This document is an excerpt from the EUR-Lex website
Document 52021PC0429
Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Directive (EU) 2019/1153 of the European Parliament and of the Council, as regards access of competent authorities to centralised bank account registries through the single access point
Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Directive (EU) 2019/1153 of the European Parliament and of the Council, as regards access of competent authorities to centralised bank account registries through the single access point
Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Directive (EU) 2019/1153 of the European Parliament and of the Council, as regards access of competent authorities to centralised bank account registries through the single access point
COM/2021/429 final
EUROPEAN COMMISSION
Brussels, 20.7.2021
COM(2021) 429 final
2021/0244(COD)
Proposal for a
DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
amending Directive (EU) 2019/1153 of the European Parliament and of the Council, as regards access of competent authorities to centralised bank account registries through the single access point
{SWD(2021) 210 final}
EXPLANATORY MEMORANDUM
1.CONTEXT OF THE PROPOSAL
•Reasons for and objectives of the proposal
As stressed in the EU strategy to tackle organised crime 2021-2025 1 , the European Union needs to step up the fight against criminal finances. Organised crime groups use their substantial illegal profits to infiltrate the legal economy and public institutions, eroding the rule of law and fundamental rights and undermining people’s right to safety and their trust in public authorities. Illegal revenues generated by criminal activities in the EU amounted to €139 billion in 2019 2 , corresponding to 1% of its gross domestic product. Despite the development of a legal framework for asset recovery at EU and national level, only a small percentage of instrumentalities and proceeds of crime is confiscated 3 .
Swift access to financial information is key to effective financial investigations and successfully tracing and confiscating the instrumentalities and proceeds of crime. In this regard, it is vital to know who holds a bank account in a Member State other than that carrying out the investigation: not only to be able to establish which Member State freezing and confiscation orders are to be sent to 4 , but also to give investigators potentially crucial leads. However, in order for authorities responsible for preventing, detecting, investigating or prosecuting criminal offences in one Member State to obtain information on subjects of an investigation who hold bank accounts in another Member State, they currently have to collect the information via police cooperation or judicial cooperation channels. This is an often burdensome and time-consuming process that hampers speedy access to the information, as shown in Annex 7 of the Impact Assessment accompanying the package of Commission legislative proposals regarding Anti-Money Laundering and Countering Financing of Terrorism (AML/CFT), and law enforcement.
Pursuant to Article 32a of the (fifth) anti-money laundering directive 5 , Member States are to put in place centralised automated mechanisms, such as central registers or central electronic data retrieval systems, to allow the identification of any natural or legal persons holding or controlling payment accounts, bank accounts and safe-deposit boxes.
Directive (EU) 2019/1153 6 already at present requires Member States to designate authorities competent for the prevention, detection, investigation or prosecution of criminal offences in order for them to access and search the centralised automated mechanisms (referred to in Directive (EU) 2019/1153 as centralised bank account registries, term used hereafter). It also requires them to include asset recovery offices among their designated competent authorities and enables Member States to designate tax authorities and anti-corruption agencies as competent authorities to the extent that these are competent for the prevention, detection, investigation or prosecution of criminal offences under national law. The deadline for transposing the Directive is 1 August 2021.
Pursuant to the Commission’s proposal for a new anti-money laundering directive, which is being presented alongside this proposal, Member States shall ensure that the information from centralised bank account registries is available through the bank account registers (BAR) single access point to be developed and operated by the Commission 7 . By interconnecting centralised bank account registries, authorities with access to the BAR single access point would be able to establish quickly whether an individual holds bank accounts in other Member States without having to ask all their counterparts in all Member States. In line with its legal basis (Article 114 of the Treaty on the Functioning of the European Union (TFEU)), the new anti-money laundering directive will provide access to the BAR single access point only to financial intelligence units (FIUs), the national body which receives suspicious transaction reports from obliged entities 8 and forwards them, as appropriate, to criminal investigation authorities. However, in the interest of combatting serious crime and, in particular, carrying out effective financial investigations authorities competent for the prevention, detection, investigation or prosecution of criminal offences also need to have access to the BAR single access point allowing them to identify, analyse and interpret the financial information relevant for criminal proceedings.
