Report from the Commission on the implementation of the Council Decision of 17 October 2000 concerning arrangements for cooperation between financial intelligence units of the Member States in respect of exchanging information (2000/642/JHA)
/* COM/2007/0827 final */
|Bilingual display: BG CS DA DE EL EN ES ET FI FR HU IT LT LV MT NL PL PT RO SK SL SV|
[pic] | COMMISSION OF THE EUROPEAN COMMUNITIES |
COM(2007) 827 final
REPORT FROM THE COMMISSION
On the implementation of the Council Decision of 17 October 2000 concerning arrangements for cooperation between financial intelligence units of the Member States in respect of exchanging information (2000/642/JHA)
The aim of this report is to assess whether Member States have established a cooperative framework to support the work of their Financial Intelligence Units (FIUs) as set out in the Council Decision 2000/642/JHA (hereafter "the Decision"). FIUs are central to efforts to combat anti-money laundering and terrorist financing, and it is essential to promote their close cooperation.
Based on a Finnish initiative, the Decision is intended to improve cooperation among EU FIUs for the purpose of anti-money laundering. The Decision seeks to address the difficulties in communication and exchange of information among FIUs resulting from their different legal status (administrative, judicial or law enforcement based) by providing for direct communication between them. The Decision reflects the standards and principles established by the Egmont Group as well as the recommendations of the Financial Action Task Force ("FATF").
At the European level, the importance of FIU cooperation has also been acknowledged by the EU Counter Terrorist Financing Strategy of December 2004. Furthermore, this report is also timely as the Third Anti-Money Laundering Directive has reconfirmed many aspects of FIU functions and cooperation set out in the Decision and is to be transposed by Member States into national law by 15 December 2007. Complementarily to the Directive, the Cash Controls Regulation applies from 15 June 2007 and according to its provisions competent authorities of Member States shall make available to their national FIU the information obtained under the Regulation. Finally, the 2005 Council of Europe Convention n°198 matches the provisions of the Decision.
Reinforced European cooperation has become increasingly necessary, as the information processed by the FIUs has grown in recent years. Many Member States report on an increase in cases of European and international cooperation, e.g. the German FIU in its 2005 Annual Activity Report: "The FIU corresponded with foreign FIUs in 657 cases in 2005. This represents an increase of 8.4% over the preceding year. The rate of increase from 2003 to 2004 was 25%."
Purpose of the Report and Method of Evaluation
According to Art. 34(2)(c) of the Treaty of the European Union ("TEU"), Council Decisions in the field of police and judicial cooperation in criminal matters do not approximate laws of Member States, but have other purposes consistent with the objectives of Title VI of TEU. The Treaty makes clear that such Council Decisions are legally binding and it may be necessary for Member States to amend their national law to bring it into conformity with the Decision.
Member States have to be in compliance with the Decision by 17 October 2003 as stated by its Art. 9(2). This provision requires that "The Member States shall ensure that they are able to cooperate fully in accordance with the provisions of this Decision ...".
This report, although not required by the Decision, offers a first factual evaluation of whether Member States have a legislative and operational framework in place to enable their FIUs to cooperate as set out in the Council Decision.
In a letter sent on 24 May 2006 and a reminder letter dated 23 October 2006, the then 25 EU Member States were requested by the Commission to communicate their implementing measures. Bulgaria and Romania were also requested to do so in a letter of 24 January 2007. By June 2007, 26 Member States had responded to this request, whereas Ireland has sent an interim reply to date. The report has been drawn up on the basis of these replies. Some of the replies were partial, not explaining details of implementation. Some Member States have not sent the Commission all relevant texts of their implementing provisions. The factual assessment and subsequent conclusions are therefore sometimes based on incomplete information.
The report focuses on legal aspects of FIU cooperation, but also addresses operational issues as much as possible based on the received replies. This twofold analysis is essential given that FIU cooperation is determined by operational aspects which go further than legislative provisions. This might also mean that even if a Member State's legislation is in line with requirements of the Council Decision, real operational problems might remain undiscovered. This duality of legislative and operational implementation has rendered the assessment complex and difficult, especially as most replies from Member States focused on legal aspects. Moreover, the wording of the Decision leaves many aspects open to interpretation.
