Information Exchange Between Administrative and Criminal Enforcement: The Case of the ECB and National Investigative Agencies


The banking system is often at the epicentre of large-scale financial crimes. Recent scandals involving major European credit institutions questioned the role of banking regulators in supporting law enforcement agencies and revealed the weakness of the current interaction between the European Central Bank (ECB) and national actors. Despite its ostensible coherence, the Single Supervisory Mechanism legal framework can prove problematic in terms of efficiency and adequacy in facing global financial crime. This article explores the specific case of information exchange between banking supervisors and criminal investigative authorities at national level. After a descriptive overview of the ECB reporting duties of potential criminal offences, we examine the possibility of a more coherent information exchange system, where a direct channel of communication between the ECB and criminal law enforcement agencies could serve as a better integrated strategy.

I. Information Exchange as a Tool for Better Law Enforcement

In recent years, the press has reported several fraudulent misconducts in which prestigious European credit institutions were involved. No alarm was sounded by the European or national regulators. Serious investigations led American regulators to impose high fines for these transnational offences, while European criminal justice systems constantly proved their inadequacy in facing global financial crime. Several factors contributed to this failure.1 Among them is the inefficiency of the current system of information exchange between financial and banking regulators and criminal investigative agencies.

This article explores the specific case of information exchange between banking supervisors and criminal justice agencies. The topic has been neglected in the literature and is particularly challenging.2 It implies the understanding of a highly complex matrix of normative and factual components. Several levels of analysis are involved: the interplay not only occurs between administrative and criminal enforcement level, but also calls into play multiple actors (European and national supervisors and investigating agencies), different targets (corporations and individuals), and different normative frameworks (European and national as implementation of European law, together with purely national law). Last but not least, several forces responding to various needs are pushing the European Union (hereinafter, the “EU”) to increase centralised law enforcement in certain areas of major “European crimes.” Recent reforms have radically changed financial crime strategies in Europe: the European Banking Authority has become a crucial actor in anti-money laundering and counter-terrorism financing enforcement (hereinafter, the “AML-CFT”),3 and the European Public Prosecutor’s Office – becoming operative in 2021 as the first centralised criminal enforcement body for the investigation and prosecution of Euro-fraud – will be a game changer.4

In this rapidly evolving context, the European Central Bank (hereinafter, the “ECB”) plays a special role as the main banking supervisory authority of the Eurozone.5 The establishment of the Single Supervisory Mechanism (hereinafter, the “SSM”) as the main pillar of the Banking Union puts the ECB at the very heart of prudential supervision for the Eurozone. Because of its role, the ECB collects crucial information related to every significant credit institution in this area. Since the risk-based approach is evolving as the main preventive strategy to keep the financial system from being affected by criminal conduct and to effectively investigate such conduct, it has become crucial to involve regulators in an effort to build up an integrated strategy at the continental level. Due to the current lack of a centralised criminal law enforcement body in the EU,6 the most common interactions occur between European and national supervisors dealing with criminal investigative authorities at national level.

Our analysis will start with the reporting duties of the ECB in cases in which data indicates potential criminal offences and will then explore the more general informational flow involving criminal agencies at the national level. Two additional paragraphs will focus on specific crimes, such as the so-called “Euro-fraud,” money laundering, and terrorism financing, for which dedicated channels involving specialised EU agencies are provided. We will conclude with some suggestions for future improvement.

II. The ECB’s Duty to Report Criminal Offences

What happens when the ECB acquires evidence of facts potentially giving rise to a criminal offence in carrying out its supervisory function? The SSM Framework Regulation (hereinafter, the “SSMFR”7) answers this question in Art. 136: when “the ECB has reason to suspect that a criminal offence may have been committed, it shall request the relevant national competent authority (hereinafter, “NCA”) to refer the matter to the appropriate authorities for investigation and possible criminal prosecution, in accordance with national law.” Several issues arise from this apparently straightforward provision.

First, we should note that no direct contact with criminal agencies is provided for by the European Regulation. The ECB, in the exercise of its regulatory powers, decided to impose the mediation of NCAs, instead of setting up a proper reporting channel with the authorities competent for criminal enforcement. There are very good arguments behind criticism of this choice: direct contact with national prosecutors would have made the exchange of information easier and perhaps enabled better coordination among the different enforcement tracks. However, we should consider that the lack of a previous harmonisation of criminal offences in this field implies that national law becomes the main and only normative reference by which to define the potential criminal offence. The involvement of NCAs would allow them to filter the data flow in the light of relevant national provisions.

