The principle of freedom of contract is the main principle of harmonised European contract law.*1 Although a contract creates only relative legal relations (i.e., legal relations between the parties to the contract), it may also concern interests requiring protection of the interests of third persons. The freedom of contract should be restricted where the background of its impact is not compatible with the regime of individual rights.*2 Modernisation processes — first and foremost, the evolution of the ‘cyber’ world — and, at the same time, dramatic change in the security situation of society in the wake of 11 September 2001 and the acts of terror that followed, and the crisis of the financial markets that began in 2007, have forced Europe to cherish more the security of society and sustainable development of the economy.*3 At a time of formation of a ‘risk society’, one cannot but support the position of Professor M. R. Marella that the general principle of human dignity set forth in Article 1 of the Charter of Fundamental Rights of the European Union should be seen as a potential source for new restrictions of the freedom of contract under European law.*4 National, supranational, and international imperative legislative or regulatory provisions of public law may affect the validity of a contract — a principle taken into account in Article 15:102 of the Principles of European Contract Law*5 (PECL). Article 15:101 of the PECL provides that a contract is of no effect to the extent that it is contrary to principles recognised as fundamental in the laws of the Member States of the European Union. Essentially the same idea is expressed as a key value in the Draft Common Frame of Reference (DCFR), prepared by the Study Group on a European Civil Code and the Acquis Group, which was presented to the Commission of the European Communities on 28 December 2007.*6
In the information society, which is a product of the modernisation process, most of the values created by mankind are contained in information. In modern society, information is increasingly found to be a subject of legal regulation: its prerequisites, consequences, content, and form may all be subject to regulation.*7 The amount of information disclosed in pre-contractual negotiations is closely linked to business ethics and the prevailing practices in the concrete locality and area of activity, and it is complemented by the impacts of a society that pursues specialisation. In this age, information duties are a sensitive legal-political issue. One can find opposing treatments of this particular obligation in the legal literature. Some approaches rely more on the general principles of the freedom of contract; others take a position contrary to freedom of contract.*8
The problems related to provision of information are extensive and multifaceted in the case of financial services contracts. Promotion of security, sustainability, and general reliability of commerce is what contract law provisions should ensure, and, to this end, an ex ante approach must be guaranteed with contractual relations in financial services. Because of the limited scope of this article, it focuses on the specifics of the problems surrounding the information duties in entering into financial services contracts. It also discusses the imperative regulations with regard to notification applicable to financial services contracts under current Estonian law as part of the aftermath of the changing security situation in society. The security of society is a prerequisite for the preservation of human dignity, thus outweighing other values. The author considers to what extent the legislator has, in order to protect this prevailing public interest, imposed on the credit and financial institutions the obligation to gather information on customers. For the purposes of this article, the term ‘financial services contracts’ refers to contracts for provision of investment services and services allowed to management companies, as well as services specified in § 6 (1) of the Credit Institutions Act (CIA)*9 and insurance contracts.
1.1. Positions of the market failure thesis
Modern legal provisions concerning the financial market are largely based on the market failure thesis. This theory proceeds from the premise that an unregulated market is the norm and regulation is necessary only when well motivated, in cases of special cause. According to the thesis, the role of the government in the economy is negligible and the market in its natural state must be restored. However, the market is not ideal and markets may collapse.*10 Regulation is necessary where the private sector may cause collapse of the markets or other sub-optimal consequences.*11
One of the central premises of that theory is that any establishment of imperative regulation of information needs to be justified. According to the prevailing viewpoint, financial markets are incapable of giving investors information that would be at the socially optimal level. It is becoming increasingly difficult for an individual to understand, with financial services contracts, the economic benefit of the contract or to choose a proper goal — i.e., to furnish, upon entering into the contract, for themselves the objective criteria for reasonability. The options provided in contract law for solving the problem of asymmetry are considered to be insufficient.*12 Upon the use of financial services, especially in the case of long-term contracts, two problems exist simultaneously:
1) the problem of availability of information (i.e., asymmetric information) and
2) the problem of comprehensibility of information and that of the ability to use information.
