Enhancing access to financial information by law enforcement | EC announcement of 24 July 2019; RDW data breach

Already for some time Europe is working on a centralized system of bank information, in each EU country and in the EU itself. In a recent press release on AML/CFT [*] the European Commission informed the public that the Commission has drawn up a report on the interconnection of bank account registries.

The Commission writes in the press release:

Interconnection of central bank account registries
The report on the interconnection of central bank account registries sets out a number of elements to be considered for a possible interconnection of bank account registries and data retrieval systems. The Commission suggests that such a system could possibly be a decentralised system with a common platform at EU level. To achieve the interconnection, legislative action would be required, following consultation with Member States’ governments, Financial Intelligence Units, law enforcement authorities and Asset Recovery Offices.

In the report a summary is given on the current EU-wide decentralised interconnection of national electronic databases that are relevant for AML/CFT:

  • European Criminal Records Information System (ECRIS)
  • European car and driving licence information system (EUCARIS)
  • EU-wide interconnection of insolvency registers (IRI)
  • Business Registers Interconnection System (BRIS)
  • Land Registers Interconnection (LRI)
  • European Business Ownership and Control Structures (EBOCS)
  • e-Justice Communication via Online Data Exchange (e-CODEX)

The new bank accounts registries system will be part of the European system interconnected databases.

It shows that Europe is creating data centres both on national level and EU-level, with a lot of personal data. These type of systems need a very high level of IT-governance and good cybersecurity.

Number plate registry data breach
In the Netherlands recently a very serious data breach was made public regarding the Dutch national number plate registry, held by the Rijksdienst voor het Wegverkeer (RDW), one of the registries that is connected to EUCARIS.

This news comes after several Dutch authorities, including the Dutch Court of Audit (Algemene Rekenkamer) and the National Ombudsman criticized the inadequate cybersecurity measures of the Dutch government and the absence of adequate IT-governance.

All transaction details in Dutch bank accounts registry
The Dutch government recently announced that it intends to include all bank transactions details in the national bank accounts registry (Verwijzingsportaal Bankgegevens, see also my article [in Dutch]). Currently it is only obligatory for EU Member States to centrally register details in regard of the person holding or controlling payment accounts, bank accounts and safe deposit boxes. It is interesting to see if the Netherlands is anticipating on something that the EU intends to make mandatory for all Member States.

Governance
Worrying about these plans is that they require high level IT, high level governance and very good cybersecurity systems. The Netherlands – calling itself a digital front runner – fails in protecting the interests of its citizens. Will Europe be able to do it better?

[*] anti money laundering and anti terrorist financing

 

More information:

European Commission

The Netherlands

Warning by the Nationaal Cybersecurity Centrum of the Netherlands, 12 June 2019:

De digitale dreiging voor de nationale veiligheid is permanent. Vrijwel alle vitale processen en systemen in Nederland zijn deels of volledig gedigitaliseerd waarbij er nauwelijks terugvalopties of analoge alternatieven zijn.
Deze factoren, gecombineerd met het achterblijven van de weerbaarheid, maken Nederland kwetsbaar voor digitale aanvallen. De effecten van de forse investeringen van zowel overheid als bedrijfsleven, de nieuwe meldplicht cybersecurity en strengere wet- en regelgeving zullen de komende jaren zichtbaar moeten worden.


Aanvulling 11 september 2019
Matthias Monroy schreef een artikel over een Europese terroristenlijst, aangeduid met de afkorting CTR: New database at Eurojust: Who’s a terrorist? Hij vraagt zich onder meer af wat de nieuwe database toevoegt aan ECRIS.

Over Ellen Timmer, advocaat ondernemingsrecht @Pellicaan

Verbonden aan Pellicaan Advocaten, http://www.pellicaan.nl/, kantoor Rotterdam, telefoon 088-6272287, fax 088-6272280, e-mail ellen.timmer@pellicaan.nl ||| Weblogs: algemeen: https://ellentimmer.com/ || modernisering ondernemingsrecht: http://flexbv.wordpress.com/
Dit bericht werd geplaatst in English - posts in English on this blog, Europa, Financieel recht, onder meer Wft, Wtt, Fraude, witwasbestrijding, Wwft, ICT, privacy, e-commerce, Verwijzingsportaal Bankgegevens en getagged met , , , , , , , . Maak dit favoriet permalink.

Geef een reactie

Vul je gegevens in of klik op een icoon om in te loggen.

WordPress.com logo

Je reageert onder je WordPress.com account. Log uit /  Bijwerken )

Google photo

Je reageert onder je Google account. Log uit /  Bijwerken )

Twitter-afbeelding

Je reageert onder je Twitter account. Log uit /  Bijwerken )

Facebook foto

Je reageert onder je Facebook account. Log uit /  Bijwerken )

Verbinden met %s