The present proposal seeks to extend access to the BAR single access point, as introduced by the new anti-money laundering directive, to the authorities competent for the prevention, detection, investigation or prosecution of criminal offences that are designated as competent authorities pursuant to Article 3(1) of Directive (EU) 2019/1153.
•Consistency with existing policy provisions in the policy area
This proposal complements the provisions on the BAR single access point included in the Commission proposal for the new anti-money laundering directive.
The basis for the anti-money laundering framework (Article 114 TFEU) relates to the internal market and the aim is to prevent the use of the Union’s financial system for the purposes of money laundering and terrorist financing. This proposal complements and builds on the preventive side of policies to counter money laundering and terrorist financing, and reinforces the legal framework from the point of view of law enforcement cooperation.
This proposal is in line with the action plan for a comprehensive Union policy on preventing money laundering and terrorist financing adopted by the Commission in May 2020 9 . The action plan emphasises that the Union-wide interconnection of centralised bank account registries is necessary to speed up FIUs’ and law enforcement authorities’ access to bank account information and to facilitate cross-border cooperation. The EU Security Union Strategy (July 2020) 10 also stresses that such interconnection could significantly speed up FIUs’ and competent authorities’ access to the financial information. The new EU strategy to tackle organised crime signals that the Commission will revise Directive (EU) 2019/1153 in order to provide law enforcement authorities with access to the future platform interconnecting centralised bank account registries across the Union.
•Consistency with other Union policies
The proposed directive is in line with the Union’s policy aims, in particular the fight against serious crime as well as with the framework to prevent money laundering and terrorism financing, including the new anti-money laundering package.
2.LEGAL BASIS, SUBSIDIARITY AND PROPORTIONALITY
•Legal basis
In line with the legal basis used to adopt the legal act being amended, i.e. Directive (EU) 2019/1153, the legal basis of the proposed Directive is Article 87(2) TFEU. That provision enables the Union to take measures on police cooperation involving the Member States’ competent authorities (including police, customs and other specialised law enforcement services), in particular as regards the collection, storage and exchange of information relevant for the prevention, detection and investigation of criminal offences.
•Subsidiarity (for non-exclusive competence)
In accordance with the principle of subsidiarity as set out in Article 5(3) of the Treaty on European Union (TEU), the objectives of the proposal cannot be sufficiently achieved by Member States alone and can therefore be better achieved at Union level. The proposal does not go beyond what is necessary to achieve those objectives.
Organised crime groups often operate across borders, inter alia in order to hide and reinvest their illegally obtained assets. The threat of organised crime groups channelling their illicit profits to infiltrate the economy affects the Union as a whole and therefore requires an EU-level response.
•Proportionality
In accordance with the principle of proportionality, as set out in Article 5(4) TEU, this proposal is limited to what is necessary and proportionate in order to facilitate the use and sharing of relevant financial information by the public authorities that have a duty to protect Union citizens.
Directive (EU) 2019/1153 gives access to a limited set of information only (e.g. the owner’s name, bank account number), which is strictly necessary to ascertain whether the subject of an investigation holds an account with a bank and with which banks. The same limitation will also apply in relation to the access and search possibilities, through the BAR single access point, created by the present proposal.
Accordingly, competent authorities of other Member States will be able to directly access and search the following limited set of information through the BAR single access point (see Article 4(2) in conjunction with Article 2(7) of Directive (EU) 2019/1153; see also Article 32a(3) of the current Anti-Money Laundering Directive, as well as Article 14(3) of the proposed new Anti-Money Laundering Directive and Article 18(1) of proposed new Anti-Money Laundering Regulation):
·for the customer-account holder and any person purporting to act on behalf of the customer: the name, complemented by either the other identification data required or a unique identification number;
·for the beneficial owner of the customer-account holder: the name, complemented by either the other identification data required or a unique identification number;
·for the bank or payment account: the International Bank Account Number (IBAN) and the date of account opening and closing;
·for the safe-deposit box: name of the lessee complemented by either the other identification data required under or a unique identification number and the duration of the lease period.
