Data protection and AML: Finding the right balance

The Risk-Based Approach to the Screening of Bank’s Clients

In the proposed AML package, the European Commission takes a risk-based approach to the screening of banks’ clients in order to assess whether they may represent a money-laundering risk. The EDPS generally supports this approach, however, he considers that further clarifications are needed to minimise intrusion into individuals’ privacy and to ensure full compliance with data protection rules, including the principles of necessity and proportionality.

On that point, the Head of EDPS, said:

the processing of individuals’ personal data must remain limited to what is necessary and proportionate in light of the specific purpose(s) set out in the proposals.

The Categories of Personal Data Subject to Processing

The EDPS provided some guidance on what categories of personal data he considers should not be processed, even for an AML/CFT purpose. To that end, the EDPS considers that the processing of personal data relating to individuals’ sexual orientation or ethnic origin should not be allowed.
Furthermore, the EDPS found that the European Commission’s proposal should indicate the specific and strict conditions under which the processing of data about individuals’ criminal offenses and/or convictions are allowed.

At Ondorse, we are taking GDPR compliance very seriously and we can assist you in setting up your AML/CFT framework in compliance with applicable GDPR requirements.