This document is an excerpt from the EUR-Lex website
Document 32024L1654
Directive (EU) 2024/1654 of the European Parliament and of the Council of 31 May 2024 amending Directive (EU) 2019/1153 as regards access by competent authorities to centralised bank account registries through the interconnection system and technical measures to facilitate the use of transaction records
Directive (EU) 2024/1654 of the European Parliament and of the Council of 31 May 2024 amending Directive (EU) 2019/1153 as regards access by competent authorities to centralised bank account registries through the interconnection system and technical measures to facilitate the use of transaction records
Directive (EU) 2024/1654 of the European Parliament and of the Council of 31 May 2024 amending Directive (EU) 2019/1153 as regards access by competent authorities to centralised bank account registries through the interconnection system and technical measures to facilitate the use of transaction records
PE/44/2024/REV/1
OJ L, 2024/1654, 19.6.2024, ELI: http://data.europa.eu/eli/dir/2024/1654/oj (BG, ES, CS, DA, DE, ET, EL, EN, FR, GA, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)
In force
Official Journal |
EN L series |
2024/1654 |
19.6.2024 |
DIRECTIVE (EU) 2024/1654 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
of 31 May 2024
amending Directive (EU) 2019/1153 as regards access by competent authorities to centralised bank account registries through the interconnection system and technical measures to facilitate the use of transaction records
THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,
Having regard to the Treaty on the Functioning of the European Union, and in particular Article 87(2) thereof,
Having regard to the proposal from the European Commission,
After transmission of the draft legislative act to the national parliaments,
Acting in accordance with the ordinary legislative procedure (1),
Whereas:
(1) |
Optimising and facilitating access to financial information is necessary to prevent, detect, investigate and prosecute serious crime, including terrorism. In particular, swift access to financial information is essential for carrying out effective criminal investigations and for successfully tracing and subsequently confiscating the instrumentalities and proceeds of crime, in particular as part of investigations into organised crime and cybercrime. |
(2) |
Directive (EU) 2019/1153 of the European Parliament and of the Council (2) enables authorities designated by Member States among their authorities competent for the prevention, detection, investigation or prosecution of criminal offences to access and search, subject to certain safeguards and limitations, bank account information. Directive (EU) 2019/1153 defines bank account information as certain information contained in the centralised automated mechanisms put in place by Member States pursuant to Directive (EU) 2015/849 of the European Parliament and of the Council (3). Such centralised automated mechanisms are referred to in Directive (EU) 2019/1153 as centralised bank account registries. |
(3) |
The competent authorities designated under Directive (EU) 2019/1153 are to include at least Asset Recovery Offices and can also include tax authorities and anti-corruption agencies to the extent that they are competent for the prevention, detection, investigation or prosecution of criminal offences under national law. Pursuant to that Directive, those competent authorities are empowered to directly access and search only the centralised bank account registry of the Member State that designated them. |
(4) |
Directive (EU) 2024/1640 of the European Parliament and of the Council (4), which replaces Directive (EU) 2015/849 and retains the key features of the system established by that Directive, provides, in addition, that the centralised automated mechanisms are to be interconnected via the bank account registers interconnection system (BARIS), to be developed and operated by the Commission. However, under Directive (EU) 2024/1640, only Financial Intelligence Units (‘FIUs’) continue to have direct access to the centralised automated mechanisms, including through the BARIS. |
(5) |
Considering the cross-border nature of organised crime, of the financing of terrorism and of money laundering, and the importance of relevant financial information for the purpose of combating serious criminal offences, including, where possible and appropriate, by swiftly tracing, freezing and confiscating illegally obtained assets, competent authorities designated under Directive (EU) 2019/1153 should be able to directly access and search the centralised bank account registries of other Member States through the BARIS. |
(6) |
The safeguards and limitations established by Directive (EU) 2019/1153 should also apply to the power to access and search bank account information through the BARIS. Those safeguards and limitations concern which authorities have the power to access and search bank account information, the purposes for which bank account information can be accessed and searched, the types of information that are accessible and searchable, in line with the principle of data minimisation, requirements applicable to the staff of the competent authorities designated under Directive (EU) 2019/1153, the security of the data and the logging of access and searches. |
(7) |
Access by competent authorities designated under Directive (EU) 2019/1153 to bank account information across borders through the BARIS is based on the mutual trust among Member States derived from their respect of fundamental rights and of the principles recognised by Article 6 of the Treaty on European Union (TEU) and by the Charter of Fundamental Rights of the European Union (‘the Charter’), such as the right to respect for one’s private and family life, the right to the protection of personal data, and procedural rights, including the right to an effective remedy and to a fair trial, the presumption of innocence and the right of defence and the principles of the legality and proportionality of criminal offences and penalties, as well as the fundamental rights and principles provided for in international law and international agreements to which the Union or all the Member States are party, including the European Convention for the Protection of Human Rights and Fundamental Freedoms, and in Member States’ constitutions, in their respective fields of application. |
