Skip to main content
L. Jeanneret, Watchlist de la FINMA : Les limites du droit d’accès selon l’aLPD, (08 mai 2024) <https://cdbf.ch/1345/>
L. Jeanneret, Watchlist de la FINMA : Les limites du droit d’accès selon l’aLPD (08 mai 2024) <https://cdbf.ch/1345/>
 CC BY

Articles en relation

Plus d'articles en relation

FINMA's Watchlist

Limits to the right of access under the aDPA

(Translated by DeepL)

Obtaining the relevant extracts from the database needed to assess FINMA’s guarantees of irreproachable activity (formerly Watchlist) is a real crossroads for an employee who has temporarily given up exercising an activity subject to FINMA. The Federal Administrative Court (FAT) has confirmed that art. 8 aLPD (now art. 25 LPD) does not allow access to the documents that justified inclusion on the Watchlist to the same extent as in a genuine procedure on the merits to determine whether an individual offers all the guarantees of irreproachable activity (Properness procedure, in German Gewährsverfahren ; ruling B-915/2022 of 3 April 2024).

The employee responsible for a market at a bank from 2000 to 2015 was placed on the Watchlist on the basis of an internal investigation report by his former employer covering the period from January 2009 to May 2017.

On 8 January 2021, the employee requested full disclosure of the data concerning him contained in the Watchlist (on the basis of Art. 8 aLPD) and information on the existence of grounds that would preclude certain future activities.

FINMA provides him with extracts from the internal investigation report concerning him and some of its appendices (i.e. his personal data within the meaning of the DPA) with numerous redactions concerning third parties or general information not directly related to him (factual data, Sachdaten). In accordance with its practice, FINMA does not provide any information on the possibility of resuming an activity subject to authorisation (and therefore does not issue any decision on its Properness).

FINMA takes approximately one year to issue a formal decision rejecting the subsequent request to remove the employee from the Watchlist and refuses to grant wider access to the internal investigation report and its annexes (the Report). The employee’s main request was to set aside the decision and refer the case back to FINMA for a new decision, and in the alternative to be granted full access to the Report without redactions.

In essence, the TAF dismissed the appeal and ruled on the following two points :

The lack of information and access did not lead to the deletion of the entry in the Watchlist.

The employee justified the request for referral to FINMA on the grounds that his right to be heard had been violated insofar as, in his view, full access to the Report should have been granted on the basis of Art. 26 PA.

The Federal Administrative Court held that, while both provisions (art. 26 of the Swiss Federal Act on Private International Law and art. 8 of the Swiss Federal Act on Private International Law) are intended to protect the appellant’s personality, full access is in principle only possible in the context of a properness procedure. It would therefore contravene the legal system to allow the appellant to inspect the documents in the appeal proceedings (in connection with art. 8 aLPD) on the basis of art. 26 PA.

In any event, the entry on the Watchlist was made before the entry into force of the current art. 12 of the FINMA Data Ordinance, which requires FINMA to inform the person concerned of its entry. After examining the case, the Federal Administrative Court came to the conclusion that the absence of notification, even if unlawful, does not result in the deletion of the registration.

A request under art. 8 aLPD does not allow unlimited access to documents

The employee’s request is based on art. 8 aLPD, which allows any person to ask the controller of a data file whether data concerning him or her is being processed. The request therefore concerned only the personal data of the applicant, who was responsible for providing evidence to show that his right of access had not been respected.

The Second Court of the Federal Administrative Court (which does not usually rule on breaches of the Data Protection Act) devoted only one recital to the extensive redactions made by FINMA and held that the purpose of the right of access was not to enable the appellant to fully understand the Report in order to be able to make a detailed decision on it. From the point of view of the DPA, it is merely a matter of forwarding the appellant’s personal data processed by FINMA.

This judgment calls for several comments :

  • Although this judgment was handed down under the aLPD and the former FINMA Data Ordinance, the new law should not lead to a fundamentally different result.
  • Former employees faced with this problem often cannot afford to go through a lengthy Properness procedure vis-à-vis their potential new employer. In this context, a request based on art. 8 aLPD/25 LPD is an effective way of finding out about the allegations that led to the employee being placed on the Watchlist. However, this judgment confirms that the aLPD/LPD application cannot replace the Properness procedure.
  • The distinction between personal and factual data made by FINMA is neither developed nor called into question by the TAF, even though neither the appellant nor his representative were able to read the redacted passages of the Report.
  • FINMA should take steps to avoid lengthy and costly Properness proceedings and to respect the rights of access of the persons concerned (cf. art. 13 para. 2 of the Swiss Constitution). One possible approach would be to allow consultation at FINMA’s head office by the lawyer alone, so that the latter can provide his client with useful information on the chances of success of any propriety proceedings. Bearing in mind the requirements relating to the lawyer’s duty of accountability.