise that payment on forged instruments generally attracts strict liability.


Conclusion
Under Malaysian banking law, customers possess the rights to repayment, cheque facilities, and interest where contractually provided. In return, customers owe only two recognised common law duties: the Macmillan Duty, requiring reasonable care when drawing cheques, and the Greenwood Duty, requiring prompt notification of known forgeries or unauthorised transactions. Neither Malaysian nor English law imposes a general duty upon customers to supervise employees, prevent internal fraud, or routinely inspect bank statements for the bank’s benefit. Nevertheless, once a customer becomes aware of an irregularity, he must inform the bank within a reasonable time. Failure to do so may give rise to estoppel, preventing the customer from later challenging the transaction if the delay prejudices the bank. Accordingly, while banks generally bear strict liability for paying forged cheques, customers who knowingly remain silent about irregularities may lose their right to recover losses arising from those transactions.

Picture
Published on
Malaysian Banking Law – Banking Secrecy, Confidentiality and Disclosure
Introduction
Banking secrecy is a fundamental aspect of the banker-customer relationship. It protects confidential information obtained by a bank concerning a customer’s affairs and accounts. The duty exists to safeguard customer privacy, preserve confidence in the banking system and ensure that banking information is disclosed only in circumstances recognised by law.
In Malaysia, banking secrecy is governed principally by sections 132, 133 and 134 of the Financial Services Act 2013 (FSA 2013), which replaced the secrecy provisions formerly found in the Banking and Financial Institutions Act 1989 (BAFIA).
The duty of confidentiality is protected through:
  • Statute;
  • Contract; and
  • Equity.
Consequently, unauthorised disclosure may result in:
  • Criminal liability;
  • Civil liability;
  • Equitable remedies; and
  • Regulatory sanctions.
However, the courts have repeatedly emphasised that banking secrecy is not absolute. The law must balance customer privacy against the requirements of justice, commercial practicality, regulatory supervision and public interest.


1. Statutory Duty of Secrecy
Section 133 FSA 2013
Section 133 imposes a duty of secrecy upon:
  • Financial institutions;
  • Directors;
  • Officers;
  • Employees;
  • Agents; and
  • Former directors, officers and agents.
The duty prohibits disclosure of information relating to a customer’s affairs or account.
The protection extends to:
  • Account balances;
  • Transaction histories;
  • Financing facilities;
  • Securities holdings;
  • Credit information;
  • Customer identities; and
  • Any information acquired through the banking relationship.
Breach may attract:
  • Imprisonment up to five years;
  • A fine up to RM10 million; or
  • Both.


2. Banking Confidentiality under Contract and Equity
Apart from statute, confidentiality is also recognised as:
An Implied Contractual Duty
The banker-customer contract contains an implied term that customer information will remain confidential.
An Equitable Obligation
Equity protects confidential information and may grant remedies such as injunctions and damages for misuse of confidential information.
The Malaysian courts have developed these principles through a number of important cases.


Tan Eng Seong v Malayan Banking Bhd
Principle
Disclosure of customer information to the customer’s brother constituted a breach of the implied contractual duty of confidentiality.
The case confirms that:
  • Confidentiality is an implied contractual term.
  • Family members remain third parties unless authorised.
  • Nominal damages may be awarded even where actual loss is minimal.


Wong Yeng Mun v CIMB Bank Berhad
Principle
The bank negligently sent account statements to the wrong address where they were opened by the customer’s wife.
The court held that:
  • The privilege of confidentiality belongs to the customer.
  • Administrative negligence may amount to a breach of confidentiality.
  • Banks must maintain adequate safeguards to protect customer information.


Tan Lay Soon v Kam Mah Theatre Sdn Bhd
Principle
The court held that confidentiality belongs to the customer and may be waived either expressly or impliedly.
Where disclosure is necessary to complete a transaction authorised by the customer, banking secrecy will not prevent such disclosure.


3. Cross-Border Disclosure and Extra-Territorial Effect
Attorney General of Hong Kong v Zauyah Wan Chik & Ors
The Court of Appeal held that section 97 BAFIA was not expressed to have extra-territorial effect.
Accordingly:
  • Disclosure in foreign court proceedings does not automatically create criminal liability in Malaysia.
  • Witnesses compelled by foreign courts may rely on legal compulsion as a defence.
  • Banking secrecy must sometimes yield to the administration of justice.


4. Illegally Obtained Banking Information Remains Admissible
Wako Merchant Bank (Singapore) Ltd v Lim Lean Heng
The defendants argued that banking information obtained in breach of section 97 BAFIA should be inadmissible in support of a Mareva injunction.
The High Court rejected this argument.
Legal Principle
Parliament created criminal offences for unlawful disclosure of banking information but did not provide that such information would become inadmissible in court proceedings.
Accordingly:
  • Illegally obtained evidence remains admissible if relevant.
  • Criminal liability and evidential admissibility are separate issues.
  • The person disclosing the information may face criminal consequences, but the evidence itself may still be used in court.
The Court of Appeal subsequently affirmed that breach of confidentiality is ordinarily remedied through injunctions or damages rather than by excluding evidence.


5. Public Information and Banking Confidentiality
An important limitation on banking secrecy concerns information that is already publicly available.
Confidentiality cannot ordinarily be claimed over facts that have entered the public domain through lawful publication.
This principle was considered in the following case.


Hj Salleh Hj Janan v Financial Information Services Sdn Bhd; Affin-ACF Finance Bhd (Third Party) [2005] 1 CLJ 241
Facts
Financial Information Services Sdn Bhd (FIS) supplied information to Affin-ACF Finance Bhd indicating that the plaintiff had twice been adjudged bankrupt.
The information originated from court records and bankruptcy orders that had previously been published in newspapers and the Government Gazette.
However, FIS failed to mention that the bankruptcy orders had subsequently been rescinded and annulled.
The plaintiff sued FIS for libel, arguing that publication of the information damaged his reputation.


Held
The High Court dismissed the plaintiff’s claim.
The court held that FIS merely reproduced information contained in public court records and publicly available publications.
Since the information related to facts already available to the public, FIS was entitled to repeat or restate those facts.
The defence of justification therefore succeeded.


Judgment of Linton Albert JC
The court adopted the principle that:
A statement that a decree or order has been made by a public court is a public fact which anybody is entitled to state.
The court emphasised that information already appearing in court records, newspapers or the Gazette loses its confidential character because it has entered the public domain.


Legal Principle
The case establishes that:
Public Facts Are Not Confidential
Information contained in public court records is no longer confidential.
A person who merely repeats or republishes such information is generally not liable for disclosing confidential information.
Repetition of Public Information Is Not a Breach of Banking Secrecy
Banking secrecy protects confidential information.
It does not protect information that has already become publicly available through lawful means.
Defence of Justification
Where a statement accurately reflects a public court record, the defence of justification may defeat a defamation claim.


Significance
This case demonstrates an important limitation on banking confidentiality.
While banking secrecy protects private customer information, it cannot be used to conceal information that has already become part of the public record through judicial proceedings.
The law protects secrecy, not secrecy that has already ceased to exist.


Case Scenario: Public Bankruptcy Record
Facts
A finance company receives information from a credit reporting agency indicating that Ahmad was adjudged bankrupt five years ago.
The information was obtained from court records published in the Gazette.
Ahmad sues, alleging breach of confidentiality and defamation.


Solution
Applying Hj Salleh Hj Janan:
  • The information originated from public court records.
  • The information was already publicly available.
  • The agency merely repeated a public fact.
  • Confidentiality cannot attach to information already in the public domain.
Accordingly, the claim is unlikely to succeed.


