The Partnership for Information Sharing – the new EU way to keep up with money launderers and terrorism funders (part 1)

One of the most interesting structures introduced by the Regulation (EU) 2024/1624 (hereinafter AMLR) is the “partnership for information sharing” (hereinafter PFIS). For those familiar with the current EU law, i.e. with the Directive (EU) 2015/849 amended by the Directive (EU) 2018/843 (hereinafter AMLD4/5), this is not the limited right of disclosure within “a larger structure to which the person belongs and which shares common ownership, management or compliance control” (art. 39 (4) AMLD4/5) or “within the group, unless otherwise instructed by the FIU” (art. 45 (8) AMLD4/5). Neither it is the exchange of information in between competent authorities from the member states or from third countries as covered by art. 57a AMLD4/5. The PFIS is a totally new – at least for the EU - construction.

?

Although the origins of it can be found esp. in the US regulatory system (section 314(b) of the Patriot Act) [see John Cusack “EU Article 75 – Pan EU information sharing is coming, but will it be enough?”, Financial Crime News, May 10, 2024, https://thefinancialcrimenews.com/eu-article-75-pan-eu-information-sharing-is-coming-but-will-it-be-enough/] the EU approach is substantially different “which doesn’t have the advantages of the broad US market approach or the State led approach preferred in Singapore, and instead has decided to chart a middle course which provides for a more complex process through which some information sharing is possible, but to be done, will need supervisors to support all initiatives as they are mandated as the agency which is authorised to pre approve “partnerships” and in so doing to be satisfied with the arrangements put in place including the data protection arrangements, with supervisors expected to also consult with data protection agencies and where SAR’s are proposed to be exchanged also with FIU’s” [John Cusack, Ibidem].

?

What is PFIS?

?

PFIS has been defined in art. 2 (Definitions) (1) (57) of AMLR as:

‘partnership for information sharing’ means a mechanism that enables the sharing and processing of information between obliged entities and, where applicable, competent authorities referred to in point 44(a), (b) and (c), for the purposes of preventing and combating money laundering, its predicate offences and terrorist financing, whether at national level or on a cross-border basis, and regardless of the form of that partnership.

It is a “mechanism” not an entity or body, so there should be possible to implement it in multiple instances. Thereby multiple PFIS are possible.

The particular legal form of such partnership is not important, provided it can be properly considered a partnership.

?

PFIS Membership

?

Although it seems there are no group-only limits nor just competent authorities-only limits, the scope of potential exchangers of information is definitely limited. These can only be:

• obliged entities (hereinafter OE) and, but only “where applicable”, “competent authorities” such like:
• “a Financial Intelligence Unit (FIU)” (art. 2 (1) (44a) AMLR);
• “a supervisory authority” (art. 2 (1) (44b) AMLR); This, in turn, is defined in art. 2 (1) (46) AMLR as “a supervisor who is a public body, or the public authority overseeing self-regulatory bodies in their performance of supervisory functions pursuant to Article 37 of the Directive (EU) 2024/1640 (hereinafter AMLD6), or AMLA when acting as a supervisor”, whereas “supervisor” has been defined in art. 2 (1) (45) of AMLR as “the body entrusted with responsibilities aimed at ensuring compliance by obliged entities with the requirements of AMLR, including AMLA when performing the tasks entrusted to it in Article 5(2) of the Regulation (EU) 2024/1620 (hereinafter AMLAR)”;
• “a public authority that has the function of investigating or prosecuting money laundering, its predicate offences or terrorist financing, or that has the function of tracing, seizing or freezing and confiscating criminal assets” (art. 2 (1) (44c) AMLR).

?

This is definitely closed community, supposedly additionally strictly limited in each case of the mechanism’s application, since the actual community with which some information could be shared may be further restricted by the purposes of the particular information sharing. Here, only “the purposes of preventing and combating money laundering, its predicate offences and terrorist financing” should be acceptable. No other purpose could justify the usage of PFIS. Thereby, it may be justified for the EO A to share the particular information with entities B and C being members of the PFIS to which A belongs, but not necessarily with entities D and E belonging to the same PFIS…

?

Sharing Information Within PFIS

?

