Do you want to know whether FIU-the Netherlands has personal data about you and whether you can access it?

The answers to these questions can be found in articles of the General Data Protection Regulation, in the associated directives, and in the Police Data Act (Dutch acronym: Wpg) and Decree. But the bottom line is that you are not allowed to access this data with us. How is that?

All unusual transactions reported to us remain in our database for five years, as required by the Money Laundering and Terrorist Financing (Prevention) Act (Dutch acronym: Wwft). To give an impression of the size of this database, in 2022 we received over 1.8 million unusual transactions (UTRs). It is determined by law that the UTR-information we have, i.e. the unusual transactions and the associated personal data, fall under the classification State Secret – Secret, see Article 5 of the Government Information Security Decree – Special Information. Only authorized FIU employees have access to this information. Therefore, if a person asks us for access to his or her personal data, we are not allowed to provide it. After all, the information is state secret.

Unusual transactions are analyzed by FIU-the Netherlands  to establish whether there are sufficient grounds to designate them suspicious. These transactions declared suspicious (STRs) may then be shared with the relevant intelligence, security and investigation services, such as the police and the fiscal intelligence and investigation service (Dutch acronym: FIOD). This is allowed since STRs are legally subject to the Wpg.

FIU-the Netherlands stores reports of unusual transactions in a highly secure and protected database, where they are classified as “State secret – secret”. This database can only be accessed by employees of FIU-the Netherlands whose position requires such access. Nobody else has access to the database.  If analysis of a given unusual transaction reveals sufficient grounds to designate it suspicious, the suspicious transaction becomes police data, which can be accessed by the investigative, intelligence, and security services. This suspicious transaction is no longer classified as “State secret – secret”, but now falls under the Police Data Act (Wet Politiegegevens).

The investigative services can use a suspicious transaction in various ways, and depending on these uses, it may end up in a prosecution file. If the suspicious transaction is included in a prosecution file, safeguards are in place to protect the safety of the reporting entity. These safeguards were further strengthened by a motion (NL) adopted by the Dutch House of Representatives in 2020.

On the basis of Articles 19 and 20 of the Money Laundering and Terrorist Financing (Prevention) Act (Wwft), if entities with an obligation to report do so in good faith, correctly, in full, and in a timely manner, they have criminal indemnity and are not liable under civil law. This means that as a reporting party you cannot be held liable for any damage your customer may incur as a result of your report, for instance. In addition, data that you report to us in accordance with the standards may not be used against you in a criminal investigation.

For security reasons, the content of your report is removed from the reporting portal after 24 hours. From then on, you will see a summary version of your report.

The procedure for reporting an unusual transaction is set out on the page Obligation to report.

First of all, it is important that you observe confidentiality as set out in Article 23 of the Money Laundering and Terrorist Financing (Prevention) Act (Wwft). This Article prescribes what is possible and what is not. Secondly, it is important to preserve data. When you report an unusual transaction, you will receive a confirmation of receipt from FIU-the Netherlands, which is the proof that you have actually reported one or more transactions. You must keep this confirmation and all other important details of the unusual transaction(s) for five years. Further information can be found in Article 34 of the Wwft .

As explained on the webpage About FIU-the Netherlands, we analyze unusual transactions to assess whether there is sufficient ground to declare them suspicious. If a transaction is declared suspicious, you will be informed of this: the so-called dissemination notification. It is important that you do not jump to conclusions based on this notice. For more information see the frequently asked question ‘’ I have received a Dissemination Notification. What does this mean?’’

You will not be notified if we do not declare an unusual transaction suspicious. However, we do save all unusual transactions for five years as the legislation dictates. So we can still declare transactions suspicious at a later date. For example, due to new reports.

FIU-the Netherlands receives unusual transactions (UTRs) from the obliged entities which we then analyze in the context of money laundering, predicate offences and terrorism financing. These analyses are based on, among other things, our own database of UTRs, additional sources such as police information, and the requests we can do based on article 17 of the Dutch AML/CFT legislation. This way we assess whether there is sufficient ground to declare a, or a combination of, transaction(s) suspicious.

The suspicious transactions (STRs) are shared with the relevant intelligence, security, and law enforcement services. If desired, they can be used for analysis purposes and as start, steer and process information. It is important to note that a suspicious transaction is not equivalent to a suspicion as described in Article 27 of the Dutch Code of Criminal Procedure. However, FIU-the Netherlands has assessed that the information contained in the transaction may be important for the prevention and detection of crimes in order to safeguard the integrity of the financial system. The intelligence, security, and law enforcement services decide independently whether they want to/can use the STR.

If we declare a UTR suspicious, you will receive a message about this. The exception is if there are compelling reasons not to send this message, for example certain confidentially risks   

You will receive the message that a reported transaction has been declared suspicious, the so-called dissemination notification, through our portal. It is important that you do not jump to conclusions based on this. This is because we are not allowed to share why a transaction has been declared suspicious and so the exact reason remains unknown to you. Our advice, therefore, is to see a declaration of suspicion as additional information. No more and no less. Based on your own information position and your risk appetite, you as gatekeeper decide what to do. An example could be to analyse the circumstances of the transaction in more detail or to additionally monitor them. This will increase your understanding of potential risks and thus leads to better decision making.