Critical Analysis
The decision strikes a balance between:
Privacy Rights
Individuals deserve protection against unauthorised disclosure of genuinely confidential information.
Public Interest
Court orders, bankruptcy proceedings and other judicial records are matters of public record.
Allowing persons to claim confidentiality over publicly available information would undermine legal certainty and commercial decision-making.
The court therefore distinguished between:
  • Confidential banking information; and
  • Publicly available legal facts.


6. Banker’s Duty Regarding Garnishee Orders
A bank may receive a garnishee order from a customer’s creditor.
Once served with the order, the bank owes a duty to the court not to release the attached funds unless authorised by the court.
The bank must preserve the funds pending further directions.
Failure to comply may expose the bank to liability.


Bank Utama (M) Bhd v Insan Budi Sdn Bhd
Principle
The Court of Appeal recognised that banks may owe duties not only under contract but also in tort.
Where a bank acting in its professional capacity fails to follow proper procedures in handling a credit facility, the bank may incur concurrent liability in:
  • Contract; and
  • Negligence.


Significance
The case demonstrates that a bank’s responsibilities extend beyond merely keeping customer information confidential.
Banks are professional financial institutions expected to exercise reasonable skill, care and competence when performing banking functions.
A failure to do so may result in liability under multiple legal principles.


Key Examination Principles
Banking Secrecy
  • Governed principally by sections 132–134 FSA 2013.
  • Protects information relating to customer affairs and accounts.
Tan Eng Seong Principle
  • Confidentiality is an implied contractual duty.
  • Disclosure to relatives may constitute breach.
Wong Yeng Mun Principle
  • Confidentiality belongs to the customer.
  • Negligent disclosure may create liability.
Tan Lay Soon Principle
  • Confidentiality belongs to the customer.
  • Consent may be express or implied.
Zauyah Wan Chik Principle
  • Banking secrecy laws are not automatically extra-territorial.
  • Disclosure under legal compulsion may be justified.
Wako Merchant Bank Principle
  • Information obtained in breach of banking secrecy laws remains admissible if relevant.
  • Criminal liability and admissibility are separate issues.
Hj Salleh Hj Janan Principle
  • Publicly available court records are not confidential.
  • A public fact may be repeated or restated.
  • Banking secrecy does not protect information already in the public domain.
Bank Utama Principle
  • Banks may owe concurrent duties in contract and tort.
  • Failure to exercise proper professional care may create liability.


Conclusion
Malaysian banking secrecy law protects customer information through statutory provisions, contractual obligations and equitable principles. However, confidentiality is not absolute. The courts have recognised several important limitations, including customer consent, legal compulsion, public court records, admissibility of relevant evidence, and the practical requirements of commerce and justice. Cases such as Tan Eng Seong, Wong Yeng Mun, Tan Lay Soon, Zauyah Wan Chik, Wako Merchant Bank, and Hj Salleh Hj Janan collectively demonstrate that while customer privacy remains a fundamental concern, banking secrecy must be balanced against broader legal, commercial and public interests.

Picture
Published on
Malaysian Banking Law – Banking Secrecy and Customer Confidentiality
Introduction
Banking secrecy is one of the most fundamental obligations imposed upon a bank in its relationship with customers. Customers entrust banks with highly sensitive information relating to their finances, assets, liabilities and transactions. The law therefore requires banks to preserve the confidentiality of such information.
The objectives of banking secrecy are:
  • To protect customer privacy;
  • To preserve confidence in the banking system; and
  • To ensure that banking information is disclosed only in circumstances recognised by law.
In Malaysia, banking secrecy is principally governed by sections 132, 133 and 134 of the Financial Services Act 2013 (FSA 2013), which replaced sections 97 to 101 of the Banking and Financial Institutions Act 1989 (BAFIA).
Banking confidentiality is protected not only by statute but also by contract and equity. As a result, an unauthorised disclosure may give rise to:
  • Criminal liability;
  • Civil liability;
  • Equitable remedies; and
  • Regulatory consequences.
The courts have also clarified several important principles concerning:
  • Ownership of confidentiality;
  • Implied consent;
  • Accidental disclosures;
  • Extra-territorial disclosures;
  • Disclosure compelled by law; and
  • The admissibility of information obtained in breach of banking secrecy laws.


1. Statutory Duty of Banking Secrecy
Section 133 FSA 2013
Section 133 imposes a statutory duty of confidentiality upon:
  • Financial institutions;
  • Directors;
  • Officers;
  • Employees;
  • Agents; and
  • Former directors, officers and agents.
These persons must not disclose any information relating to a customer’s affairs or account.
The protection extends to:
  • Account balances;
  • Banking transactions;
  • Financing facilities;
  • Fixed deposits;
  • Securities accounts;
  • Credit information;
  • Customer identities; and
  • Any information acquired through the banking relationship.
Breach may result in:
  • Imprisonment up to five years;
  • A fine up to RM10 million; or
  • Both.


2. Confidentiality as an Implied Contractual and Equitable Duty
Apart from statute, confidentiality is also recognised as:
An Implied Contractual Duty
The banker-customer contract contains an implied term that the bank will preserve confidentiality.
An Equitable Duty
Equity protects confidential information and may restrain actual or threatened disclosures through injunctions.
Important authorities include:
  • Tan Eng Seong v Malayan Banking Bhd
  • Wong Yeng Mun v CIMB Bank Berhad
  • Tan Lay Soon v Kam Mah Theatre Sdn Bhd
  • Wako Merchant Bank (Singapore) Ltd v Lim Lean Heng


Tan Eng Seong v Malayan Banking Bhd [1997] MLJU 36
Principle
Disclosure of a customer’s banking information to his brother constituted a breach of the implied duty of confidentiality.
The case establishes that:
  • Confidentiality is an implied contractual obligation.
  • Family members are still third parties unless authorised.
  • Nominal damages may be awarded even where actual financial loss is minimal.


Wong Yeng Mun v CIMB Bank Berhad [2010] MLJU 414
Principle
The bank mistakenly sent statements to an incorrect address where they were opened by the customer’s new wife.
The court held the bank liable.
The case confirms that:
  • The privilege of confidentiality belongs to the customer.
  • Negligent handling of customer information may amount to a breach.
  • Banks must adopt reasonable safeguards to prevent unauthorised disclosure.


Tan Lay Soon v Kam Mah Theatre Sdn Bhd [1990] 2 MLJ 482
Principle
The court held that confidentiality belongs to the customer and may be waived expressly or impliedly.
Where a customer authorises sale proceeds to be used to discharge a bank charge, disclosure necessary to implement that arrangement is permissible.
The case demonstrates that banking secrecy cannot be used to defeat transactions authorised by the customer.


3. Extra-Territorial Effect of Banking Secrecy
Attorney General of Hong Kong v Zauyah Wan Chik & Ors [1995] 2 MLJ 620
Principle
Section 97 BAFIA was not expressed to have extra-territorial effect.
Therefore:
  • Disclosure made in foreign court proceedings does not automatically create criminal liability in Malaysia.
  • Witnesses compelled by foreign courts to give evidence may rely upon legal compulsion as a legitimate excuse.
  • Banking secrecy is not absolute and must sometimes yield to the administration of justice.


