Is your personal data processed by FIU-Netherlands and do you have the right to access this?
Do you want to know whether FIU-the Netherlands has personal data about you and whether you can access it?
The answers to these questions can be found in articles of the General Data Protection Regulation, in the associated directives, and in the Police Data Act (Dutch acronym: Wpg) and Decree. But the bottom line is that you are not allowed to access this data with us. How is that?
All unusual transactions reported to us remain in our database for five years, as required by the Money Laundering and Terrorist Financing (Prevention) Act (Dutch acronym: Wwft). To give an impression of the size of this database, in 2022 we received over 1.8 million unusual transactions (UTRs). It is determined by law that the UTR-information we have, i.e. the unusual transactions and the associated personal data, fall under the classification State Secret – Secret, see Article 5 of the Government Information Security Decree – Special Information. Only authorized FIU employees have access to this information. Therefore, if a person asks us for access to his or her personal data, we are not allowed to provide it. After all, the information is state secret.
Unusual transactions are analyzed by FIU-the Netherlands to establish whether there are sufficient grounds to designate them suspicious. These transactions declared suspicious (STRs) may then be shared with the relevant intelligence, security and investigation services, such as the police and the fiscal intelligence and investigation service (Dutch acronym: FIOD). This is allowed since STRs are legally subject to the Wpg.
-
On the basis of Articles 19 and 20 of the Money Laundering and Terrorist Financing (Prevention) Act (Wwft), if entities with an obligation to report do so in good faith, correctly, in full, and in a timely manner, they have criminal indemnity and are not liable under civil law. This means that as a reporting party you cannot be held liable for any damage your customer may incur as a result of your report, for instance. In addition, data that you report to us in accordance with the standards may not be used against you in a criminal investigation.
-
For security reasons, the content of your report is removed from the reporting portal after 24 hours. From then on, you will see a summary version of your report.
-
The procedure for reporting an unusual transaction is set out on the page Obligation to report.