Legal provisions of COM(2018)213 - Rules facilitating the use of financial and other information for the prevention, detection, investigation or prosecution of certain criminal offences - Main contents
Please note
This page contains a limited version of this dossier in the EU Monitor.
dossier | COM(2018)213 - Rules facilitating the use of financial and other information for the prevention, detection, investigation or prosecution of ... |
---|---|
document | COM(2018)213 |
date | June 20, 2019 |
Contents
- CHAPTER I - GENERAL PROVISIONS
- Article 1 - Subject matter
- Article 2 - Definitions
- Article 3 - Designation of competent authorities
- CHAPTER II - ACCESS BY COMPETENT AUTHORITIES TO BANK ACCOUNT INFORMATION
- Article 4 - Access to and searches of bank account information by competent authorities
- Article 5 - Conditions for access and for searches by competent authorities
- Article 6 - Monitoring access and searches by competent authorities
- CHAPTER III - EXCHANGE OF INFORMATION BETWEEN COMPETENT AUTHORITIES AND FIUS, AND BETWEEN FIUS
- Article 7 - Requests for information by competent authorities to an FIU
- Article 8 - Requests of information by an FIU to competent authorities
- Article 9 - Exchange of information between FIUs of different Member States
- Article 10 - Exchange of information between competent authorities of different Member States
- CHAPTER IV - EXCHANGE OF INFORMATION WITH EUROPOL
- Article 11 - Provision of bank account information to Europol
- Article 12 - Exchange of information between Europol and FIUs
- Article 13 - Detailed arrangements for the exchange of information
- Article 14 - Data protection requirements
- CHAPTER V - ADDITIONAL PROVISIONS RELATED TO THE PROCESSING OF PERSONAL DATA
- Article 15 - Scope
- Article 16 - Processing of sensitive personal data
- Article 17 - Records of information requests
- Article 18 - Restrictions to data subjects’ rights
- CHAPTER VI - FINAL PROVISIONS
- Article 19 - Monitoring
- Article 20 - Relationship to other instruments
- Article 21 - Evaluation
- Article 22 - Committee procedure
- Article 23 - Transposition
- Article 24 - Repeal of Decision 2000/642/JHA
- Article 25 - Entry into force
- Article 26 - Addressees
CHAPTER I - GENERAL PROVISIONS
Article 1 - Subject matter
2. This Directive is without prejudice to:
(a) | Directive (EU) 2015/849 and the related provisions of national law, including the organisational status conferred on FIUs under national law as well as their operational independence and autonomy; |
(b) | channels for the exchange of information between competent authorities or the powers of competent authorities under Union or national law to obtain information from obliged entities; |
(c) | Regulation (EU) 2016/794; |
(d) | the obligations resulting from Union instruments on mutual legal assistance or on mutual recognition of decisions regarding criminal matters and from Framework Decision 2006/960/JHA. |
Article 2 - Definitions
(1) | ‘centralised bank account registries’ means the centralised automated mechanisms, such as central registries or central electronic data retrieval systems, put in place in accordance with Article 32a(1) of Directive (EU) 2015/849; |
(2) | ‘Asset Recovery Offices’ means the national offices set up or designated by each Member State pursuant to Decision 2007/845/JHA; |
(3) | ‘Financial Intelligence Unit (“FIU”)’ means an FIU as established pursuant to Article 32 of Directive (EU) 2015/849; |
(4) | ‘obliged entities’ means the entities set out in Article 2(1) of Directive (EU) 2015/849; |
(5) | ‘financial information’ means any type of information or data, such as data on financial assets, movements of funds or financial business relationships, which is already held by FIUs to prevent, detect and effectively combat money laundering and terrorist financing; |
(6) | ‘law enforcement information’ means:
such information can be, inter alia, criminal records, information on investigations, information on the freezing or seizure of assets or on other investigative or provisional measures and information on convictions and on confiscations; |
(7) | ‘bank account information’ means the following information on bank and payment accounts and safe-deposit boxes contained in the centralised bank account registries:
|
(8) | ‘money laundering’ means the conduct defined in Article 3 of Directive (EU) 2018/1673 of the European Parliament and of the Council (14); |
(9) | ‘associated predicate offences’ means the offences referred to in point (1) of Article 2 of Directive (EU) 2018/1673; |
(10) | ‘terrorist financing’ means the conduct defined in Article 11 of Directive (EU) 2017/541 of the European Parliament and of the Council (15); |
(11) | ‘financial analysis’ means the results of operational and strategic analysis that has already been carried out by the FIUs in the performance of their tasks, pursuant to Directive (EU) 2015/849; |
(12) | ‘serious criminal offences’ means the forms of crime listed in Annex I to Regulation (EU) 2016/794. |
Article 3 - Designation of competent authorities
2. Each Member State shall designate, among its authorities competent for the prevention, detection, investigation or prosecution of criminal offences, the competent authorities that can request and receive financial information or financial analysis from the FIU.