(8) |
Transaction records provide crucial information for criminal investigations. However, financial investigations are hampered by the fact that financial institutions and credit institutions, including crypto-asset service providers, provide authorities competent for the prevention, detection, investigation or prosecution of criminal offences with transaction records in different formats, which are not immediately ready for analysis. The cross-border nature of most investigations into serious criminal offences, the disparity of formats used for providing transaction records and difficulties in processing transaction records hamper the exchange of information among Member States’ competent authorities and the development of cross-border financial investigations. In order to improve the capacity of competent authorities to carry out financial investigations, this Directive sets out measures to ensure that financial institutions and credit institutions across the Union, including crypto-asset service providers, provide transaction records in a format that is easy for competent authorities to process and analyse. |
(9) |
The conditions and procedures under which competent authorities can request transaction records from financial institutions and credit institutions are governed by procedural rules established by national law. The harmonisation of the technical arrangements for the provision of transaction records by financial institutions and credit institutions at the request of competent authorities should not affect the national procedural rules and safeguards under which competent authorities can request transaction records. |
(10) |
In order to ensure uniform conditions for the provision of transaction records by financial institutions and credit institutions to competent authorities, implementing powers should be conferred on the Commission. Those powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council (5). |
(11) |
When implementing this Directive, Member States should consider the nature, organisational status, role and prerogatives of the authorities and bodies established under national law as responsible for preventing, detecting, investigating or prosecuting criminal offences, including the existing mechanisms to protect financial systems from money laundering and terrorist financing. |
(12) |
Any processing of personal data by competent authorities under this Directive is subject to Directive (EU) 2016/680 of the European Parliament and of the Council (6), which lays down the rules relating to the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, in accordance with a set of principles relating to the processing of personal data, in particular lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, and accountability. This Directive respects the fundamental rights and observes the principles recognised by Article 6 TEU and by the Charter, in particular the right to respect for one’s private and family life and the right to the protection of personal data. |
(13) |
Since the objectives of this Directive, namely to empower competent authorities designated under Directive (EU) 2019/1153 to access and search the centralised bank account registries of other Member States through the BARIS and to facilitate the use of transaction records by competent authorities for the prevention, detection, investigation or prosecution of serious criminal offences, cannot be sufficiently achieved by Member States, but can rather, by reason of the scale and effects of this Directive, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 TEU. In accordance with the principle of proportionality as set out in that Article, this Directive does not go beyond what is necessary in order to achieve those objectives. |
(14) |
In accordance with Article 3 and Article 4a(1) of Protocol No 21 on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice, annexed to the TEU and to the Treaty on the Functioning of the European Union (TFEU), Ireland has notified, by letter of 25 October 2021, its wish to take part in the adoption and application of this Directive. |
(15) |
In accordance with Articles 1 and 2 of Protocol No 22 on the position of Denmark, annexed to the TEU and to the TFEU, Denmark is not taking part in the adoption of this Directive and is not bound by it or subject to its application. |
(16) |
Directive (EU) 2019/1153 should therefore be amended accordingly. |
(17) |
The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council (7) and delivered its comments on 6 September 2021, |
HAVE ADOPTED THIS DIRECTIVE:
Article 1
Directive (EU) 2019/1153 is amended as follows:
(1) |
Article 1 is amended as follows:
|
(2) |
Article 2 is amended as follows:
|
(3) |
the title of Chapter II is replaced by the following: ‘ACCESS BY COMPETENT AUTHORITIES TO BANK ACCOUNT INFORMATION AND THE FORMAT OF TRANSACTION RECORDS’ ; |
(4) |