In specialist literature, financial services are often referred to as products of trust, because their actual benefits will not usually be clear until much later, well after the contract is signed*13 , or as intangible and abstract legal products that are defined in the terms of contract such that generally it is difficult to estimate the mutual rights and obligations of the parties or to evaluate, in detail, the price-to-quality ratio.*14
In the case of using a financial service under a long-term contract, often problems are encountered that are related to the timeliness and reliability of the information available to the parties. On the one hand, the information available to a service provider regarding the customers and their needs changes. Information is of paramount importance for enterprises in the financial sector in their everyday practice in evaluating risks*15 and making management decisions.*16 According to the new regulation on the adequacy of the banks’ capital, the amount and quality of information have a direct effect on the calculation of capital requirements.*17 Therefore, the economic value of information, including information on the person of the customer, changes over time and the provider of the service wants, at all times, more information on the customer.
On the other hand, over time the actual value becomes less and less transparent for the customer.*18 It is difficult and costly for the customer to obtain relevant information about the financial services because collecting information on the usefulness of a service requires specific knowledge about the realm of financial risks. In using services, especially those provided over the Internet, investors have at their disposal many different sources in addition to the information disclosed to them by the contract partner. Those other sources include the information disclosed by enterprises providing services of advising about financial information and related consultancy services and that are not subject to regulation under public law. The legal regulation of advising and consultation focuses more on the methods of providing traditional financial services.*19 Overabundance of available information does not necessarily ensure reasonable decision-making, as it makes it more difficult to evaluate the existing information.
The problem of comprehensibility of information and the ability to use it may, in other words, be treated also as a problem of forming a declaration of intention. In the realm of financial services there is a huge difference between the objective content of reasonableness and the ability of a person to rationally weigh his decisions. A customer does not necessarily know which kind of information would aid his decision‑making, and, from his existing experience, the customer is incapable of foreseeing future development trends.
The customer’s ability to understand and use information and to act on the basis of the available information is cognitively restricted. People behave in line with their perceptions, prejudices, inclinations, and other so-called ‘show of fingers’ rules. Studies show that people’s outlook for the future is often unrealistically optimistic.*20 Unrealistic estimation of one’s actions and outlooks bring about transactions wherein contractual justice is not guaranteed. The real price of such transactions and incidental risks will, in aggregate, start having a negative effect on financial markets. Contracts entered into as a result of bad decisions may result in ineffective investments, which affect the financial market as a whole and, from the point of view of society, represent waste of means. Bad financial decisions, including over-borrowing, are associated with failure to give sufficient information in the pre-contractual negotiations stage.*21
Individuals who are capable of estimating financial information contribute to effective functioning of the financial markets. They sense the risks of different financial services better. As the financial markets become increasingly complicated and consumers are expected to demonstrate greater responsibility and risk-tolerance in making decisions, individuals’ awareness is necessary not only for their own welfare but also to facilitate smooth functioning of the financial markets.*22 On the basis of the above, one can conclude that the information disclosed upon entry into financial services contracts and the comprehensibility of that information in forming the intention of the parties to the contract have a great impact both on the contractual parties and on society as a whole.
In modern society, finance has a special role in every country’s economy. The main purpose in regulating the credit institutions is to ensure a functioning banking system.*23
Here we should remember the position of Anthony Giddens that, in modernity, most of our material and social life is organised by abstract expert systems. Expert systems are understood by Giddens to be primarily technological systems that tie local practices to global relations, and according to him we understand someone else’s competencies in distanced time and space. Reliance on expert systems often does not assume any personal contact with the individuals or institutions that, figuratively speaking, are responsible for such expert systems.*24
Readiness to trust expert systems is of key importance in the case of transactions over the Internet or via other means of communication, and also in electronic banking, insofar as such innovative practices assume that a technically advanced and abstract system is trusted and occur disembedded from time and space.
Banks and other providers of payment services take the role of an expert system in today’s commerce; trusting their competence and technological systems ensures for other parties a reliable option of performing monetary obligations by using non-cash payment methods. Today, the risk of non-performance of a monetary obligation lies primarily with the banks — i.e., a specialised mediator who is capable of minimising risks at the lowest cost.*25
Because of the special role discussed above, the legislator has imposed certain obligations in public law on the banks and other providers of payment services whose purpose is to increase the reliability of commerce and society as a whole.