3. Each Member State shall notify the Commission of its competent authorities designated pursuant to paragraphs 1 and 2 by 2 December 2021, and shall notify the Commission of any amendment thereto. The Commission shall publish the notifications in the Official Journal of the European Union.
CHAPTER II - ACCESS BY COMPETENT AUTHORITIES TO BANK ACCOUNT INFORMATION
Article 4 - Access to and searches of bank account information by competent authorities
2. The additional information that Member States consider essential and include in the centralised bank account registries pursuant to Article 32a(4) of Directive (EU) 2015/849 shall not be accessible and searchable by competent authorities pursuant to this Directive.
Article 5 - Conditions for access and for searches by competent authorities
2. Member States shall ensure that staff of the designated competent authorities maintain high professional standards of confidentiality and data protection, that they are of high integrity and are appropriately skilled.
3. Member States shall ensure that technical and organisational measures are in place to ensure the security of the data to high technological standards for the purposes of the exercise by competent authorities of the power to access and search bank account information in accordance with Article 4.
Article 6 - Monitoring access and searches by competent authorities
(a) | the national file reference; |
(b) | the date and time of the query or search; |
(c) | the type of data used to launch the query or search; |
(d) | the unique identifier of the results; |
(e) | the name of the designated competent authority consulting the registry; |
(f) | the unique user identifier of the official who made the query or performed the search and, where applicable, of the official who ordered the query or search and, as far as possible, the unique user identifier of the recipient of the results of the query or search. |
2. The data protection officers for the centralised bank account registries shall check the logs regularly. The logs shall be made available, on request, to the competent supervisory authority established in accordance with Article 41 of Directive (EU) 2016/680.
3. The logs shall be used only for data protection monitoring, including checking the admissibility of a request and the lawfulness of data processing, and for ensuring data security. They shall be protected by appropriate measures against unauthorised access and shall be erased five years after their creation, unless they are required for monitoring procedures that are ongoing.
4. Member States shall ensure that authorities operating centralised bank account registries take appropriate measures so that staff are aware of applicable Union and national law, including the applicable data protection rules. Such measures shall include specialised training programmes.
CHAPTER III - EXCHANGE OF INFORMATION BETWEEN COMPETENT AUTHORITIES AND FIUS, AND BETWEEN FIUS
Article 7 - Requests for information by competent authorities to an FIU
2. Where there are objective grounds for assuming that the provision of such information would have a negative impact on ongoing investigations or analyses, or, in exceptional circumstances, where disclosure of the information would be clearly disproportionate to the legitimate interests of a natural or legal person or irrelevant with regard to the purposes for which it has been requested, the FIU shall be under no obligation to comply with the request for information.
3. Any use for purposes beyond those originally approved shall be made subject to the prior consent of that FIU. FIUs shall appropriately explain any refusal to reply to a request made under paragraph 1.
4. The decision on conducting the dissemination of information shall remain with the FIU.
5. The designated competent authorities may process the financial information and financial analysis received from the FIU for the specific purposes of preventing, detecting, investigating or prosecuting serious criminal offences other than the purposes for which personal data are collected in accordance with Article 4(2) of Directive (EU) 2016/680.
Article 8 - Requests of information by an FIU to competent authorities
Article 9 - Exchange of information between FIUs of different Member States
2. Member States shall ensure that in the cases referred to in paragraph 1 and subject to their operational limitations, FIUs endeavour to exchange such information promptly.
Article 10 - Exchange of information between competent authorities of different Member States
Each Member State shall ensure that its designated competent authorities use the financial information or financial analysis exchanged pursuant to this Article only for the purpose for which it was sought or provided.
Each Member State shall ensure that any dissemination of financial information or financial analysis obtained by its designated competent authorities from the FIU of that Member State to any other authority, agency or department or any use of that information for purposes other than those originally approved is made subject to the prior consent of the FIU providing the information.
2. Member States shall ensure that a request made pursuant to this Article and its response are transmitted using dedicated secure electronic communications ensuring a high level of data security.
CHAPTER IV - EXCHANGE OF INFORMATION WITH EUROPOL
Article 11 - Provision of bank account information to Europol
Article 12 - Exchange of information between Europol and FIUs
2. Article 32(5) of Directive (EU) 2015/849 and Article 7(6) and (7) of Regulation (EU) 2016/794 apply to the exchanges made pursuant to this Article.
3. Member States shall ensure that any failure to comply with a request is appropriately explained.
Article 13 - Detailed arrangements for the exchange of information
(a) | SIENA or its successor, in the language applicable to SIENA; or |
(b) | where applicable, FIU.Net or its successor. |
2. Member States shall ensure that the exchange of information under Article 12 is carried out in a timely manner and that in that regard the requests for information made by Europol are treated as if they originate from another FIU.
Article 14 - Data protection requirements
2. Europol shall inform the data protection officer appointed in accordance with Article 41 of Regulation (EU) 2016/794 of each exchange of information pursuant to Articles 11, 12 and 13 of this Directive.