4. Admissibility of Information Obtained in Breach of Banking Secrecy
One of the most important questions in banking secrecy law is whether information obtained unlawfully remains admissible as evidence in court.
This issue was considered in:
Wako Merchant Bank (Singapore) Ltd v Lim Lean Heng & Ors [2000] 3 MLJ 401
and subsequently by the Court of Appeal in:
Lim Lean Heng v Wako Merchant Bank (Singapore) Ltd & Other Appeals [2004] 3 CLJ 9


Wako Merchant Bank (Singapore) Ltd v Lim Lean Heng & Ors [2000] 3 MLJ 401
Facts
The plaintiff had obtained a judgment against the first defendant in Singapore.
The judgment was subsequently registered in the High Court of Malaya.
To prevent the defendants from dissipating assets, the plaintiff applied for and obtained an ex parte Mareva injunction.
The injunction affected several bank accounts belonging to the defendants.
The existence and particulars of those bank accounts were discovered through investigations conducted by a private investigator engaged by the plaintiff.
The defendants argued that the information concerning the bank accounts had been obtained in breach of section 97 of BAFIA.
They contended that because the information was obtained unlawfully, it should be inadmissible and the Mareva injunction should therefore be set aside.


Held (High Court)
The High Court rejected the defendants’ argument.
The court held that Parliament enacted section 97 to protect the confidentiality of customer accounts by creating criminal offences for unauthorised disclosure.
However, Parliament did not enact any provision stating that information disclosed in breach of section 97 would become inadmissible in legal proceedings.
Consequently, the ordinary rules of evidence continued to apply.
Under Malaysian evidence law:
Evidence obtained illegally is nevertheless admissible if it is relevant.
Accordingly, information relating to the defendants’ bank accounts remained admissible despite the possibility that it had been obtained through a breach of banking secrecy laws.
The Mareva injunction therefore remained valid.


Judgment of Abdul Aziz J
The learned judge emphasised several important principles.
Banking Secrecy Creates Criminal Liability
Section 97 criminalised unauthorised disclosure.
A person who unlawfully disclosed customer information could be prosecuted.
Similarly, a person who knowingly made a further disclosure could also commit an offence.
The private investigator potentially risked criminal liability if he knowingly disclosed information that had originally been obtained in breach of section 97.


Parliament Did Not Exclude Admissibility
The judge observed that Parliament deliberately created offences for unlawful disclosure but did not enact any provision excluding such evidence from court proceedings.
Had Parliament intended to render the information inadmissible, it could have expressly stated so.
Since Parliament did not do so, the courts were not entitled to create such an exclusion.


Criminal Liability and Admissibility Are Separate Questions
The fact that disclosure may constitute a criminal offence does not automatically affect the admissibility of the information.
The disclosing party may face criminal consequences separately.
However, the evidence itself remains admissible if relevant to the issues before the court.


Legal Principle
The case establishes the following principle:
Information Obtained in Breach of Banking Secrecy Remains Admissible
Banking secrecy legislation creates criminal sanctions for unauthorised disclosure.
However, unless Parliament expressly provides otherwise, information obtained in breach of those provisions remains admissible in civil and criminal proceedings if relevant.


Lim Lean Heng v Wako Merchant Bank (Singapore) Ltd & Other Appeals [2004] 3 CLJ 9
Held (Court of Appeal)
The Court of Appeal dismissed the appeal.
The court reaffirmed that the appropriate remedies for breach of confidentiality lie in the law of equity.


Principle of Equity
The Court of Appeal explained that:
  • Equity imposes an obligation upon recipients of confidential information.
  • Actual or threatened disclosure may be restrained by injunction.
  • Breach of confidence may give rise to damages.
However, cross-examination was not an available remedy to defeat the Mareva injunction in the circumstances of the case.


Significance of the Decision
The Court of Appeal reinforced the distinction between:
Confidentiality Obligations
A person who receives confidential information may be restrained from misusing it and may face liability for breach of confidence.
Evidential Admissibility
The fact that information was improperly obtained does not necessarily prevent a court from considering it as evidence.
The two issues are legally distinct.


Case Scenario: Illegally Obtained Banking Information
Facts
A creditor discovers through a private investigator that a debtor maintains RM5 million in several bank accounts.
The investigator obtained the information through an unauthorised source.
The creditor applies for a Mareva injunction to freeze the accounts.
The debtor argues that the information was obtained unlawfully and should therefore be inadmissible.


Solution
Applying Wako Merchant Bank:
  • The disclosure may constitute a breach of banking secrecy laws.
  • The persons responsible may face criminal or civil liability.
  • However, the information remains admissible if it is relevant.
  • The court may therefore rely upon the information in deciding whether to grant a Mareva injunction.


Critical Analysis
The decision reflects a balance between two competing objectives:
Protecting Customer Confidentiality
The law discourages unauthorised disclosure through criminal sanctions and civil remedies.
Facilitating the Administration of Justice
The courts are concerned primarily with whether evidence is relevant and reliable.
Excluding all evidence obtained through unlawful disclosure could permit wrongdoers to hide assets and frustrate justice.
The court therefore distinguished between:
  • Punishing the wrongful disclosure; and
  • Determining whether the information may be used as evidence.


Key Examination Principles
Banking Secrecy
  • Protected by sections 132–134 FSA 2013.
  • Also protected by contract and equity.
Tan Eng Seong Principle
  • Confidentiality is an implied contractual duty.
  • Disclosure to relatives may constitute breach.
Wong Yeng Mun Principle
  • Confidentiality belongs to the customer.
  • Negligent disclosure may create liability.
Tan Lay Soon Principle
  • Confidentiality belongs to the customer.
  • Consent may be express or implied.
  • Disclosure necessary to implement an authorised transaction is lawful.
Zauyah Wan Chik Principle
  • Banking secrecy legislation is not automatically extra-territorial.
  • Disclosure compelled by foreign courts may not create criminal liability in Malaysia.
Wako Merchant Bank Principle
  • Banking secrecy laws create criminal sanctions for unauthorised disclosure.
  • They do not automatically render information inadmissible.
  • Illegally obtained evidence remains admissible if relevant.
  • Breach of confidence is addressed through injunctions and damages rather than exclusion of evidence.


Conclusion
Malaysian banking secrecy law protects customer information through statutory provisions, contractual obligations and equitable principles. Nevertheless, the courts have consistently recognised that confidentiality is not absolute. Cases such as Tan Eng Seong, Wong Yeng Mun, Tan Lay Soon, Zauyah Wan Chik, and Wako Merchant Bank demonstrate that while unauthorised disclosure may attract criminal sanctions, civil liability or equitable remedies, such disclosure does not automatically render the information inadmissible as evidence. The law therefore seeks to balance the protection of customer confidentiality against broader considerations of justice, commercial practicality and effective judicial administration.

Picture
Published on
Malaysian Banking Law – Mareva Injunction
Definition
A Mareva Injunction (now commonly referred to as a Freezing Order) is a court order that restrains a defendant from disposing of, transferring, dissipating, or dealing with assets pending the determination of legal proceedings.
The purpose of a Mareva Injunction is not to give the plaintiff security over the assets, but to preserve the assets so that they remain available to satisfy a future judgment.
In banking law, a Mareva Injunction frequently affects bank accounts because money held in accounts can be quickly transferred or withdrawn before a judgment is obtained.


Purpose of a Mareva Injunction
The primary purpose is to prevent a defendant from frustrating the enforcement of a future judgment by:
  • Removing assets from the jurisdiction;
  • Transferring assets to third parties;
  • Concealing assets;
  • Dissipating funds held in bank accounts; or
  • Reducing the value of assets available to satisfy a judgment.
A Mareva Injunction therefore preserves the status quo until the dispute is resolved.