The legal literature approaches the purposes and functions of information duties in contractual relations from different angles. According to the approach generally adopted in Estonian legal literature, what is differentiated is the general protection obligation expected from the individuals engaged in pre-contractual negotiations — the parties are required to take into account reasonably each others’ interests and rights, meaning that they are required to consider the circumstances*26 set out in § 7 (2) of the Law of Obligations Act*27 (LOA) in estimating the behaviour of the other negotiating party and to disclose accurate information during preparations for the signing of the contract.*28
European law proceeds in its regulation of financial services contracts from the specific nature of the service. The Commission of the European Communities is of the position that the regulation of pre-contractual information duties for consumer protection purposes should focus on certain sectors (insurance contracts law and financial services).*29 Regulation of information duties is also prominent in the most recent directives concerning the financial market, adopted between 2005 and 2007.*30
The legal regulation of information duties in financial services and disclosure of the activities of enterprises is intended to ensure regular and effective functioning of the market. M. Ebers finds that, as far as financial services are concerned, in European law information duties have become rooted in connection with consumer protection or the method of concluding a transaction. Information duties within financial services have been deemed important in European law irrespective of whether the customer is a consumer (in a ‘B2C’ transaction) or a person participating in economic and professional activities (in the ‘B2B’ case). This holds true, for instance, for cross-border payments, transactions in securities, and insurance contracts.*31
In the conditions of a global financial market, the problems specific to the security of services provided by electronic means of communication have become more acute. The ‘cyber’ world encourages anonymity; the identity of persons has widened and freedom has taken purchase of a new content. The Internet increases the risks of taking advantage of and damaging consumers, even if we think that unfair terms of contract are not a new problem per se. The problems of unfair terms of contract, and also those of consumer protection, coincide with the same problems in the cyber world — cyber crime. This interferes with the functioning of the market, and whether a B2B or B2C relationship is involved, or some other kind, is not important.*32 The cyber world is made up of organising elements — information — and may by its nature be anarchistic. The anarchistic nature of the cyber world becomes understandable if we differentiate organisation from regulation in the same way we differentiate a provision from a rule. Professor R. Polcak has even adopted the viewpoint that traditional legal conceptions are useless for the cyber world, and that conceptions different from those based on the threat of the state’s coercive powers must be found.*33
The author of this article supports the positions of the market failure thesis (see section 1.1 of this article) and Professor M. Ebers in that the regulation of information duties upon entry into financial services contracts is not so much tied to consumer protection as due to the specific nature of financial services and to the purpose of keeping all investors sufficiently informed that they are able to make rational decisions. There are peculiarities in the financial sector, with such contracts being noticeably more complicated than normal purchase and sale agreements, and any problems related to overabundance of information are resolved differently from those found under other types of contract.*34
From the above reasoning, it is not justifiable for legal literature to consider information duties in financial services contracts and other contracts for goods and services without drawing a clear distinction between them.
The extent of information duties and the content of information are greatly affected by market conduct rules; also other restrictions are applicable to the reliability of the activities of providers of financial services. We will proceed to treat just one aspect of these: legal provisions concerning prevention of money laundering and financing of terrorism.
The content and amount of information disclosed during pre-contractual negotiations for entry into a long-term contract for financial services are to a large extent determined by the legal provisions
concerning prevention of money laundering and terrorism. The battle against money laundering and even more the efforts to suppress terrorist financing have an international dimension — the obligations of countries in this respect arise out of several international conventions*35 and related international
standards.*36 Money laundering is capable of damaging the stability of each and any credit institution and the integrity of the entire financial system of a country, thus causing significant financial damage. Recital 1 of the preamble to Directive 2005/60/EC on prevention of the use of the financial system for the purpose of money laundering and terrorist financing*37 sets forth that, in addition to the criminal law approach, a preventive effort via the financial system can produce results. Providers of financial services are required to apply risk-based due-diligence*38 procedures to address money laundering and financing of terrorism not to combat crime but in order to protect the integrity of credit and financing institutions and the entire financial system.*39 In this day and age, combating money laundering is viewed as a part of monetary policy.*40
For instance, on 21 September 2001, the European Council stressed that combating terrorism was one of the main goals of the European Union. In their daily operations, providers of financial services are required to apply international sanctions established by UN resolutions and the regulations issued within the framework of the common foreign and security policy of the European Union. Insofar as UN resolutions are not directly applicable in national legal systems, the providers of financial services operating in Estonia must also adhere to the orders of the Government of the Republic issued by the Government of the Republic on the basis of the International Sanctions Act.*41 Sanctions may be applied to the governments, associations, and individuals of third countries. Financial sanctions may be used to restrict movement of payments, granting of (export) credit, making of investments, disposal of related funds, etc.*42
Because of the threats posed by the crimes of money laundering and terrorism, prevention of such crimes may be treated as serving prevailing public interest,which gives the public authorities sufficient grounds to impose obligations on persons and restrict the rights of persons*43 , inter alia,to restrict the freedom of contract and to imperatively regulate information duties in the course of pre-contractual negotiations.
