The proposed European Money Laundering database
Nicola Sharp of Rahman Ravelli details the steps being taken by the European Banking Authority to devise a central record of institutions thought to be money laundering risks.
Under new plans, financial institutions within the European Union with poor anti-money laundering (AML) controls will be placed on a centralised database.
The European Banking Authority (EBA) is to create the database in an attempt to name and shame those institutions that are not meeting their AML obligations.
The EBA, which has responsibility for creating the rules for EU bank regulation, thinks it could prove to be a key weapon in the battle against money laundering and terrorist financing. It believes the database’s main value will be its ability to act as an early warning system that helps authorities respond to risks as they appear.
The EBA also wants the database to help regulators coordinate their activities and be of value to them when they are determining where to allocate resources across borders.
Under the proposed system, the EBA intends to gather and retain information on banks that it believes are showing signs of weakness in their AML efforts. It will also retain information about how EU states’ national regulators are attempting to target the institutions that are not performing adequately when it comes to fulfilling AML commitments.
The EBA wants to hear stakeholders’ opinions on how to define such weakness and on exactly how the information that is contained in the database should be shared among officials and the general public
This month, the EBA began its public consultation on draft Regulatory Technical Standards (RTS) on a central database. The consultation period ends on June 17. Comments on the consultation paper can be sent via the EBA’s website. The draft RTS includes the rules that have been created to ensure both the effectiveness of the database and the confidentiality of the data that it contains.
The revised EBA Regulation, which came into effect in January 2020, requires the EBA to create and maintain the database.
The EBA conducted a Data Protection Impact Assessment (DPIA), in accordance with Article 35 of Regulation (EU) 2018/1725 (EUDPR), regarding the risks relating to processing personal data and the need to establish controls to reduce any related problems.