Limited room for joint transaction monitoring (Action Plan on Money Laundering)

On 21 October, the Minister of Finance introduced the bill that implements parts of the Action Plan on Money Laundering (the Bill). The Bill includes some measures from a 2019 Cabinet plan to make the approach to money laundering more effective. These amendments lead to an amendment of the Money Laundering and Terrorist Financing (Prevention) Act (Wet ter voorkoming van witwassen en financieren van terrorisme, Wwft) and the Economic Offences Act.

 Briefly, the Bill can be divided into the following four parts:

1. A prohibition for professional or business traders in goods to conduct transactions above EUR 3,000 in cash;
2. Enabling data sharing between institutions belonging to the same category in the context of customer due diligence when there is a higher risk of money laundering or terrorist financing – how this should be implemented is still up for debate;
3. Enable joint monitoring of transactions for banks; and
4. Clarifying the use of special categories of personal data and personal data of a criminal nature in the context of obligations under the Wwft.

The key element concerns an amendment to the Wwft to enable joint transaction monitoring. The Bill allows banks to outsource transaction monitoring to a “joint facility”. This is a separate vehicle that banks can set-up or in which they can participate. However, this outsourcing can only see on the generation of alerts. The follow-up to these alerts cannot be outsourced. This means that the banks still have to (i) investigate whether the transaction is unusual, (ii) assess whether mitigating measures are necessary and (iii) report an unusual transaction to the FIU. Other institutions that fall within the scope of the Wwft, including payment institutions, investment firms and investment funds, cannot use this form of outsourcing. Article 10(1) Wwft (new) still states that Wwft institutions – excluding banks – are in principle not allowed to outsource the ongoing monitoring of the business relationship (including transaction monitoring) to a third party. This is remarkable because the Explanatory Memorandum to the Bill notes explicitly that EU regulations leave room for this form of outsourcing (thus also for non-banks).

The initial proposal was criticized by the Council of State because of tension between the sharing of data for joint transaction monitoring and privacy protection. In the amended bill and explanatory memorandum, this has been addressed by paying more attention to the necessity, effectiveness and proportionality of sharing personal data. The House of Representatives will now consider this Bill. The effectiveness will be evaluated four years after the law enters into force in cooperation with FIU, the Dutch Central Bank and the Personal Data Authority, among others.