OVERVIEW OF MEMBER STATES’ REPLIES
This part of the report analyses the situation concerning the specific provisions  of the Decision, covering Articles 1-7 and 9 on a thematic basis. The following key issues have been identified:
- Definition of the FIU
- Basis for the exchange of information
- Modalities for the exchange of information
- Data protection
Already at this stage, it is important to take note of the diversity among EU FIUs: 12 FIUs are of administrative nature (FR, SI, BE, CZ, IT, ES, LV, PL, MT, RO, EL, BG), while 11 have a law enforcement basis (DE, HU, UK, SE, SK, EE, AT, FI, LT, PT, IE) and one is a judicial body (LU). 3 FIUs can be considered as hybrid (DK, CY, NL).
DEFINITION OF THE FIU
Art. 2(1) mainly takes over the Egmont Group definition of FIUs and Member States are requested to ensure that their FIU is "A central, national unit which, …, is responsible for receiving (and to the extent permitted, requesting), analysing and disseminating to the competent authorities disclosures of financial information…". This definition is also in line with Art. 21 of the Third Anti- Money Laundering Directive. Most Member States, in total 18, communicated the legal text setting up their FIU.
1. A central, national unit; responsible for d issemination of information - Art. 2
This is an important aspect from an FIU cooperation point of view. The FIU shall be a distinct entity either autonomously or within an organisation so that EU FIUs can directly cooperate and exchange information with each other. Member States mainly comply with this requirement, and some of them (MT, RO, LV) stated that they entrusted their FIU with distinct legal personality. It is noted that EL legislation refers to a "National Authority for the Combating of Money-Laundering" and to the fact that "The place of its meetings shall be specified by a decision of the Minister". Furthermore, there is some lack of clarity in cases (e.g. CZ, HU) when legislation provides the relevant functions and responsibilities to the whole organisation of which the FIU is part, rather than to the specific unit. No clear information was provided on this aspect from UK, DK, EE, FI, BG, IE, IT, AT, ES, LU, SK.
For the purposes of FIU cooperation, it is important to entrust the FIU with clear powers for the "dissemination" of information. This dissemination function touches rather the national context, whereby the FIU disseminates information to competent authorities, however, FIUs have to be able to disseminate information internationally as well. Some legislation (EL, NL, SE, CZ, HU, CY, PL, RO) provides for cooperation with foreign counterparts, although not mentioning specifically "dissemination" when listing key FIU functions. Some Member States - such as UK, DK, SK, EE, AT, ES, FI, BG, IE, LU, IT - have not provided clear information on this aspect.
2. Relevant information gathered at national level - Art. 1(1) and Art. 2(1)
The Decision remains relatively vague about the scope of information that has to be accessible to FIUs and only provides at Art.4(2) the so-called multidisciplinary requirement, that all relevant administrative, law enforcement and financial information shall be exchanged. Therefore, the following analysis aims at having a better understanding – solely on the basis of replies received – on what " relevant information " is gathered within the FIU, according to Art.1(1), but without directly assessing the level of Member States' implementation. An important element in this respect is the obligations following from the Anti-Money Laundering Directives. Also, to ensure efficient cooperation it would be essential for an EU FIU to have an understanding of what information is gathered in a partner EU FIU.
Provisions in Member States are highly diverse on whether the FIU has access to certain databases or can request further information from different authorities. Some Member States reported requirements that make police information accessible, in other cases also tax or customs authorities (SE, DE), or even various other bodies (BE, EL, LT, LV, PL, ES, MT, RO, CZ, FI, IT) provide information. In some cases, this broader coverage also brings a lack of clarity with regard to the exact bodies that should provide information, such as "state authorities" (LV), "appropriate executive bodies" (ES). No concrete information has been provided on this aspect from HU, UK, LU, DK, SK, EE, AT, FR, NL, PT, IE, BG.
3. Relevant information – obligation for law enforcement authorities to provide information to FIU - linked to Art. 4(2)
Some Member States informed the Commission about legal requirements that law enforcement authorities are to provide information to the FIU. DE, BE, MT, LT, PL, SE, CZ, IT, CY have reported specifically such an obligation.
4. Relevant information - possibility for FIU to require further financial information from domestic reporting bodies - linked to Art. 4(2)
As exchange of information among FIU concerns sensitive financial information, it is important to know whether the FIU has the right to request additional information to reports on suspicious transactions from financial institutions or other reporting bodies. Many of the Member States (HU, FR, SI, SE, BE, EL, FI, EE, LT, NL, MT, RO, PL, LV, IT, DE) have reported about legislation in place that enables the FIU to require further data from financial institutions and other reporting entities. No clear information was provided on this aspect from UK, LU, DK, SK, AT, PT, IE, BG, ES, CZ, CY.
