From the fight against money laundering and financing of terrorism towards the fight for fundamental rights: The role of data protection

The exchange of information is a key element of the Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) system. The legal framework governing AML and CFT provides an outline of relevant information flows, but it does not regulate them in detail. In the European Union, this is a task of the data protection law, which in contrast to the AML/CFT regulatory regime, explicitly formulates necessary requirements for the exchanges of personal data. These requirements serve as safeguards designed with a view of protecting individuals against the power of those who process personal data. In view of this, the aim of this chapter is to provide an outline of the most common instances in the European AML/CFT framework that require sharing of personal data and to shed light on the interpretation of some core EU data protection rules in light of the objectives of the European AML/CFT framework. The analysis focuses primarily on three matters: first, on the recognition of financial information as personal data; second, on the difficulty in reconciling some of the crucial principles that underlie the data protection legal regime with the goals set out in the AML/CFT legal framework; and third on the grounds for lawful processing of personal data in the AML/CFT context.