Pursuant to the measures hereby proposed, authorities competent for the prevention, detection, investigation or prosecution of criminal offences will therefore still not be able to access and search sensitive data, such as information on transactions or the accounts balance. Only information strictly required to identify a holder of a bank or payment account or a safe deposit box will be made accessible through the BAR single access point. Once the authorities identify, by virtue of the access provided under this proposal, with which financial institution the subject of an investigation holds a bank account in another Member State, they will, where deemed necessary, have to request further information (e.g. a list of transactions) via appropriate police or judicial cooperation channels.
•Choice of instrument
This proposal takes the form of a directive, as it involves amending Directive (EU) 2019/1153.
3.RESULTS OF EX-POST EVALUATIONS, STAKEHOLDER CONSULTATIONS AND IMPACT ASSESSMENTS
•Views from other Institutions and stakeholder consultations
In the June 2020 Council conclusions on enhancing financial investigations to fight serious and organised crime 11 , Member States called on the Commission to consider further enhancing the legal framework by interconnecting national centralised bank account registries so as to speed up access to financial information and facilitate cross-border cooperation between competent authorities across the Union.
in its resolution of 10 July 2020 12 , the European Parliament welcomed the Commission’s plan to ensure interconnection of centralised bank account registries in order to speed up access to financial information for law enforcement authorities’ and FIUs’ access to financial information in different investigation phases and facilitate cross-border cooperation in full compliance with applicable data protection rules.
In the course of preparing this proposal, the Commission consulted asset recovery offices in meetings of the Asset Recovery Offices Platform and through an informal and targeted consultation. They fully supported the initiative.
•Impact assessment
The proposal is supported by the impact assessment on the proposed new anti-money laundering package (in particular its Annex 7 on the interconnection of bank account registries), on which the Regulatory Scrutiny Board issued a positive opinion on 4 December 2020. A staff working document, which is annexed to the proposal, further analyses the situation and the impacts of enlarging the access to the interconnected system of centralised bank account registries also to the authorities competent for the prevention, detection, investigation or prosecution of criminal offences designated under Directive 2019/1153.
•Fundamental rights
This proposal will provide clearly designated authorities competent for the prevention, detection, investigation or prosecution of criminal offences with access to the interconnected system of centralised bank account registries, the BAR single access point. This will allow them to establish quickly whether an individual holds bank accounts in other Member States, without having to request to all their counterparts in all EU Member States.
The centralised bank account registries centralise personal data relating to legal and natural persons. Extending access to the BAR single access point will therefore have an impact on the fundamental rights of the data subjects, in particular with the right to privacy and the right to the protection of personal data (Articles 7 and 8, respectively, of the Charter of Fundamental Rights of the European Union (‘Charter’)).
Any resulting limitations on the exercise of the rights and freedoms recognised by the Charter, in particular those laid down in its Articles 7 and 8, comply with the requirements set by the Charter, in particular those of its Article 52(1).
The limitation is provided for by law and is justified by the need to pursue an objective of general interest recognised by the Union, namely, combating serious crime.
Furthermore, the essence of the rights and freedoms in question are respected and the limitations are proportionate to the objective pursued.
With regard to the right to privacy, the impact is limited, especially as this proposal does not require the collection of additional account-holder data and considering that the information from other Member States that is accessible via the BAR single access point can already be obtained through police and judicial cooperation channels. Moreover, the interference with the right to privacy will be relatively limited in terms of gravity as the accessible and searchable data does not cover financial transactions or account balance. It will cover a limited set of information (e.g. the owner’s name and bank account number), as strictly required by the competent authority of a given Member State to establish with which bank(s) in other Member States the subject of an investigation holds an account.
With regard to the protection of personal data of natural persons, information on bank accounts can constitute personal data and access to this data by authorities competent for the prevention, detection, investigation or prosecution of criminal offences authorities would constitute processing of personal data. The processing of data from the centralised bank account registries accessed and searched by these authorities through the BAR single access point would be subject to the national laws transposing Directive (EU) 2016/680, as is presently the case for data accessed and searched on the basis of Directive (EU) 2019/1153 as it stands at present.
In addition, the safeguards and limitations already provided for in Directive (EU) 2019/1153 will also apply in respect of any direct access or search by designated authorities to or in centralised bank account registries of other Member States through the BAR single access point. It concerns in particular the safeguards and limitations provided for in Articles 3, 4, 5 and 6 of that Directive, which notably provide for the following:
·only authorities competent for the prevention, detection, investigation or prosecution of criminal offences that have been designated by Member States will be able to access and search the centralised bank account registries, including through the BAR single access point (Article 3(1) in conjunction with the new Article 4(1a) of the Directive).
