Cooperation between financial intelligence units in the EU: challenges for the rights to privacy and data protection

Introduction

Alan, a European resident, helped his brother by exchanging various currencies in differing amounts at a financial institution. His brother managed a company in a neighbouring country, which operated both a photocopying business and a foreign exchange office.. . . However, the scale of the currency transactions and the fact that the fonds were being brought across the border unnecessarily raised the suspicions of the bank clerk. He reported his concerns to his senior management who decided to disclose to the national FIU. After the FIU had received the disclosure from the financial institution, inquiries against the national intelligence database seemed to show that, for both Alan and his brother, no negative intelligence was registered. Nevertheless, by exchanging intelligence with foreign FIUs the national FIU determined that the two brothers were the targets of an investigation for illegal drug trafficking in other European countries.^[1]

Long story short, Alan (a courier for a criminal organisation) was convicted for money laundering. This passage, for all its simplicity, illustrates how - and why -Financial Intelligence Units (FIUs) cooperate with each other.

The emergence of FIUs was triggered by the establishment of the anti-money laundering regime in the European Union (EU), a regime that called for some institutional machinery^[2] that would administer the surveillance of money movements at the national level.^[3] Partly because of the preventive nature of this regime and partly because of the lack of EU competence in criminal matters at

Cooperation between FIUs in the EU 39 the time,^[4] this task was not assigned to the ‘’traditional’ policing sector.^[5] Instead, special agencies (housed under the umbrella of larger organisations) were set up and tailored to the task.^[6] These ‘new policing’ institutions spread rapidly throughout the EU after the adoption of the First Anti-Money Laundering Directive and became known as FIUs.^[7] In partnership with the reporting entities, which provided them with information on potentially suspicious transactions,^[8] FIUs became the intelligence hubs nestled between the reporting and law enforcement sectors.^[9] They are responsible for receiving, analysing, and possibly disseminating this information to their counterparts in the EU and beyond - and to a wide range of law enforcement authorities for further action.^[10] In support of these tasks, they enjoy the right to access a series of financial, administrative, and law enforcement databases.^[11]

FIUs have come a long way since the First Anti-Money Laundering Directive. Beginning their journey as ‘authorities responsible for combating money laundering,’^[12] they emerged from anti-money laundering legislation more akin to intelligence agencies, furnished with extensive information-gathering (and information-sharing) powers. This development, however, did not happen in one fell swoop. For the most part, the EU legislator was reluctant to put forward detailed provisions on FIUs, leaving it to the Member States to structure them as they saw fit - both in substantive and institutional terms. As a result, FIUs in the EU come in different shapes and sizes; a blend of administrative, police, judicialand even ‘hybrid’ authorities, networked under a common mandate, make up the EU’s FIU structure.^[13]

This chapter deals with FIU cooperation within the EU. As we shall see, the EU legal framework on FIU cooperation has developed spasmodically, propelled by international money laundering standards or (more recently) by counterterrorism policies. The result is a fragmented and difficult to navigate framework but most importantly - and this forms the key argument of this chapter - one that raises significant challenges for the rights to privacy and data protection. FIUs feature prominently in the security agendas of the EU,^[14] and plans to further enhance their interconnectedness and powers are underway.^[15] The impact of their information processing powers on the rights to privacy and data protection is worrisome, not least because, as the following sections demonstrate, there is a prevailing uncertainty over the data protection safeguards applicable to their activities.