Secondly, the wording of Art. 136 SSMFR seems to suggest that the duty to report criminal offences is only related to the facts discovered during the ECB’s supervisory activities. Here, the field seems to be limited to the common procedures or facts related to relevant banks over which the ECB has direct supervisory powers. It would nevertheless be hardly arguable to exclude the ECB’s duty to report potential crimes committed by less significant credit institutions, if they catch the attention of the ECB. The need for sincere cooperation, of course, imposes that this communication takes place, even in the absence of a duty on the part of the ECB.

A third remark concerns the type of crimes that trigger the ECB’s duty to report. In order to identify the current interplay between the SSM and criminal law, we should refer to traditional, pre-existing criminal offences and identify two relevant clusters of crime. The first concerns financial crimes, such as market abuse, money laundering,8 terrorism financing, and insider trading. Harmonisation of these crimes is well accomplished at the European level, and more is sure to come with the implementation of the Directive on the protection of the EU’s financial interests.9 Banks usually play a crucial role in all of these cases. Consequently, law enforcement agencies might need to collect relevant information from the regulators.

The second cluster concerns those crimes that protect fair banking as a Rechtsgut. We will refer to them as “banking supervision related offences.”10 The cluster includes the exercise of banking activities without prior authorisation and the false or incomplete disclosure of information to the supervisors.

Art. 136 SSMFR lacks any indication of this sort, clearly suggesting the will to leave the field open to any potential misconduct. These criminal offences are not necessarily strictly related to banking supervision. And the need for an administrative breach of prudential requirements is nowhere mentioned. Evidence of a potential crime might emerge as a purely accidental event. This would allow the supposition that even money laundering or terrorist financing – formally excluded from the competence of the SSM11 – is covered by this duty.

As for the legal basis upon which the ECB should determine the existence of a potential crime, the existing European legal framework on financial crimes could serve as such: in particular, money laundering, terrorist financing, market abuse, and insider trading as well as the crimes related to the protection of the European financial interests.12 For these criminal offences a partial harmonisation has already been achieved, and national legislations are at least forced to criminalise certain misconduct.

For crimes that have not yet been harmonised, the ECB cannot draw on any common European reference. In these cases, the above-mentioned incongruences between national systems might have a negative impact on the correct exercise of reporting duties. In the absence of a European reference, the criminal nature of the potential offence (detected during the course of supervisory tasks) is determined by national law. This can be deduced from the wording of the SSMFR, which indicates how reporting duties shall be exercised “in accordance with national law.”13 According to this interpretation, the reference would not only state what the national procedural rules for the correct exercise of the reporting duty are once the NCAs have received the ECB’s notice; it would first and foremost indicate the legal framework by which to determine how the facts discovered during supervision might involve a criminal offence.

Once the ECB reports to the NCAs, national rules on the transfer of information from the administrative to the criminal authorities apply.14 The ECB no longer has any duty, and it is up to the NCAs to transmit the information to criminal agencies and ensure follow-up of the case.

As has emerged from the comparative analysis, the picture at the national level is highly fragmented.15 In the majority of countries, the NCAs are under an obligation to report suspicion of a crime that emerged during their supervisory activity to the competent judicial authorities. In this case, the same duty shall apply to the facts reported by the ECB. Some other NCAs retain a margin of discretion as to whether to inform the judicial authorities.16 The consequences of such reporting might, however, differ according to the applicable national legislation.

The constant reference to national law reveals the need to define the domestic law that should be applied. The answer to this question depends on several crucial aspects. National law indeed determines the extent and level of constraint of reporting duties from the NCAs to the criminal enforcement agencies.

A first solution could be to rely on the nationality of the credit institution that allegedly committed the breach. In case of a corporation with branches in several countries – as is often the case with major banks ‒ this would not be the best option. Should the country in which the headquarters of the bank are located be selected as the relevant one? Reporting to criminal agencies located in a country other than the one where the facts of the case occurred would imply their inability to investigate for lack of jurisdiction. This cursory analysis reveals how distant the rationales of the different law enforcement systems are. Transnational banking crime is uncontrollable via traditional criminal law, where the competence to investigate and adjudicate is still almost entirely nationally based, with a few exceptions, such as the future European prosecutor for Euro-fraud.17

Therefore, it seems a better option to focus on the locus commissi delicti as the traditional principle by which to allocate criminal jurisdiction among different States. This might imply a discrepancy between the nationality of the bank and the location of the competent investigative authorities to whom the ECB shall report. Considering how transnational financial crime has spread in the last few decades, a multi-level reporting duty could be regarded as a good practice for the ECB by transferring information about a transnational criminal offence to all the NCAs of the countries potentially involved. It would then be up to the national authorities to coordinate the investigation and cooperation among themselves, both at administrative and criminal levels.

