EU closes the door on tracking down dirty money?

The Court of Justice of the European Union (CJEU) has ruled that access to a company's beneficial owners conflicts with privacy laws. In a surprise announcement, the CJEU thus closed the doors on public access to company beneficial ownership registers. 

This decision is counter to the requirements of the EU's 5th EU Anti-Money Laundering Directive (5MLD), which includes several clauses recognising the need to check beneficial ownership for effective fraud control. The directive says: "The need for accurate and up-to-date information on the beneficial owner is a key factor in tracing criminals who might otherwise hide their identity behind a corporate structure."

The court's decision quotes provisions in Articles 7 and 8 of the Charter of Fundamental Rights of the European Union: Articles 7 and 8 of the charter define the “respect for private and family life” and the “protection of personal data” respectively.

The CJEU ruling attempts to balance AML requirements and privacy enshrined in the GDPR. The ruling states: "...the general public's access to information on beneficial ownership…constitutes a serious interference with the fundamental rights enshrined in Articles 7 and 8 of the charter." 

Unfortunately, this new ruling has effectively turned the clock back on anti-money laundering (AML) laws that require beneficial ownership checks. Instead, the recent ruling requires that any entity checking for beneficial owners, as part of AML due diligence, must demonstrate a “legitimate interest”. Protecting privacy is essential to modern digital life, but will this ruling affect efforts to reduce fraud?

What does this mean for financial fraud?

A 2018 FATF study into the concealment of beneficial ownership warned of the consequences of concealment of beneficial ownership. The report states this: “Schemes designed to obscure beneficial ownership often rely on a ‘hide in plain sight’ strategy. This significantly impairs the ability of financial institutions, professional intermediaries, and competent authorities to identify suspicious activities designed to obscure beneficial ownership and facilitate crime.”

However, in its ruling, the CJEU recognises the need for AML checks, including beneficial ownership checks, adding the demonstration of legitimate interest into the equation. But privacy versus anti-fraud evaluation will always be a tricky balance to get right. However, access to country registers is already starting to feel the heat, with several countries closing access to beneficial owner registers. The Netherlands Chamber of Commerce (KVK) is one of the first to close access to the registry of beneficial owners with an announcement on its site.

Connecting the fraud dots is an essential tool in the fight against fraud. If one of those dots is removed, the trail of fraud can grow cold; fraudsters always look for loopholes and take advantage of security gaps. By removing access to beneficial owners public registers, the risk of an air gap opening in anti-fraud measures becomes real.

Intelligent hope for AML

The Basel Institute on Governance has described beneficial ownership transparency as being "directly related to the effectiveness of a jurisdiction's AML systems". Access to this important resource is necessary for anti-fraud measures; fortunately, even without access, intelligent AML checks that use behavioural analysis and AI-driven data analytics can offer a way to plug the gap.

4MLD required legitimate interest to be demonstrated when using publicly held registers of beneficial owners. 5MLD updated this to remove legitimate interest and make access to registers of beneficial owners a key part of AML checks. However, the CJEU has reintroduced legitimate interest in reinstating privacy rights. This see-saw of data rights looks like it will continue, but while this is happening, fraudsters will continue to use the beneficial owner air gap to execute fraud.

Whatever initiatives are enacted, banks need to move fast. They need to carry out risk assessments and monitor transactions closely. They also need to use the right software, while drawing on as much data as is available to fuel their AML and watchlist screening tools and report suspicious activity as soon as it arises. 

In doing so, they need help from technology that can cut out complexity and support organisations in understanding financial flows and the associated risk. This requires the means to collect and connect all relevant information and the tools to understand the relationships data reveals. This can help banks spot suspicious activities that might conceal financial crimes.

It seems criminals are always one step ahead, innovating and evolving their strategies to get past financial institutions and regulators. It’s a never-ending roundabout where as soon as one threat is thrown off, a newer, more challenging one gets on. If financial institutions can become wise to the benefits of AI and behavioural-driven AML technologies, develop the skills they need to deploy this type of software and then manage the transition effectively, they’ll be able to reap the benefits.

Because we cannot allow another year to pass where the fraud rates grow, and even more is lost to criminality. Now’s the time to act.

About the author

Saeed Patel is Group Director of Product Development Management at Eastnets. He has more than 25 years' experience in technology and financial markets. At Eastnets, a global fintech company, he is responsible for nine products spanning compliance risk, financial crime, and payments. Previously, Saeed was Director of Product Strategy at KRM22, a UK startup risk management solutions provider, where he built a product team from scratch, launched 15 new products and formed seven new business partnerships. Saeed has been a technical advisor to a number of European regulatory boards on market abuse and financial crime, and is also an FCA whistleblower.