The databases of the AMLA

Geplaatst op 1 augustus 2025 door Ellen Timmer

Anti-money laundering (AML) and countering terrorist financing (AML) in the EU is supposed to be a ‘data-driven’ [1]. It is therefore interesting to read the texts on information and communication technology in the Work Programme for 2025 of the European Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA).

EuReCA
Currently the European Banking Authority (EBA) is responsible for EuReCA, the black sheep database with financial institutions that do not comply with AML/CFT rules well enough. This database will be transferred to AMLA.

FIU.net system
The FIU.net system will be transferred to the AMLA (page 10):

These efforts will enable AMLA to begin joint analyses, facilitate mutual assistance, and progressively assume hosting of the FIU.net platform.

Central AML/CFT Database
AMLA is developing the Central AML/CFT Database, that is based on article 11 of the AMLA Regulation (‘AMLAR’). The database will be used by AMLA for analysing the collected information and for making available information to [2]:

  • supervisory authorities, non-AML/CFT authorities, other national authorities and bodies competent for ensuring compliance with a number of directives and a regulation;
  • the European Supervisory Authorities (the ESAs): EBA, ESMA and EIOPA.

The  database will be fed by supervisory authorities, non-AML/CFT authorities, other national authorities and bodies competent for ensuring compliance with a number of directives and a regulation. The database will include data related to individual obliged entities and related data subjects, including data on ‘fit and proper’ assessments of shareholders or members of the management body of individual obliged entities [3].

Personal data collected in the Central AML/CFT Database may be kept in an identifiable form for a period of up to ten years after the date of collection of the data by the AMLA, at the end of which those data shall be deleted. Based on a regular assessment of their necessity, personal data may be deleted before the expiry of that period on a case-by-case basis [4].

 

 

Notes:

[1] See this article for the citation of an executive board member, “Our workstreams are defining building blocks for a unified, data-driven and resilient AML framework in Europe’s fight against financial crime”.
[2] Paragraph 11(1) AMLAR.
[3] Paragraphs 11(2) up to and including 11(4) AMLAR.
[4] Paragraph 11(7) AMLAR.

Onbekend's avatar

About Ellen Timmer

Weblog: https://ellentimmer.com/ ||| Microblog: https://mastodon.nl/@ellent ||| Motto: goede bedoelingen rechtvaardigen geen slechte regels
Dit bericht werd geplaatst in English - posts in English on this blog, Europa, Financieel recht, onder meer Wft, Wtt, Fraude, witwasbestrijding, Wwft, Grondrechten, ICT, privacy, e-commerce en getagd met , , , . Maak de permalink favoriet.

Plaats een reactie