One could also go even further and suggest that the ECB use its regulatory power to modify Art. 136 SSMFR, adding the possibility to directly contact the national investigative authorities in criminal matters. This would not mean exclusion of the NCAs but rather inclusion of the prosecutors or other investigative agencies among those to whom the ECB may directly communicate. This clear reluctance to set up a direct channel of communication should be transformed into a more efficient communicating vessels system between the ECB and criminal enforcement agencies.

III. The ECB’s Duty to Disclose Information to Criminal Enforcement Agencies

The reluctance of the European supervisor to cooperate with criminal law enforcement appears even clearer in the opposite case, i.e., when the national authorities require the ECB to disclose information related to its prudential supervisory tasks in the context of an ongoing criminal investigation. The original regulatory framework neither addressed this issue, nor is there any general European framework applicable to these cases. In June 2016, the ECB adopted ECB Decision 2016/1162 on disclosure of confidential information in the context of criminal investigations,18 regulating the conditions for cooperation between the ECB and the national criminal investigation authorities. The aforementioned Decision ascertains that these conditions are largely determined by national law,19 but it stresses the need to protect “the general principles of sincere cooperation, the principles of cooperation in good faith and the obligation to exchange information within the SSM, the obligation to protect personal data and the obligation of professional secrecy.”20

The notion of information is broad. It includes all “information created or received in carrying out their supervisory tasks and responsibilities” and “confidential information related to monetary policy and other ESCB/Eurosystem-related tasks” as well as “information held by an NCA when assisting the ECB in the exercise of the ECB's tasks.”21 Conversely, there is no freedom for the NCAs to set up a more lenient communication scheme or avoid the strict rules of this Decision. All information collected is under the control of the ECB.

As for the concept of “confidential,” it refers to “information covered by data protection rules, by the obligation of professional secrecy, by the professional secrecy rules contained in Directive 2013/36/EU or documents classified as ‘ECB-CONFIDENTIAL’ or ‘ECB-SECRET’ under the ECB's confidentiality regime, and excluding any information concerning persons who have an employment relationship with the ECB or a direct or indirect contractual relationship with the ECB for the execution of works, the supply of products or the provision of services.”22 Information may be disclosed under the following conditions: if it is due to an expressed obligation under Union or national law or if it is admissible under the relevant legal framework and “there are no overriding reasons for refusing” to do so, such as “the need to safeguard the interests of the Union or to avoid any interference with the functioning and independence of the ECB, in particular by jeopardising the accomplishment of its tasks.”23

In these cases, the competent NCA “commits to acting on behalf of the ECB in responding to such a request” and “commits to asking the requesting national criminal investigation authority to guarantee the protection from public disclosure of the confidential information provided.”24

The Decision indeed stresses on several occasions that the ECB will have no direct contact with national authorities: both the request to the ECB and the answer to the national investigative authorities should be channelled via the NCAs.

The reporting obligations deriving from Decision 2016/1162 appear inconsistent with the ECB’s reporting obligations deriving from Art. 9(1) SSMR, according to which the SSM shall have all the powers and obligations that the competent and designated authorities shall have under the relevant Union law, unless otherwise provided for by the SSM Regulation. This latter consideration shows how unavoidable the clash between European confidentiality and national rules imposing the duty on national supervisors to cooperate with criminal investigative authorities seems. In several Member States, regulators must cooperate with national prosecutors and disclose information. A breach of this duty – refusal to cooperate or incomplete disclosure of relevant information – constitutes a criminal offence.25

This clash between conflicting duties is even more problematic if the request by the investigative authorities concerns confidential information that is at the disposal of the NCAs. This might be confidential information about the supervisory tasks of the ECB or related to the supervisory powers of the NCAs when less significant credit institutions are concerned. In these cases, Decision 2016/1162 strongly suggests that the NCAs – to use a euphemism26 – “consult the ECB, where possible, on how to respond to the request” in order for the latter “to advise as to whether the information in question may be disclosed.”27 When the confidential information is related to the ECB’s supervisory tasks, the disclosure can be denied “where there are overriding reasons relating to the need to safeguard the interests of the Union or to avoid any interference with the functioning and independence of the ECB for refusing to disclose the confidential information concerned.”28 When it concerns national supervisory powers, the ECB shall be informed “where that NCA considers that the information requested is material, or that disclosure thereof has the potential to adversely affect the reputation of the SSM.”29 The equivalent position of the SSM and the NCAs (including a duty to report suspicion of crime to judicial authorities, if so provided at the national level), ensured by Art. 9 SSMR, is contradicted by Decision 2016/1162, which leaves a questionable discretion to the ECB.30

Data on concrete enforcement of these rules are unfortunately not available, for obvious reasons of confidentiality. These rules are nevertheless a clear indicator of the banking regulators’ tormented relationship with the criminal enforcement agencies. They also show lack of trust toward those who should be in the frontline in the fight against economic crime, i.e., prosecutors and judges.