·the power to access and search the centralised bank account registries, including through the BAR single access points is granted only for the purpose of prevention, detecting, investigating or prosecuting ‘serious criminal offences’ or supporting a criminal investigation concerning ‘serious criminal offences’ (Article 4(1) and new (1a) of the Directive). Serious criminal offences in this context refer to the forms of crime listed in Annex I to Regulation (EU) 2016/794 13 (Article 2(12) of the Directive).
·as set out above, only a limited set of the information in the centralised bank account registries, as strictly required to ascertain whether the subject of an investigation holds an account with a bank and with which banks, is accessible and searchable, including through the BAR single access point (e.g. the owner’s name and bank account number) (Article 4(2) in conjunction with Article 2(7)).
·access and searches, including when conducted through the BAR single access point, have to be performed case by case by specifically designated and authorised staff in each competent authority (Article 5(1) and (2)). Member States must put measures in place to ensure the security of the data to high technological standards for the purposes of accessing and searching bank account information (Article 5(3)).
·logs of any access and searches, including when conducted through the BAR single access point, have to be kept (Article 6(1)). These logs have to be checked regularly by the data protection officers for the centralised bank account registries, and made available, on request, to the competent supervisory authority (Article 6(2)). The logs may be kept for data protection monitoring only, must be protected by appropriate measures against unauthorised access and must be erased 5 years after their creation, unless they are required for monitoring procedures (Article 6(3)).
4.BUDGETARY IMPLICATIONS
The proposal has no implications for the EU budget.
5.OTHER ELEMENTS
•Implementation plans and monitoring, evaluation and reporting arrangements
The act to be amended (Directive (EU) 2019/1153) already provides for appropriate monitoring, reporting and evaluation.
•Explanatory documents (for directives)
The proposal does not require explanatory documents for transposition.
•Detailed explanation of the specific provisions of the proposal
Article 1 amends Article 4 of Directive (EU) 2019/1153 and provides designated authorities competent for the prevention, detection, investigation or prosecution of criminal offences with the possibilities to directly access and search centralised bank account registries of other Member States through the BAR single access point.
Article 2 sets the deadline for the Member States’ transposition of the new directive.
2021/0244 (COD)
Proposal for a
DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
amending Directive (EU) 2019/1153 of the European Parliament and of the Council, as regards access of competent authorities to centralised bank account registries through the single access point
THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,
Having regard to the Treaty on the Functioning of the European Union, and in particular Article 87(2) thereof,
Having regard to the proposal from the European Commission,
After transmission of the draft legislative act to the national parliaments,
Having regard to the opinion of the European Economic and Social Committee 14 ,
Having regard to the opinion of the Committee of the Regions 15 ,
Acting in accordance with the ordinary legislative procedure,
Whereas:
(1)Facilitating access to financial information is necessary to prevent, detect, investigate or prosecute serious crime, including terrorism. In particular, swift access to financial information is essential for carrying out effective criminal investigations and for successfully tracing and subsequently confiscating instrumentalities and proceeds of crime.
(2)Directive (EU) 2019/1153 of the European Parliament and of the Council 16 enables authorities competent for the prevention, detection, investigation or prosecution of criminal offences designated by Member States to access and search, subject to certain safeguards and limitations, bank account information. Directive (EU) 2019/1153 defines bank account information as certain information contained in the centralised automated mechanisms that Member States set up pursuant to Directive (EU) 2015/849 of the European Parliament and of the Council 17 , referred to in Directive (EU) 2019/1153 as centralised bank account registries.
(3)The authorities designated under Directive (EU) 2019/1153 include at least the Asset Recovery Offices and can also include tax authorities and anti-corruption agencies to the extent that they are competent for the prevention, detection, investigation or prosecution of criminal offences under national law. Pursuant to that Directive, the competent authorities are empowered to directly access and search only the centralised bank account registries of the Member State that designated those authorities.
