Decision in case 1990/2020/MIG on the European Central Bank’s (ECB) refusal of public access to documents concerning an alleged violation of EU law by a bank
Case 1990/2020/MIG - Opened on Tuesday | 24 November 2020 - Decision on Friday | 19 February 2021 - Institution concerned European Central Bank (No maladministration found )
The case concerned public access to files held by the European Central Bank (ECB) concerning one of the banks covered under its supervisory role. The ECB refused to give access based on the confidential nature of the documents at issue. The complainant had submitted a report to the ECB alleging that the bank had breached EU law. Based on his role in reporting the breach and his claim to be negatively impacted by the bank’s actions, the complainant was of the view that he should be granted access to the documents.
The Ombudsman found that it was reasonable for the ECB to consider that the documents at issue are confidential and protected by law. The fact that the complainant may have reported and been affected by the alleged breach does not mean he has a specific right to access the documents in question.
The Ombudsman concluded that the ECB was justified in refusing to give the complainant access to the requested documents, and closed the inquiry finding no maladministration.
Background to the complaint
1. Since 2013, the European Central Bank (ECB) has been responsible for directly supervising the biggest banks in Europe. This supervisory role aims to ensure the safety and soundness of the European banking system and to increase financial stability. The ECB’s tasks in this area encompass monitoring the supervised banks’ compliance with prudential requirements and identifying possible problems with a supervised bank’s management or its ability to cover risks.
2. One of the means by which the ECB collects information to fulfil its supervisory function is through its whistleblowing platform. This platform allows members of the public to report to the ECB possible breaches of relevant EU law by a supervised bank (the so-called ‘breach reporting mechanism’ or BRM).
3. In 2018, the complainant reported to the ECB an alleged breach of EU law in 2009 by a bank now under the ECB’s supervision. The ECB found that the allegations put forward by the complainant concerned an issue that is outside the scope of its supervisory powers, namely money laundering. It therefore referred the complainant to the relevant national authorities, saying that it could not investigate the matter but that it would consider the information provided by the complainant in the context of its supervisory tasks.
4. In May 2020, after extensive exchanges with the ECB, the complainant made a request for public access to the ECB’s file relating to its “investigation” into the alleged breach he reported.
5. The ECB identified a number of relevant documents in its file on the bank concerned and in its file on the report it had received about the alleged breach by the bank. This included correspondence the ECB had exchanged with the complainant. The ECB refused to give the complainant access based on the confidential nature of the documents at issue.
6. The complainant asked the ECB to review its decision (by making a so-called ‘confirmatory application’).
7. When the ECB maintained its position to refuse access, the complainant turned to the Ombudsman in November 2020.
8. The Ombudsman opened an inquiry into the ECB’s refusal to give public access to the requested documents.
9. In the course of the inquiry, the Ombudsman received the reply of the ECB on the complaint and, subsequently, the comments of the complainant in response to the ECB's reply. The Ombudsman’s inquiry team also inspected a list of the documents identified by the ECB as falling within the scope of the complainant’s request. A redacted version of this list was shared with the complainant during this inquiry.
10. The complainant contended that the ECB had carried out its investigation based on information that he had provided. He is therefore the owner of the information and, as such, should be allowed to access the ECB’s files on the bank.
11. The complainant also argued that the ECB should not consider him only as an informant but also as the victim of the alleged breach of EU law, and therefore as an “interested party” in its investigation. He argued that his position as an interested party gives him the right to access the results of the investigation, in accordance with the applicable rules on the ECB’s supervisory function.
12. In addition, the complainant stated that he had complained to the relevant national and local authorities, including the police, but this had not led to an independent investigation. He argued that he wanted to access the information in the ECB’s files to strengthen the case he is making to the authorities.
13. The ECB explained that the BRM is for reporting potential breaches by banks of issues related to the ECB’s supervisory tasks, as set out in the EU’s rules on the prudential supervision of banks. These tasks do not concern money laundering, which is dealt with by the relevant national authorities. Accordingly, the ECB had only assessed whether the alleged breach reported by the complainant had any supervisory implications. Its investigation found it did not.
14. Regarding its refusal to give access to the documents at issue, the ECB relied on a ‘general presumption’ that the documents could not be disclosed as they contain confidential information that is protected. Specifically, the ECB argued that a general presumption can be applied to the files on reported breaches and files related to the supervision of banks, as (i) the documents in such files belong to the same category or are of the same nature and (ii) access to such documents was in principle incompatible with the proper conduct of the related procedures.
15. As to the confidential nature of the requested documents, the ECB said that the rules governing the BRM required professional secrecy, obliging the ECB to treat any breach report as ‘protected’. The ECB also referred to the ‘Single Supervisory Mechanism Regulation’ and the ‘Capital Requirements Directive’, which prohibit the disclosure of confidential information contained in a supervisory file relating to an individual bank.
16. The ECB considered that the complainant’s confirmatory application had not called into question any of the ECB’s arguments. The ECB had therefore maintained its decision to refuse access. The ECB added that the confidentiality requirements in the law governing its supervisory functions instil confidence in the supervised banks that the ECB will treat sensitive information appropriately. This is essential for an open dialogue and thus an important basis for effective banking supervision. For that reason, only aggregated information on breach reports received from informants could be made available to the public.