From the point of view of national prosecutors, the procedure by which to request confidential information without being able to address a request directly to the ECB might be puzzling, especially in transnational cases. For the investigative authorities, modern financial crimes often entail the need to collect confidential information held by a foreign credit institution from a regulator located in a different country. Usually, this would imply the use of mutual legal assistance tools, such as a letter rogatory or, more recently, the issuing of a European investigation order, at least in the vast majority of the Eurozone countries. What happens when such a need involves information held by the ECB? Should the prosecutor address it to its national competent authority, even though the latter is not the SSM ‘NCA’ of the relevant credit institution in the light of the SSMR? Or should the prosecutor address the request to the foreign colleagues via the above-mentioned tools of judicial cooperation, asking them to turn to their NCA? And if this were the case, which country is relevant? That of the credit institution or that in which the confidential information is located?

Lastly, the current legal framework does not provide for any form of communication from national criminal enforcement to the ECB. This lacuna prevents the latter from using that information productively in order to adopt supervisory measures that could prevent further damages. A better enforcement strategy aiming at the eradication of financial crime would seem to suggest more efficient coordination and cooperation among enforcement agencies, built on mutual trust and common values in terms of confidentiality and secrecy.

IV. The ECB and “Euro-fraud”: Disclosing Information to OLAF and the Future of a Horizontal Multi-Regulatory Enforcement

The duty of the ECB to report criminal activities to the competent authorities also has a European horizontal dimension. The reference applies to the duty to disclose relevant information and to cooperate with the European Anti-Fraud Office (hereinafter, “OLAF”) when it comes to the protection of the EU’s financial interests. OLAF is the European administrative agency in charge of conducting administrative investigations into fraud (so-called “internal investigations”) within the institutions, bodies, offices, and agencies of the EU for the purpose of fighting fraud, corruption, and any other illegal activity affecting the financial interests of the Union. OLAF investigations might lead to disciplinary sanctions or, in the most serious cases, to criminal proceedings before national authorities to whom OLAF might report the breach.

In general terms, every institution, body, office, or agency of the EU shall adopt adequate rules in order to impose on its personnel a duty to cooperate and supply information to OLAF while ensuring the confidentiality of the internal investigation.

Due to sensitiveness of the data collected in the exercise of its tasks, being it monetary policy or prudential supervision, the ECB has an intricate legal framework on confidentiality and professional secrecy.31 It was thus clear that the ECB, as an institution of the Union, could not avoid cooperation with OLAF and that this cooperation would need a specific legal framework. To this end, the ECB adopted Decision 2016/456 concerning the terms and conditions for the European Anti-Fraud Office’s investigations of the ECB in relation to the prevention of fraud, corruption, and any other illegal activities affecting the financial interests of the Union.32 This Decision applies to the members of joint supervisory teams and on-site inspection teams that are not subject to the ECB’s conditions of employment. It also covers the staff members of national competent authorities who are members of joint supervisory teams and on-site inspection teams.

According to Decision 2016/456, the ECB has the duty to “cooperate with and supply information to the Office, while ensuring the confidentiality of an internal investigation.”33

The duty to cooperate is nevertheless not limited to internal investigations; rather, it covers so-called external investigations, the ones where suspicion of possible cases of fraud, corruption, or other illegal activity affecting the Union’s financial interests emerges. The ECB’s employees shall first inform their directs supervisors, then consult the management hierarchy up to the members of the Executive Board or the President, if necessary. The latter shall transmit the information to OLAF without delay.

A specific procedure applies when the hierarchical reporting proves to be problematic in the sense that it might compromise the correctness of the reporting, in which case the employee can transmit the information directly to OLAF.34 As a form of protection, the persons involved may in no way suffer inequitable or discriminatory treatment as a result of having communicated the information to their direct supervisor or directly to OLAF.35

A few restrictions are provided for when it comes to the communication of sensitive information, i.e., data that “could seriously undermine the ECB’s functioning.” In these cases, the decision on whether to grant OLAF access to such information or to transmit such information to OLAF shall be taken by the ECB Executive Board.36 The decision not to grant access should, where relevant, include the NCAs and state the reasons for the refusal. The ban has a time limit of six months.

