Prevention of the use of the financial system for the purposes of money laundering or terrorist financing

The Commission presents this report on the interconnection of national centralised automated mechanisms (central registries or central electronic data retrieval systems) of the Member States on bank accounts.

In accordance with Article 32a of the Anti-Money Laundering Directive 2015/849/EU, Member States are required to put in place by 10 September 2020 national centralised automated mechanisms, such as central registries or central electronic data retrieval systems, which allow the identification of any natural or legal persons holding or controlling payments accounts, bank accounts and safe deposit boxes.

Objective of the centralised mechanisms

Under the Anti-Money Laundering Directive, the purpose of the centralised mechanisms on bank accounts is to improve the fight against money laundering and terrorist financing and access is limited to certain public authorities. The Directive defines a minimum set of information that should be included in such centralised mechanisms. It also provides that Financial Intelligence Units (FIUs) should have immediate and unfiltered access to them, while the other competent authorities should also have access for fulfilling their tasks obligations under the Anti-Money Laundering Directive.

Access by competent authorities to central bank account registers or retrieval systems will be an important component in the fight against money laundering; associate predicate offences and terrorist financing, as well as more generally in combatting serious crimes. Bearing in mind the objectives of the Anti-Money Laundering Directive and the Directive on facilitating access to financial and other information, a future EU-wide interconnection of bank account registries and data retrieval systems would facilitate the cross-border cooperation of the competent authorities involved in the fight against money laundering, terrorist financing and other  serious crimes.

The Commission is required to assess the conditions and the technical specifications and procedures for ensuring secure and efficient interconnection of the centralised automated mechanisms. Therefore, this report assesses the various IT solutions at EU level, already operational or being currently under development, which may serve as models for a possible interconnection of the centralised mechanisms. For an interconnection to be achieved, a legislative instrument would be required.

This report should be looked at in conjunction with the Commission’s Supranational Risk Assessment report, the Commission’s report on Financial Intelligence Units and the Commission’s report on the assessment of recent alleged anti-money laundering cases involving EU credit institutions, which are presented in parallel.

State of play

Centralised registries or electronic data retrieval systems on bank accounts in the Member States 

For the time being, centralised mechanisms containing bank account information are operational in 15 Member States. From the replies received from the Member States, there is a slight preference in favour of the technical solution of the central registry: whereas 17 Member States are having or going to have central registries, 9 Member States declared to have or to envisage central data retrieval systems. There is also a preference for the systems which contain data additionally to the minimum set of information relating to the account profile.

EU systems interconnecting national decentralised electronic databases

There are several EU projects ensuring the EU-wide decentralised interconnection of national electronic databases. The IT systems that are considered relevant for this report are the following:

·         ECRIS: the European Criminal Records Information System (ECRIS) became operational in April 2012 in order to improve the exchange of information on criminal records throughout the EU. All Member States are currently connected to ECRIS. ECRIS ensures that information on convictions is exchanged between Member States in a uniform, fast and compatible way and provides judges and prosecutors with easy access to comprehensive information on the criminal history of persons concerned.

·         EUCARIS: the European car and driving licence information system (EUCARIS) connects countries so they can share vehicle and driving licence information and other transport related data. EUCARIS is a mechanism that connects the Vehicle and Driving Licence Registration Authorities in the Union through which vehicle owner and vehicle insurance can be exchanged between National Contact Points of Member States.

·         IRI: the EU-wide interconnection of insolvency registers (IRI), which includes two different projects. The first version of the system (IRI 1.0) has been available on the European eJustice Portal14 since July 2014. It was developed as a pilot-project with the voluntary participation of certain Member States. The second version (IRI 2.0) will interconnect the national insolvency registries of all Member States (with the exception of Denmark). All Member States should be compliant with the interconnection by June 2021.

·         BRIS: the Business Registers Interconnection System (BRIS) is the interconnection of business registers, allowing business registers to exchange cross-border messages on mergers and branches, and the users of the e-Justice portal to obtain multilingual information on EU companies.

·         LRI: the Land Registers Interconnection (LRI) is an on-going voluntary project, which aims to provide a single access point within the European e-Justice Portal to the land registers of participating EU countries. It is planned to become operational in the second quarter of 2020.

·         E-CODEX: the e-CODEX system (e-Justice Communication via Online Data Exchange) facilitates secure communication in civil and criminal proceedings by providing a decentralised system for cross-border electronic messages 

Interconnecting banking registeries

The system to interconnect banking registries will need to exchange data between different databases, each with its own data models and semantic standards. Common semantic standards will need to be set up, either natively in the systems or as a mapping layer between the different standards in the Member States. However, before creating any new semantic standard, reuse of already existing standards needs to be considered. 

Next steps

This reports sets out a number of elements to be considered for a possible interconnection of bank account registries and data retrieval systems and illustrates that the interconnection of those centralised mechanisms is technically feasible. Such a system could possibly be a decentralised system with a common platform at EU level. Technology already developed by the European Commission in the context of the various analysed models could be used.

Over the last years different systems have followed the reuse of common building blocks. These building blocks are essentially a set of well-known standards and technical specifications that can be applied to recurrent challenges such as the secure exchange of information. Consistently resorting to these building blocks is an approach advocated by current digital policy of the Commission, to which the Member States have committed themselves in the Tallinn Declaration on eGovernment.

A future interconnection of national centralised automated mechanisms could leverage the use of the same building blocks to accelerate its creation and alignment to relevant EU regulations such as eIDAS. 

Given that a future EU-wide interconnection of the centralised mechanisms would speed up access to financial information and facilitate the cross-border cooperation of the competent authorities, the Commission intends to further consult with the relevant stakeholders, governments, as well as the Financial Intelligence Units, law enforcement authorities and Asset Recovery Offices as potential "end-users" of a possible interconnection system.