Nature of the Remedy
A Mareva Injunction is:
  • An equitable remedy;
  • Discretionary in nature;
  • Usually granted before trial;
  • Frequently obtained on an ex parte basis (without notifying the defendant);
  • Intended to preserve assets rather than determine ownership.
The injunction does not transfer ownership of assets to the plaintiff.
The defendant remains the legal owner of the assets but loses the freedom to deal with them in a manner prohibited by the court order.


Historical Origin
The remedy derives its name from the English case of:
Mareva Compania Naviera SA v International Bulkcarriers SA
where the English Court of Appeal recognised the court’s power to freeze a defendant’s assets pending trial.
The decision revolutionised commercial litigation by providing a practical mechanism to prevent defendants from defeating judgments through asset dissipation.


Requirements for Obtaining a Mareva Injunction
A plaintiff generally must establish:
1. A Good Arguable Case
The plaintiff must demonstrate that there is a serious issue to be tried and that the claim has a reasonable prospect of success.
The court does not determine the merits conclusively at this stage.


2. Assets Within the Jurisdiction
The defendant must possess assets capable of being frozen.
These assets may include:
  • Bank accounts;
  • Shares;
  • Real property;
  • Investments;
  • Business assets.


3. Real Risk of Dissipation
The plaintiff must show a genuine risk that the defendant may:
  • Remove assets;
  • Conceal assets;
  • Transfer funds;
  • Dispose of property;
  • Otherwise frustrate enforcement of a future judgment.
Mere suspicion is insufficient.
The court requires evidence demonstrating a real risk.


4. Full and Frank Disclosure
Because many Mareva applications are made ex parte, the applicant must disclose all material facts to the court, including facts that may be unfavourable to its case.
Failure to do so may result in the injunction being discharged.


Effect on Bank Accounts
A Mareva Injunction frequently operates against bank accounts.
For example:
  • A sues B for RM5 million.
  • A discovers that B maintains RM3 million in several bank accounts.
  • A fears that B will transfer the money overseas.
The court grants a Mareva Injunction freezing the accounts.
Consequently:
  • B remains the owner of the money.
  • The accounts continue to exist.
  • The bank cannot permit withdrawals or transfers contrary to the injunction.
  • The funds remain preserved pending the outcome of the case.


Example
Facts
Ali sues Ahmad for RM2 million alleging fraud.
Ali discovers that Ahmad holds RM1.5 million in accounts with Maybank and CIMB Bank.
Evidence suggests Ahmad intends to transfer the funds to an overseas jurisdiction.


Court Order
The court grants a Mareva Injunction prohibiting Ahmad from:
  • Withdrawing funds;
  • Transferring money abroad;
  • Dealing with specified assets.
The banks are notified of the order.


Result
The banks freeze the accounts to the extent specified by the order.
The funds remain available if Ali ultimately succeeds in the lawsuit.


Duties of the Bank Upon Receiving a Mareva Injunction
1. Duty to Comply with the Court Order
The bank must immediately comply with the injunction.
Failure may expose the bank to contempt proceedings.


2. Restriction on Transactions
The bank must not permit withdrawals or transfers inconsistent with the injunction.


3. Disclosure Obligations
The court may require the bank to disclose information regarding the defendant’s accounts and assets.
Such disclosure is legally justified notwithstanding banking confidentiality obligations.


4. Preservation of Assets
The bank must take reasonable steps to ensure that frozen assets remain intact pending further court directions.


Mareva Injunction vs Garnishee Order
Feature
Mareva Injunction
Garnishee Order

Purpose
Preserve assets
Enforce a judgment

Timing
Before or during proceedings
After judgment

Ownership of assets
Remains with defendant
Debt is paid to judgment creditor

Transfer of money
No transfer occurs
Money is transferred

Objective
Prevent dissipation
Recover judgment debt

Nature
Protective remedy
Enforcement remedy


Relationship with Banking Secrecy
A Mareva Injunction often requires disclosure of information concerning bank accounts.
This constitutes an exception to the bank’s duty of confidentiality because disclosure occurs pursuant to a court order and is therefore authorised by law.
The bank does not breach its duty of secrecy when complying with the injunction.


Case Illustration: Discovery of Bank Accounts
Wako Merchant Bank (Singapore) Ltd v Lim Lean Heng
Facts
The plaintiff obtained judgment against the defendant and subsequently secured an ex parte Mareva Injunction.
Information concerning several bank accounts affected by the injunction was obtained by a private investigator.
The defendants argued that the information had been obtained in breach of statutory banking secrecy provisions and should therefore be inadmissible.


Held
The court refused to discharge the injunction.
The information remained admissible notwithstanding the alleged breach of banking secrecy provisions.
The accounts therefore continued to be subject to the Mareva Injunction.


Significance
The case demonstrates that courts may prioritise the administration of justice and asset preservation over objections concerning the manner in which account information was obtained.
It also illustrates the close relationship between banking secrecy issues and Mareva proceedings.


Critical Analysis
A Mareva Injunction is one of the most powerful interim remedies in commercial and banking litigation. Without such relief, a dishonest defendant could transfer funds out of bank accounts and render a future judgment worthless.
The remedy balances competing interests. On one hand, it protects plaintiffs from asset dissipation. On the other hand, because it can significantly restrict a defendant’s use of property before liability has been established, courts impose strict requirements such as a good arguable case, evidence of dissipation risk, and full and frank disclosure.
For banks, a Mareva Injunction creates legal obligations that override ordinary contractual duties owed to customers. Although the bank normally follows customer instructions, once a freezing order is served the bank’s paramount duty is compliance with the court order.


Examination Summary
Mareva Injunction (Freezing Order)
  • An equitable court order freezing a defendant’s assets.
  • Designed to prevent dissipation of assets before judgment.
  • Commonly affects bank accounts.
  • Does not transfer ownership of assets.
  • Defendant remains owner but cannot freely deal with the assets.
  • Requires:
    • Good arguable case;
    • Assets available for freezing;
    • Real risk of dissipation;
    • Full and frank disclosure.
  • Banks must comply once notified.
  • Distinct from a garnishee order because it preserves assets rather than enforcing a judgment.
Key Principle: A Mareva Injunction is a protective remedy aimed at ensuring that assets, including bank deposits, remain available to satisfy any judgment that may ultimately be obtained by the plaintiff.

Picture
Published on
Malaysian Banking Law – Garnishee Order
Definition
A garnishee order is a court order that enables a judgment creditor (a person who has obtained a judgment against a debtor) to recover the judgment debt by attaching money owed to the judgment debtor by a third party, known as the garnishee.
In banking law, the garnishee is usually a bank because the bank owes a debt to its customer in respect of the customer’s account balance.
A garnishee order therefore allows the court to direct the bank to pay money standing to the credit of the customer’s account directly to the judgment creditor instead of the customer.


Parties to a Garnishee Proceeding
1. Judgment Creditor
The party who has successfully obtained a court judgment and is entitled to receive payment.
2. Judgment Debtor
The party against whom the judgment has been entered and who owes the judgment debt.
3. Garnishee
A third party who owes money to the judgment debtor.
In banking cases, the garnishee is generally the bank that maintains the debtor’s account.


Legal Basis of a Garnishee Order
The operation of a garnishee order is founded upon the debtor-creditor relationship between a bank and its customer.
When money is deposited into a bank account:
  • Ownership of the money passes to the bank.
  • The bank becomes the debtor.
  • The customer becomes the creditor.
  • The customer acquires a contractual right to demand repayment from the bank.
Therefore, the customer’s bank balance represents a debt owed by the bank to the customer.
A garnishee order attaches that debt and redirects payment from the bank to the judgment creditor.


