How to Protect Client Privacy & Privilege

Written By giulia dondoli

Privacy

The Anti-Money Laundering and Counter-Terrorism Financing Act requires you to collect sensitive clients’ data. At the same time, you are also bound by the Privacy Act, which means you must not interfere with an individual’s privacy in a way that is arbitrary or unlawful. In other words, you need to ensure that any intrusion to an individual’s privacy is reasonable, necessary and proportionate. This means:

  • You will need to collect enough information to meet your anti-money laundering obligations, but not so much that you risk overstepping and breaching privacy requirements.

  • You also need to consider how you are going to store sensitive clients’ information. This includes what cybersecurity system you have in place, who will have access to this information and when and how information no longer needed will be destroyed.

Legally Privileged Information

As a lawyer, you will be required to submit suspicious matter reports if you suspect a client transaction or activity could involve money laundering, terrorism financing, or another offence. You do not need to disclose privileged information in a suspicious matter report. Ordinarily, you would have 24 hours to file a suspicious matter report for terrorism concerns, and 3 working days for money laundering and all other concerns after the moment in which you objectively formed a suspicion.

If you are a lawyer and you believe that some of the information in the suspicious matter report may be privileged, then the deadline becomes 5 working days. The extra time is allocated to you to allow you to discern between what is legally privileged and cannot be disclosed, and what is not legally privileged and can be disclosed in the suspicious matter report.

giulia dondoli
Next

Governance Requirements