When there is reason to suspect that the Estonian branch of a Danish bank has transferred tainted funds from Russian businessmen to an overseas account via a correspondent bank, it becomes clear: money laundering is a complex subject that does not stop at national borders – and this makes combating it all the more difficult. So why not take advantage of the promising opportunities offered by digitalisation – ideally across Europe?

BaFin, which has long been in favour of leveraging digitalisation in the fight against money laundering (see BaFin Perspectives Issue 1 I 2018), also thinks this would be an excellent idea. While the supervisory authority itself does not investigate money launderers, it oversees the prevention of money laundering and terrorist financing in the financial sector. After all, about 90% of all suspicious transaction reports received by the FIU, the Financial Intelligence Unit, are submitted by this sector.

Keeping it realistic

In a discussion marked by hopes and promises, BaFin has always focused on finding realistic solutions. Which digital tools could actually improve the efforts to prevent money laundering? What is feasible in the current legal and IT security landscape – and where are the pitfalls? In BaFin’s view, these questions must be clarified first. At the outset, one thing was certain: not only would technical and regulatory questions arise, but also issues in other legal areas.

With this in mind, BaFin set up a working group on digitalising money laundering prevention. Besides the supervisors, the group includes all the other key authorities concerned, such as the Federal Commissioner for Data Protection and Freedom of Information (Bundesbeauftragte für den Datenschutz und die Informationsfreiheit – BfDI), the Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik – BSI), the Federal Criminal Police Office (Bundeskriminalamt – BKA), the Financial Intelligence Unit (FIU) and the public prosecutor’s office.

Sharing data

The group addressed a topic which BaFin considers to have great potential for digitalisation: the pooling and use of data in shared utilities. The aim is to store data and make it available to several users. In the efforts to prevent money laundering, this would particularly mean data which obliged entities (in terms of anti-money laundering law – see info box “Obliged entities under the GwG”) must obtain in their know-your-customer (KYC) process to identify their clients. One basic principle of the process is the verification of the client’s identity and that of any beneficial owner (see info box “Beneficial owner”) before the obliged entity enters into business relationships with them.

Meanwhile, there are legal requirements for data protection and IT security that oppose the unlimited use of data that has been pooled in this fashion. This is a conflict that needs to be addressed.

Is a European transparency register possible?

The group examined different approaches of this kind, focusing on the current legal options and any potential for conflict. The conclusion: a European shared utility – a centralised transparency register fed by KYC data from the identification of legal entities and their beneficial owners – could serve as a medium-term solution.

Such a register could contribute significantly to optimising the prevention of money laundering in Europe. It would also further promote the harmonisation of the internal market. Financial entities and other stakeholders doing business in Europe could use it to identify their clients and beneficial owners quickly, efficiently and transparently. The ability to access the data within seconds and trust the quality of the data would also mean significant advantages for supervisory and law enforcement authorities in their work. It is hoped that this would make it easier in future for the authorities to detect and investigate money laundering and terrorist financing – especially the complex international cases.

For such a centralised register to become a reality, however, European laws would have to be amended. For example, there would have to be new rules on data protection: What data can be collected and where? How can it be collected? How long can it be kept? Who can use it and for what purposes? These are just some of the questions that would have to be answered at the European level. Furthermore, the technical challenge of coordinating 27 member states should not be underestimated.

BaFin advocates making the necessary adjustments, since the real benefits of shared utilities involving KYC data will only be created once a cross-border model is in place. In Brussels, Germany is arguing the case for additionally using current anti-money laundering harmonisation efforts to resolve the tension between data protection and the fight against money laundering. Moreover, BaFin views the interlinking of the national transparency registers, envisaged in the 5th European Anti-Money Laundering Directive, as a potential step towards a centralised register. However, it will ultimately be up to European lawmakers to decide in favour of or against such a register.