Procedure
Stage 1: Judgment Obtained
A creditor first obtains a court judgment against a debtor.
Example:
  • Ali sues Ahmad.
  • The court orders Ahmad to pay Ali RM100,000.
  • Ahmad fails to satisfy the judgment.


Stage 2: Garnishee Order Nisi
Ali applies to the court for a garnishee order against Ahmad’s bank.
The court may issue a Garnishee Order Nisi, which:
  • Temporarily freezes funds in Ahmad’s account up to the amount of the judgment debt.
  • Requires the bank to appear before the court.
  • Requires the bank to disclose whether it holds money belonging to Ahmad.
At this stage, the order is provisional and has not yet become final.


Stage 3: Garnishee Order Absolute
If the court is satisfied that the bank holds funds belonging to Ahmad, it may issue a Garnishee Order Absolute.
The bank is then legally required to:
  • Pay the specified amount directly to Ali.
  • Comply with the court order.
  • Treat the payment as a valid discharge of its debt to Ahmad.


Practical Illustration
Assume:
  • Ahmad owes Ali RM50,000 pursuant to a court judgment.
  • Ahmad maintains a savings account with Maybank containing RM80,000.
The court issues:
  1. A Garnishee Order Nisi.
  2. Subsequently, a Garnishee Order Absolute.
The bank must pay RM50,000 directly to Ali.
Result:
  • Ali receives RM50,000.
  • RM30,000 remains in Ahmad’s account.


Effect on the Banker-Customer Relationship
1. Restriction on Customer’s Right to Withdraw
Once served with a garnishee order, the bank must preserve the attached funds and cannot permit the customer to withdraw them.


2. Duty to Honour Cheques Suspended
A bank is normally under a contractual duty to honour the customer’s valid payment instructions.
However, where a garnishee order has attached the funds, the bank must refuse payment of cheques or withdrawal instructions that would affect those funds.


3. Exception to Banking Secrecy
Although a bank generally owes a duty of confidentiality to its customer, disclosure of account information pursuant to garnishee proceedings is legally justified because it is made under compulsion of law and pursuant to a court order.


4. Mandatory Compliance
The bank has no discretion whether to comply.
Failure to obey a garnishee order may expose the bank to liability for contempt of court and other legal consequences.


Accounts and Funds That May Be Attached
Generally attachable:
✅ Current account balances
✅ Savings account balances
✅ Fixed deposits that have become payable
✅ Debts due from the bank to the customer
Potentially not attachable or subject to limitations:
❌ Accounts with no credit balance
❌ Trust accounts where the debtor has no beneficial ownership
❌ Certain joint accounts, depending on ownership and applicable legal principles
❌ Funds that do not legally belong to the judgment debtor


Relationship with the Debtor-Creditor Principle
The rationale behind garnishee proceedings can be understood through the debtor-creditor relationship established in the landmark case of Foley v Hill.
The House of Lords held that:
  • A bank does not hold deposited money as trustee for the customer.
  • The bank becomes debtor of the customer.
  • The customer’s right is merely a debt claim against the bank.
Because the customer’s account balance is legally a debt owed by the bank, the court may attach that debt and require the bank to pay it to the judgment creditor.


Critical Analysis
A garnishee order is one of the most effective judgment enforcement mechanisms in banking law because it allows a creditor to access money already held by a bank without having to seize physical assets from the debtor.
From the creditor’s perspective, garnishee proceedings provide a swift and practical means of recovering judgment debts. From the bank’s perspective, however, the order temporarily overrides certain contractual obligations owed to the customer, including the duty to honour payment instructions and maintain confidentiality.
The effectiveness of the remedy ultimately rests on the fundamental principle that a customer’s deposit is not trust property but a debt owed by the bank. Consequently, the court is able to intercept that debt and redirect payment to satisfy the judgment creditor’s claim.


Examination Summary
Garnishee Order = Court order attaching a debt owed by a third party to a judgment debtor.
In banking law:
  • Bank = Garnishee.
  • Customer = Judgment Debtor.
  • Creditor = Judgment Creditor.
  • Customer’s account balance = Debt owed by the bank to the customer.
  • Court redirects payment of that debt from the bank to the judgment creditor.
Key Principle: A garnishee order operates because the banker-customer relationship is fundamentally one of debtor and creditor, as established in Foley v Hill.

Picture
Published on
Malaysian Banking Law – Banking Secrecy, Confidentiality and Permitted Disclosure under Sections 132–134 of the Financial Services Act 2013
Introduction
Banking secrecy is one of the most important obligations imposed upon a bank in its relationship with customers. A customer who deposits money with a bank expects that information concerning his accounts, transactions, financial position and dealings with the bank will remain confidential.
The duty of confidentiality serves two important functions. First, it protects the privacy rights of customers. Secondly, it promotes public confidence in the banking system by assuring customers that their financial affairs will not be disclosed indiscriminately.
In Malaysia, banking secrecy is principally governed by sections 132, 133 and 134 of the Financial Services Act 2013 (FSA 2013). These provisions impose a statutory duty of secrecy upon banks and their personnel while also recognising circumstances in which disclosure is necessary and legally justified.
Importantly, the duty of confidentiality is not derived solely from statute. Malaysian courts have recognised that confidentiality is also an implied contractual term in the banker-customer relationship. Therefore, a bank may face both criminal liability under the FSA 2013 and civil liability for breach of contract where customer information is disclosed without authority.
The protection extends beyond account balances and transaction records. It includes all information obtained by the bank through the banking relationship, whether acquired directly from account records or through dealings with the customer.


1. Restriction on Inquiry into Customer Affairs (Section 132 FSA 2013)
General Rule
Section 132 protects customers from arbitrary inquiries into their banking affairs.
The provision states that neither the Finance Minister nor Bank Negara Malaysia (BNM) is generally authorised to investigate the affairs or accounts of a specific customer of a financial institution.
The objective is to prevent unnecessary intrusion into private banking relationships and preserve customer confidentiality.


Exception
Section 132(2) recognises that confidentiality cannot obstruct regulatory oversight.
Accordingly, BNM may inquire into a customer’s affairs where such inquiry is necessary for exercising its powers and functions under:
  • The Financial Services Act 2013;
  • The Islamic Financial Services Act 2013; or
  • Section 47 of the Central Bank of Malaysia Act 2009.
Thus, while customer privacy is protected, it must yield where legitimate regulatory supervision is required.


Case Scenario 1: BNM Investigation
Facts
ABC Bank notices suspicious transactions involving a customer who appears to be moving large sums of money through multiple accounts.
BNM commences an investigation and requires the bank to disclose the customer’s account statements and transaction records.
The customer objects, claiming that the information is protected by banking secrecy.
Solution
The customer’s objection will fail.
Section 132(2) expressly permits BNM to investigate customer accounts when exercising its statutory functions.
The bank may therefore provide the requested information without breaching its confidentiality obligations.
Critical Analysis
This provision demonstrates that banking secrecy is not absolute.
The law seeks to balance:
  • Individual privacy; and
  • The public interest in combating money laundering, terrorism financing and financial crime.
Without such powers, effective regulation of the financial system would be impossible.


2. Statutory Duty of Secrecy (Section 133 FSA 2013)
General Rule
Section 133(1) imposes a strict statutory duty of secrecy.
The duty applies to:
  • Financial institutions;
  • Directors;
  • Officers;
  • Employees;
  • Agents; and
  • Former directors, officers and agents.
These persons are prohibited from disclosing any document or information relating to the affairs or account of a customer.
The obligation continues even after employment or office has ceased.


