Source: OJ L, 2024/1640, 19.6.2024Current language: EN
- Anti-money laundering
Basic legislative acts
- Sixth anti-money laundering (AML 6) directive
Article 16 Bank account registers and electronic data retrieval systems
Summary What does Article 16 of the Sixth anti-money laundering (AML 6) directive say?
This is a substantial infrastructure article that establishes the framework for centralised automated mechanisms — essentially national bank account registers — which Member States must put in place to enable the timely identification of persons holding or controlling a wide range of financial accounts and safe-deposit boxes.
The article goes beyond simply mandating the creation of these national systems; it also sets out the data fields they must contain, who can access them, and critically, how they connect to a Union-wide interconnection system called BARIS, to be developed and operated by the Commission.
This article works in close conjunction with Article 17, which covers the technical specifications for that interconnection.
Important points:
- Member States are required to establish centralised automated mechanisms covering payment accounts, bank accounts, virtual IBANs, securities accounts, crypto-asset accounts, and safe-deposit boxes, and must notify the Commission of their characteristics.
- FIUs and AMLA are granted immediate and unfiltered access to the information held in these mechanisms, while supervisory authorities are granted access in a timely manner.
- The national mechanisms must be interconnected through BARIS by 10 July 2029, with account information retained for 5 years after account closure, extendable by a further 5 years in specific cases.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
Member States shall put in place centralised automated mechanisms, such as central registers or central electronic data retrieval systems, which allow the identification, in a timely manner, of any natural or legal persons holding or controlling payment accounts, or bank accounts identified by IBAN, including virtual IBANs, securities accounts, crypto-asset accounts and safe-deposit boxes held by a credit institution or financial institution within their territory.
Member States shall notify the Commission of the characteristics of those national mechanisms as well as the criteria pursuant to which information is included in those national mechanisms.
Member States shall ensure that the information held in the centralised automated mechanisms is directly accessible in an immediate and unfiltered manner to FIUs, as well as to AMLA for the purposes of joint analyses pursuant to Article 32 of this Directive and Article 40 of Regulation (EU) 2024/1620. The information shall also be accessible in a timely manner to supervisory authorities to fulfil their obligations under this Directive.
The following information shall be accessible and searchable through the centralised automated mechanisms:
for customer-account holders and any person purporting to act on behalf of a customer account holder: the name, complemented by either the other identification data required under Article 22(1) of Regulation (EU) 2024/1624 or a unique identification number as well as, where applicable, the dates on which the person purporting to act on behalf of the customer started and ceased to have the power to act on behalf of the customer;
for beneficial owners of customer-account holders: the name, complemented by either the other identification data required under Article 22(1) of Regulation (EU) 2024/1624 or a unique identification number as well as the dates on which the natural person became and, where applicable, ceased to be the beneficial owner of the customer account holder;
for bank accounts or payment accounts: the IBAN number, or where the payment account is not identified by an IBAN number, the unique account identifier, and the date of account opening and, where applicable, the date of account closing;
for virtual IBANs issued by a credit institution or a financial institution: the virtual IBAN number, the unique account identifier of the account to which payments addressed to the virtual IBAN are automatically redirected, and the dates of account opening and closing;
for securities accounts: the unique identifier of the account, and the dates of account opening and closing;
for crypto-asset accounts: the unique identifier of the account, and the dates of account opening and closing;
for safe-deposit boxes: the name of the lessee complemented by either the other identification data required under Article 22(1) of Regulation (EU) 2024/1624, or a unique identification number and the date on which the lease started and, where applicable, the date on which it ended.
In the case of a virtual IBAN, the customer account holder as referred to in point (a) of the first subparagraph shall be the holder of the account to which payments addressed to the virtual IBAN are automatically redirected.
For the purposes of points (a) and (b) of the first subparagraph, the name shall comprise for natural persons, all names and surnames and for legal entities, legal arrangements or other organisations with legal capacity, the name under which they are registered.
The Commission may establish, by means of implementing acts, the format for the submission of the information to the centralised automated mechanisms. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 72(2).
Member States may require other information deemed essential for FIUs, for AMLA for the purposes of joint analyses pursuant to Article 32 of this Directive and Article 40 of Regulation (EU) 2024/1620 and for supervisory authorities to fulfil their obligations under this Directive to be accessible and searchable through the centralised automated mechanisms.
The centralised automated mechanisms shall be interconnected via the bank account registers interconnection system (‘BARIS’), to be developed and operated by the Commission. The Commission shall ensure such interconnection in cooperation with Member States by 10 July 2029.
The Commission may set out, by means of implementing acts, the technical specifications and procedures for the connection of Member States’ centralised automated mechanisms to BARIS. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 72(2).