In terms of its substantive impact, the present decision is limited in its scope to fraud, corruption, and any other illegal activities affecting the financial interests of the Union. It implies for the ECB the duty to register potential breaches affecting the EU budget. In order to understand the material scope, it has to be read in conjunction with the Directive on the protection of the EU’s financial interests,37 where a list of criminal offences presenting a direct link with the EU budget is provided for. This Directive represents the legal basis by which to determine the competence ratione materiae of the future European Public Prosecutor. In this light, it indicates that, in the future, the ECB will have a horizontal duty to report to a European centralised agency dealing with criminal matters. The duty will be twofold: first, via the reports to OLAF and secondly, via the duty to transmit to the future EPPO every criminal offence for which the latter might be competent, according to Regulation 2017/193938 and the 2018 Commission proposal on the revision of the OLAF Regulation39.

V. Toward an Enhanced Cooperation: The Exchange of Information on Money Laundering and Terrorist Financing

In recent years, several systemic banks, supervised by the ECB, were involved in huge money laundering scandals.40 These events brought into question the role of the ECB in supporting anti-money laundering enforcement agencies. Traditionally reluctant to enter the arena of anti-money laundering enforcement, the ECB was nevertheless lacking a specific competence. At the time, compliance with and enforcement of AML legislation was indeed entirely a national competence. Only the recent reform of December 2019 conferred to the European Banking Authority additional coordination powers and – embryonal – enforcement tools in the AML-CTF field.41

However, the need for a better cooperation has become clear over the past years. As Danièle Nouy confirmed in 2018, “a more European approach to combatting money laundering should be considered, for example, through enhanced cooperation and exchanges of information between supervisory and AML authorities.”42 Thanks to the amendments to the AML Directive that entered into force in 2018, the Multilateral Agreement (hereinafter, the “Agreement”) between the ECB and the AML competent authorities (CAs) was signed in January 2019, indicating the practical modalities for the exchange of information in the area of prevention of misuse of financial systems for the purpose of money laundering and terrorist financing.43

The first remarkable step toward a more effective cooperation is that the Agreement refers to a dialogue between the ECB and the CAs: “The exchange of information shall take place between the CAs and the ECB, on request or on their own initiative.” The exchange is, however, not limited to the duty to answer specific requests; still, it includes autonomous input from one agency to the other.

Several types of information might be “exchanged.” When the request comes from the ECB to the CAs, it might refer to “information, which is gathered or created by the CA in the exercise of its AML/CFT functions, that is relevant and necessary for the exercise of the ECB’s tasks under the SSM Regulation, including prudential supervision on a consolidated basis.”44 It may include AML/CFT sanctions or measures imposed on supervised entities and other information gathered from AML/CFT reports received in line with Art. 61(1) of the AMLD and related to material weaknesses in the supervised entity’s AML/CFT governance, systems, and controls framework or its exposure to significant AML/CFT risks.45

The national CAs are, in principle, obliged to transmit this information to the ECB when the latter requests it. They can also act on their own initiative, providing “any other information, which they deem to be relevant and necessary for the exercise of the ECB’s tasks.”46

As for the opposite, CAs “may submit a request to the ECB for information gathered or created by the ECB in the exercise of its direct supervisory tasks under the SSM Regulation that is relevant and necessary for the performance of their tasks in the area of AML/CFT supervision.”47 Such a request may include information on sanctions or measures imposed on supervised entities by the ECB for shortcomings in their internal governance arrangements or notifications connected with the exercise of the freedom of establishment and the freedom to provide services or received by the ECB as part of breach reports. This list is not exhaustive: CAs can ask for any information collected by the ECB on “business model and governance arrangements gathered during the authorisation process or other information related to AML/CFT gathered for the purposes of the assessment of acquisitions of qualifying holdings and suitability of members of management bodies of the supervised entities.”48

The ECB should, in principle, transmit this information upon request or on its own initiative. The only limitation to this duty to cooperate is the respect for national and supranational legality. Both the ECB and the CAs can decline a request for information if (a) the request does not conform with the Agreement or the applicable laws or (b) fulfilling the request would require the office “to act in a manner that would violate any applicable laws.”49 The Multilateral Agreement indicates the need for all parties to keep the information received “confidential as required by applicable laws, and use or disclose it only as permitted by applicable laws” and to act in compliance with data protection laws.50

