Tribunal rejects adviser’s defence in confidentiality breach case

Posted on

The Financial Services Tribunal (FST) has rejected a debarred risk adviser’s defence that the reason she shared client information was to prove her remuneration to a potential employer.

The adviser claimed that Nedbank’s decision to debar her was unfair, irrational, and unreasonable.

In June 2023, a key individual at Nedbank discovered that the applicant had sent emails containing confidential client information to an employee at PSG Wealth Financial Planning, a competitor of Nedbank.

Upon investigation, it was found that the adviser had sent three emails on the same day, each containing attachments with sensitive client data, including the names and identity numbers of Nedbank clients, policy inception dates, and premium details.

During the investigation, a fourth email dated 22 August 2019 was also discovered. This email contained more confidential client information sent to the same recipient at PSG, including lead referrals and details about the clients’ products.

Following the investigation, the applicant was charged with gross misconduct and dismissed in September 2023 after a disciplinary inquiry.

In November 2023, Nedbank notified the adviser of its intention to debar her, saying she no longer met the Fit and Proper Requirements. This was based on her unauthorised disclosure of client information to a competitor, which was a breach of confidentiality and regulatory obligations.

The applicant submitted that the purpose of sharing the information with PSG was to prove her income as part of a job application with the competitor. She claimed that the attachments were in PDF format and could not be edited, and PSG had confirmed deleting the information.

Furthermore, she argued that no harm had been caused to Nedbank’s clients, and that Nedbank had breached the Protection of Personal Information Act by confiscating her work computer containing her confidential information.

Nedbank, however, debarred the applicant in January.

In her submission to the Tribunal, the applicant said believed she was within her rights to forward the commission statement to PSG because it contained details of her income addressed to her.

“Proof of gross commission production is a requirement for prospective employment in the short-term insurance industry. The intended purpose for which the information was sent was to prove commission performance. No other information was relevant,” she said.

When asked about the email sent in May 2019 containing confidential client information, the applicant, during her disciplinary inquiry, claimed that she had sent it to a PSG employee who wanted a copy of Nedbank’s documentation template and blamed her actions as being “naïve and trusting” of people. Further, she acknowledged that she should not have sent the information to the PSG employee but did not think that he would do anything with it.

Applications to submit further evidence

The applicant sought to submit two pieces of further evidence during her reconsideration application.

She wanted to submit a document relating to Nedbank’s internal Code of Ethics and Conduct. The document, according to the applicant, contained a clause that excluded information about her own remuneration, tax affairs, or banking from being categorised as confidential. She argued this was relevant because the emails she sent to PSG contained her remuneration details, and she believed she had the right to share this information per the policy.

The Tribunal interpreted the document differently, noting that although the exclusion applied to personal information such as remuneration, the emails in question contained confidential client information, not only her own pay details. Therefore, the document was deemed irrelevant to the core issue of sharing confidential client data, and this application to submit further evidence was dismissed.

The applicant also sought to submit emails exchanged between herself and PSG, including an email from PSG confirming that it would not use the client information attached to the emails Greene had sent. She argued this evidence demonstrated that the information was not misused by PSG, and she did not have access to these emails earlier because her work laptop had been confiscated by Nedbank.

The Tribunal noted that one of the emails from PSG, dated 18 October 2022, referenced a non-disclosure agreement to protect the information shared by the applicant. However, the Tribunal pointed out that this agreement was not before it, making it impossible to assess whether it related to her interaction with PSG for purposes of the job application or the confidential information of Nedbank’s clients.

However, in the same email the applicant was requested to complete an Excel document in terms of business “you can conservatively bring over the next 24 months”. “Business” in all probability referred to “clients”, the FST said.

Furthermore, the Tribunal found the applicant had access to the emails via her personal email address at all relevant times and did not need her work laptop to retrieve them. Therefore, she could have submitted this evidence during the debarment process. The Tribunal concluded the emails were not a valid reason for the delay and dismissed this application as well.

Conduct unbecoming an experienced rep

In its decision last month, the Tribunal noted the applicant claimed to have more than 26 years of experience in financial services. Yet, on the one hand, she claimed to have made a mistake and was “naïve and trusting” of people in sending the confidential information, and on the other hand, she claimed was entitled to do what she did.

The Tribunal found that her debarment was justified based on several key points:

  • The applicant disclosed confidential client information to PSG, a competitor of Nedbank, without the consent of the clients or the bank. This was in breach of the FAIS Act, which requires FSPs and their representatives to act with integrity and safeguard client confidentiality.
  • The applicant’s actions were driven by her own interests as part of a job application with PSG. She sent client data to PSG to demonstrate the business she could “bring over” if hired. Her disclosure of sensitive client information was not motivated by a legitimate business reason but for her personal gain. “This is unbecoming of a financial services representative and especially one with her experience.”
  • If the applicant had intended to prove her income to PSG as part of her job application, she could have used other, more appropriate methods, such as submitting her payslip or providing redacted documents.
  • The applicant failed to demonstrate that she understood the seriousness of her misconduct. The Tribunal found that she downplayed her actions by describing them as a “mistake” and by claiming that her sharing of client information did not result in any harm. Her continued attempts to justify her behaviour suggested a lack of accountability for her actions.

The Tribunal accordingly dismissed the reconsideration application.