in Article 4, the following paragraphs are inserted: ‘1a. Member States shall ensure that the competent national authorities designated pursuant to Article 3(1) of this Directive have the power to access and search, directly and immediately, bank account information in other Member States available through the bank account registers interconnection system (BARIS) put in place pursuant to Article 16(6) of Directive (EU) 2024/1640 where necessary for the performance of their tasks for the purpose of preventing, detecting, investigating or prosecuting a serious criminal offence or supporting a criminal investigation concerning a serious criminal offence, including the identification, tracing and freezing of the assets related to such investigation. A Member State may limit the power to access and search bank account information through the BARIS to situations in which its competent national authorities designated pursuant to Article 3(1) have justified reasons to believe that there might be relevant bank account information in other Member States. Without prejudice to Article 4(2) of Directive (EU) 2016/680, bank account information obtained by means of accessing and searching the BARIS shall be processed only for the purpose for which it was collected. Access and searches pursuant to this paragraph shall be considered to be direct and immediate, inter alia, where the national authorities operating the central bank account registries transmit the bank account information expeditiously by an automated mechanism to competent authorities, provided that no intermediary institution is able to interfere with the requested data or the information to be provided. 1b. Access and searches pursuant to this Article shall be without prejudice to national procedural safeguards and Union and national rules on the protection of personal data.’ |
(5) |
Article 5 is amended as follows:
|
(6) |
in Article 6(1), the first sentence is replaced by the following: ‘1. Member States shall provide that the authorities operating the centralised bank account registries ensure that logs are kept each time designated competent authorities access and search bank account information in accordance with Article 4(1) and (1a).’ |
(7) |
the following article is inserted in Chapter II: ‘Article 6a Transaction records 1. Member States shall ensure that financial institutions and credit institutions, including crypto-asset service providers, comply with the technical specifications established in accordance with paragraph 2 when replying, in accordance with national law, to requests for transaction records issued by competent authorities as part of a criminal investigation, including the identification, tracing and freezing of assets related to such investigation. 2. The Commission is empowered to adopt, by means of implementing acts, technical specifications in order to establish the electronic structured format and technical means to be used for providing transaction records. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 22(3). When adopting such implementing acts, the Commission shall consider developments in relevant financial services messaging standards.’ |
(8) |
in Article 12, the following paragraph is added: ‘4. Member States shall ensure that FIUs are able to invite Europol where relevant to support them when carrying out the joint analysis referred to in Article 32 of Directive (EU) 2024/1640 and Article 40 of Regulation (EU) 2024/1620 of the European Parliament and of the Council (*6), subject to the agreement of all participating FIUs, within the limits of Europol’s mandate and for the performance of the tasks laid down in Article 4(1), points (h) and (z), of Regulation (EU) 2016/794, and without prejudice to the competences of the Authority for Anti-Money Laundering and Countering the Financing of Terrorism, as set out in Regulation (EU) 2024/1620. (*6) Regulation (EU) 2024/1620 of the European Parliament and of the Council of 31 May 2024 establishing the Authority for Anti-Money Laundering and Countering the Financing of Terrorism and amending Regulations (EU) No 1093/2010, (EU) No 1094/2010 and (EU) No 1095/2010 (OJ L, 2024/1620, 19.6.2024, ELI: http://data.europa.eu/eli/reg/2024/1620/oj).’;" |
(9) |
in Article 22, the following paragraph is added: ‘3. Where reference is made to this paragraph, Article 5 of Regulation (EU) No 182/2011 shall apply.’. |
Article 2
1. Member States shall bring into force the laws, regulations and administrative provisions necessary to comply with this Directive by 10 July 2027.
By way of derogation from the first subparagraph of this paragraph, Member States shall bring into force the laws, regulations and administrative provisions necessary to comply with Article 1, points (4) and (5), of this Directive by 10 July 2029.
They shall immediately inform the Commission thereof.
When Member States adopt those measures, they shall contain a reference to this Directive or shall be accompanied by such a reference on the occasion of their official publication. The methods of making such reference shall be laid down by Member States.
2. Member States shall communicate to the Commission the text of the main measures of national law which they adopt in the field covered by this Directive.
Article 3
This Directive shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.
Article 4
This Directive is addressed to the Member States in accordance with the Treaties.
Done at Brussels, 31 May 2024.
For the European
The President
R. METSOLA
Parliament For the Council
The President
H. LAHBIB
(1) Position of the European Parliament of 23 April 2024 (not yet published in the Official Journal) and decision of the Council of 30 May 2024.
(2) Directive (EU) 2019/1153 of the European Parliament and of the Council of 20 June 2019 laying down rules facilitating the use of financial and other information for the prevention, detection, investigation or prosecution of certain criminal offences, and repealing Council Decision 2000/642/JHA (OJ L 186, 11.7.2019, p. 122).
(3) Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC (OJ L 141, 5.6.2015, p. 73).
(4) Directive (EU) 2024/1640 of the European Parliament and of the Council of 31 May 2024 on the mechanisms to be put in place by Member States for the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Directive (EU) 2019/1937, and amending and repealing Directive (EU) 2015/849 (OJ L, 2024/1640, 19.6.2024, ELI: http://data.europa.eu/eli/dir/2024/1640/oj).
(5) Regulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 laying down the rules and general principles concerning mechanisms for control by the Member States of the Commission’s exercise of implementing powers (OJ L 55, 28.2.2011, p. 13).
(6) Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA (OJ L 119, 4.5.2016, p. 89).
(7) Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39).
ELI: http://data.europa.eu/eli/dir/2024/1654/oj
ISSN 1977-0677 (electronic edition)