Duyurular

EDPS HAS PUBLIISHED ITS OPINION ON THE ANTI-MONEY LAUNDERING AND COUNTERING THE FINANCING OF TERRORISM!

The European Data Protection Supervisor (“EDPS”) has published its opinion regarding the anti-money laundering and countering the financing of terrorism (“AML/CFT”) package of legislative proposals on 22 September 2021.

The EDPS welcomes the objectives pursued by the AML legislative package, namely to increase the effectiveness of anti-money laundering and countering the financing of terrorism in particular via greater harmonization of the applicable rules and enhanced supervision at the EU level (including the establishment of the European Authority for Countering Money Laundering and Financing of Terrorism, "AMLA").

The EDPS highlights that the risk-based approach to the monitoring of the use of the financial system for money laundering, which is at the core of the AML legislative package, while welcome, needs further specifications and clarifications.

The EDPS makes a number of remarks and recommendations in particular:

  • The AML legislative package should identify the categories of personal data to be processed by the obliged entities to fulfil the AML/CFT obligations, instead of systematically leaving this specification to regulatory technical standards, as well as better describe conditions and limits for the processing of special categories of personal data and of personal data relating to criminal convictions and offences.
  • The AML legislative package should specify in particular which types of special categories of personal data should be processed by the obliged entities, taking into account the necessity and proportionality principles, having regard to the different activities and measures to be taken (identification, customer due diligence, reporting to FIUs), and to the specific purpose pursued (namely anti-money laundering or countering the financing of terrorism). In particular, the EDPS considers that the processing of personal data related to sexual orientation or ethnic origin should not be allowed.

Furthermore, in order to foster the adoption of codes of conducts and certifications to be adhered to by providers of databases and watch lists used for AML/CTF purposes, the EDPS invites the legislator to include in the AML legislative package a reference to codes of conduct under Article 40 GDPR and to certifications under Article 42 GDPR, to be developed taking into account the specific needs in this sector.

You can find the full text of the EDPS’s Opinion here.

 

Kind regards,

Zumbul Attorneys-at-Law

info@zumbul.av.tr