Coping with lender demands for bank statements

Print This Post

By Legal Futures

18 March 2011


Bank statements: firms need to seek client consent before disclosing

Q. My firm is on the panel of a well-known lender. The lender is currently reviewing its panel arrangements and is requiring all panel members to provide copies for the last three months of our client account bank statements. I am concerned that to do so would breach the duty of confidentiality which I owe to my clients. What should I do?

A. As you rightly say, solicitors have a duty under rule 4.01 of the Solicitors’ Code of Conduct 2007 to keep the affairs of clients and former clients confidential. You should be constantly alert to requests for information, such as this one, which might put you in breach of that duty. You will therefore need to explain to the lender that the rules of conduct prevent you from disclosing copies of the statements themselves.

Although it is probably not feasible in this instance, as a general rule, it is open to you to approach a client for consent to disclose confidential information to a third party. However, the client must be in a position to give informed consent and it would not therefore be appropriate to cover disclosures of this sort in your terms of business or in your client-care letter.

If giving consent would not be in the client’s best interests, you would need to point this out to the client and advise him or her that he or she may wish to seek their own legal advice before deciding whether to give consent.

The Code can be accessed at www.sra.org.uk.



Leave a comment

* Denotes required field

All comments will be moderated before posting. Please see our Terms and Conditions

Legal Futures Blog

GDPR and the rise of ‘datanapping’ – the new threat to the pockets of law firms

Nigel Wright

You’ve heard about ransomware – a hacker infiltrates your IT systems, locking them down until you pay a ransom. Some studies now estimate that over 50% of businesses have experienced this type of attack in the last year, and it’s particularly prevalent within the legal sector. Previously, firms could protect themselves by having a solid disaster recovery plan in place to ensure they can get back up and running in the event of a disruption. However, the General Data Protection Regulation (GDPR) – the new EU-wide regime which comes in effect on 25 May 2018, irrespective of Brexit – means that this approach alone is no longer adequate and security measures must be strengthened to prevent attacks.

April 21st, 2017