The described mechanism represents the most advanced model of information exchange between the ECB and national authorities in relation to a criminal offence. The possibility for both participants to act on their own initiative should be welcomed as a positive improvement in the field of inter-agency enforcement mechanisms. Nevertheless, the information flow, as described in the Multilateral Agreement, does not necessarily imply a direct contact between the banking regulator and criminal enforcement: the Agreement is intended to channel the flow to the CAs, i.e., “the authority or authorities designated as the competent authorities for supervising and ensuring supervised entities’ compliance with the requirements of AMLD.”51 These authorities may have different statutes and powers according to the specific context of the Member State.

VI. Some Suggestions for the Future

The endeavour to tackle financial crime as an EU priority requires rethinking traditional relations between financial regulation and criminal policies. It implies an innovative regulatory framework in which administrative and criminal enforcement actors are called on to cooperate at different levels.52 Major steps would require structural changes in the current EU enforcement network, such as the introduction of specific authorities in the field of AML/CTF53 or the expansion of the EPPO’s competences. Pragmatism and Realpolitik suggest the lowering of our expectations and the adoption of a more cautious approach: what can be done to improve the information exchange among the different authorities?

First, setting up a direct channel of communication between the ECB and criminal law enforcement would be extremely beneficial. Member States of the Eurozone – or even the non-Eurozone – could be asked to nominate one of their agencies as the contact point for the ECB, which would be entitled to receive information and requests for information and transmit them to the law enforcement offices in charge. This network of national competent authorities already exists in the field of AML/CTF. It would also be possible to involve pre-existing coordination agencies in the field of criminal justice, such as Eurojust, whose core mission is to build up synergies to fight supranational crime. This would not mean diminishing the role of national banking supervisors, but rather conferring a European dimension to the potential criminal investigation, involving the competent agencies directly, bypassing potential national bias.

Second, it would be preferable to read Art. 136 SSMFR as a real duty to report criminal offences to the competent authorities using the aforementioned network. A more developed risk management could be extremely beneficial for crime prevention and repression, and regulators are the best placed to detect suspicious operations. This privileged position can also serve the purpose of criminal justice, without being detrimental to the core mission of the ECB. The duty to report a potential criminal offence, as provided for by Art. 136 SSMFR, could be improved and include both national supervisors and prosecutors of financial intelligence units already existing in several Member States.54

Third, in a more advanced, integrated strategy, composite investigative units, in which financial crime experts might cooperate directly with financial and banking regulators, could be extremely beneficial and avoid information asymmetries. Synergies in terms of knowledge, skills, and good practices develop when people with different expertise cooperate.

There is no doubt that these proposals require time and some political bravery. They also imply the necessity for several adjustments to rules of investigation and to defence rights – to name but a few: access to the file, the right to silence, and the duty to disclose self-incriminating reports. Good results are sure to come about if there is consensus among all actors to cooperate according to the European principles of loyal cooperation, good faith, and data protection.

  1. See E. Herlin-Karnel, “Constructing Europe’s Area of Freedom, Security, and Justice through the Framework of “Regulation”: A Cascade of Market-Based Challenges in the EU’s Fight against Financial Crime”, (2015) 16(1) German Law Journal, 49 ff.; J. Vervaele and M. Luchtman, “Enforcing the Market Abuse Regime: Towards an Integrated Model of Criminal and Administrative Law Enforcement in the European Union?”, (2014) 5 New J. Eur. Crim. Law, 192-220, 194.↩︎

  2. On the complexity of inter-agency cooperation among criminal enforcement in the EU, see A. Weyembergh, I. Armada and C. Brière, The Inter-agency Cooperation and Future Architecture of the EU Criminal Justice and Law Enforcement Area, Study for the LIBE Committee, November 2014.↩︎

  3. See EBA Regulation (EU) No 1093/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Banking Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/78/EC, as amended by Regulation (EU) 2019/2175 of the European Parliament and of the Council of 18 December 2019.↩︎

  4. Directorate-General for Internal Policies, ‘Towards a European Public Prosecutor’s Office (EPPO) (European Union, 2016): <> accessed 25 July 2020.↩︎

  5. The Single Supervisory Mechanism was introduced by Council Regulation (EU) No 1024/2013 of 15 October 2013 conferring specific tasks on the European Central Bank concerning policies relating to the prudential supervision of credit institutions (hereinafter, the “SSMR”). The SSMR was completed by Regulation (EU) No 468/2014 of the ECB of 16 April 2014 establishing the framework for cooperation within the Single Supervisory Mechanism between the European Central Bank and national competent authorities and with national designated authorities (SSM Framework Regulation – hereinafter, the “SSMFR”).↩︎

