Bank secrecy in Russia

Main article: Banks in Russia

2025

Russian President Vladimir Putin ordered banks to transfer data on accounts and deposits of customers to the investigating authorities

Russia Vladimir Putin In July 2025, the President signed a federal law obliging credit institutions to provide investigative bodies and inquiry bodies with certificates on operations, bank accounts and deposits of individuals and legal entities on official requests from September 1, 2025. The document was developed Government of Russia in order to increase the effectiveness of countering crimes committed using, and information technology is aimed at strengthening control over the financial transactions of suspects.

According to RIA Novosti, the corresponding document is posted on the official website of the publication of legal acts. The law establishes clear procedures for obtaining banking information by law enforcement agencies as part of the investigation of criminal cases.

𝓲

Фото: Kremlin website

The new legislation obliges credit institutions to provide certificates at the request of the head of the investigative body, the investigator with the consent of the head of the investigative body, the head of the inquiry body or the interrogator with the consent of the prosecutor. All requests should concern criminal cases in the proceedings of these officials.

Certificates can be requested in cases where a suspension of transactions with cash of bank customers is required. This applies to both traditional cash transactions and electronic cash transactions, which reflects modern trends in the development of financial technologies.

The adopted law is part of a package of legislative initiatives of the government aimed at improving the mechanisms for combating crime in the digital sphere. The second initiative amends the Criminal Procedure Code of Russia.

Additional changes to the Code of Criminal Procedure allow investigators and interrogators to extrajudicially suspend operations with funds for a period of no more than 10 days. Such measures can be applied if there is sufficient reason to believe that the funds were used in criminal activities.^[1]

Criminal liability for disclosure of bank secrets

Since July 5, 2025, criminal liability for illegal receipt and disclosure of information constituting bank secrets has been tightened. For such acts committed by a group of persons by prior conspiracy or an organized group that caused major damage or committed out of selfish interest, they will be punished with imprisonment of up to five years with a fine of up to 5 million rubles. If the crime entailed grave consequences, then imprisonment of up to seven years with a fine of up to 5 million rubles is provided.^[2]

2024: Law on IT outsourcing in banks in Russia will increase the costs of IT companies

In early February 2024, the Russian Association of Electronic Communications (RAEK), ARPP "Domestic Software" and the Association of Computer and Information Technology Enterprises (APKIT) sent a letter to the head of the State Duma Committee on the Financial Market Anatoly Aksakov, in which they warned of a significant increase in IT companies' expenses due to a bill that would allow banks to outsource the development of digital solutions and store data with banking secrecy in cloud services. Read more here.

2022

Ministry of Internal Affairs: Security officials will be able to access databases of banks and telecom operators in real time

In early April 2022, the Ministry of Internal Affairs (MVD) of Russia announced that the security forces would be able to access the databases of banks and telecom operators in order to quickly identify fraudsters and quickly block their accounts.

In modern realities, countering cybercrime requires amendments to federal legislation that allow law enforcement agencies represented by specialized units to receive information in real time from databases of banking institutions and telecom operators, Deputy Interior Minister Sergei Lebedev told Interfax.

Deputy Minister of Internal Affairs of Russia Sergey Lebedev

According to him, databases of credit institutions and operators can be integrated into a single federal platform containing information about crimes committed in the IT sphere. Such a combined base, as Sergey Lebedev explained, will include accounts used by criminals, subscriber numbers and sites, which will allow banks and operators to effectively engage in the prevention and suppression of criminal incidents.

Analysis of the information available in the software complex in real time will allow, on the one hand, law enforcement officers to quickly receive significant information aimed at solving crimes in the field of information and telecommunication technologies and identifying the perpetrators, as well as immediately initiate blocking of accounts used by cybercriminals, take measures to compensate for damage caused to citizens, - said the deputy head of the Ministry of Internal Affairs, without naming the timing of the implementation of this initiative.

The minister added that in 2021, distance theft was committed by about 90 thousand people, which is 32% more than in 2020, and the number of identified persons involved in the sale of narcotic drugs via the Internet increased by 37%.^[3]

In Russia, a law has been adopted obliging banks to transfer data to law enforcement officers within 3 days

On March 23, 2022, the State Duma of the Russian Federation in the third (final) reading adopted a law that is designed to speed up the interaction of banks with law enforcement agencies. The necessary changes are made to the laws "On banks and banking activities" and "On operational-search activities."

The law developed by the Liberal Democratic Party determines the period during which credit organizations are obliged, on the basis of a court decision, to provide officials of bodies authorized to carry out operational-search activities with certificates on operations and accounts of legal entities and individual entrepreneurs, as well as on operations, accounts and deposits of individuals - within 3 working days from the date of receipt of the relevant court decision. We are talking about the investigation of crimes committed using non-cash forms of payment and electronic means of payment, reports TASS.

