20 December 2021
The European Banking Authority (EBA) publishes today its draft Regulatory Technical Standards (RTS) on a central database on anti-money laundering and countering the financing of terrorism (AML/CFT) in the EU. The European Reporting system for material CFT/AML weaknesses (EuReCA) will be a key tool for coordinating efforts to prevent and counter money laundering and terrorism financing (ML/TF) in the Union.
The EBA is legally required to establish and keep up to date a central AML/CFT database. This database, also known as EuReCa, will contain information on material weaknesses in individual financial institutions that make them vulnerable to ML/TF. Competent authorities across the EU will have to report such weaknesses, as well as the measures they have taken to rectify them.
The EBA’s draft RTS specify when weaknesses are material, the type of information competent authorities will have to report, how information will be collected and how the EBA will analyse and disseminate the information contained in EuReCa. They also set out the rules necessary to ensure confidentiality, protection of personal data and the effectiveness of EuReCa.
In this context, the EBA also published technical specifications that detail the data points and a list of competent authorities that will be indirectly submitting information to EuReCA.
The EBA will use EuReCA to provide information on ML/TF risk affecting the EU’s financial sector. It will also share information from the database with competent authorities as appropriate, to support them at all stages of the supervisory process, and in particular if specific risks or trends emerge.
EuReCA will be an early warning tool, which will help competent authorities to act before the ML/TF risk crystalise. As such, EuReCA will be key to strengthening AML/CFT supervision and to coordinating efforts to prevent and counter ML/TF in the EU.
The proposed RTS have been developed in fulfilment of the mandates conferred on the EBA in Articles 9a(1) and (3) of the EBA Regulation. As part of the mandate to lead, coordinate and monitor AML/CFT in Europe, said Articles require the EBA to develop two RTSs to establish and keep up to date an AML/CFT central database. Given the complementary character of those RTS, the EBA has drafted them as a single instrument.
The EBA has performed a Data Protection Impact Assessment (DPIA) in accordance with Article 35 of Regulation (EU) 2018/1725 (EUDPR). The DPIA analyses the risks arising from the processing of personal data and establishes the controls that will be put in place by the EBA to mitigate the risks identified. A summary of this DPIA is published on the EBA’s website. The DPIA continues to be updated as the database is being set up.
The EBA will submit these draft RTS to the European Commission for approval. Once approved, the RTS will be directly applicable in all Member States. EuReCA will start to receive data in Q 1 2022.
Franca Rosa Congiu