We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Gift deposit evidence and GDPR rules
Options
JackieEllis
Posts: 5 Forumite
We are applying for a mortgage, FTB with Nationwide. We are submitting with a gifted deposit and they have asked for proof of funds from the donors via bank statements - all good. Except - the donor is a psychotherapist and has client details on the bank statement. He's blurred these out as GDPR dictates that he cannot share these details. Nationwide are refusing the evidence currently, so we've hit a stalemate. I'm waiting to hear back from Nationwide BD's, but last week they flatly refused and offered no work around. We can't be the only people submitting bank statements with sensitive client info on? How are other people managing to stay GDPR compliant while submitting bank statements? It doesn't matter how safe and confidential the bank is, the act of sharing the details is breach of GDPR - unless we're missing something?
0
Comments
-
The solution would be to not transfer deposits from business accounts (or not use a personal account for business purposes.)JackieEllis said:We are applying for a mortgage, FTB with Nationwide. We are submitting with a gifted deposit and they have asked for proof of funds from the donors via bank statements - all good. Except - the donor is a psychotherapist and has client details on the bank statement. He's blurred these out as GDPR dictates that he cannot share these details. Nationwide are refusing the evidence currently, so we've hit a stalemate. I'm waiting to hear back from Nationwide BD's, but last week they flatly refused and offered no work around. We can't be the only people submitting bank statements with sensitive client info on? How are other people managing to stay GDPR compliant while submitting bank statements? It doesn't matter how safe and confidential the bank is, the act of sharing the details is breach of GDPR - unless we're missing something?1 -
That would be find if we had months to play with to allow accounts to settle, but this is for a mortgage application now and the money has been transferred.ItsComingRome said:
The solution would be to not transfer deposits from business accounts (or not use a personal account for business purposes.)JackieEllis said:We are applying for a mortgage, FTB with Nationwide. We are submitting with a gifted deposit and they have asked for proof of funds from the donors via bank statements - all good. Except - the donor is a psychotherapist and has client details on the bank statement. He's blurred these out as GDPR dictates that he cannot share these details. Nationwide are refusing the evidence currently, so we've hit a stalemate. I'm waiting to hear back from Nationwide BD's, but last week they flatly refused and offered no work around. We can't be the only people submitting bank statements with sensitive client info on? How are other people managing to stay GDPR compliant while submitting bank statements? It doesn't matter how safe and confidential the bank is, the act of sharing the details is breach of GDPR - unless we're missing something?0 -
Yes, I'm aware.JackieEllis said:
That would be find if we had months to play with to allow accounts to settle, but this is for a mortgage application now and the money has been transferred.ItsComingRome said:
The solution would be to not transfer deposits from business accounts (or not use a personal account for business purposes.)JackieEllis said:We are applying for a mortgage, FTB with Nationwide. We are submitting with a gifted deposit and they have asked for proof of funds from the donors via bank statements - all good. Except - the donor is a psychotherapist and has client details on the bank statement. He's blurred these out as GDPR dictates that he cannot share these details. Nationwide are refusing the evidence currently, so we've hit a stalemate. I'm waiting to hear back from Nationwide BD's, but last week they flatly refused and offered no work around. We can't be the only people submitting bank statements with sensitive client info on? How are other people managing to stay GDPR compliant while submitting bank statements? It doesn't matter how safe and confidential the bank is, the act of sharing the details is breach of GDPR - unless we're missing something?
I suspect it's now too late, unfortunately. If Nationwide are not happy with redacted bank account statements, and finding another lender who is will take too long, you don't appear to have any options.3 -
Is the donor taking out the full line or just the clients name.
For example, when we get paid by customers we ask them to put their name in the reference. Some people just put their surname, could the donor leave the full line unredacted bar the persons name? Also under GDPR, how much of the persons name is actually showing? If it is just their surname for example, that is not enough to be able to identify the person and so should not fall foul of GDPR anyway, unless the person is the only person in the country with that surname.
Also, money laundering rules trump GDPR. However, I think this is a very grey area and if I was the donor I would not be risking my license for it.
If Nationwide will not back down and/or you can not find a way that works. You need a new lender.I am a Mortgage AdviserYou should note that this site doesn't check my status as a mortgage adviser, so you need to take my word for it. This signature is here as I follow MSE's Mortgage Adviser Code of Conduct. Any posts on here are for information and discussion purposes only and shouldn't be seen as financial advice.4 -
I'm not sure how much exactly they left showing on the statement, I'd imagine the amount was left, but not sure how much else.ACG said:Is the donor taking out the full line or just the clients name.