Although the definition informs that the information could only be shared “between” so by a single entity (actually by an OE) and another participant of the PFIS, it will turn out this is not exactly the case, because we learn from art. 75 (1) of AMLR that “members of partnerships (plural – sic! my comment, GH) for information sharing may share information among each other (…)”. So the information could be shared more widely. It could be then shared not only with several different PFIS participants at the same time but also, if the sharing EO belonged to e.g. two different PFISes, the information could be shared with several different participants of both PFIS – if justified by the purposes mentioned above.

The definition seems also to suggest that the PFIS could be established at national level or on a cross-border basis, making it therefore not only a national but potentially also the pan-EU mechanism. By the way, it seems the true purpose of the establishment of PFIS since the whole new EU AML regulatory package is intended to strengthen the pan-EU AML, CFT and anti-proliferation financing practices.

?

So far as the definition is concerned. But this definitely not all. The heart of the PFIS lies in art. 75 of AMLR.

?

The General Purposes of Information Sharing

?

Art. 75, entitled “Exchange of information in the framework of partnerships for information sharing” is, at the same time, the whole Chapter VI of the Regulation, entitled boldly “Information Sharing”.

Actually, the purposes of information sharing are additionally specified in art. 75 (1) of AMLR. The information may be shared “where strictly necessary for the purposes of complying with the obligations under Chapter III and Article 69”. What are these purposes, then?

Obviously, we may suppose what the ‘true’ (or ‘ultimate’) purpose of information sharing in PFIS is. Is that a single, common purpose of “the obligations under Chapter III and Article 69” or both of their purposes considered separately? As there seems to be no further suggestion regarding that matter in the provision, let’s treat the two separately.

Chapter III of AMLR is entitled “Customer Due Diligence” so we may assume that fulfillment of the CDD – and we must remember that the so-called “continuous KYC” in cases of business relationships as well as CDD in case of an occasional transaction are both parts of the CDD – can be considered as justification for the PFIS information sharing, assuming it is “strictly necessary” (there is no other reasonable way to fulfill it?).

Article 69 of AMLR, in contrast, is of another nature, and it refers to “Reporting of suspicions”.

It deserves to be noted that reporting suspicions regarding, among others, criminal activity or proceeds of criminal activity to FIU is possible on the grounds of art. 69 (1) of AMLR. This is not, however, reporting anything directly to the law enforcement authorities.

?

Coordinating the Submission of SAR/STR

?

Within art. 69 we can locate the direct reference to PFIS. Art. 69 (8) reads:

“Where the activities of a partnership for information sharing result in the knowledge, suspicion or reasonable grounds to suspect that funds, regardless of the amount involved, are the proceeds of criminal activity or are related to terrorist financing, obliged entities which identified suspicions in relation to the activities of their customers may designate one among them which shall be tasked with the submission of a report to the FIU pursuant to paragraph 1, point (a). Such submission shall include at least the name and contact details of all the obliged entities that participated in the activities giving rise to the report.

Where the obliged entities referred to in the first subparagraph are established in several Member States, the information shall be reported to each relevant FIU. To that end, obliged entities shall ensure that the report is submitted by an obliged entity within the territory of the Member States where the FIU is located.

Where the obliged entities decide not to avail themselves of the possibility to submit a single report with the FIU pursuant to the first subparagraph, they shall include a reference in their reports to the fact that the suspicion is the result of the activities of a partnership for information sharing.”

Here, it seems, we can identify the purpose of the legislators: creating the coordinated, and if necessary, also internationally spread approach (we must remember FIUs will be still competent only locally, i.e. within the territory of each particular Member State) to a suspicious activity or transaction. So, if, during the exchange of information within a PFIS, the OEs happen to notice that the activities of “their customers” (I assume the same customers do not have to be shared, it could be a customer of just one of them but its suspicious activity somehow affects all of the OEs?) give raise to the same (or very similar) suspicion, they should coordinate on a national level and select their ‘representative’ to file a STR/SAR to FIU. And if they cannot coordinate to that extent (for some, whatever reason), they should make references in their own SAR/STR indicating the case involves more OEs being members of the PFIS.

?

Coming back to art. 75 (1), from which we made an above detour, we are being additionally warned the information may be shared only if “in accordance with fundamental rights and judicial procedural safeguards” (art. 75 (1) AMLR). This is a general statement which will be specified in detail further on.

?

to be continued...

16 September 2024

The above publication contains its author’s private opinions only.