Scope of Protection
The protection afforded by section 133 is broad.
It covers:
  • Savings accounts;
  • Current accounts;
  • Fixed deposits;
  • Financing facilities;
  • Credit information;
  • Account balances;
  • Transaction histories;
  • Customer identities;
  • Financial standing;
  • Information obtained through banking dealings.
The protection is not limited to information appearing in account statements.
Any information acquired because of the banking relationship is protected.


Criminal Liability
A person who unlawfully discloses customer information commits an offence.
Upon conviction, the offender may be liable to:
  • Imprisonment for up to five years;
  • A fine of up to RM10 million; or
  • Both imprisonment and a fine.
The severity of these penalties reflects the importance attached to banking confidentiality.


Exceptions under Section 133(2)
The duty of secrecy does not apply in the following situations:
(a) Disclosure to BNM
Information disclosed to BNM for purposes connected with the exercise of its statutory functions.
(b) Statistical or Aggregated Information
Information disclosed in summary form where no particular customer can be identified.
For example, a bank may publish statistics indicating that it has 100,000 savings account holders without revealing individual customer identities.
(c) Public Information
Information that has already been lawfully made available to the public from a source other than the bank.
For example, where a listed company voluntarily publishes information regarding its banking arrangements in its annual report.


Case Scenario 2: Disclosure by a Bank Employee
Facts
A bank officer discovers that a celebrity maintains RM20 million in her account.
The officer reveals this information to friends and acquaintances.
The information subsequently spreads through social media.
Solution
The bank officer has breached section 133(1).
The information was obtained solely through the banking relationship and remains confidential.
The officer may be subjected to criminal prosecution, disciplinary action and possible civil liability.
Critical Analysis
The banking industry depends heavily on public trust.
If customers cannot trust bank employees to preserve confidentiality, confidence in the banking system will be seriously undermined.


3. Prohibition Against Further Disclosure (Section 133(3))
Section 133(3) extends protection beyond the original disclosure.
A person who knowingly receives information that has been disclosed in breach of section 133(1) is prohibited from further disclosing that information.
The provision prevents confidential information from continuing to circulate after the initial breach.


Case Scenario 3: Secondary Disclosure
Facts
A bank employee unlawfully discloses customer information to a journalist.
The journalist is aware that the information was obtained illegally.
Nevertheless, the journalist publishes the customer’s banking details.
Solution
The journalist may also be liable under section 133(3) because he knowingly disclosed information obtained through an unlawful disclosure.
Critical Analysis
The law aims to suppress both:
  • The original leak; and
  • Any subsequent dissemination.
Otherwise, banking secrecy could easily be defeated through intermediaries.


4. Banking Secrecy as an Implied Contractual Duty
Although sections 132–134 create statutory obligations, confidentiality also exists as an implied term of the banker-customer contract.
This means that a customer may bring a civil action against the bank even where criminal proceedings are not commenced.
The leading Malaysian authority is Tan Eng Seong v Malayan Banking Bhd [1997] MLJU 36.


Tan Eng Seong v Malayan Banking Bhd [1997] MLJU 36
Facts
The plaintiff was formerly employed by Malayan Banking Berhad.
After leaving the bank’s employment, he verbally informed the bank that he wished to close his account.
However, he failed to provide the written instruction required by the bank’s procedures.
Because no written authorisation was received, the bank continued to regard the account as active.
Over time, service charges and interest accumulated, resulting in an outstanding balance of approximately RM15.
Subsequently, a credit officer informed the plaintiff’s brother about the existence of the outstanding amount.
The plaintiff then sued the bank for breach of confidentiality.


Held
The court held that the account had not been properly closed because the plaintiff failed to submit the required written instructions.
The court also found that the statement made by the credit officer was not defamatory.
However, the court recognised that the disclosure of the plaintiff’s banking information to his brother amounted to a breach of the implied duty of confidentiality arising from the banker-customer relationship.
The court was reluctant to determine whether there had been a contravention of section 97(1) of the Banking and Financial Institutions Act 1989 (the predecessor of section 133 FSA 2013).
Nevertheless, the plaintiff could succeed on the basis of the implied contractual duty of confidentiality.
The court awarded nominal damages of RM15.


Legal Principle
This case establishes that:
  • Banking secrecy exists not only as a statutory obligation but also as an implied contractual duty.
  • A customer may sue for breach of confidentiality even where the statutory provision is not relied upon.
  • Disclosure to family members may constitute an unauthorised disclosure.
  • Actual financial loss is not essential for a successful claim.


Case Scenario 4: Disclosure to a Family Member
Facts
Ali verbally requests closure of his account but does not complete the bank’s written closure form.
The account remains active and incurs RM50 in service charges.
A bank officer later informs Ali’s sister about the outstanding balance.
Ali sues the bank.
Solution
Following Tan Eng Seong, the account remains active because the required written instructions were not submitted.
However, the disclosure to Ali’s sister constitutes a breach of the implied contractual duty of confidentiality.
Ali may therefore recover damages despite suffering minimal financial loss.
Critical Analysis
The case demonstrates that confidentiality extends even against disclosures made to close relatives.
A customer’s spouse, sibling, parent or child remains a third party unless authorised by the customer or permitted by law.
The decision reinforces the principle that privacy, rather than financial loss, lies at the heart of banking confidentiality.


5. Permitted Disclosures (Section 134 FSA 2013)
Although secrecy is the general rule, section 134 recognises that disclosure may sometimes be necessary.
A bank may disclose customer information:
  • Under Schedule 11; or
  • With the written approval of BNM.
The purpose of these exceptions is to ensure that banking secrecy does not obstruct justice, regulatory supervision or legitimate commercial activities.


The 18 Permitted Disclosures under Schedule 11
The principal permitted disclosures include:
1. Customer’s Written Consent
A bank may disclose information where written consent has been given by:
  • The customer;
  • The executor or administrator of the customer’s estate; or
  • A legal representative of an incapacitated customer.
Case Scenario
A customer authorises his bank to provide financial information to another bank when applying for a housing loan.
Solution
The disclosure is lawful because the customer expressly consented.
Critical Analysis
The right to confidentiality belongs to the customer and may therefore be waived by the customer.


2. Administration of a Deceased Customer’s Estate
Disclosure is permitted for obtaining:
  • Faraid certificates;
  • Grants of probate;
  • Letters of administration; or
  • Distribution orders.
Case Scenario
The administrator of a deceased customer’s estate requests details of the deceased’s bank accounts.
Solution
The bank may lawfully disclose the information.


3. Bankruptcy and Winding-Up Proceedings
Disclosure is permitted where the customer is bankrupt or undergoing liquidation.
Case Scenario
A bankruptcy trustee seeks information concerning the bankrupt’s accounts.
Solution
The bank may disclose the information.
Critical Analysis
The trustee must identify assets for distribution among creditors.
Public interest outweighs confidentiality concerns.


4. Litigation Involving the Bank
Disclosure is permitted in civil or criminal proceedings involving:
  • The bank and its customer;
  • Guarantors or sureties;
  • Competing claimants; or
  • Property over which the bank has rights.
Case Scenario
A customer sues the bank for wrongfully dishonouring a cheque.
Solution
The bank may disclose relevant account information to defend the claim.


5. Garnishee Proceedings
Banks may disclose information when complying with garnishee orders.
Case Scenario
A judgment creditor obtains a garnishee order against funds held in a customer’s account.
Solution
The bank may provide the necessary information.


