Neutral when it comes to fraud, merciless when it comes to customers – the double failure of banks

How credit institutions enable fraud and expropriate innocent people at the same time

‘Which is the greater crime, robbing a bank or founding one?’

Today, Brecht’s famous question seems less provocative than sobering. What is increasingly evident in the European banking sector is no longer an isolated case, but a structural failure.

Banks are acting illegally in two ways:

– too passively where they should be acting,

– too aggressively where they should be holding back.

Both follow the same logic.

According to the case law of the Federal Court of Justice, neutrality ends where there is reliable knowledge. Legally binding judgements no longer allow for ‘ignorance’. Anyone who continues to maintain accounts and thus provides the functionally necessary infrastructure is no longer acting neutrally.

Banks are failing in this regard through omission.

Refusal of transparency as a business model

Banks reflexively invoke banking secrecy, internal risk models or money laundering prevention.

But this argument falls short.

The European Court of Justice has made it clear:

Risk assessments, scores and classifications are personal data. The right to information under Art. 15 GDPR also covers them in the AML context.

Banks are allowed to investigate, block and terminate.

However, they are not allowed to remain silent if their assessments damage reputations and have economic consequences.

A blanket refusal to provide information violates European data protection law.

Selective neutrality

Both phenomena appear to be contradictory, but they are two sides of the same coin:

Neutrality is claimed where liability is a threat.

Power is exercised where those affected have little means of defence.

Banks as private sovereign entities

In fact, banks perform tasks with quasi-sovereign effect:

– they decide on solvency,

– deprive market participants of their economic basis,

– classify individuals and companies as ‘risky’.

Unlike public authorities, however, they are not subject to obligations to disclose files or to provide effective justification. This creates a constitutional vacuum in which private actors exercise power without corresponding obligations.

Conclusion: a dangerous imbalance

As long as banks

– hide behind neutrality where judgements have been made,

– and entrench themselves behind compliance where transparency obligations apply,

risk management degenerates into a technique of power.

The crucial question is no longer whether this system is illegal, but why supervisory authorities, politicians and the judiciary allow private institutions to exercise more power than state authorities – without their obligations.

This is not an operational problem.

It is a democratic one.

Note:

This article is a journalistic analysis. It separates facts, legal standards and opinion. It does not constitute legal advice in individual cases. Protection under Art. 5 GG / Art. 10 ECHR. Counterstatements are expressly welcome.

Sources:

· Federal Court of Justice (BGH) case law

Liability and limits of neutrality of payment service providers with secure knowledge of illegal business models

(including BGH, III ZR 299/08; III ZR 296/15)

· Court decisions on Lyoness / myWorld

Several legally binding judgements in Germany and Austria with objections on the grounds of immorality and misleading practices

· ECJ – Right to information & scoring

Risk assessments and profiling are personal data within the meaning of Art. 15 GDPR

(ECJ, C-634/21 – SCHUFA)

· General Data Protection Regulation (GDPR)

Articles 4, 15 and 22 GDPR – Rights of access and automated decisions

· EBA / FATF guidelines

Risk-based approach to money laundering prevention, obligations of credit institutions

· Fundamental and media rights

Article 5 of the German Basic Law, Article 10 of the ECHR – Protection of journalistic analysis and freedom of expression