AML & GDPR
The anti money laundering law (AML) and the General Data Protection Regulation (GDPR)
Optimal solution with minimal level of effort and in compliance with the law.
The requirements of the new legislation are just another administrative burden for the acting business. Failing to comply with any of those two regulations may lead not only to serious financial consequences (imposition of fines and financial penalties and payment of liquidation damages), but also to reputational damage and business losses.
Here, in “Zlatina Hadzhipanayotova” law firm, we offer a service, where both of the regulations overlap and complement each other, they are revised and the legal right for collection and processing of personal data is documented.
We will make amendments to your internal documents if necessary and we will cope with the above-mentioned challenges in order to provide you with safety and security due to the full compliance with the law.
On one hand, the AML requires the collection and the processing of great volume of personal data in order to prevent the exploitation of the financial services sector as a money laundering and financial terrorism mean. On the other hand, the GDPR puts limitations in regards to how, when, by who and in what way personal data could be collected and processed and expands the definition for personal data by combining all the data, collected as per the AML within the limits of its jurisdiction. Thus, the question for how those two acts shall be combined in the process of their application turns to be of high importance.
“Necessity ” and “Proportionality” are conceptions, which the European Data Protection Supervisor (EDPS) discusses in details in the context of the measures against money laundering and the financing of the terrorism and the personal data protection in a statement in regards to the problem, addressed to the European Committee, in relation to a proposition of the Committee for the amendment of Directive (EU) 2015/849, transposed in AML.
AML requires the collection, the processing and the usage of personal data for the performance of a few very important tasks in the process of the counteraction against the use of the financial system for the purposes of money laundering and those tasks could be summarized as follows:
Complex check-up of the client (including extensive and simple check-up); transactions and behaviour monitoring; internal data sharing (including within a given group); sharing of data outside the organization (including with external contractors, regulatory authorities and other financial institutions);
Cross-border data processing ( escpecially upon processing of international payments).
In AML and the Regulation for its Application are also defined the private entities, whose personal data is collected and processed in order for its purposes to be met; who collects and processes what kind of data; what are the purposes for that and how do they do it; when and how is this data updated; who and under what conditions is this data shared with; what is the period for the storage of the data; what kind of limitations of the rights of the data subjects are applied.
The synergy in regards to the application of the AML and the GDPR is totally achievable by the side of the obligated under art. 4 from the AML entities.