06 May 2021
The European Banking Authority (EBA) launched today a public consultation on draft Regulatory Technical Standards (RTS) on a central database on anti-money laundering and countering the financing of terrorism (AML/CFT) in the EU. This database will be a key tool for the EBA’s recently enhanced mandate to lead, coordinate and monitor AML/CFT efforts in the European Union. The consultation runs until 17 June 2021.
The revised EBA Regulation that came into effect in January 2020 requires the EBA to establish and keep up to date a central database with information on AML/CFT weaknesses that competent authorities (CAs) across the EU have identified in respect of individual financial institutions. The database will also contain information on the measures competent authorities have taken to rectify those material AML/CFT weaknesses. Information from this database will be used by individual competent authorities and the EBA to make the fight against ML/TF in the EU more targeted and effective in the future.
The draft RTS proposed in this Consultation Paper specify the definition and the materiality of weaknesses identified by competent authorities, the type of information collected, and how such information will be communicated to the EBA. It also sets out how the EBA will analyse and disseminate the information contained in the AML/CFT central database.
Moreover, the draft RTS set out the rules to ensure the effectiveness of the database, the confidentiality of the data contained in the database, as well as how the database will interact with other notifications that competent authorities are required to provide to the EBA and the provisions to ensure the protection of personal data.
The AML/CFT central database will be a key tool in coordinating efforts to prevent and counter ML/TF in the Union. It will serve as an early warning tool to enable the competent authorities to act before the ML/TF risks crystalise and help them plan their on-site inspections and perform off-site monitoring.
The Consultation Paper is composed of the draft RTS as well as an Annex that sets out, firstly, the technical specifications with the data points that will be contained in the database and, secondly, the list of authorities that will be indirectly submitting to the AML/CFT database in accordance with article 13(7) of the draft RTS. As those technical specifications are not part of the draft RTS, the EBA is not required to consult on them but has decided to offer the respondents the possibility to provide comments also on those.
Comments to the draft Consultation Paper can be sent by clicking on the "send your comments" button on the EBA's consultation page. The deadline for the submission of comments is 17 June 2021.
All contributions received will be published following the close of the consultation, unless requested otherwise.
In parallel, the EBA is seeking the view of the European Data Protection Supervisor (EDPS) on these draft RTS, in accordance with Article 42(1) of the Regulation (EU) 2018/1725 (EUDPR). The response of the EDPS will be taken into consideration when the final report on this draft RTS will be developed.
Legal basis and background
The proposed RTSs have been developed in fulfillment of the mandates conferred on the EBA in Articles 9a(1) and (3) of the EBA Regulation. As part of the mandate to lead, coordinate and monitor AML/CFT in Europe, said Articles require the EBA to develop two RTSs to establish and keep up to date an AML/CFT central database. The mandate foresees for the AML/CFT central database to contain information on AML/CFT weaknesses that have been identified by competent authorities and on the measures taken by them in response to those material weaknesses. Given the complementary character of those RTS, the EBA has drafted them as a single instrument.
The EBA has performed a Data Protection Impact Assessment (DPIA) in accordance with Article 35 of Regulation (EU) 2018/1725 (EUDPR). The DPIA analyses the risks arising from the processing of personal data and establishes the controls that will be put in place by the EBA to mitigate the risks identified. A summary of this draft DPIA is published on the EBA’s website for full transparency alongside the Consultation Paper.