For example, when we get paid by customers we ask them to put their name in the reference. Some people just put their surname, could the donor leave the full line unredacted bar the persons name? Also under GDPR, how much of the persons name is actually showing? If it is just their surname for example, that is not enough to be able to identify the person and so should not fall foul of GDPR anyway, unless the person is the only person in the country with that surname.
Also, money laundering rules trump GDPR. However, I think this is a very grey area and if I was the donor I would not be risking my license for it.
If Nationwide will not back down and/or you can not find a way that works. You need a new lender.
I've been reading up a little on GDPR and that this can fall under lawful basis of legitimate interest when the official organisation (the bank) can process the data for money laundering reasons (fulfilling a legal obligation - recital 45).
I've come to this after researching myself but would rather there be official advice or somewhere clearly stating this rather than me trying to reassure the donor from my own assumption.0 -
I wonder if the bank issuing the statement can offer any help with a different format of statement?
But a banker, engaged at enormous expense,Had the whole of their cash in his care.
Lewis Carroll1 -
JackieEllis said:I've been reading up a little on GDPR and that this can fall under lawful basis of legitimate interest when the official organisation (the bank) can process the data for money laundering reasons (fulfilling a legal obligation - recital 45).
I've come to this after researching myself but would rather there be official advice or somewhere clearly stating this rather than me trying to reassure the donor from my own assumption.You will struggle to find support for that approach as the reason for the information being processed has nothing to do with the business/professional activities that caused the data to be acquired in the first place.If for example this was an application for a business loan then it might fly, but to support a gifted deposit to a close relative isn't going to be sufficient I suspect...I would follow the line ACG suggests and ask if redacting the PII only (name) would be acceptable to the lender.1 -
I see, so legitimate interest still needs to link back to the original reason for obtaining data.MWT said:JackieEllis said:I've been reading up a little on GDPR and that this can fall under lawful basis of legitimate interest when the official organisation (the bank) can process the data for money laundering reasons (fulfilling a legal obligation - recital 45).
I've come to this after researching myself but would rather there be official advice or somewhere clearly stating this rather than me trying to reassure the donor from my own assumption.You will struggle to find support for that approach as the reason for the information being processed has nothing to do with the business/professional activities that caused the data to be acquired in the first place.If for example this was an application for a business loan then it might fly, but to support a gifted deposit to a close relative isn't going to be sufficient I suspect...I would follow the line ACG suggests and ask if redacting the PII only (name) would be acceptable to the lender.
Okay.. Trying (underlined) to get hold of Nationwide again (through broker).
This is so tough! I'm livid that this is even an issue that doesn't have a resolve. To be honest (thinking about an earlier comment from ItsComingRome - the bank would still want to have seen the origin of the money regardless if it was a separate account from business to current. The moneys origin would still need to be located from the start, the way they're looking into it.0 -
JackieEllis said:
I see, so legitimate interest still needs to link back to the original reason for obtaining data.MWT said:JackieEllis said:I've been reading up a little on GDPR and that this can fall under lawful basis of legitimate interest when the official organisation (the bank) can process the data for money laundering reasons (fulfilling a legal obligation - recital 45).
I've come to this after researching myself but would rather there be official advice or somewhere clearly stating this rather than me trying to reassure the donor from my own assumption.You will struggle to find support for that approach as the reason for the information being processed has nothing to do with the business/professional activities that caused the data to be acquired in the first place.If for example this was an application for a business loan then it might fly, but to support a gifted deposit to a close relative isn't going to be sufficient I suspect...I would follow the line ACG suggests and ask if redacting the PII only (name) would be acceptable to the lender.
Okay.. Trying (underlined) to get hold of Nationwide again (through broker).
This is so tough! I'm livid that this is even an issue that doesn't have a resolve. To be honest (thinking about an earlier comment from ItsComingRome - the bank would still want to have seen the origin of the money regardless if it was a separate account from business to current. The moneys origin would still need to be located from the start, the way they're looking into it.JackieEllis said:
That would be find if we had months to play with to allow accounts to settle, but this is for a mortgage application now and the money has been transferred.ItsComingRome said:
The solution would be to not transfer deposits from business accounts (or not use a personal account for business purposes.)JackieEllis said:We are applying for a mortgage, FTB with Nationwide. We are submitting with a gifted deposit and they have asked for proof of funds from the donors via bank statements - all good. Except - the donor is a psychotherapist and has client details on the bank statement. He's blurred these out as GDPR dictates that he cannot share these details. Nationwide are refusing the evidence currently, so we've hit a stalemate. I'm waiting to hear back from Nationwide BD's, but last week they flatly refused and offered no work around. We can't be the only people submitting bank statements with sensitive client info on? How are other people managing to stay GDPR compliant while submitting bank statements? It doesn't matter how safe and confidential the bank is, the act of sharing the details is breach of GDPR - unless we're missing something?
