Follow the Money, If You Can - Possible Solutions for Enhanced FIU Cooperation Under Improved Data Protection Rules

Financial information can play a key role in tackling Money Laundering (ML), Terrorist Financing (TF) and combatting serious crime more generally. Preventing and fighting ML and the financing of terrorism were top priorities of the European Agenda on Security, which might explain the fast developments regarding the regulation of Anti-Money Laundering (AML) and Counter Terrorism Financing (CTF).

During the past years, the European Commission (Commission) proposed several legal texts to reform the current AML framework and to facilitate timely law enforcement (LE) access to financial data for the prevention, detection, investigation and prosecution of serious crime. The line between administrative sanctions and criminal law measures seems to become increasingly blurred, as the latest proposals are no longer based on an internal market provision, but on police and judicial cooperation legal bases.

Financial Intelligence Units (FIUs) play a crucial role in analysing and exchanging information concerning suspicious transactions, serving as intermediaries between the private sector and Law Enforcement Authorities (LEAs). Because of the international nature of financial crime, cooperation between FIUs is of paramount importance. Yet, due to different organizational settings in the EU Member States, FIUs are not always able to exchange data effectively, which leads to information gaps.

One of the reasons why the data exchange between FIUs is impeded are data protection rules that apply differently depending on the organizational structure of the FIUs in the 28 Member States. Whereas some FIUs must adhere to the stricter data protection rules under the General Data Protection Regulation (GDPR), others may exchange data more flexibly within the scope of the data protection Directive for police and criminal justice authorities (LED). Therefore, the counter-argument to granting broader LE-access rights to financial data by LEAs could be to enable a more effective exchange of data between FIUs.

This article argues that FIUs should be able to process personal data within the scope of the LED, in order to have more flexibility to receive, analyse and exchange data: On the one hand, the LED provides sufficiently high data protection standards and adequate safeguards for data subjects while allowing FIUs to carry out their tasks effectively under harmonized rules. On the other hand, this would be an argument to strengthening the role of FIUs as neutral intermediaries instead of granting additional access to personal data by LEAs.