5. Notification of the General Secretariat of the Council [Art. 2(3)]
Member States are under the obligation to notify to the General Secretariat of the Council in writing of which unit is their FIU within the meaning of this article. Only 4 Member States (DE, LU, IT, MT) declared in their response that they have done or are doing so.
BASIS FOR THE EXCHANGE OF INFORMATION
Exchange of information serves the purpose of allowing FIUs to properly analyse reports on suspicious transactions (STRs). 17 Member States communicated legal provisions which confirm the right and need for cooperation with foreign FIUs. Only ES made a difference in legislation between EU level and international FIU cooperation and exchange of information. It was found that 18 Member States included specific provision in their laws on information exchange. 3 Member States' legislation seems to provide for legal provisions for FIU cooperation (LT, NL, PT), but not more specifically for exchange of information. EL legislation would appear to contain a limitation by covering international cooperation in general and only the case when FIU receives information. No concrete information was received on this aspect from DK, BG, IE, AT.
6. "FIUs shall be able to exchange spontaneously or on request , any available information that may be relevant…" - Art.1(2)
4 Member States (HU, SI, LV, MT) reported legal provisions, whereas further 4 Member States (FR, SE, CZ, CY) declared specifically that they exchange information both spontaneously or on request, but without giving legal provisions.
7. Police FIU may supply information - Art.1(3)
This provides for less demanding requirements to law enforcement FIUs. There has not been any specific information about this article from Member States which would indicate that different legal provisions apply to law enforcement as opposed to other types of FIUs.
8. Performance of FIU functions shall not be affected by their internal status - Art. 3
It is left to Member States to choose the most suitable status for their FIU, but FIUs must be able to perform their duties properly. 23 Member States provided statements or legal provisions that cooperation is undertaken with foreign FIUs regardless of their status. However, there is lack of clarity in some cases when cooperation is based on relevant Police Acts (e.g. AT, SK), and it is hard to judge whether the provisions cover all types of FIUs as this is not clearly stated in the text. NL is the only Member State expressly referring in legislation to "foreign government designated police and non-police authorities which have similar duties". No concrete information was received from UK, DK, BG, IE on this aspect.
MODALITIES FOR THE EXCHANGE OF INFORMATION
Several provisions (Art. 4, 6, 7, 9(1)) set out modalities for the exchange of information touching upon the different stages of the information exchange cycle. As a general statement, 11 Member States (FR, UK, SI, CY, EE, AT, EL, LV, PL, PT, RO) emphasised that they apply the Egmont Group principles  in exchanging information and thus comply with the relevant requirements of the Decision. 2 Member States mentioned specifically that they provide a brief statement of the relevant facts (CZ, NL) (Art. 4(1)) .
9. When replying to a request - Art.4(2)
The FIU, when replying to a request, shall provide all relevant information, including available financial information and requested law enforcement data. This is one of the Decision's key provisions.
Statements and legal provisions were provided by 9 Member States (HU, FR, SE, ES, NL, BE, CZ, EE, UK) identifying to a certain extent the scope of exchanged information, but not always stating precisely whether financial or law enforcement data is exchanged. While some States (HU, FR, BE, CZ, EE) emphasised that they transmit financial, bank information as well, it can be supposed that some others have difficulties in doing so. There seems to be considerable differences in the information that can be transmitted by FIUs. However, as the Decision does not define "all relevant information", it is difficult to assess Member States' real compliance with this crucial aspect.
The principle of reciprocity is not a precondition for information exchange according to the Decision, but is mentioned in many Member States' relevant laws or practice (FR, SI, BE, RO, CZ, PL). On the other hand, EE stated that it has abandoned this principle.
10. Cases of refusal - Art. 4(3)
Art.4(3) defines, in quite wide terms, in which cases the FIU may refuse to provide information to foreign counterparts. 5 Member States (HU, FR, ES, MT, NL) reported about legal provisions of various types. Among these, most often reference has been made to fundamental principles such as sovereignty, national security and to the possibility of impairment of criminal investigations. No concrete communication has been given on this aspect by 22 Member States.
11. Spontaneous exchange of information - Art. 6
In general no distinction seems to be made between the information that can be transmitted "as a reply to a request" or spontaneously.
