The European Parliament and the Council adopted new legislation that improves the access of law enforcement authorities to financial information. Directive (EU) 2019/1153 “laying down rules facilitating the use of financial and other information for the prevention, detection, investigation or prosecution of certain criminal offences, and repealing Council Decision 2000/642/JHA” was published in the Official Journal L 186 of 11 July 2019, p. 122. The Commission initiated the Directive in April 2018 (for the proposal, see eucrim 1/2018, pp. 13-14).

While the EU has built up a robust anti-money laundering framework (providing for several obligations on the part of private entities), rules to date do not set out the precise conditions under which national authorities can use financial information for the prevention, detection, investigation or prosecution of certain criminal offences. In particular, the EU wants to give national authorities direct access to bank account information contained in national centralised bank account registries, which all Member States must set up under the 4th and 5th AML Directives.

Against this background, the Directive pursues several aims:

• To facilitate access to and the use of financial information and bank account information by competent law enforcement authorities, including Asset Recovery Offices and anti-corruption authorities;
• To facilitate access to law enforcement information by Financial Intelligence Units (FIUs) for the prevention and combating of money laundering, associate predicate offences, and terrorist financing;
• To facilitate cooperation between FIUs;
• To ensure information exchange with Europol.

As a result, the new Directive entails the following obligations for the EU Member States:

• To designate which competent authorities can have direct and immediate access to bank account information for the prevention, detection, investigation or prosecution of certain criminal offences, and which authorities can request information or analysis from the FIUs;
• To ensure that FIUs are required to cooperate with the competent authorities and are able to reply to requests for financial information or analysis from those authorities in a timely manner;
• To ensure that the designated competent authorities reply to requests for law enforcement information from the national FIU in a timely manner;
• To ensure that FIUs from different Member States are entitled to exchange information in exceptional and urgent cases related to terrorism or organised crime associated with terrorism;
• To ensure that the competent authorities and the FIUs are entitled to reply (either directly or through the Europol national unit) to duly justified requests related to bank account and financial information made by Europol.

Beyond the EU’s general data protection framework (in particular, Directive 2015/680), the Directive provides for specific and additional safeguards and conditions for ensuring the protection of personal data, e.g., as regards the processing of sensitive personal data and the records of information requests.

EU Member States must now implement the Directive into their national laws by 1 August 2021.