6. Court Orders
Disclosure is permitted pursuant to a court order issued by a court not lower than the Sessions Court.
Case Scenario
The High Court orders a bank to produce customer account statements.
Solution
The bank must comply.


7. Requests by Enforcement Agencies
Disclosure is permitted where required by law enforcement agencies conducting investigations.
Case Scenario
MACC requests customer account records during a corruption investigation.
Solution
The bank may lawfully disclose the information.


8–18 Other Permitted Disclosures
Disclosure is also permitted for:
  • PIDM functions;
  • Securities Commission investigations;
  • Stock exchange functions;
  • Trade repositories;
  • Inland Revenue Board investigations;
  • Credit reporting agencies;
  • Supervisory authorities;
  • Centralised group functions;
  • Due diligence exercises;
  • Outsourcing arrangements;
  • Consultants and adjusters;
  • Suspected criminal offences.


Confidentiality During Court Proceedings
Section 134 provides additional safeguards where customer information is disclosed in legal proceedings.
The court may:
  • Conduct proceedings in camera;
  • Restrict access to confidential information;
  • Make further confidentiality orders;
  • Prohibit publication of names, addresses, photographs or identifying information.
Critical Analysis
These safeguards ensure that disclosure remains limited to what is necessary for the administration of justice.


Jeyamary Case
Facts
A bank officer printed a customer’s account information and provided it to a friend who was a private investigator.
The information was later passed to a blogger.
Decision
The bank officer was convicted and sentenced to:
  • Two days’ imprisonment; and
  • RM20,000 fine.
Legal Principle
Banking secrecy extends beyond account balances and transaction records.
It encompasses all confidential information obtained through the banking relationship.
Critical Analysis
The case illustrates the strict approach adopted by Malaysian courts toward unauthorised disclosures.
Even seemingly minor disclosures may attract criminal sanctions.


Johari and Rafizi (National Feedlot Corporation Case)
Facts
A bank clerk disclosed confidential banking information relating to the National Feedlot Corporation to politician Rafizi Ramli.
Both individuals were initially convicted and sentenced to thirty months’ imprisonment but were later acquitted.
Legal Principle
The case highlights the tension between:
  • Banking secrecy; and
  • Public interest disclosure.
Critical Analysis
Although public accountability is important, banking information remains protected unless disclosure falls within recognised legal exceptions.
The case demonstrates the sensitivity of customer banking information and the serious legal consequences that may follow unauthorised disclosure.


Key Examination Principles
Section 132
  • Protects customers from arbitrary inquiries.
  • Restricts governmental intrusion into banking affairs.
  • Allows BNM investigations for statutory purposes.
Section 133
  • Creates a statutory duty of secrecy.
  • Applies to banks, directors, officers, employees and agents.
  • Continues after employment ends.
  • Covers all information obtained through the banking relationship.
  • Breach may result in imprisonment of up to five years or a fine of up to RM10 million.
Section 134
  • Creates statutory exceptions to secrecy.
  • Permits disclosure under Schedule 11.
  • Permits disclosure with BNM’s written approval.
  • Allows courts to impose confidentiality safeguards.
Tan Eng Seong Principle
  • Banking confidentiality is also an implied contractual duty.
  • Customers may sue for breach of confidentiality.
  • Disclosure to relatives may still be unlawful.
  • Nominal damages may be awarded even where financial loss is minimal.


Conclusion
Under Malaysian Banking Law, banking secrecy is protected by both statute and contract. Sections 132–134 of the Financial Services Act 2013 establish a comprehensive statutory framework regulating customer confidentiality, while cases such as Tan Eng Seong v Malayan Banking Bhd confirm that confidentiality is also an implied term of the banker-customer relationship. Consequently, unauthorised disclosure may expose a bank or its employees to criminal penalties, regulatory consequences and civil liability. The law therefore strikes a careful balance between protecting customer privacy and allowing disclosure where required for regulatory supervision, law enforcement, judicial proceedings and other legitimate public interests.

Picture
Published on
Malaysian Banking Law – Banking Secrecy under the Financial Services Act 2013 (Sections 132–134 FSA 2013)
Introduction
Banking secrecy is one of the most fundamental duties owed by a bank to its customer. The duty requires a bank to keep confidential all information relating to a customer’s affairs and accounts. This obligation promotes public confidence in the banking system and protects customers’ privacy.
In Malaysia, banking secrecy is governed principally by sections 132, 133 and 134 of the Financial Services Act 2013 (FSA 2013). These provisions impose a statutory duty of confidentiality on banks and their officers while simultaneously providing specific exceptions where disclosure is legally permitted.
The duty extends beyond account balances and transactions. It covers all information obtained by the bank through the banker-customer relationship, whether obtained directly from the account records or through other dealings with the customer.


1. Restriction on Inquiry into Customer Affairs (Section 132 FSA 2013)
General Rule
Section 132 provides that neither the Finance Minister nor Bank Negara Malaysia (BNM) may arbitrarily inquire into the affairs or accounts of a particular customer.
The purpose of this provision is to safeguard customer privacy and prevent unnecessary governmental interference in banking relationships.
Exception
BNM may investigate a customer’s account where such inquiry is necessary for exercising its statutory powers under:
  • The Financial Services Act 2013;
  • The Islamic Financial Services Act 2013; or
  • Section 47 of the Central Bank of Malaysia Act 2009.
Thus, customer confidentiality is protected, but not at the expense of financial regulation and supervision.


Case Scenario 1: BNM Investigation
Facts
ABC Bank suspects that one of its customers is involved in large-scale money laundering activities.
BNM commences an investigation and requires the bank to provide account records and transaction details of the customer.
The customer argues that his banking information is confidential and cannot be disclosed.
Solution
The customer’s argument fails.
Under section 132(2), BNM is expressly empowered to inquire into a customer’s affairs when exercising its regulatory and supervisory functions.
The bank may therefore disclose the information to BNM without violating banking secrecy obligations.
Critical Analysis
Banking secrecy is not absolute.
The law balances two competing interests:
  1. Customer privacy; and
  2. Public interest in preventing financial crimes.
Without this exception, regulators would be unable to combat money laundering, terrorism financing and banking fraud effectively.


2. Statutory Duty of Secrecy (Section 133 FSA 2013)
General Rule
Section 133(1) imposes a strict duty of secrecy on:
  • Financial institutions;
  • Directors;
  • Officers;
  • Employees;
  • Agents; and
  • Former directors, officers or agents.
These persons must not disclose any document or information relating to a customer’s affairs or account to another person.
The obligation continues even after employment or office has ended.


Scope of Protection
The duty covers:
  • Account balances;
  • Transaction records;
  • Loan facilities;
  • Fixed deposits;
  • Customer identities;
  • Financial standing;
  • Credit information;
  • Information obtained through banking dealings.
The duty applies whether the information was acquired directly from account records or indirectly through the banking relationship.


Criminal Liability
A person who unlawfully discloses customer information commits an offence.
Penalty:
  • Imprisonment up to 5 years;
  • Fine up to RM10 million; or
  • Both.


Exceptions under Section 133(2)
The secrecy obligation does not apply where:
(a) Disclosure to BNM
Information is disclosed to BNM for the exercise of its statutory functions.
(b) Statistical or Aggregated Information
Information is presented in summary form without identifying individual customers.
Example:
A bank publishes:
“Our bank has 100,000 savings account holders.”
No individual customer can be identified.
(c) Public Information
Information already lawfully available to the public from another source.
Example:
A listed company publicly discloses its banking arrangements in its annual report.