12. Protected channels - Art.7
Given the need for secure information exchange, the Decision obliges Member States to have protected channels of communication. The following key channels were mentioned: Egmont Secure Web (a secure encrypted capability to share information over the Internet), FIU.NET (computer based information exchange system of EU FIUs), Europol and Interpol for law enforcement FIUs.
11 Member States (DE, FR, BE, CZ, SK, ES, EL, FI, LV, NL, PT) confirmed their participation in the FIU.NET project, while SE and CY wish to be a member and AT is not participating. Concerning the Egmont Secure Web, 15 Member States (DE, UK, FR, SE, BE, CZ, SK, CY, AT, ES, EL, FI, LV, NL, PT) confirmed that they use this channel.
13. Memoranda of Understanding ("MoU") - Art.7
In certain cases, MoUs are essential in governing information exchange among FIUs. These agreements can be a way of implementing the provisions of the Decision without legislative action.
16 Member States (DE, FR, SE, BE, EE, ES, EL, FI, LV, NL, PT, RO, PL, IT, MT, CZ) have declared that they have MoUs with other countries. Some stated (DE, FR, SE, CZ, IT, MT, EE) that they are not required to use such agreements. PL legislation would appear to contain a limitation by providing for foreign information exchange "on a reciprocal basis in the form laid down in bilateral agreements." No concrete information was provided from HU, UK, SI, LU, DK, SK, CY, AT, LT, BG, IE on this aspect.
CONFIDENTIALITY AND DATA PROTECTION
Many Member States confirmed paying close attention to confidentiality and complying with strict national data protection legislation which means that general data protection legislation is applicable to FIUs. Some Member States also referred to the EU Data Protection Directive.
14. Use of information obtained - Art.5(1-3)
Some Member States (LU, MT, PL, CZ, HU, FR, ES, SI, FI, RO, LV) reported a general provision that domestically and/or internationally received information should be used for AML (and CFT) purposes. Few Member States (DE, SE, NL) declared that information can only be used for commonly agreed purposes, respecting restrictions of counterparts. No concrete information was provided from 13 Member States on these aspects.
To ascertain that the information once obtained can really serve criminal investigations or prosecutions in money laundering, Art.5(3) requires that in these cases, the transmitting Member State may not refuse its consent, unless it does so on the basis of restrictions under its national law or in cases as referred to in Art.4(3). Only a few Member States (e.g. NL, DK) addressed this aspect, referring to the need for appraisal from certain authorities to be able to transmit information.
15. No access to any other authorities, agencies or departments - Art. 5(4)
Statements or legal provisions were reported by LT, RO, CZ, BE, DE, NL, AT, LV, CY, EL that FIU data is not accessible to third parties. There seems to be a lack of clarity with regard to the term "any authorities, agencies or departments" as used in the Decision. It is somewhat unclear how this provision accords with some Member States' (such as SE, FI) statements that their FIU is authorised to forward information to other law enforcement authorities or that the data kept by the FIU are (partially) available to the police. Furthermore, in some cases (HU, UK) data protection rules seem to be applicable to the organisation of which the FIU is part, but no specific provisions are given to the FIU itself. No concrete information was received from LU, EE, IT, SK, PL, PT, BG, IE on this aspect. Under these circumstances, it is difficult to assess whether Art. 5(4) has been respected.
16. Council of Europe Convention, same level of confidentiality and data protection - Art. 5(5)
No detailed analysis was given by Member States of provisions to comply with the 1981 Council of Europe Convention and the 1987 Recommendation No R(87) 15 as required by Art. 5(5).
Art. 5(5) also states that "The information submitted will be protected … by at least the same rules of confidentiality and protection of personal data as those that apply under the national legislation applicable to the requesting FIU ." This provides for recognition of the other state's legislation.
Some Member States reported legal requirements that a precondition for transmitting information to a foreign FIU is that this counterpart has to have the same level of secrecy (BE, MT, RO) or professional secrecy (FR, ES) as provided by the national legislation of the transmitting State or that counterparts need to have a regulated system of data protection (SI). These provisions might be valid for international cooperation, but do not seem to fully comply with EU level requirements as set out in Art. 5(5). Furthermore, it has to be considered that "professional secrecy" is only one aspect of "confidentiality".
EU FIU cooperation must be built on a legislative and regulatory environment that promotes mutual confidence building. This report provides a first insight into Member States' implementation of the Decision on FIU cooperation. The report confirms the wide diversity in the way EU FIUs are organised, as well as the type of information accessible to them and whether it can be exchanged.
