Explanatory Memorandum to COM(2021)429 - Amendment of Directive 2019/1153, as regards access of competent authorities to centralised bank account registries through the single access point - Main contents
Please note
This page contains a limited version of this dossier in the EU Monitor.
dossier | COM(2021)429 - Amendment of Directive 2019/1153, as regards access of competent authorities to centralised bank account registries through ... |
---|---|
source | COM(2021)429 |
date | 20-07-2021 |
1. CONTEXT OF THE PROPOSAL
• Reasons for and objectives of the proposal
As stressed in the EU strategy to tackle organised crime 2021-2025 1 , the European Union needs to step up the fight against criminal finances. Organised crime groups use their substantial illegal profits to infiltrate the legal economy and public institutions, eroding the rule of law and fundamental rights and undermining people’s right to safety and their trust in public authorities. Illegal revenues generated by criminal activities in the EU amounted to €139 billion in 2019 2 , corresponding to 1% of its gross domestic product. Despite the development of a legal framework for asset recovery at EU and national level, only a small percentage of instrumentalities and proceeds of crime is confiscated 3 .
Swift access to financial information is key to effective financial investigations and successfully tracing and confiscating the instrumentalities and proceeds of crime. In this regard, it is vital to know who holds a bank account in a Member State other than that carrying out the investigation: not only to be able to establish which Member State freezing and confiscation orders are to be sent to 4 , but also to give investigators potentially crucial leads. However, in order for authorities responsible for preventing, detecting, investigating or prosecuting criminal offences in one Member State to obtain information on subjects of an investigation who hold bank accounts in another Member State, they currently have to collect the information via police cooperation or judicial cooperation channels. This is an often burdensome and time-consuming process that hampers speedy access to the information, as shown in Annex 7 of the Impact Assessment accompanying the package of Commission legislative proposals regarding Anti-Money Laundering and Countering Financing of Terrorism (AML/CFT), and law enforcement.
Pursuant to Article 32a of the (fifth) anti-money laundering directive 5 , Member States are to put in place centralised automated mechanisms, such as central registers or central electronic data retrieval systems, to allow the identification of any natural or legal persons holding or controlling payment accounts, bank accounts and safe-deposit boxes.
Directive (EU) 2019/1153 6 already at present requires Member States to designate authorities competent for the prevention, detection, investigation or prosecution of criminal offences in order for them to access and search the centralised automated mechanisms (referred to in Directive (EU) 2019/1153 as centralised bank account registries, term used hereafter). It also requires them to include asset recovery offices among their designated competent authorities and enables Member States to designate tax authorities and anti-corruption agencies as competent authorities to the extent that these are competent for the prevention, detection, investigation or prosecution of criminal offences under national law. The deadline for transposing the Directive is 1 August 2021.
Pursuant to the Commission’s proposal for a new anti-money laundering directive, which is being presented alongside this proposal, Member States shall ensure that the information from centralised bank account registries is available through the bank account registers (BAR) single access point to be developed and operated by the Commission 7 . By interconnecting centralised bank account registries, authorities with access to the BAR single access point would be able to establish quickly whether an individual holds bank accounts in other Member States without having to ask all their counterparts in all Member States. In line with its legal basis (Article 114 of the Treaty on the Functioning of the European Union (TFEU)), the new anti-money laundering directive will provide access to the BAR single access point only to financial intelligence units (FIUs), the national body which receives suspicious transaction reports from obliged entities 8 and forwards them, as appropriate, to criminal investigation authorities. However, in the interest of combatting serious crime and, in particular, carrying out effective financial investigations authorities competent for the prevention, detection, investigation or prosecution of criminal offences also need to have access to the BAR single access point allowing them to identify, analyse and interpret the financial information relevant for criminal proceedings.
The present proposal seeks to extend access to the BAR single access point, as introduced by the new anti-money laundering directive, to the authorities competent for the prevention, detection, investigation or prosecution of criminal offences that are designated as competent authorities pursuant to Article 3(1) of Directive (EU) 2019/1153.
• Consistency with existing policy provisions in the policy area
This proposal complements the provisions on the BAR single access point included in the Commission proposal for the new anti-money laundering directive.
The basis for the anti-money laundering framework (Article 114 TFEU) relates to the internal market and the aim is to prevent the use of the Union’s financial system for the purposes of money laundering and terrorist financing. This proposal complements and builds on the preventive side of policies to counter money laundering and terrorist financing, and reinforces the legal framework from the point of view of law enforcement cooperation.
This proposal is in line with the action plan for a comprehensive Union policy on preventing money laundering and terrorist financing adopted by the Commission in May 2020 9 . The action plan emphasises that the Union-wide interconnection of centralised bank account registries is necessary to speed up FIUs’ and law enforcement authorities’ access to bank account information and to facilitate cross-border cooperation. The EU Security Union Strategy (July 2020) 10 also stresses that such interconnection could significantly speed up FIUs’ and competent authorities’ access to the financial information. The new EU strategy to tackle organised crime signals that the Commission will revise Directive (EU) 2019/1153 in order to provide law enforcement authorities with access to the future platform interconnecting centralised bank account registries across the Union.