There's no hard and fast time limit for accounts to "settle". Some say 6 months as a rule of thumb but that's not the actual rule. A solicitor has to be comfortable that the source of the funds is legitimate. They'll judge how far back they need to go. If money was gradually going into an account (e.g. from a salary) they probably wouldn't go back to far if it is easy to see somebody has been in long term employment and it makes sense for them to have that much money, a lump sum however would be more suspicious.
My solicitor was very thorough with the gifted deposit I received. My mother provided 6 months of her current account with a salary coming in, that was fine. My father sent my solicitor a state savngs account going back two years but they still asked for more because it was just a lump sum, he had to get a letter from his employer showing it was a payout at retirement 7 years previously. That's probably an exception but still, I wasn't limited to a few months. Ultimately, if the solicitor isn't happy to sign off on it, it cannot be used, it's their judgment call.2 -
Thank you. We haven't even got it to the solicitor yet, our broker is still building our mortgage case to even apply for it for Nationwide. This is Nationwide's request and initial refusal for deposit evidence and they've asked for the last 3 months, I imagine (without having seen it first hand) the money trickles in as individual clients pay. Hopefully I should hear something today!MaryNB said:JackieEllis said:
I see, so legitimate interest still needs to link back to the original reason for obtaining data.MWT said:JackieEllis said:I've been reading up a little on GDPR and that this can fall under lawful basis of legitimate interest when the official organisation (the bank) can process the data for money laundering reasons (fulfilling a legal obligation - recital 45).
I've come to this after researching myself but would rather there be official advice or somewhere clearly stating this rather than me trying to reassure the donor from my own assumption.You will struggle to find support for that approach as the reason for the information being processed has nothing to do with the business/professional activities that caused the data to be acquired in the first place.If for example this was an application for a business loan then it might fly, but to support a gifted deposit to a close relative isn't going to be sufficient I suspect...I would follow the line ACG suggests and ask if redacting the PII only (name) would be acceptable to the lender.
Okay.. Trying (underlined) to get hold of Nationwide again (through broker).
This is so tough! I'm livid that this is even an issue that doesn't have a resolve. To be honest (thinking about an earlier comment from ItsComingRome - the bank would still want to have seen the origin of the money regardless if it was a separate account from business to current. The moneys origin would still need to be located from the start, the way they're looking into it.JackieEllis said:
That would be find if we had months to play with to allow accounts to settle, but this is for a mortgage application now and the money has been transferred.ItsComingRome said:
The solution would be to not transfer deposits from business accounts (or not use a personal account for business purposes.)JackieEllis said:We are applying for a mortgage, FTB with Nationwide. We are submitting with a gifted deposit and they have asked for proof of funds from the donors via bank statements - all good. Except - the donor is a psychotherapist and has client details on the bank statement. He's blurred these out as GDPR dictates that he cannot share these details. Nationwide are refusing the evidence currently, so we've hit a stalemate. I'm waiting to hear back from Nationwide BD's, but last week they flatly refused and offered no work around. We can't be the only people submitting bank statements with sensitive client info on? How are other people managing to stay GDPR compliant while submitting bank statements? It doesn't matter how safe and confidential the bank is, the act of sharing the details is breach of GDPR - unless we're missing something?
There's no hard and fast time limit for accounts to "settle". Some say 6 months as a rule of thumb but that's not the actual rule. A solicitor has to be comfortable that the source of the funds is legitimate. They'll judge how far back they need to go. If money was gradually going into an account (e.g. from a salary) they probably wouldn't go back to far if it is easy to see somebody has been in long term employment and it makes sense for them to have that much money, a lump sum however would be more suspicious.
My solicitor was very thorough with the gifted deposit I received. My mother provided 6 months of her current account with a salary coming in, that was fine. My father sent my solicitor a state savngs account going back two years but they still asked for more because it was just a lump sum, he had to get a letter from his employer showing it was a payout at retirement 7 years previously. That's probably an exception but still, I wasn't limited to a few months. Ultimately, if the solicitor isn't happy to sign off on it, it cannot be used, it's their judgment call.0
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244K Work, Benefits & Business
- 599K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards