(1)

Optimising and facilitating access to financial information is necessary to prevent, detect, investigate and prosecute serious crime, including terrorism. In particular, swift access to financial information is essential for carrying out effective criminal investigations and for successfully tracing and subsequently confiscating the instrumentalities and proceeds of crime, in particular as part of investigations into organised crime and cybercrime.

(2)

Directive (EU) 2019/1153 of the European Parliament and of the Council (2) enables authorities designated by Member States among their authorities competent for the prevention, detection, investigation or prosecution of criminal offences to access and search, subject to certain safeguards and limitations, bank account information. Directive (EU) 2019/1153 defines bank account information as certain information contained in the centralised automated mechanisms put in place by Member States pursuant to Directive (EU) 2015/849 of the European Parliament and of the Council (3). Such centralised automated mechanisms are referred to in Directive (EU) 2019/1153 as centralised bank account registries.

(3)

The competent authorities designated under Directive (EU) 2019/1153 are to include at least Asset Recovery Offices and can also include tax authorities and anti-corruption agencies to the extent that they are competent for the prevention, detection, investigation or prosecution of criminal offences under national law. Pursuant to that Directive, those competent authorities are empowered to directly access and search only the centralised bank account registry of the Member State that designated them.

(4)

Directive (EU) 2024/1640 of the European Parliament and of the Council (4), which replaces Directive (EU) 2015/849 and retains the key features of the system established by that Directive, provides, in addition, that the centralised automated mechanisms are to be interconnected via the bank account registers interconnection system (BARIS), to be developed and operated by the Commission. However, under Directive (EU) 2024/1640, only Financial Intelligence Units (‘FIUs’) continue to have direct access to the centralised automated mechanisms, including through the BARIS.

(5)

Considering the cross-border nature of organised crime, of the financing of terrorism and of money laundering, and the importance of relevant financial information for the purpose of combating serious criminal offences, including, where possible and appropriate, by swiftly tracing, freezing and confiscating illegally obtained assets, competent authorities designated under Directive (EU) 2019/1153 should be able to directly access and search the centralised bank account registries of other Member States through the BARIS.

(6)

The safeguards and limitations established by Directive (EU) 2019/1153 should also apply to the power to access and search bank account information through the BARIS. Those safeguards and limitations concern which authorities have the power to access and search bank account information, the purposes for which bank account information can be accessed and searched, the types of information that are accessible and searchable, in line with the principle of data minimisation, requirements applicable to the staff of the competent authorities designated under Directive (EU) 2019/1153, the security of the data and the logging of access and searches.

(7)

Access by competent authorities designated under Directive (EU) 2019/1153 to bank account information across borders through the BARIS is based on the mutual trust among Member States derived from their respect of fundamental rights and of the principles recognised by Article 6 of the Treaty on European Union (TEU) and by the Charter of Fundamental Rights of the European Union (‘the Charter’), such as the right to respect for one’s private and family life, the right to the protection of personal data, and procedural rights, including the right to an effective remedy and to a fair trial, the presumption of innocence and the right of defence and the principles of the legality and proportionality of criminal offences and penalties, as well as the fundamental rights and principles provided for in international law and international agreements to which the Union or all the Member States are party, including the European Convention for the Protection of Human Rights and Fundamental Freedoms, and in Member States’ constitutions, in their respective fields of application.

(8)

Transaction records provide crucial information for criminal investigations. However, financial investigations are hampered by the fact that financial institutions and credit institutions, including crypto-asset service providers, provide authorities competent for the prevention, detection, investigation or prosecution of criminal offences with transaction records in different formats, which are not immediately ready for analysis. The cross-border nature of most investigations into serious criminal offences, the disparity of formats used for providing transaction records and difficulties in processing transaction records hamper the exchange of information among Member States’ competent authorities and the development of cross-border financial investigations. In order to improve the capacity of competent authorities to carry out financial investigations, this Directive sets out measures to ensure that financial institutions and credit institutions across the Union, including crypto-asset service providers, provide transaction records in a format that is easy for competent authorities to process and analyse.

(9)

The conditions and procedures under which competent authorities can request transaction records from financial institutions and credit institutions are governed by procedural rules established by national law. The harmonisation of the technical arrangements for the provision of transaction records by financial institutions and credit institutions at the request of competent authorities should not affect the national procedural rules and safeguards under which competent authorities can request transaction records.

(10)

In order to ensure uniform conditions for the provision of transaction records by financial institutions and credit institutions to competent authorities, implementing powers should be conferred on the Commission. Those powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council (5).

(11)

When implementing this Directive, Member States should consider the nature, organisational status, role and prerogatives of the authorities and bodies established under national law as responsible for preventing, detecting, investigating or prosecuting criminal offences, including the existing mechanisms to protect financial systems from money laundering and terrorist financing.

(12)

Any processing of personal data by competent authorities under this Directive is subject to Directive (EU) 2016/680 of the European Parliament and of the Council (6), which lays down the rules relating to the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, in accordance with a set of principles relating to the processing of personal data, in particular lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, and accountability. This Directive respects the fundamental rights and observes the principles recognised by Article 6 TEU and by the Charter, in particular the right to respect for one’s private and family life and the right to the protection of personal data.

(13)

Since the objectives of this Directive, namely to empower competent authorities designated under Directive (EU) 2019/1153 to access and search the centralised bank account registries of other Member States through the BARIS and to facilitate the use of transaction records by competent authorities for the prevention, detection, investigation or prosecution of serious criminal offences, cannot be sufficiently achieved by Member States, but can rather, by reason of the scale and effects of this Directive, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 TEU. In accordance with the principle of proportionality as set out in that Article, this Directive does not go beyond what is necessary in order to achieve those objectives.

(14)

In accordance with Article 3 and Article 4a(1) of Protocol No 21 on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice, annexed to the TEU and to the Treaty on the Functioning of the European Union (TFEU), Ireland has notified, by letter of 25 October 2021, its wish to take part in the adoption and application of this Directive.

(15)

In accordance with Articles 1 and 2 of Protocol No 22 on the position of Denmark, annexed to the TEU and to the TFEU, Denmark is not taking part in the adoption of this Directive and is not bound by it or subject to its application.

(16)

Directive (EU) 2019/1153 should therefore be amended accordingly.

(17)

The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council (7) and delivered its comments on 6 September 2021,

(1)

Article 1 is amended as follows:

(2)

Article 2 is amended as follows:

(3)

the title of Chapter II is replaced by the following:

‘ACCESS BY COMPETENT AUTHORITIES TO BANK ACCOUNT INFORMATION AND THE FORMAT OF TRANSACTION RECORDS’

(4)

in Article 4, the following paragraphs are inserted:

(5)

Article 5 is amended as follows:

(6)

in Article 6(1), the first sentence is replaced by the following:

(7)

the following article is inserted in Chapter II:

(8)

in Article 12, the following paragraph is added:

(*6)  Regulation (EU) 2024/1620 of the European Parliament and of the Council of 31 May 2024 establishing the Authority for Anti-Money Laundering and Countering the Financing of Terrorism and amending Regulations (EU) No 1093/2010, (EU) No 1094/2010 and (EU) No 1095/2010 (OJ L, 2024/1620, 19.6.2024, ELI: http://data.europa.eu/eli/reg/2024/1620/oj).’;"

(9)

in Article 22, the following paragraph is added: