Starting from May 2024, supervisors throughout the European Union (EU) will gain the ability to submit the names of individuals to EuReCA, the central EU database managed by the European Banking Authority (EBA) dedicated to anti-money laundering (AML) and countering the financing of terrorism (CFT) efforts. EuReCA has played a crucial role in enhancing supervision by providing targeted and well-informed insights. This development underscores the EBA’s commitment to bolstering the fight against money laundering (ML) and terrorist financing (TF) within the EU.
EuReCA consolidates information concerning severe AML/CFT deficiencies detected by EU supervisors in specific financial institutions, along with the corrective actions taken to address these issues.
Supervisors will now have the capability to report individuals’ names, such as customers or beneficial owners, to EuReCA if they are associated with significant deficiencies or remedial actions. Additionally, if a lack of integrity or honesty poses substantial risks to a financial institution’s governance, business operations, or AML/CFT defenses, supervisors may also report the names of members of the management body or key function holders.
Since its inception on January 31, 2022, EuReCA has received over 1400 reports from 41 authorities.
Legal Framework and Background: EuReCA operates under the authority of Article 9a(1) and (3) of the EBA Regulation and Regulation (EU) No 1093/2010 of November 9, 2023. The publication of the Regulation in the Official Journal on February 16, 2024, has empowered EuReCA to commence the collection of personal data. A factsheet detailing EuReCA’s purpose, reporting entities, and contents is available for reference.
The EBA has updated its Data Protection Impact Assessment (DPIA), conducted in accordance with Article 39 of Regulation (EU) 2018/1725 (EUDPR). A summary of this updated DPIA is accessible on the EBA’s website, along with an explanatory notice detailing the processing of personal data.
Joint controllership arrangements for the processing of personal data in EuReCA have been established by the EBA, the reporting authorities, ESMA, and EIOPA, in compliance with Article 26 of Regulation (EU) 2016/679 and Article 86 of Regulation (EU) 2018/1725.
Only data pertaining to significant AML/CFT compliance failures can be reported, ensuring that data processing remains limited to what is necessary and proportionate.
For more details, click here.
By FCCT Editorial Team