The relationship between the Anti-Money Laundering (AML) Regulations and the General Data Protection Regulation

Abstract

The ongoing conflict between protecting individual’s privacy and making sure that there is enough transparency to fight against financial crimes has become an important legislative challenge in the financial sector. In the European Union, there are two laws that address the challenges mentioned above, which are the General Data Protection Regulation (GDPR) and the Anti-Money Laundering Regulation (AMLR). Both of these regulations aim to differ, especially when it comes to data sharing requirements and data retention routines. The GDPR prioritises individuals’ right to the privacy, while the AML regulations require financial institutions to keep and share large amounts of data to prevent financial crimes. The master’s thesis analyses the legal and practical challenges that financial institutions have when following and complying with both regulations. By using a doctrinal analysis approach, the research examines both regulations, case law, real-life cases, such as Dasnke Bank and others, as well as, the regulatory approach by the regulators, such as the European Data Protection Board (EDPB) and the Financial Action Task Force (FATF). The research examines the possibles approached to harmonise both regulations and shows the legal as well as practical challenges in the relationship between them. The study comes to the conclusion that the authorities, together with the financial institutions, should adopt a risk-based approach, define good compliance criteria, and have effective regulatory overview in order to ensure a good balance between data security and financial transparency.