Therefore, one should not accept R. Zimmermann’s position that obligations related to information disclosure and counselling belong solely to the realm of contract law and all the associated problems should be discussed in that context.*44
The legal literature’s treatment of the purposes of information disclosed upon entry into financial services contracts and of the types of such information generally focuses on the types of information disclosed for the purposes of consumer protection. M. Ebers, for instance, distinguishes among information about the supplier, the financial service, certain forms of distribution, and legal remedies.*45 P. Cartwright distinguishes among information about the service, institutional information of the service provider, information about the rights guaranteed by law, and financial education.*46 H. Herrmann employs distinction among information given in responding to specific questions asked by the customer or in reporting to the customer, giving explanations to or counselling the customer, issuing warnings, and making enquiries.*47
The author believes that the above-mentioned approaches do not exhaust all of the important types of information. They do not take into account the customer’s obligation to give to the financial services provider information necessary for the latter to meet the obligations imposed in public interests. Indubitably, the service provider has identifiable essential interest in such information. This issue cannot be approached solely on the basis of the relevant provisions of contract law.
After analysing different legal provisions, one is justified in distinguishing among the following information types with respect to the parties’ information duties for the purpose of financial services contracts — i.e., information about:
– the service provider;
– the person of the recipient of the service, including the customer’s financial expertise, risk-tolerance, and solvency, and other information necessary for applying the ‘know your customer’ principle;
– the content of the service;
– the service charges and interest rates;
– the security requirements of the service, including those pertaining to account-blocking and the principles applied in processing of the customer’s personal data;
– the deposit and investment guarantee schemes;
– the options for settling disagreements between the parties; and
– the options for termination of the contract.
Whether or not anti-money-laundering or anti-terrorism due-diligence methods can be applied depends largely on the personal and other information received from the customer in the course of concluding a settlement contract or a long-term contract for the use of other financial services. In conclusion of a settlement contract or other long‑term contract entailing rights of account, it is paramount that the service provider meet the obligation, in conformity with the principle of the formal right of account, to ascertain the identity of the person declaring intention to enter into the contract, and to validate such information. A bank must verify the real name and identify of the customer and be sure that the customer is not using a false name. Pursuant to § 89 (2)1 of the Estonian Credit Institutions Act, upon entry into a contract or transaction, the credit institution is required to identify the customer or the representative thereof.
These days in Europe, the positions and practices of theorists are largely influenced*48 by the Basel Committee on Banking Supervision guidelines ‘Customer Due Diligence for Banks’*49 and its annex ‘General Guide to Account Opening and Customer Identification’.*50 Because of the regulative arbitrage argument, it is of utmost importance that the content and extent of the information disclosed by the customer upon entry into a financial services contract be similarly regulated by law in the countries in the same region.
In Estonia, the requirements concerning the identification and verification of the customer’s identity are regulated in the general terms and conditions of every credit institution and are specified in the standard terms of their settlement contracts. The information a credit institution is required to obtain from a customer during pre‑contractual negotiations is not determined by the Law of Obligations Act. It arises from other legislation. The requirements for the documents and other information to be provided during pre-contractual negotiations are also laid down in the internal provisions of credit institutions; such internal provisions must comply with Ministry of Finance Regulation 10 of 3 April 2008 on ‘Requirements for the Rules of Procedure Established by Credit and Financial Institutions, for the Application and Control of Implementation of Such Rules’.*51
Next we shall look at the legal provisions to which a financial services provider must adhere in Estonia in obtaining information about the customer during pre-contractual negotiations.
