Data protection and the EU's anti-money laundering regulation

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

Editor’s note: This is the first article in a two-part series on the European Union’s anti-money laundering regulation.

In 2015, the European Union’s fourth anti-money laundering directive (2015/849, or 4AMLD) required obligated entities (e.g., financial institutions) to apply data protection safeguards to their compliance programs. As the directive mandates FIs employ a risk-based assessment using numerous data variables to assess a client’s risk of money laundering, terrorism finance activity and the potential impact on individual rights in that process, data protection’s emphasis on accuracy, data minimalization and fit for purpose was a natural component in the exercise. However, since 4AMLD’s implementation, neither the directive nor financial crime compliance regulators nor data protection authorities provided guidance on what those safeguards might look like or how they should be applied, despite the Working Party 29’s detailed 2011 Opinion and Annex on the legislation.

In July 2021, the European Commission published two draft regulations: 2021/0240 (COD) for an EU anti-money laundering authority, and 2021/0239 (COD), an anti-money laundering

Read the article