Annexes to COM(2007)827 - Implementation of the Council Decision of 17 October 2000 concerning arrangements for cooperation between financial intelligence units of the Member States in respect of exchanging information (2000/642/JHA)

Please note

This page contains a limited version of this dossier in the EU Monitor.

dossier COM(2007)827 - Implementation of the Council Decision of 17 October 2000 concerning arrangements for cooperation between financial ...
document COM(2007)827 EN
date December 20, 2007
agreements can be a way of implementing the provisions of the Decision without legislative action.

16 Member States (DE, FR, SE, BE, EE, ES, EL, FI, LV, NL, PT, RO, PL, IT, MT, CZ) have declared that they have MoUs with other countries. Some stated (DE, FR, SE, CZ, IT, MT, EE) that they are not required to use such agreements. PL legislation would appear to contain a limitation by providing for foreign information exchange "on a reciprocal basis in the form laid down in bilateral agreements." No concrete information was provided from HU, UK, SI, LU, DK, SK, CY, AT, LT, BG, IE on this aspect.

CONFIDENTIALITY AND DATA PROTECTION

Many Member States confirmed paying close attention to confidentiality and complying with strict national data protection legislation which means that general data protection legislation is applicable to FIUs. Some Member States also referred to the EU Data Protection Directive[14].

14. Use of information obtained - Art.5(1-3)

Some Member States (LU, MT, PL, CZ, HU, FR, ES, SI, FI, RO, LV) reported a general provision that domestically and/or internationally received information should be used for AML (and CFT) purposes. Few Member States (DE, SE, NL) declared that information can only be used for commonly agreed purposes, respecting restrictions of counterparts. No concrete information was provided from 13 Member States on these aspects.

To ascertain that the information once obtained can really serve criminal investigations or prosecutions in money laundering, Art.5(3) requires that in these cases, the transmitting Member State may not refuse its consent, unless it does so on the basis of restrictions under its national law or in cases as referred to in Art.4(3). Only a few Member States (e.g. NL, DK) addressed this aspect, referring to the need for appraisal from certain authorities to be able to transmit information.

15. No access to any other authorities, agencies or departments - Art. 5(4)

Statements or legal provisions were reported by LT, RO, CZ, BE, DE, NL, AT, LV, CY, EL that FIU data is not accessible to third parties. There seems to be a lack of clarity with regard to the term "any authorities, agencies or departments" as used in the Decision. It is somewhat unclear how this provision accords with some Member States' (such as SE, FI) statements that their FIU is authorised to forward information to other law enforcement authorities or that the data kept by the FIU are (partially) available to the police. Furthermore, in some cases (HU, UK) data protection rules seem to be applicable to the organisation of which the FIU is part, but no specific provisions are given to the FIU itself. No concrete information was received from LU, EE, IT, SK, PL, PT, BG, IE on this aspect. Under these circumstances, it is difficult to assess whether Art. 5(4) has been respected.

16. Council of Europe Convention, same level of confidentiality and data protection - Art. 5(5)

No detailed analysis was given by Member States of provisions to comply with the 1981 Council of Europe Convention[15] and the 1987 Recommendation[16] No R(87) 15 as required by Art. 5(5).

Art. 5(5) also states that "The information submitted will be protected … by at least the same rules of confidentiality and protection of personal data as those that apply under the national legislation applicable to the requesting FIU ." This provides for recognition of the other state's legislation.

Some Member States reported legal requirements that a precondition for transmitting information to a foreign FIU is that this counterpart has to have the same level of secrecy (BE, MT, RO) or professional secrecy (FR, ES) as provided by the national legislation of the transmitting State or that counterparts need to have a regulated system of data protection (SI). These provisions might be valid for international cooperation, but do not seem to fully comply with EU level requirements as set out in Art. 5(5). Furthermore, it has to be considered that "professional secrecy" is only one aspect of "confidentiality".

CONCLUSIONS

EU FIU cooperation must be built on a legislative and regulatory environment that promotes mutual confidence building. This report provides a first insight into Member States' implementation of the Decision on FIU cooperation. The report confirms the wide diversity in the way EU FIUs are organised, as well as the type of information accessible to them and whether it can be exchanged.

Given the available information, the report concentrated mainly on legislation and less on operational aspects of cooperation. However, these latter aspects are crucial. Legislation can be compliant with provisions of the Decision, but practice might show a different picture. In general, Member States have not made a distinction in legislation between EU level and international cooperation.