The Money Laundering and Terrorist Financing Prevention Act*52 (MLTFPA) specifies the information necessary for application of due-diligence measures. Pursuant to MLTFPA §§ 12 and 13, which are based on articles 7 and 8 of Directive 2005/60/EC and the 5th recommendation of the Financial Action Task Force (FATF)*53 , persons providing financial services are required to identify, upon concluding a long-term contract, each customer against the documents and data submitted by the customer and verify said information on the basis of information from a reliable and independent source, and also to identify and verify the identity and representation rights of the representative of a natural or legal person. If so requested during pre-contractual negotiations, a customer must submit not only documents providing verification of identity and/or right of representation but also information on the beneficial owner*54 , on the purpose of the transaction, and on the source and origin of the funds to be used for the transaction. In identification of a beneficial owner, it is important for the credit institution to understand the circle of owners and shareholders, and the control structure of the legal person who participates in or is the customer in the transaction, and also to know who is actually in charge of the operations of the legal person and whose financial situation the transaction really affects, as well as who benefits from it. In conformity with MLTFPA § 23, upon entry into a settlement contract, the bank shall identify all natural persons on equal bases, irrespective of whether a person wants to open an account in his own name or acts as a representative of another natural or a legal person. The same principles have been adopted in Finland and Sweden, where such requirements arise from a standard or a guideline established by a supervisory authority.*55
In Estonia, active information duties have been prescribed for the customer to be followed upon entry into long-term contracts pursuant to MLTFPA § 23 (4). During negotiations with a credit or financial institution, a customer has no right to remain silent about information the service provider needs for application of due-diligence measures. Such a legal provision induces creation of a trust-based contractual relationship between both parties and reduces to a minimum the risk of errors related to the identity of a customer. This represents a special provision of the customer’s information duty and should ultimately support acting in good faith. The information duties of the customer arising out of the special provisions are significantly wider and more precise than is traditionally required in relative obligation relations. Therefore, one can conclude that the requirement of society’s security and sustainability significantly extends protection obligations in contractual relations to those who are not actually party to the contract.
In applying financial sanctions, a credit institution is required to ascertain the full surname, first name(s), pseudonyms, sex, date and place of birth, nationality, citizenship, address (place of residence), and passport (ID card) identifier. Information necessary for identification is published in relevant lists. The course of identification must ensure that the provider of financial services can be sure that no international sanctions are applicable to the person wishing to enter into a contract.*56
In addition to the aforesaid, a payment services provider needs to consider, during pre‑contractual negotiations, regulation (EC) 1781/2006 of the European Parliament and of the Council of 15 November 2006 on information on the payer accompanying transfers of funds.*57 Complete traceability of money transfers may be especially important and valuable in prevention, investigation, and detection of money laundering or terrorism. To achieve this goal, payment service providers are required to communicate precise and concise information about the payer when making the transfer. Pursuant to Article 4 of the above-mentioned regulation, complete information on the payer shall consist of name, address, and account number. The address may be substituted for with the date and place of birth of the payer and his customer identification number or national identity number. Where the payer does not have an account number, the payment service provider of the payer shall replace this with a unique identifier that allows the transaction to be traced back to the payer. The payment service provider of the payer shall, before transferring the funds, verify the complete information on the payer on the basis of documents, data, or information obtained from a reliable and independent source. Therefore, each person who submits a payment order to the credit institution (irrespective of whether that person has entered into a settlement contract) must be properly identified by the credit institution.
On the basis of the above discussion, it is clear that both the European and Estonian legislator consider it very important that credit and financial institutions gather precise information about the identity of their customers and have granted the financial services providers legal means to minimise the risk of making an error in the identification of the other party to the contract.*58 Credit and financial institutions can reduce the risks of not knowing the personal data of the customer in conformity with their general terms and conditions, standard terms, and internal provisions.
Nowadays, contract law carries a general protection function. The general principle of human dignity should be a potential source for new restrictions on the freedom of contract under European law. The positions of the market failure thesis affect the regulation of information duties applicable upon entry into financial services contracts. Such a regulation is not so much connected with consumer protection as conditioned by the specific nature of the financial market and can be justified by the special role banking plays in society. Security of society is a condition prerequisite to the continuation of mankind and outweighs other values. Because of the dangers posed by the crimes of money laundering and terrorism, prevention of such crimes can be treated as serving prevailing public interest, which sufficiently justifies the public authorities’ imposing obligations on credit and financial institutions, including restricting the freedom of contract. It is sufficient grounds to require customers to provide during pre-contractual negations information about themselves to the extent provided for by law. The need to ensure security and the sustainability of society extends the protection obligation in contractual relations to those who are not party to the contract.