Given the available information, the report concentrated mainly on legislation and less on operational aspects of cooperation. However, these latter aspects are crucial. Legislation can be compliant with provisions of the Decision, but practice might show a different picture. In general, Member States have not made a distinction in legislation between EU level and international cooperation.
Member States can be largely considered as legally compliant with most of the key requirements of the Decision: legal provisions set out FIU functions and allowing for cooperation with FIUs of a different legal status. However, there seems to be lack of clarity about the applicable legal framework on FIU related data protection issues. More clarity will be brought into the data protection context when the proposed Framework Decision on Data Protection for Law Enforcement Purposes will be formally adopted and implementation work will be undertaken by Member States. In that context, the necessity for complementary measures will be assessed. There may also be a need to improve common knowledge on relevant data protection provisions applicable to FIUs and consideration might be given to discussing the development of guidelines.
More questions arise in relation to the practice linked to implementation of Art. 4(2) of the Decision where many administrative FIUs cannot exchange police information or can provide such information only after a long delay. Some law enforcement FIUs might not be able to provide certain crucial information from their databases to administrative entities. Many difficulties arise because there is no common understanding of what information is accessible to FIUs and what "relevant information" is to be exchanged. This lack of clarity can lead to miscommunication and misunderstandings.
On this basis, it is suggested that EU FIUs, as a first step, consider identifying good practice on the information nationally accessible for FIUs. Moreover, it has to be emphasised that access to additional financial information and the ability to exchange such information is essential for efficient FIU activity.
As modalities for information exchange seem to be mainly implemented at a more operational level, it is difficult to judge the exact level of implementation on the basis of replies received. It could be considered whether a model Memorandum of Understanding could be promoted among EU FIUs to facilitate information exchange at EU level and to encourage multilateral cooperation.
It is essential to strengthen operational cooperation among EU FIUs. This could be assisted through the work undertaken in the EU FIU Platform and through a well defined FIU.NET project providing for operationally efficient cooperation. The work undertaken in the EU FIU Platform can be considered as a valuable starting point.
There may be a need to consider whether to bring provisions of the Decision up-to-date covering the area of counter-terrorism financing and providing for the same level of requirements for all FIUs, irrespectively of their legal status.
 The scope of the Decision is limited to cooperation for anti- money laundering purposes, but in practice FIU cooperation also covers counter terrorist financing (CFT). 12 Member States reported that their FIUs have a mandate in CFT.
 The Egmont Group is the coordinating body for the international group of FIUs formed in 1995 to promote and enhance international cooperation in anti-money laundering (AML) and more lately in CFT. All EU FIUs are members of the Egmont Group.
 The FATF is the key international standard setter in the AML and CFT area that set key requirements for FIUs through Recommendations 26, 30, 32 and 40.
 «The fight against terrorist financing» 16089/04 of 14th December 2004 (Council Document)
 Directive 2005/60/EC on the prevention of the use of the financial system for the purpose of money laundering and terrorist financing
 Regulation (EC) No 1889/2005 on controls of cash entering or leaving the Community
 Council of Europe Convention (n°198) on Laundering, Search, Seizure and Confiscation of the Proceeds from Crime and on the Financing of Terrorism
 Concerning Art. 8, communications were made by 5 Member States. UK reported of the implementation of Art. 10.
 Definition adopted at the Egmont Group Plenary meeting in 1996 and amended in June 2004.
 The present report only focuses on the core function of dissemination in the context of FIU cooperation and does not analyses the aspect of dissemination to law enforcement agencies and other competent authorities such as supervisory bodies.
 It is important to note that the information exchanged among FIUs always pertain to suspicion, thus there is no overlapping with other forms or channels of European cooperation (e.g. Europol).
 Principles for Information Exchange between FIUs for ML and TF cases, The Hague, 13 June 2001
 Directive 95/46/EC of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ L 281, 23.11.1995
 Convention No 108 of the Council of Europe for the Protection of Individuals with regard to Automatic Processing of Personal Data (of 1981)
 Recommendation No R(87)15 of 15 September 1987 Regulating the Use of Personal Data in the Police Sector
 Political agreement on the proposal was reached at the JAI Council of 8 and 9th November 2007.
 Informal Platform of EU FIUs created by the Commission in 2006 to discuss implementation aspects of the Third Anti-Money Laundering Directive relevant to FIUs.