Earlier this week the European group of national data protection authorities, collectively the Working Party 29 (“WP 29”), released a new opinion on data protection issues relating to the prevention of money laundering and terrorist financing.  The new paper features a slew of new recommendations from the WP 29 that are designed to enhance privacy and data protection in this area.  Among the most prominent of the recommendations are proposals to:

  • review the overarching framework of anti-money laundering and anti-terrorist financing laws at the EU and national levels to ensure compatibility with privacy rights and data protection; 
  • increase EU harmonisation of anti-money laundering and anti-terrorist financing laws, in part to enshrine the “purpose limitation principle” that stands behind data retention, protection and privacy laws; 
  • provide clearer and enhanced guidance for bodies involved in the collection and processing of personal data where terrorist financing or money-laundering issues are prominent; 
  • better balance “tipping off” rules to enhance compatibility with data protection; 
  • introduce “stress tests” for organisations that use BCRs; 
  • introduce “required benchmark” tests for adequacy findings for international transfers; and 
  • improve coordination between financial authority regulators, data protection authorities and financial intelligence units.

Although scant detail is given, the paper ends with a promise by WP 29 to “follow up” on the proposals.