The Ombudsman's assessment
17. The ECB identified 25 documents as falling within the scope of the complainant’s request for public access, including five e-mails, which it exchanged with the complainant with respect to the alleged breach he reported. These documents concern the ECB’s file related to its supervision of the bank concerned and the ECB’s file on the reported breach.
18. Under the ECB’s rules on public access, the ECB must refuse access if disclosing a document would undermine the need to protect information deemed confidential under EU law. This exemption is absolute, which means it cannot be set aside by another public or private interest.
19. According to the rules governing the ECB’s work, the files at issue in the complainant’s access request are covered by professional secrecy, which means the information they contain is confidential and may not be disclosed to the public. The ECB therefore considered that a ‘general presumption’ applied to those files, and that their disclosure would reveal confidential information that is protected by law.
20. The Ombudsman notes that the complainant did not contest the ECB’s view that a general presumption applied. Rather, the complainant argued that, as an informant and/or injured party, he has a specific right to access the ECB’s files.
21. According to the applicable rules, neither informants nor potential injured parties have a specific right to access the files at issue in this case. The provision cited by the complainant concerns the ECB’s supervisory tasks and the right of access of parties affected by that procedure. However, the complainant cannot be considered to be a party in the ECB’s supervisory role vis-a-vis the bank concerned. Even if he were, this right does not entitle the parties to access confidential information. Likewise, informants of possible breaches of EU law do not have a right to access the ECB’s respective file on the reported breach.
22. Accordingly, the complainant can seek access to the requested documents only under the ECB’s rules on public access to documents, which he explicitly did. Under these rules, every citizen or resident of the EU and every legal person registered in the EU can request the ECB to disclose documents it holds. Applicants do not need to give reasons as to why they are seeking access and they do not have to be concerned in any way by the content of the document they request. This is because, if, following a request for public access, a document is disclosed - in part or in full - this document is made public. This means that once a document has been disclosed, anyone enjoying the right of public access can access it. In other words, once the ECB has disclosed a document to one applicant, it cannot deny another applicant access to the same document.
23. Thus, should the ECB have decided to grant access to the complainant, based on his public access request, the documents in question would also have been available to the wider public. The documents could not be disclosed to the complainant alone. It was thus reasonable for the ECB not to take into account that the complainant may be an informant.
24. In light of all this, the Ombudsman considers that the ECB was justified in refusing public access to the requested documents.
25. In addition, the Ombudsman’s inquiry team’s review of the list of identified documents confirmed that, while the ECB considered the information provided by the complainant in the broader context of its supervisory role, it did not open an investigation into the alleged money laundering. As the ECB has explained to the complainant, money laundering does not fall within the remit of its supervisory powers. The ECB’s role in supervising banks concerns the overall stability of the financial system of the relevant EU Member States. The ECB was therefore not in a position to open an investigation into the alleged money laundering, as this is the sole responsibility of the authorities of the Member State concerned. It was thus reasonable for the ECB to refer the complainant to the national authorities.
26. Finally, the Ombudsman notes that the ECB has been exchanging correspondence with the complainant on the matter since 2018, when the complainant reported the alleged breach. The ECB has explained its supervisory mandate and the limitations thereof at length to the complainant on more than one occasion. The ECB also provided the complainant with detailed reasons as to why it refused access to the requested documents. In the course of this inquiry, the ECB also informed the Ombudsman, and - to the extent possible - the complainant about the specific documents it identified. The Ombudsman therefore considers that the ECB has provided the complainant with sufficient information.
Based on the inquiry, the Ombudsman closes this case with the following finding:
There was no maladministration by the European Central Bank in refusing public access to the documents requested by the complainant.
The complainant and the ECB will be informed of this decision.
 Within the participating EU member States. For a list of supervised entities, see: https://www.bankingsupervision.europa.eu/banking/list/html/index.en.html.
 Under Decision ECB/2004/3 on public access to European Central Bank documents:
 The complainant referred to Article 32(1) Regulation 468/2014 establishing the framework for cooperation within the Single Supervisory Mechanism between the ECB and national competent authorities : https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX:32014R0468.
 In accordance with Article 4(1)(c) of Decision ECB/2004/3.
 The ECB referred to EU case law, for example, judgment of the Court (Grand Chamber) of 1 July 2008, Sweden and Turco v Council, C-39/05 and C-52/05 P, paragraph 50: http://curia.europa.eu/juris/document/document.jsf?text=&docid=67058&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=4408995 and judgment of the General Court of 7 September 2017, AlzChem AG v Commission, T-451/15, paragraph 21:
 Council Regulation 1024/2013 conferring specific tasks on the ECB concerning policies relating to the prudential supervision of credit institutions: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32013R1024.
 Directive 2013/36/EU on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A02013L0036-20201229.
 The ECB publishes such information in its annual report on supervisory activities: https://www.bankingsupervision.europa.eu/press/publications/annual-report/html/index.en.html.
 Article 4(1)(c) of Decision ECB/2004/3.
 In accordance with Articles 27 of the SSM Regulation, Articles 53 ff. of the CRD and Article 37(1) of the SSM Framework Regulation.
 Article 32(1) of the SSM Framework Regulation.
 Decision ECB/2004/3.
 When making the request for public access on 26 May 2018, he said that he “[was] submitting the application in full compliance with ECB/2004/3 (...) Article 6, paragraph 1.”
 Recital 28 of the SSM Regulation.