[1] Egmont Group of Financial Intelligence Units, ‘FIUs in Action: 100 Cases from the Egmont Group* (
[2] Bowling, B. and Sheptycki, J., Global Policing (Sage, 2012) 69-70.
[3] Amicelle, A. and Favarel-Garrigues, G., ‘Financial surveillance: Who cares?’ (2012) 5( 1) Journal of Cultural Economy, 105; Halliday, T., Levi, M. and Reuter, P. ‘Global surveillance of dirty money: Assessing assessments of regimes to control money-laundering and combat the financing of terrorism’ (Center on Law and Globalization , 30 January 2014).
[4] European Commission, First Report on the Implementation of the Money Laundering Directive (91/308/EEC) to be Submitted to the European Parliament and to the Council (COM (95) 54 final) 13-14, 16-17.
[5] Levi, M. and Maguire, M., ‘Something old, something new; something not entirely blue: Uneven and shifting modes of crime control’ in Newburn, T. and Peay, J. (eds.), Policing: Politics, Culture and Control (Hart Publishing, 2012), 195.
[6] Vervaele, J.A.E., ‘Surveillance and criminal investigation: Blurring of thresholds and boundaries in the criminal justice system?’ in Gutwirth, S., Leenes, R., and De Hert, P. (eds.), Reloading Data Protection (Springer, 2013).
[7] Mitsilegas, V., ‘New forms of transnational policing: The emergence of financial intelligence units in the European Union and the challenges for human rights: Part 1’ (1999) 3(2) Journal of Money Laundering Control 147.
[8] Favarel-Garrigues, G., Godefroy, T. and Lascoumes, P., ‘Reluctant partners?: Banks in the fight against money laundering and terrorism financing in France’ (2011) 42(2) Security Dialogue 179.
[9] De Goede, M., ‘The chain of security’ (2017) 44(1) Review of International Studies 24.
[10] Article 32(3) of Directive (EU) 2015/849 of the European Parliament and of the Council of May 20, 2015, on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC OJ L 141 /73 - hereafter, ‘Fourth .AML Directive.’
[11] Fourth AML Directive, art.32(4).
[12] Council Directive 91/308/EEC of June 10,1991, on Prevention of the Use of the Financial System for the Purpose of Money Laundering, art.6.
[13] For an extensive overview of the different FIU models in the EU, see EU FIUs Platform, ‘Mapping Exercise and Gap Analysis on FIUs’ Powers and Obstacles for Obtaining and Exchanging Information’ (, 15 December 2016) 5-7 (hereafter referred to as ‘Mapping Exercise’). However, the fact that FIUs belong in the same model does not mean that they don’t have significant operational differences. For a criticism of this categorization, see Amicelle, A. and Chaudieu, K., ‘In search of transnational financial intelligence: Questioning cooperation between financial intelligence units’ in King, C., Walker, C., and Guruld, J. (eds.), The Palgrave Handbook of Criminal and Terrorism Financing Law (Palgrave MacMillan, 2018) 649.
[14] European Commission, Communication From the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions - The European Agenda on Security (COM/2015/ 185 final) 10, 13-14 and 17; European Commission, Communication from the Commission to the European Parliament and the Council on an Action Plan for Strengthening the Fight against Terrorist Financing (COM/2016/50 final) 7, 9.
[15] Directive (EU) 2019/1153 of the European Parliament and of the Council of June 20, 2019, laying down rules facilitating the use of financial and other information for the prevention, detection, investigation, or prosecution of certain criminal offences and repealing Council Decision 2000/642/JHA PE/64/2019/REV/1. For legislative history, see European Commission, On Improving Cooperation between EU Financial Intelligence Units (SWD (2017) 275 final); European Commission, Fourteenth Progress Report towards an Effective and Genuine Security Union (COM/2018/ 211 final) 3; European Commission, Proposal for a Directive of the European Parliament and of the Council laying down rules facilitating the use of financial and other information for the prevention, detection, investigation or prosecution of certain criminal offences and repealing Council Decision 2000/642/ JHA (COM/2018/213 final).

Cooperation between financial intelligence units in the EU: challenges for the rights to privacy and data protection

Introduction

Financial Intelligence Units

FIU cooperation - at what cost for the rights to privacy and data protection?

Mutual and Cooperative Local Financial Institutions

Fostering cooperation and financial flows

Too much information? Evaluating the financial intelligence gathering provisions of the Fourth European Union Anti-Money Laundering Directive and the Common Reporting Standard in combatting tax evasion

EU–ROK cooperation on cyber-security and data protection

Cooperation in cyber-security and data protection

EU Sanctioning Powers and Data Protection: New Tools for Ensuring the Effectiveness of the GDPR in the Spirit of Cooperative Federalism

How many financial planners are there in the United States?