• Consistency with other Union policies
The proposed directive is in line with the Union’s policy aims, in particular the fight against serious crime as well as with the framework to prevent money laundering and terrorism financing, including the new anti-money laundering package.
2. LEGAL BASIS, SUBSIDIARITY AND PROPORTIONALITY
• Legal basis
In line with the legal basis used to adopt the legal act being amended, i.e. Directive (EU) 2019/1153, the legal basis of the proposed Directive is Article 87(2) TFEU. That provision enables the Union to take measures on police cooperation involving the Member States’ competent authorities (including police, customs and other specialised law enforcement services), in particular as regards the collection, storage and exchange of information relevant for the prevention, detection and investigation of criminal offences.
• Subsidiarity (for non-exclusive competence)
In accordance with the principle of subsidiarity as set out in Article 5(3) of the Treaty on European Union (TEU), the objectives of the proposal cannot be sufficiently achieved by Member States alone and can therefore be better achieved at Union level. The proposal does not go beyond what is necessary to achieve those objectives.
Organised crime groups often operate across borders, inter alia in order to hide and reinvest their illegally obtained assets. The threat of organised crime groups channelling their illicit profits to infiltrate the economy affects the Union as a whole and therefore requires an EU-level response.
• Proportionality
In accordance with the principle of proportionality, as set out in Article 5 i TEU, this proposal is limited to what is necessary and proportionate in order to facilitate the use and sharing of relevant financial information by the public authorities that have a duty to protect Union citizens.
Directive (EU) 2019/1153 gives access to a limited set of information only (e.g. the owner’s name, bank account number), which is strictly necessary to ascertain whether the subject of an investigation holds an account with a bank and with which banks. The same limitation will also apply in relation to the access and search possibilities, through the BAR single access point, created by the present proposal.
Accordingly, competent authorities of other Member States will be able to directly access and search the following limited set of information through the BAR single access point (see Article 4(2) in conjunction with Article 2(7) of Directive (EU) 2019/1153; see also Article 32a(3) of the current Anti-Money Laundering Directive, as well as Article 14(3) of the proposed new Anti-Money Laundering Directive and Article 18(1) of proposed new Anti-Money Laundering Regulation):
·for the customer-account holder and any person purporting to act on behalf of the customer: the name, complemented by either the other identification data required or a unique identification number;
·for the beneficial owner of the customer-account holder: the name, complemented by either the other identification data required or a unique identification number;
·for the bank or payment account: the International Bank Account Number (IBAN) and the date of account opening and closing;
·for the safe-deposit box: name of the lessee complemented by either the other identification data required under or a unique identification number and the duration of the lease period.
Pursuant to the measures hereby proposed, authorities competent for the prevention, detection, investigation or prosecution of criminal offences will therefore still not be able to access and search sensitive data, such as information on transactions or the accounts balance. Only information strictly required to identify a holder of a bank or payment account or a safe deposit box will be made accessible through the BAR single access point. Once the authorities identify, by virtue of the access provided under this proposal, with which financial institution the subject of an investigation holds a bank account in another Member State, they will, where deemed necessary, have to request further information (e.g. a list of transactions) via appropriate police or judicial cooperation channels.
• Choice of instrument
This proposal takes the form of a directive, as it involves amending Directive (EU) 2019/1153.
3. RESULTS OF EX-POST EVALUATIONS, STAKEHOLDER CONSULTATIONS AND IMPACT ASSESSMENTS
• Views from other Institutions and stakeholder consultations
In the June 2020 Council conclusions on enhancing financial investigations to fight serious and organised crime 11 , Member States called on the Commission to consider further enhancing the legal framework by interconnecting national centralised bank account registries so as to speed up access to financial information and facilitate cross-border cooperation between competent authorities across the Union.
in its resolution of 10 July 2020 12 , the European Parliament welcomed the Commission’s plan to ensure interconnection of centralised bank account registries in order to speed up access to financial information for law enforcement authorities’ and FIUs’ access to financial information in different investigation phases and facilitate cross-border cooperation in full compliance with applicable data protection rules.
In the course of preparing this proposal, the Commission consulted asset recovery offices in meetings of the Asset Recovery Offices Platform and through an informal and targeted consultation. They fully supported the initiative.
• Impact assessment
The proposal is supported by the impact assessment on the proposed new anti-money laundering package (in particular its Annex 7 on the interconnection of bank account registries), on which the Regulatory Scrutiny Board issued a positive opinion on 4 December 2020. A staff working document, which is annexed to the proposal, further analyses the situation and the impacts of enlarging the access to the interconnected system of centralised bank account registries also to the authorities competent for the prevention, detection, investigation or prosecution of criminal offences designated under Directive 2019/1153.
