Is your personal data processed by FIU-Netherlands and do you have the right to access this?
Do you want to know whether FIU-the Netherlands has personal data about you and whether you can access it?
The answers to these questions can be found in articles of the General Data Protection Regulation, in the associated directives, and in the Police Data Act (Dutch acronym: Wpg) and Decree. But the bottom line is that you are not allowed to access this data with us. How is that?
All unusual transactions reported to us remain in our database for five years, as required by the Money Laundering and Terrorist Financing (Prevention) Act (Dutch acronym: Wwft). To give an impression of the size of this database, in 2022 we received over 1.8 million unusual transactions (UTRs). It is determined by law that the UTR-information we have, i.e. the unusual transactions and the associated personal data, fall under the classification State Secret – Secret, see Article 5 of the Government Information Security Decree – Special Information. Only authorized FIU employees have access to this information. Therefore, if a person asks us for access to his or her personal data, we are not allowed to provide it. After all, the information is state secret.
Unusual transactions are analyzed by FIU-the Netherlands to establish whether there are sufficient grounds to designate them suspicious. These transactions declared suspicious (STRs) may then be shared with the relevant intelligence, security and investigation services, such as the police and the fiscal intelligence and investigation service (Dutch acronym: FIOD). This is allowed since STRs are legally subject to the Wpg.
-
To enable the supervisory bodies to carry out their monitoring tasks, each quarter they receive a report from FIU-the Netherlands containing aggregated data about reporting behaviour in the sector under their supervision. Their status as supervisory authority also mandates them to, for instance, approach you directly to request information about your reporting behaviour and – if this is not satisfactory – to give instructions or undertake further steps. Since reporting behaviour falls under the Wwft supervisory authorities, that is where you should turn for any questions about how to interpret the Money Laundering and Terrorist Financing (Prevention) Act (Wwft), and about what does or does not fall under the Act. The supervisory authorities have written guidelines on this to assist the relevant sectors.
Under the Wwft, FIU-the Netherlands is the implementing party. We receive your unusual transaction reports, and we are the only party that can inspect these unusual transactions. Analysing such transactions is the daily work of a large proportion of our staff. Given that this work is classified as state secret, there are many details that we cannot discuss with you, but this does not mean that we do not welcome your questions. We are not permitted to answer the question of what must be reported and what not. But we can help you with questions about how to report an unusual transaction and how you can ensure your report is as informative as possible. And we try to provide tools to assist you in your task as a gatekeeper of the financial system. You are always welcome to contact us about such matters.
-
If you receive notification that your report has been rejected, this means that there is something wrong with the content of the report, so the report has not been registered by FIU-the Netherlands. In the reporting portal, you can find the rejected report under ‘Reports submitted’. You can then open the report and modify it. Click here (NL) for more detailed instructions.
-
We realize that as an entity with an obligation to report you wish for a substantive response to your report. However, within the legal constraints of the Money Laundering and Terrorist Financing (Prevention) Act (Wwft), the possibilities for a response are limited. A large part of our work may not be shared. Nevertheless, we do make every effort to provide you with feedback: not only can this increase your motivation to report, but it also gives you the possibility to tighten up your internal processes and to revise the risk profiles of your customers or products, thus enabling you to fulfil your gatekeeper’s role more effectively. We provide feedback responses in the following ways:
- By (wherever possible) informing the reporting entity if a transaction they have reported is designated suspicious. However, we are not permitted to inform you about the reasons for this designation, or about what the investigative authorities do with this information.
- By including case histories on our website. We regularly share concrete case histories based on real-life examples, the aim being to give reporting entities as much information as possible about what money laundering and terrorist financing may look like in practice.
- By publishing an annual report in which, among other things, we comment on the numbers of unusual and suspicious transactions per calendar year. In each annual report, we also describe several noteworthy analyses we have carried out during the year.
- By sending out newsletters. Our newsletters are intended to keep entities with an obligation to report informed about trends, phenomena, and changes in the legislation. If possible, we also share any red flags we have been alerted to.
- By providing training for entities with an obligation to report in the form of presentations.
Although we do our best to make as much progress as possible in this area, there is doubtless room for improvement. Please contact us if you have any ideas about this.