CHAPTER V - ADDITIONAL PROVISIONS RELATED TO THE PROCESSING OF PERSONAL DATA
Article 15 - Scope
Article 16 - Processing of sensitive personal data
2. Only staff who have been specifically trained and who have been specifically authorised by the controller may access and process the data referred to in paragraph 1 under the guidance of the data protection officer.
Article 17 - Records of information requests
(a) | the name and contact details of the organisation and of the staff member requesting the information and, as far as possible, of the recipient of the results of the query or search; |
(b) | the reference to the national case in relation to which the information is requested; |
(c) | the subject matter of the requests; and |
(d) | any executing measures of such requests. |
The records shall be kept for a period of five years after their creation and shall be used solely for the purpose of checking the lawfulness of the processing of personal data. The authorities concerned shall make all records available to the national supervisory authority upon its request.
Article 18 - Restrictions to data subjects’ rights
CHAPTER VI - FINAL PROVISIONS
Article 19 - Monitoring
2. By 1 February 2020, the Commission shall establish a detailed programme for monitoring the outputs, results and impact of this Directive.
That programme shall set out the means by which, and the intervals at which, the data and other necessary evidence will be collected. It shall specify the action to be taken by the Commission and by the Member States in collecting and analysing the data and other evidence.
Member States shall provide the Commission with the data and other evidence necessary for the monitoring.
3. In any event, the statistics referred to in paragraph 1 shall include the following information:
(a) | the number of searches carried out by designated competent authorities in accordance with Article 4; |
(b) | data measuring the volume of requests issued by each authority under this Directive, the follow-up given to those requests, the number of cases investigated, the number of persons prosecuted and the number of persons convicted for serious criminal offences, where such information is available; |
(c) | data measuring the time it takes an authority to respond to a request after the receipt of the request; |
(d) | if available, data measuring the cost of human or IT resources that are dedicated to domestic and cross-border requests falling under this Directive. |
4. Member States shall organise the production and gathering of the statistics and shall transmit the statistics referred to in paragraph 3 to the Commission on an annual basis.
Article 20 - Relationship to other instruments
2. This Directive is without prejudice to any obligations and commitments of Member States or of the Union under existing bilateral or multilateral agreements with third countries.
3. Without prejudice to the division of competences between the Union and the Member States, in accordance with Union law, Member States shall notify the Commission of their intention to enter into negotiations on, and to conclude, agreements between Member States and third countries that are contracting parties of the European Economic Area on matters falling within the scope of Chapter II of this Directive.
If, within two months of receipt of notification of a Member State’s intention to enter into the negotiations referred to in the first subparagraph, the Commission concludes that the negotiations are likely to undermine relevant Union policies or to lead to an agreement which is incompatible with Union law, it shall inform the Member State accordingly.
Member States shall keep the Commission regularly informed of any such negotiations and, where appropriate, invite the Commission to participate as an observer.
Member States shall be authorised to apply provisionally or to conclude agreements referred to in the first subparagraph, provided that they are compatible with Union law and do not harm the object and purpose of the relevant policies of the Union. The Commission shall adopt such authorisation decisions by implementing acts. Those implementing acts shall be adopted in accordance with the advisory procedure referred to in Article 22.
Article 21 - Evaluation
2. In accordance with Article 65(2) of Directive (EU) 2015/849, the Commission shall assess the obstacles to and opportunities for enhancing cooperation between FIUs in the Union, including the possibility and appropriateness of establishing a coordination and support mechanism.
3. By 2 August 2024, the Commission shall issue a report to the European Parliament and to the Council to assess the need for, and proportionality of, extending the definition of financial information to any type of information or data which are held by public authorities or by obliged entities and which are available to FIUs without the taking of coercive measures under national law, and shall present a legislative proposal, if appropriate.
4. By 2 August 2024, the Commission shall carry out an assessment of the opportunities and challenges regarding an extension of the exchange of financial information or financial analysis between FIUs within the Union to cover exchanges relating to serious criminal offences other than terrorism or organised crime associated with terrorism.
5. No sooner than 2 August 2027, the Commission shall carry out an evaluation of this Directive and present a report on the main findings to the European Parliament and the Council. The report shall also include an evaluation of how fundamental rights and principles recognised by the Charter of Fundamental Rights of the European Union have been respected.
6. For the purposes of paragraphs 1 to 4 of this Article, Member States shall provide the Commission with necessary information. The Commission shall take into account the statistics submitted by Member States under Article 19 and may request additional information from Member States and supervisory authorities.
Article 22 - Committee procedure
2. Where reference is made to this paragraph, Article 4 of Regulation (EU) No 182/2011 shall apply.
Article 23 - Transposition
When Member States adopt those provisions, they shall contain a reference to this Directive or shall be accompanied by such a reference on the occasion of their official publication. The methods of making such reference shall be laid down by Member States.
Member States shall communicate to the Commission the text of the main provisions of national law which they adopt in the field covered by this Directive.