Machine translations by Deepl

Your bank account: the shortcut to your private life (part 4)

Combating money laundering: permanent search of bank account holders is the norm. 

If you have a bank account (and who can do without one?) then many government departments, to a greater or lesser extent, have access to your private data. How does that work?

In a series of short articles, Privacy First clarifies what data agencies can already access and what more is in the pipeline. Part 4 of this series is about fighting money laundering: many good intentions to detect money laundering have now led to permanent monitoring of everyone who has a bank account.

Money laundering

What is money laundering?

Money laundering is the possession of money or other financial benefits of criminal origin, regardless of whether the criminal act was carried out by the person concerned himself or by a third party. This includes, for example, money derived from drug trafficking, human trafficking, theft, social or tax fraud. Laundering criminal proceeds is punishable. Cooperating in transactions where there is a reasonable suspicion that the profits originate from a crime (debt laundering) is also punishable. This makes 'money laundering' an extremely broad concept.

What does tracking criminal money have to do with my bank details?

Detecting money laundering seems to be primarily a task of police and prosecutors, but nothing could be further from the truth. In detecting possible money laundering, the legislator has assigned a decisive role to so-called "gatekeepers"; these are banks and other companies that play a role in financial transactions. Banks are obliged to rigorously check the identity and origin of their customers' assets and monitor all their customers' transactions. Such monitoring is necessary because banks are deemed capable of detecting criminal money and must report 'unusual' transactions to the Financial Intelligence Unit (FIU), an independent arm of the police.[1]

For a limited number of cases, the rules define what is 'unusual', for example the use of a credit card when paying €15,000 or more. For the vast majority, however, it is left to banks to determine whether a transaction is unusual. They must set up processes to do so, for which they can draw on a host of allegedly good practices and other government publications. After banks report an unusual transaction, the FIU determines whether a transaction is "suspicious". After this, real investigative authorities will potentially deal with the suspicious payment.

If a bank fails to perform its gatekeeper function correctly, high fines from financial regulators or investigative authorities and substantial reputational damage await. ING reached a €775 million settlement in 2018 for not properly complying with its gatekeeper function, and many financial institutions have since followed suit.

The system described above combined with the deterrent fines and reputational damage to banks has now led to banks intensively monitoring all transactions of their customers. In fact, every bank account holder is digitally searched on a daily basis to make sure they have not committed an offence. If banks have doubts whether transactions are legitimate or fit the customer's profile, they question their customers about the reason and purpose of the payments. It is increasingly coming out that this checking of customers' payments and receipts is far-reaching and regularly goes wrong. For example, an episode of AVROTROS Radar features a bank customer who was asked to explain what consideration 'Albert Heijn' had provided for all the payments the customer had made there. There are also plenty of examples where use of cash led to major problems for the account holder.[2]

It is unclear whether the banks themselves are overshooting the mark in how they follow up on their gatekeeper function or whether regulators and investigative authorities are pressurising banks to meticulously track all their customers. What is clear, however, is that a permanent surveillance system has been set up, with financial institutions performing tasks that investigating authorities cannot simply perform themselves; before the police can demand access to a bank account holder's payment details, there will at least have to be a reasonable suspicion of any wrongdoing.

How effective is this permanent digital search of bank customers?

Based on a number of indications, serious questions can be raised about the system that is supposed to detect money laundering and require every bank account holder to tolerate permanent monitoring of their payment transactions.

According to the Dutch Banking Association[3] and De Nederlandsche Bank[4] 13,000 bank employees are now involved in gatekeeping activities. This amounts to 15-20% of the total number of bank employees. The cost amounts to around €1.4 billion annually for the banking sector. 1,896,176 transactions were reported to the FIU in 2022. In doing so, the FIU had 94 staff and a budget of EUR 13.5 million to assess these transactions.[5] In the end, nearly 5% of the reported transactions were declared suspicious.

The General Audit Office last assessed the handling of money laundering in 2021.[6] The Court concluded that there was no useful insight into the efficiency and effectiveness of the approach to money laundering. It could therefore not determine whether the approach is effective or where changes to it are needed.

Finally, the Justice Minister recently confirmed[7] that hacked reports show that criminals are not channelling their money through the normal banking system, but are getting it out of the country through underground banking and spending it abroad. The minister's ambition is to recover around €200 million of the estimated €16 billion allegedly laundered through the Netherlands.

While at first glance the facts do not point to an effective system that (can) track down the real criminals, Dutch and European legislators continue to push ahead with plans for even more checks on bank account holders. Currently in the Lower House of Parliament is the draft bill Plan to tackle money laundering[8], which includes, for example, a ban on cash payments above €3,000 and provides for the possibility for banks to engage in joint monitoring. Furthermore, the European legislator recently reached a preliminary agreement[9] reached on new anti-money laundering rules, which include a European regulation applicable in all member states, a new European anti-money laundering supervisor that will monitor compliance, more powers for national FIUs and more controls on cash payments.

Privacy First position

Privacy First has previously expressed reservations about the draft Money Laundering Bill[10]. The bill unjustifiably infringes on the fundamental rights of Dutch citizens. Privacy First finds the way bank account holders are subject to permanent surveillance disproportionate. It is incomprehensible that the legislator keeps agreeing to new initiatives, without objective insight into the effectiveness of the existing system and the social costs and benefits.

Privacy First calls on legislators to finally come up with a well-considered vision that takes all interests into account and not just pays lip service to citizens' fundamental rights. Where citizens cannot do without a bank account, it is unthinkable that this by definition means they will be permanently searched by financial institutions and investigative bodies.

 

[1] https://www.fiu-nederland.nl/home/over-fiu/

[2] For an anthology of real-life cases, see: https://radar.avrotros.nl/tag/witwassen-8687

[3] https://www.nvb.nl/media/5351/ongewenste-effecten-van-de-risking-voor-klanten-en-banken-nederlandse-vereniging-van-banken-2022.pdf

[4]https://www.dnb.nl/media/2ambmvxt/van-herstel-naar-balans.pdf

[5] FIU-Netherlands Annual Review 2022

[6] https://www.rekenkamer.nl/publicaties/rapporten/2022/06/08/bestrijden-witwassen-deel-3-stand-van-zaken-2021

[7] Consideration of the bill establishing the budget states of the Ministry of Justice and Security (VI) for the year 2024 (36410-VI).

[8] Money laundering action plan act, TK 36,228, no 2.

[9] https://www.europarl.europa.eu/news/nl/press-room/20240117IPR16880/deal-on-a-single-rulebook-against-money-laundering-and-terrorist-financing

[10] https://privacyfirst.nl/wp-content/uploads/TMNL_SPF_TK_2dec2022.pdf

 

National Privacy Conference 2023

When playing this video, cookies from Vimeo may possibly be set. These cookies are only set after acceptance. Watch it privacy policy of Vimeo.