Case Scenario 2: Employee Reveals Customer Information
Facts
A bank officer discovers that a famous celebrity has RM20 million in her account.
The officer informs several friends about the celebrity’s financial position.
The information later spreads on social media.
Solution
The officer has breached section 133(1).
The disclosure concerns confidential customer information obtained through employment with the bank.
The officer may face criminal prosecution and disciplinary action.
Critical Analysis
The statutory duty protects public confidence in banks.
If bank employees could freely disclose customer information, customers would lose trust in the banking system and may hesitate to conduct financial transactions through banks.


3. Prohibition Against Further Disclosure (Section 133(3))
Section 133(3) extends the protection even further.
A person who knows that information was obtained through an unlawful disclosure cannot further disclose that information.
This prevents confidential information from continuing to circulate after the original breach.


Case Scenario 3: Secondary Disclosure
Facts
A bank employee unlawfully gives customer information to a journalist.
The journalist knows that the information was leaked illegally.
The journalist publishes the customer’s account details.
Solution
The journalist may also fall within section 133(3) because he knowingly disclosed information that had been unlawfully obtained.
Critical Analysis
The law seeks to stop both:
  • The initial leak; and
  • Subsequent dissemination.
Otherwise, banking secrecy could easily be circumvented by passing information through intermediaries.


4. Permitted Disclosures (Section 134 FSA 2013)
Although secrecy is the general rule, section 134 creates exceptions.
A bank may disclose customer information:
  1. Under Schedule 11; or
  2. With written approval from BNM.
These exceptions recognise that banks cannot operate effectively if secrecy is absolute.


The 18 Permitted Disclosures under Schedule 11


1. Customer Consent
Disclosure is permitted where the customer gives written consent.
Case Scenario
A customer applies for a housing loan from another bank and signs a consent form authorising disclosure of his account information.
Solution
The disclosure is lawful because the customer expressly consented.
Critical Analysis
Customer autonomy justifies disclosure.
The right to privacy belongs to the customer and may therefore be waived by the customer.


2. Administration of Deceased Customer’s Estate
Disclosure is permitted for:
  • Faraid certificates;
  • Probate applications;
  • Letters of administration;
  • Distribution orders.
Case Scenario
A deceased customer’s son seeks information regarding his father’s bank accounts for probate proceedings.
Solution
The bank may disclose the relevant information.


3. Bankruptcy or Winding-Up Proceedings
Disclosure is permitted where a customer becomes bankrupt or a company is wound up.
Case Scenario
A bankruptcy trustee requests details of the bankrupt’s bank accounts.
Solution
The bank may disclose the information.
Critical Analysis
The trustee must identify and recover assets for creditors.
The public interest outweighs confidentiality concerns.


4. Civil or Criminal Proceedings Involving the Bank
Disclosure is allowed in litigation involving:
  • The bank and its customer;
  • Guarantors;
  • Sureties;
  • Competing claimants.
Case Scenario
A customer sues a bank for wrongly dishonouring a cheque.
Solution
The bank may disclose account records necessary to defend itself.
Critical Analysis
A bank must be able to protect its legal rights.
Without this exception, the bank would be unable to defend litigation effectively.


5. Garnishee Orders
Banks may disclose information when complying with garnishee proceedings.
Case Scenario
A judgment creditor obtains a garnishee order against a customer’s account.
Solution
The bank may reveal account information necessary to comply with the court order.


6. Court Orders
Disclosure is permitted where ordered by a court not lower than the Sessions Court.
Case Scenario
The High Court orders a bank to produce account statements during litigation.
Solution
The bank must comply.
Critical Analysis
The administration of justice requires access to relevant evidence.


7. Requests by Enforcement Agencies
Disclosure may be made to enforcement agencies investigating offences.
Case Scenario
The Malaysian Anti-Corruption Commission (MACC) requests account records during a corruption investigation.
Solution
The bank may lawfully disclose the information.


8–18 Other Permitted Disclosures
Disclosure is also allowed for:
  • Functions of the Malaysia Deposit Insurance Corporation (PIDM);
  • Securities Commission investigations;
  • Stock exchange functions;
  • Trade repository functions;
  • Inland Revenue Board tax investigations;
  • Credit reporting agencies;
  • Supervisory authorities;
  • Centralised group functions (audit, risk management, IT);
  • Mergers and acquisitions due diligence;
  • Outsourcing arrangements;
  • Consultants and adjusters;
  • Suspicion of criminal offences.


Confidentiality During Court Proceedings
Under section 134(5), courts may:
  • Conduct proceedings in camera (private hearings);
  • Restrict disclosure of customer information;
  • Make additional confidentiality orders.
Under section 134(6), publication of names, addresses, photographs or identifying information may also be prohibited.
Critical Analysis
These provisions preserve confidentiality even after disclosure becomes necessary in litigation.
The objective is to disclose only what is necessary while minimising harm to customer privacy.


Jeyamary Case (Bank Officer Disclosure)
Facts
A bank officer printed a customer’s account particulars and gave them to a friend who was a private investigator.
The information was later passed to a blogger.
Decision
The bank officer was convicted and sentenced to:
  • Two days’ imprisonment; and
  • RM20,000 fine.
Legal Principle
Banking secrecy extends beyond account balances and transactions.
It includes all confidential information acquired through the banking relationship.
Critical Analysis
The case demonstrates that even seemingly minor disclosures can attract criminal liability because public confidence in the banking system depends upon strict confidentiality.


Johari and Rafizi Case (National Feedlot Corporation)
Facts
A bank clerk disclosed confidential banking information concerning the National Feedlot Corporation (NFC) to politician Rafizi Ramli.
Both individuals were initially convicted and sentenced to 30 months’ imprisonment.
They were subsequently acquitted.
Legal Principle
The case highlights the tension between:
  • Banking confidentiality; and
  • Public interest disclosures.
Critical Analysis
Although public accountability is important, banking information cannot ordinarily be disclosed outside the statutory exceptions provided by law. The case illustrates the sensitivity of customer banking information and the legal consequences that may arise from unauthorised disclosure.


Key Examination Principles
Section 132
  • Protects customer accounts from arbitrary inquiry.
  • Allows BNM investigations when exercising statutory powers.
Section 133
  • Imposes a statutory duty of secrecy.
  • Applies to banks, directors, officers and agents.
  • Covers all customer-related information.
  • Continues after employment ends.
  • Breach may result in imprisonment up to 5 years or a fine up to RM10 million.
Section 134
  • Provides exceptions to secrecy.
  • Permits disclosure under Schedule 11.
  • Permits disclosure with written approval from BNM.
Schedule 11
Contains 18 specific situations where disclosure is lawful, including:
  • Customer consent;
  • Probate matters;
  • Bankruptcy proceedings;
  • Court orders;
  • Enforcement investigations;
  • Tax authorities;
  • Credit reporting agencies;
  • Outsourcing and group functions;
  • Suspicion of criminal offences.


Conclusion
Under Malaysian Banking Law, the default position is strict confidentiality of customer information. Sections 132–134 of the FSA 2013 create a comprehensive statutory framework that protects customer privacy while allowing disclosure where required by law, regulation, judicial process, or public interest considerations. The legislation carefully balances individual confidentiality rights against the needs of law enforcement, financial regulation, taxation, insolvency administration, and the administration of justice. Cases such as Jeyamary and the NFC controversy demonstrate that unauthorised disclosure can carry serious legal consequences and that banking secrecy remains a cornerstone of the Malaysian banking system.

Picture