The State Duma adopted a law on reducing the time for transferring data from banks to law enforcement officers

In addition, credit organizations will have to provide operatives within 10 days on the basis of a court decision with certificates on operations, accounts and deposits of citizens and organizations. When considering the document in the first reading, it was proposed to establish a three-day period.

In accordance with the current legislation, credit organizations must provide information on request to the bodies carrying out operational-search activities, but there is no deadline for credit organizations to provide this information, "said Anatoly Aksakov, head of the State Duma Committee on the Financial Market, commenting on the adoption of the new law.

The establishment of such a period will speed up the receipt of this information within the framework of operational-search activities and increase the effectiveness of preventing and investigating crimes committed using the Internet, non-cash forms of payments and electronic means of payment, deputies say.^[4]

2021

The price of "breaking" the banking data of Russians for 5 years increased 7 times

The price of "breaking" (criminal provision of information violating banking secrecy and secrecy of correspondence) of these Russians over 5 years has increased 7 times. This was announced at the end of November 2021 by the data leakage intelligence service Data Leakage & Breach Intelligence (DLBI).

According to experts cited by Kommersant, the median cost of buying data from bank customers, mobile operators, as well as data from government agencies in 2021 reached 18 thousand rubles against 7 thousand rubles a year earlier. The cost of buying bank information during this time increased fourfold. The newspaper writes that in 2021, an account statement or card of an individual in Sberbank could be sold for 48-60 thousand rubles in a month, for 120-140 thousand in six months.

One of the interlocutors of the publication in the cybersecurity market said that the prices were raised by bank employees and "people in uniform" selling personal data. Inside banks, control and responsibility for leaks have tightened, and therefore prices have increased. This was confirmed by the interlocutor of the newspaper, close to the Central Bank, and a source familiar with the "breaking" technologies.

According to DLBI, no more than 10-15 intermediaries who have connections in banks, communication salons and various departments are constantly "breaking through" in Russia.

Experts interviewed by the publication noted that by the end of 2021, the "breaking" customers had changed requests. Previously, they wanted to obtain personal data, and now they are more interested in the financial capabilities of the requested personalities, including movements on their accounts, statements of operations and loans opened with them. They believe that the cost of such services will continue to increase as banks' security systems grow.

Vadim Solovyov, head of the information security threat analysis group at Positive Technologies, believes that the investigation of "drains" should be carried out in cooperation with law enforcement agencies. In this case, according to the expert, the threat to get a deadline for the sale of data will quickly reduce the number of unreliable employees and participants in the "breaking" market^[5]

FTS received expanded access to banking secrecy of Russians

In mid-March 2021, it became known that the Federal Tax Service (FTS) is beginning to receive expanded access to bank secrecy. This initiative is aimed at combating tax evasion.

In accordance with the innovation, which will be valid from March 15, 2021, within three days from the date of receipt of the request from the tax service, banks will have to provide copies of customer passports, as well as copies of their powers of attorney for the disposal of funds, copies of contracts for opening or closing an account and copies of cards with sample signatures and imprint of the seal.

Tax will receive expanded access to bank secrecy

Credit organizations in electronic form or on paper will report the beneficial owners and representatives of the client. It is noted that this list also includes information about individual operations for the specified period of time.

According to RBC in the press service of the Federal Tax Service, the new law will not affect bona fide taxpayers. It also does not provide for direct access to statements on transactions in accounts, deposits of individuals. The changes are aimed at improving the effectiveness of a risk-based approach when conducting tax controls and preventing damage from those who try to evade taxes.

The regime for obtaining such information will remain the same as now - only with the consent of the head of the higher tax authority or the head (deputy head) of the Federal Tax Service of Russia when conducting tax audits against these persons or requesting documents (information) from them in accordance with paragraph 1 of Art. 93.1 of the Tax Code, - reported in the Federal Tax Service.

The initiative to expand access to banking secrecy of Russians for tax authorities was previously proposed by the Ministry of Finance of the Russian Federation.^[6]

2019

The right to request data on bank accounts of citizens for August 2019 have:

• Central Bank,
• Rosfinmonitoring,
• Federal Bailiff Service and
• Deposit Insurance Agency.

In August 2019, the Prime Minister Russia Dmitry Medvedev supported a bill that would allow prosecutors to obtain information about any bank accounts of individuals and legal entities without trial. He also ordered the transfer of data to the banking (biometrics casts of voice and face) FSB and special services "for security purposes."

Also in line for banking secrecy and biometrics is the Investigative Committee.

Earlier, even the Federal Antimonopoly Service of the Russian Federation tried to get data on citizens' accounts.

Notes