Member States can be largely considered as legally compliant with most of the key requirements of the Decision: legal provisions set out FIU functions and allowing for cooperation with FIUs of a different legal status. However, there seems to be lack of clarity about the applicable legal framework on FIU related data protection issues. More clarity will be brought into the data protection context when the proposed Framework Decision on Data Protection for Law Enforcement Purposes will be formally adopted[17] and implementation work will be undertaken by Member States. In that context, the necessity for complementary measures will be assessed. There may also be a need to improve common knowledge on relevant data protection provisions applicable to FIUs and consideration might be given to discussing the development of guidelines.

More questions arise in relation to the practice linked to implementation of Art. 4(2) of the Decision where many administrative FIUs cannot exchange police information or can provide such information only after a long delay. Some law enforcement FIUs might not be able to provide certain crucial information from their databases to administrative entities. Many difficulties arise because there is no common understanding of what information is accessible to FIUs and what "relevant information" is to be exchanged. This lack of clarity can lead to miscommunication and misunderstandings.

On this basis, it is suggested that EU FIUs, as a first step, consider identifying good practice on the information nationally accessible for FIUs. Moreover, it has to be emphasised that access to additional financial information and the ability to exchange such information is essential for efficient FIU activity.

As modalities for information exchange seem to be mainly implemented at a more operational level, it is difficult to judge the exact level of implementation on the basis of replies received. It could be considered whether a model Memorandum of Understanding could be promoted among EU FIUs to facilitate information exchange at EU level and to encourage multilateral cooperation.

It is essential to strengthen operational cooperation among EU FIUs. This could be assisted through the work undertaken in the EU FIU Platform[18] and through a well defined FIU.NET project providing for operationally efficient cooperation. The work undertaken in the EU FIU Platform can be considered as a valuable starting point.

There may be a need to consider whether to bring provisions of the Decision up-to-date covering the area of counter-terrorism financing and providing for the same level of requirements for all FIUs, irrespectively of their legal status.

[1] The scope of the Decision is limited to cooperation for anti- money laundering purposes, but in practice FIU cooperation also covers counter terrorist financing (CFT). 12 Member States reported that their FIUs have a mandate in CFT.

[2] The Egmont Group is the coordinating body for the international group of FIUs formed in 1995 to promote and enhance international cooperation in anti-money laundering (AML) and more lately in CFT. All EU FIUs are members of the Egmont Group.

[3] The FATF is the key international standard setter in the AML and CFT area that set key requirements for FIUs through Recommendations 26, 30, 32 and 40.

[4] «The fight against terrorist financing» 16089/04 of 14th December 2004 (Council Document)

[5] Directive 2005/60/EC on the prevention of the use of the financial system for the purpose of money laundering and terrorist financing

[6] Regulation (EC) No 1889/2005 on controls of cash entering or leaving the Community

[7] Council of Europe Convention (n°198) on Laundering, Search, Seizure and Confiscation of the Proceeds from Crime and on the Financing of Terrorism

[8] www.bka.de/profil/zentralstellen/geldwaesche/pdf/fiu_germany_annual_report_2005.pdf

[9] Concerning Art. 8, communications were made by 5 Member States. UK reported of the implementation of Art. 10.

[10] Definition adopted at the Egmont Group Plenary meeting in 1996 and amended in June 2004.

[11] The present report only focuses on the core function of dissemination in the context of FIU cooperation and does not analyses the aspect of dissemination to law enforcement agencies and other competent authorities such as supervisory bodies.

[12] It is important to note that the information exchanged among FIUs always pertain to suspicion, thus there is no overlapping with other forms or channels of European cooperation (e.g. Europol).

[13] Principles for Information Exchange between FIUs for ML and TF cases, The Hague, 13 June 2001

[14] Directive 95/46/EC of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ L 281, 23.11.1995

[15] Convention No 108 of the Council of Europe for the Protection of Individuals with regard to Automatic Processing of Personal Data (of 1981)

[16] Recommendation No R(87)15 of 15 September 1987 Regulating the Use of Personal Data in the Police Sector

[17] Political agreement on the proposal was reached at the JAI Council of 8 and 9th November 2007.

[18] Informal Platform of EU FIUs created by the Commission in 2006 to discuss implementation aspects of the Third Anti-Money Laundering Directive relevant to FIUs.