  6. The EPPO is currently limited in scope and territorial jurisdiction; today, there are twenty-two participating Member States. See: European Commission, ‘European Public Prosecutor’s Office, <> accessed 25 July 2020.↩︎

  7. See supra (n. 4).↩︎

  8. Money laundering represents a special case, analysed in section V. The drafters of the SSMR felt the need to mention money laundering in order to exclude any competence of the SSM in this field. According to Recital 26 SSMR, “the prevention of the use of the financial system for the purpose of money laundering and terrorist financing is not a supervisory task conferred to the ECB.” It is fixedly in the hands of national authorities. Nevertheless, Recital 27 SSMR affirms that “the ECB should cooperate, as appropriate, fully with the national authorities which are competent to ensure a high level of consumer protection and the fight against money laundering.”↩︎

  9. Directive (EU) 2017/1371 of the European Parliament and of the Council of 5 July 2017 on the fight against fraud to the Union financial interests by means of criminal law, O.J. L 198, 28.7.2017, 29. See section IV on the exchange of information between the ECB and OLAF.↩︎

  10. See G. Lasagni and I. Rodopoulos, “Comparative Study”, in S. Allegrezza (ed.), The Enforcement Dimension of the Single Supervisory Mechanism ‒ The Interplay Between Administrative and Criminal Law, CEDAM 2019, pp. 575-613.↩︎

  11. See Recitals 28-29 SSMR.↩︎

  12. See infra, para. 13.↩︎

  13. Art. 136 SSMFR.↩︎

  14. For a wider analysis of this issue, see M. Simonato, M. Luchtman and J. Vervaele (eds.), Exchange of information with EU and national enforcement authoritiesImproving OLAF legislative framework through a comparison with other EU authorities (ECN/ESMA/ECB) (Utrecht University/RENFORCE, March 2018) <> accessed 25 July 2020.↩︎

  15. See G. Lasagni and I. Rodopoulos, Comparative Study, op. cit. (n. 10), p. 621.↩︎

  16. Specific references in national reports (Part II).↩︎

  17. See section IV.↩︎

  18. ECB Decision 2016/1162 of 30 June 2016 on disclosure of confidential information in the context of criminal investigations (ECB/2016/19).↩︎

  19. ECB Decision 2016/1162, op. cit. (n. 18), Recital 3.↩︎

  20. ECB Decision 2016/1162, op. cit. (n. 18), Recital 3.↩︎

  21. ECB Decision 2016/1162, op. cit. (n. 18), Recitals 1 and 4.↩︎

  22. ECB Decision 2016/1162, op. cit. (n. 18), Art. 1(a).↩︎

  23. ECB Decision 2016/1162, op. cit. (n. 18), Art. 1(a).↩︎

  24. ECB Decision 2016/1162, op. cit. (n. 18), Art. 2(1).↩︎

  25. See G. Lasagni and I. Rodopoulos, “Comparative Study”, op. cit. (n. 10), p. 632.↩︎

  26. The wording is: “the ECB shall request the NCAs and NCBs to agree to consult” or “to inform the ECB” of the national request, ECB Decision 2016/1162, op. cit. (n.18), Art. 3(1)(2).↩︎

  27. ECB Decision 2016/1162, op. cit. (n. 18), Art. 3(1).↩︎

  28. ECB Decision 2016/1162, op. cit. (n. 18), Art. 3(1).↩︎

  29. ECB Decision 2016/1162, op. cit. (n. 18), Art. 3(2).↩︎

  30. G. Lasagni, Banking Supervision and Criminal Investigation. Comparing the EU and US Experience, Springer 2019, p. 221.↩︎

  31. As stated in the Preamble to Decision 2016/456. The ECB’s professional duties and obligations, in particular the obligations relating to professional conduct and professional secrecy, are laid down in (a) the Conditions of Employment for Staff of the European Central Bank, (b) the European Central Bank Staff Rules, (c) Annex IIb to the Conditions of Employment concerning the Conditions of Short-Term Employment, and (d) the European Central Bank Rules for Short-Term Employment, and further guidance is given in (e) the Code of Conduct for the members of the Governing Council (2), (f) the Supplementary Code of Ethics Criteria for the members of the Executive Board of the European Central Bank (3), and (g) the Code of Conduct for the members of the Supervisory Board of the European Central Bank (4) (together, hereinafter, referred to as the “ECB conditions of employment”).↩︎

