Machine translations by Deepl

Banking dragnet is not a good idea

Since 2020, Dutch banks have been warming up to a joint database that will start analysing all financial transactions of all Dutch citizens. The aim of the analysis is to detect financial crime.

On 7 October last year, the cabinet announced private that there will be a law to enable this joint crime detection by banks. Privacy First does not think this is a good idea.

Crime control by banks

Ever since 1994, banks have had crime-fighting duties under Dutch legislation based on European rules. Known as 'money laundering prevention', the regulations require banks to conduct customer due diligence on all their customers, i.e. organisations and companies as well as consumers. Furthermore, banks are obliged to monitor all financial transactions, small and large, and check whether there are indications that a customer's financial resources are derived from crime. If there are such indications, they must report them to FIU-Nederland (a part of the Police) so that criminal investigations can be launched.

That crime detection task is difficult for banks to perform, resulting in large fines from the government. Furthermore, customer investigations cost the banks a lot of money (the costs are passed on to customers) and there are insufficient staff capable of detecting crime in a high-quality manner.

Already, things are going wrong with banks' performance of these tasks: people are being asked intrusive questions about payments and do not understand what the banks are doing. Increasingly, banks are refusing to open bank accounts, arguing that customer research on the customer in question would be too expensive.

All this prompted the banks to call for joint crime fighting through their own limited liability company.

Transaction Monitoring Netherlands - all transactions in one database

The banks now want to start saving costs by doing the customer research for the purpose of fighting crime together through a specially created BV in 2020, Transaction Monitoring Netherlands BV (TMNL). To enable all transactions of Dutch banks to be analysed by TMNL, legislative change is needed.

Initially, it was thought to legalise TMNL's activities through the Data Processing by Collaborative Groups (WGS) Bill. The civil rights coalition that previously successfully fought against the System Risk Indication (SyRI) has been critical of WGS.

Criticism is ignored

Official government advisers also opposed the proposal that banks start analysing transactions together. The Personal Data Authority was critical of the WGS. In January 2021, the State Council released a critical advice out in which they oppose bank collaboration and writing:

"The massive scale on which banking transactions will be jointly monitored is unprecedented and represents a far-reaching breach of the confidentiality of data of citizens and businesses. This is not just about the right to privacy. Such monitoring could also lead to exclusion and discrimination. The Advisory Division considers that it has not been demonstrated that this joint transaction monitoring is necessary and proportionate. In addition, the bill does not provide adequate legal protection; this too is outsourced to the banks, as it were. The advice is therefore to remove the basis for joint transaction monitoring from the bill."

Despite criticism from the Council of State, the government still wants to go ahead with TMNL.

Privacy First is adamantly against a dragnet by the joint banks on the complete financial transaction data of Dutch people, companies and organisations and calls on everyone to agitate against this cabinet plan.

Coming soon, more attention will be paid to financial privacy. Also read Ben van der Burg's column: Playing with fire data exchanges.