Is your personal data processed by FIU-Netherlands and do you have the right to access this?
Do you want to know whether FIU-the Netherlands has personal data about you and whether you can access it?
The answers to these questions can be found in articles of the General Data Protection Regulation, in the associated directives, and in the Police Data Act (Dutch acronym: Wpg) and Decree. But the bottom line is that you are not allowed to access this data with us. How is that?
All unusual transactions reported to us remain in our database for five years, as required by the Money Laundering and Terrorist Financing (Prevention) Act (Dutch acronym: Wwft). To give an impression of the size of this database, in 2022 we received over 1.8 million unusual transactions (UTRs). It is determined by law that the UTR-information we have, i.e. the unusual transactions and the associated personal data, fall under the classification State Secret – Secret, see Article 5 of the Government Information Security Decree – Special Information. Only authorized FIU employees have access to this information. Therefore, if a person asks us for access to his or her personal data, we are not allowed to provide it. After all, the information is state secret.
Unusual transactions are analyzed by FIU-the Netherlands to establish whether there are sufficient grounds to designate them suspicious. These transactions declared suspicious (STRs) may then be shared with the relevant intelligence, security and investigation services, such as the police and the fiscal intelligence and investigation service (Dutch acronym: FIOD). This is allowed since STRs are legally subject to the Wpg.
-
To enable the supervisory bodies to carry out their monitoring tasks, each quarter they receive a report from FIU-the Netherlands containing aggregated data about reporting behaviour in the sector under their supervision. Their status as supervisory authority also mandates them to, for instance, approach you directly to request information about your reporting behaviour and – if this is not satisfactory – to give instructions or undertake further steps. Since reporting behaviour falls under the Wwft supervisory authorities, that is where you should turn for any questions about how to interpret the Money Laundering and Terrorist Financing (Prevention) Act (Wwft), and about what does or does not fall under the Act. The supervisory authorities have written guidelines on this to assist the relevant sectors.
Under the Wwft, FIU-the Netherlands is the implementing party. We receive your unusual transaction reports, and we are the only party that can inspect these unusual transactions. Analysing such transactions is the daily work of a large proportion of our staff. Given that this work is classified as state secret, there are many details that we cannot discuss with you, but this does not mean that we do not welcome your questions. We are not permitted to answer the question of what must be reported and what not. But we can help you with questions about how to report an unusual transaction and how you can ensure your report is as informative as possible. And we try to provide tools to assist you in your task as a gatekeeper of the financial system. You are always welcome to contact us about such matters.
-
First of all, it is important that you observe confidentiality as set out in Article 23 of the Money Laundering and Terrorist Financing (Prevention) Act (Wwft). This Article prescribes what is possible and what is not. Secondly, it is important to preserve data. When you report an unusual transaction, you will receive a confirmation of receipt from FIU-the Netherlands, which is the proof that you have actually reported one or more transactions. You must keep this confirmation and all other important details of the unusual transaction(s) for five years. Further information can be found in Article 34 of the Wwft .
As explained on the webpage About FIU-the Netherlands, we analyze unusual transactions to assess whether there is sufficient ground to declare them suspicious. If a transaction is declared suspicious, you will be informed of this: the so-called dissemination notification. It is important that you do not jump to conclusions based on this notice. For more information see the frequently asked question ‘’ I have received a Dissemination Notification. What does this mean?’’
You will not be notified if we do not declare an unusual transaction suspicious. However, we do save all unusual transactions for five years as the legislation dictates. So we can still declare transactions suspicious at a later date. For example, due to new reports.