(4)Directive (EU) YYYY/XX of the European Parliament and of the Council, 18 , which replaces Directive 2015/849 of the European Parliament and of the Council 19 , and retains the key features of the system established by that Directive, provides, in addition, that the centralised automated mechanisms are interconnected via the bank account registers (BAR) single access point, to be developed and operated by the Commission. However, under Directive (EU) YYYY/XX only FIUs continue to have direct access to the centralised automated mechanisms, including through the BAR single access point.
(5)Considering the cross-border nature of organised crime and money laundering as well as the importance of relevant financial information for the purposes of combating criminal activities, including by swiftly tracing, freezing and confiscating illegally obtained assets where possible and appropriate, authorities competent for the prevention, detection, investigation or prosecution of criminal offences designated in accordance with Directive (EU) 2019/1153 should be able to directly access and search the centralised bank account registries of other Member States through the BAR single access point put in place pursuant to Directive (EU) YYYY/XX.
(6)The safeguards and limitations already established by Directive (EU) 2019/1153 should also apply in respect of the possibilities to access and search bank account information, through the BAR single access point, established by the present Directive. These safeguards and limitations include those concerning the limitation to the authorities that have the power to access and search bank account information, the purposes for which the access and search may be conducted, the types of information that are accessible and searchable, requirements applicable to the staff of the designated competent authorities, the security of the data and the logging of access and searches.
(7)Any processing of personal data by the competent authorities in connection with the access and search possibilities established by this Directive is subject to Directive (EU) 2016/680 of the European Parliament and of the Council 20 . Therefore, this Directive respects the fundamental rights and observes the principles recognised by Article 6 of the Treaty on European Union and by the Charter of Fundamental Rights of the European Union, in particular the right to respect for one’s private and family life and the right to the protection of personal data.
(8)Given that the objective of this Directive, namely to empower designated authorities competent for the prevention, detection, investigation or prosecution of criminal offences to access and search the centralised bank account registries of other Member States through the BAR single access point established by Directive (EU) YYYY/XX , cannot be sufficiently achieved by Member States, but can be better achieved at Union level, the Union may adopt measures in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality as set out in that Article, this Directive does not go beyond what is necessary in order to achieve this objective.
(9)[In accordance with Article 3 of Protocol No 21 on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, Ireland has notified its wish to take part in the adoption and application of this Directive.]
[or]
[In accordance with Articles 1 and 2 of Protocol No 21 on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, and without prejudice to Article 4 of that Protocol, Ireland is not taking part in the adoption of this Directive and is not bound by it or subject to its application.]
(10)In accordance with Articles 1 and 2 of Protocol No 22 on the position of Denmark, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, Denmark is not taking part in the adoption of this Directive and is not bound by it or subject to its application.
(11)Directive (EU) 2019/1153 should therefore be amended accordingly.
(12)The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council 21 [and delivered an opinion on XX 2021],
HAVE ADOPTED THIS DIRECTIVE:
Article 1
In Article 4 of Directive (EU) 2019/1153, the following paragraph is inserted:
“1a. Member States shall ensure that the competent national authorities designated pursuant to Article 3(1) have the power to access and search, directly and immediately, bank account information in other Member States available through the bank account registers (BAR) single access point put in place pursuant to Article XX of Directive (EU) YYYY/XX [the new Anti-Money Laundering Directive] when necessary for the performance of their tasks for the purposes of preventing, detecting, investigating or prosecuting a serious criminal offence or supporting a criminal investigation concerning a serious criminal offence, including the identification, tracing and freezing of the assets related to such investigation.”.
Article 2
1.Member States shall bring into force the laws, regulations and administrative provisions necessary to comply with this Directive by [XXYY] [transposition period to be aligned with the application date set by the new Anti-Money Laundering Directive for the application of the provisions for interconnecting the centralised automated mechanism] at the latest. They shall forthwith communicate to the Commission the text of those provisions.
When Member States adopt those provisions, they shall contain a reference to this Directive or be accompanied by such a reference on the occasion of their official publication. Member States shall determine how such reference is to be made.
2.Member States shall communicate to the Commission the text of the main provisions of national law which they adopt in the field covered by this Directive.
Article 3
This Directive shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.
Article 4
This Directive is addressed to the Member States in accordance with the Treaties.
Done at Brussels,
For the European Parliament For the Council
The President The President