  32. Decision (EU) 2016/456 of the European Central Bank of 4 March 2016 concerning the terms and conditions for European Anti-Fraud Office investigations of the European Central Bank, in relation to the prevention of fraud, corruption and any other illegal activities affecting the financial interests of the Union (ECB/2016/3).↩︎

  33. Art. 2 Decision (EU) 2016/456, op. cit. (n. 32). On OLAF’s internal and external investigations, see V. Covolo, L’emergence d’un droit penal en reseau, Nomos, 2015.↩︎

  34. Art. 3(4) Decision (EU) 2016/456, op. cit. (n. 32).↩︎

  35. Art. 3(1) Decision (EU) 2016/456, op. cit. (n. 32).↩︎

  36. Art. 4(1) Decision (EU) 2016/456, op. cit. (n. 32) defines the concept of sensitive information as follows: “information concerning monetary policy decisions, or operations related to the management of foreign reserves and interventions on foreign exchange markets, provided that such information is less than one year old; information concerning the tasks conferred upon the ECB by Regulation (EU) No 1024/2013; data received by the ECB from the national competent authorities regarding the stability of the financial system or individual credit institutions; and information concerning the euro banknotes' security features and technical specifications.”↩︎

  37. Supra n. 9.↩︎

  38. Council Regulation (EU) 2017/1939 of 12 October 2017 implementing enhanced cooperation on the establishment of the European Public Prosecutor’s Office (‘the EPPO’), O.J. L 283, /31.10.2017, 1.↩︎

  39. Proposal for a Regulation of the European Parliament and of the Council amending Regulation (EU, Euratom) No 883/2013 concerning investigations conducted by the European Anti-Fraud Office (OLAF) as regards cooperation with the European Public Prosecutor’s Office and the effectiveness of OLAF investigations. For the latest developments, see the European Anti-Fraud Office, “OLAF Regulation” <> accessed 25 July 2020.↩︎

  40. See, in particular, the ABLV Bank scandal, in which the credit institution was sanctioned by American regulators for several money laundering incidents. Members of the EU Parliament raised questions regarding the ECB’s role in the information exchange between the detection of money laundering risks and the integration of those risks in prudential supervision; see the answer Danièle Nouy, Chair of the ECB Supervisory Board, gave to Sven Giegold, Member of the European Parliament, of 3 May, 2018 at <> accessed 25 July 2020.↩︎

  41. See n. 3.↩︎

  42. Ibidem.↩︎

  43. Art. 57a(2) AMLD requires the ECB and the competent authorities to conclude, with the support of the European supervisory authorities, an agreement on the practical modalities for the exchange of information.↩︎

  44. Information might be “relevant and necessary for the purposes of the assessment of acquisitions of qualifying holdings, the authorisation of supervised entities, notifications connected with the exercise of the freedom of establishment and the freedom to provide services and the assessment of the suitability of members of management bodies of the supervised entities” (Art. 3(2)(a) of the Multilateral Agreement).↩︎

  45. Art. 3(2) of the Multilateral Agreement.↩︎

  46. Art. 3(3) of the Multilateral Agreement.↩︎

  47. Art. 3(4) of the Multilateral Agreement.↩︎

  48. Art. 3(5) of the Multilateral Agreement.↩︎

  49. Art. 6(3) of the Multilateral Agreement.↩︎

  50. Art. 7 of the Multilateral Agreement.↩︎

  51. Art. 2(f) of the Multilateral Agreement.↩︎

  52. E. Herlin-Karnell, (2015) German Law Journal, op. cit. (n. 1).↩︎

  53. As suggested by Danièle Nouy in her Letter (see above n. 40): “As anti-money laundering concerns both the supervisory and criminal/judicial spheres (…) establishing a European AML authority could bring about such a degree of improved cooperation.”↩︎

  54. See G. Lasagni and I. Rodopoulos, “Comparative Study”, op. cit. (n. 10), p. 623.↩︎


Prof. Dr. Silvia Allegrezza

University of Luxembourg

Faculty of Law, Economics and Finance

Associate professor in Criminal Law and director of the Master in European Economic and Financial Criminal Law

Parts of this essay have already been published in S. Allegrezza, The Single Supervisory Mechanism: Institutional Design, Punitive Powers and the Interplay with Criminal Law, in Ead., The Enforcement Dimension of the Single Supervisory Mechanism, Kluwer, 2020, 3-48.