• Fundamental rights
This proposal will provide clearly designated authorities competent for the prevention, detection, investigation or prosecution of criminal offences with access to the interconnected system of centralised bank account registries, the BAR single access point. This will allow them to establish quickly whether an individual holds bank accounts in other Member States, without having to request to all their counterparts in all EU Member States.
The centralised bank account registries centralise personal data relating to legal and natural persons. Extending access to the BAR single access point will therefore have an impact on the fundamental rights of the data subjects, in particular with the right to privacy and the right to the protection of personal data (Articles 7 and 8, respectively, of the Charter of Fundamental Rights of the European Union (‘Charter’)).
Any resulting limitations on the exercise of the rights and freedoms recognised by the Charter, in particular those laid down in its Articles 7 and 8, comply with the requirements set by the Charter, in particular those of its Article 52(1).
The limitation is provided for by law and is justified by the need to pursue an objective of general interest recognised by the Union, namely, combating serious crime.
Furthermore, the essence of the rights and freedoms in question are respected and the limitations are proportionate to the objective pursued.
With regard to the right to privacy, the impact is limited, especially as this proposal does not require the collection of additional account-holder data and considering that the information from other Member States that is accessible via the BAR single access point can already be obtained through police and judicial cooperation channels. Moreover, the interference with the right to privacy will be relatively limited in terms of gravity as the accessible and searchable data does not cover financial transactions or account balance. It will cover a limited set of information (e.g. the owner’s name and bank account number), as strictly required by the competent authority of a given Member State to establish with which bank(s) in other Member States the subject of an investigation holds an account.
With regard to the protection of personal data of natural persons, information on bank accounts can constitute personal data and access to this data by authorities competent for the prevention, detection, investigation or prosecution of criminal offences authorities would constitute processing of personal data. The processing of data from the centralised bank account registries accessed and searched by these authorities through the BAR single access point would be subject to the national laws transposing Directive (EU) 2016/680, as is presently the case for data accessed and searched on the basis of Directive (EU) 2019/1153 as it stands at present.
In addition, the safeguards and limitations already provided for in Directive (EU) 2019/1153 will also apply in respect of any direct access or search by designated authorities to or in centralised bank account registries of other Member States through the BAR single access point. It concerns in particular the safeguards and limitations provided for in Articles 3, 4, 5 and 6 of that Directive, which notably provide for the following:
·only authorities competent for the prevention, detection, investigation or prosecution of criminal offences that have been designated by Member States will be able to access and search the centralised bank account registries, including through the BAR single access point (Article 3(1) in conjunction with the new Article 4(1a) of the Directive).
·the power to access and search the centralised bank account registries, including through the BAR single access points is granted only for the purpose of prevention, detecting, investigating or prosecuting ‘serious criminal offences’ or supporting a criminal investigation concerning ‘serious criminal offences’ (Article 4(1) and new (1a) of the Directive). Serious criminal offences in this context refer to the forms of crime listed in Annex I to Regulation (EU) 2016/794 13 (Article 2(12) of the Directive).
·as set out above, only a limited set of the information in the centralised bank account registries, as strictly required to ascertain whether the subject of an investigation holds an account with a bank and with which banks, is accessible and searchable, including through the BAR single access point (e.g. the owner’s name and bank account number) (Article 4(2) in conjunction with Article 2(7)).
·access and searches, including when conducted through the BAR single access point, have to be performed case by case by specifically designated and authorised staff in each competent authority (Article 5(1) and (2)). Member States must put measures in place to ensure the security of the data to high technological standards for the purposes of accessing and searching bank account information (Article 5(3)).
·logs of any access and searches, including when conducted through the BAR single access point, have to be kept (Article 6(1)). These logs have to be checked regularly by the data protection officers for the centralised bank account registries, and made available, on request, to the competent supervisory authority (Article 6(2)). The logs may be kept for data protection monitoring only, must be protected by appropriate measures against unauthorised access and must be erased 5 years after their creation, unless they are required for monitoring procedures (Article 6(3)).
4. BUDGETARY IMPLICATIONS
The proposal has no implications for the EU budget.
5. OTHER ELEMENTS
• Implementation plans and monitoring, evaluation and reporting arrangements
The act to be amended (Directive (EU) 2019/1153) already provides for appropriate monitoring, reporting and evaluation.
• Explanatory documents (for directives)
The proposal does not require explanatory documents for transposition.
• Detailed explanation of the specific provisions of the proposal
Article 1 amends Article 4 of Directive (EU) 2019/1153 and provides designated authorities competent for the prevention, detection, investigation or prosecution of criminal offences with the possibilities to directly access and search centralised bank account registries of other Member States through the BAR single access point.
Article 2 sets the deadline for the Member States’ transposition of the new directive.