By PAUL O’DONOGHUE, Senior Correspondent
THE EU’s GDPR rules could create financial crime risks, a leading industry body has warned the bloc’s Anti-Money Laundering Authority (AMLA).
The GCFFC (Global Coalition to Fight Financial Crime) said the data privacy framework may cause friction with AML rules.
“Given AMLA’s supervisory mandate, there is an urgent need to engage with public and private stakeholders to address potential inconsistencies between AML and GDPR requirements,” it said in a letter to the regulator.
The GDPR is a comprehensive EU law which regulates how organizations collect, use, and protect personal data. The GCFFC said mismatches between this law and AML rules “may allow criminals to exploit GDPR provisions and pose risks to organisations and civil society across the EU.
“The international dimension is equally worth noting given the impact on the $1.8 quadrillion cross-border payment flows in 2023, which routinely involves sanctions screening and fraud detection – while data privacy laws lack sufficient legal grounds for data processing.”
The GCFFC gave an example of a potential issue: “AML regimes require the processing of special categories of personal-data. [This includes] detailed beneficial-ownership, transaction, and customer-profile information.
“This could be inconsistent with GDPR-style expectations of data minimisation and purpose limitation.”
Recommendations to tackle GDPR AML issues
To address these problems, the GCFFC put forward four recommendations to AMLA. These are:
- Establish a “clear and consistent” legal basis for AML data processing
- Enable “proportionate and safeguarded” information sharing between private entities, FIUs, and supervisors
- Align data minimisation, purpose limitation, and retention requirements. It said this is important to ensure “proper Customer Due Diligence (CDD), monitoring, and suspicious activity reporting”
- Enhance supervisory coordination and issue harmonised EU guidance
The GCFFC added: “If Europe’s AML/CFT system becomes associated with fragmented implementation, legally contested data-sharing, and uneven supervisory practice, counterparties may view the EU as operationally complex and vulnerable to arbitrage—a place where criminals can exploit mismatches between privacy law interpretation and AML imperatives.
“The Global Coalition to Fight Financial Crime stands ready to support AMLA in delivering its vital mandate.”
We hope you enjoyed reading this article
If you would like unlimited access to AML Intelligence premium articles, newsletter delivered twice a week, access to our Global Bank Fines and Penalties database, free access to Boardroom Series events and much more, select one of our subscription options and become a subscriber!