Member States shall ensure that the information referred to in paragraph 3 is available through BARIS. Member States shall take adequate measures to ensure that only the information referred to in paragraph 3 that is up to date and corresponds to the actual bank account and payment account, including virtual IBANs, securities account, crypto-asset account and safe-deposit box is made available through their national centralised automated mechanisms and through BARIS. Access to that information shall be granted in accordance with data protection rules.
The other information that Member States consider essential for FIUs and other competent authorities pursuant to paragraph 4 shall not be accessible and searchable through BARIS.
Member States shall ensure that information on holders of bank accounts or payment accounts, including virtual IBANs, securities accounts, crypto-asset accounts and safe-deposit boxes is made available through their national centralised automated mechanisms and through BARIS during a period of 5 years after the closure of the account.
Without prejudice to national criminal law on evidence applicable to ongoing criminal investigations and legal proceedings, Member States may, in specific cases, permit such information to be retained, or require that such information be retained, for an additional maximum period of 5 years where Member States have established that such retention is necessary and proportionate for the purpose of preventing, detecting, investigating or prosecuting suspected money laundering or terrorist financing.
FIUs and, for the purposes of joint analyses pursuant to Article 32 of this Directive and Article 40 of Regulation (EU) 2024/1620, AMLA shall be granted immediate and unfiltered access to the information on payment accounts and bank accounts identified by IBAN, including virtual IBAN, securities accounts, crypto-asset accounts and safe-deposit boxes in other Member States available through BARIS. Supervisory authorities shall be granted access in a timely manner to the information available through BARIS. Member States shall cooperate among themselves and with the Commission in order to implement this paragraph.
Member States shall ensure that the staff of the national FIUs and supervisory authorities that have access to BARIS maintain high professional standards of confidentiality and data protection, are of high integrity and are appropriately skilled.
The requirements laid down in the second subparagraph shall also apply to AMLA in the context of joint analyses and when acting as a supervisor.
Member States shall ensure that technical and organisational measures are put in place to ensure the security of the data to high technological standards for the purposes of the exercise by FIUs and supervisory authorities of the power to access and search the information available through BARIS in accordance with paragraphs 5 and 6.
The requirements laid down in the first subparagraph shall also apply to AMLA in the context of joint analyses and when acting as a supervisor.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
Definition
crypto-asset services
Definition
supervisor
Definition
securities
Definition
financial mixed activity holding company
Definition
virtual IBAN
Definition
crypto-asset service provider
Definition
credit institution
- a credit institution as defined in Article 4(1), point (1), of Regulation (EU) No 575/2013;
- a branch of a credit institution, as defined in Article 4(1), point (17), of Regulation (EU) No 575/2013, when located in the Union, whether its head office is located in a Member State or in a third country;
Definition
crypto-asset
Definition
property
Definition
express trust
Definition
legal arrangement
Definition
competent authority
- a Financial Intelligence Unit (FIU);
- a supervisory authority;
- a public authority that has the function of investigating or prosecuting money laundering, its predicate offences or terrorist financing, or that has the function of tracing, seizing or freezing and confiscating criminal assets;
- a public authority with designated responsibilities for combating money laundering or terrorist financing;
Definition
terrorist financing
Definition
securities account
Definition
money laundering
Definition
financial institution
- an undertaking other than a credit institution or an investment firm, which carries out one or more of the activities listed in points (2) to (12), (14) and (15) of Annex I to Directive 2013/36/EU of the European Parliament and of the Council(32), including the activities of currency exchange offices (bureaux de change), but excluding the activities referred to in point (8) of Annex I to Directive (EU) 2015/2366, or an undertaking the principal activity of which is to acquire holdings, including a financial holding company, a mixed financial holding company and a financial mixed activity holding company;
- an insurance undertaking as defined in Article 13, point (1), of Directive 2009/138/EC of the European Parliament and of the Council(33), insofar as it carries out life or other investment-related assurance activities covered by that Directive, including insurance holding companies and mixed-activity insurance holding companies as defined, respectively, in Article 212(1), points (f) and (g), of Directive 2009/138/EC;
- an insurance intermediary as defined in Article 2(1), point (3), of Directive (EU) 2016/97 where it acts with respect to life insurance and other investment-related insurance services, with the exception of an insurance intermediary that does not collect premiums or amounts intended for the customer and which acts under the responsibility of one or more insurance undertakings or intermediaries for the products which concern them respectively;
- an investment firm as defined in Article 4(1), point (1), of Directive 2014/65/EU of the European Parliament and of the Council(34);
- a collective investment undertaking, in particular:
- an undertaking for collective investment in transferable securities (UCITS) as defined in Article 1(2) of Directive 2009/65/EC and its management company as defined in Article 2(1), point (b), of that Directive or an investment company authorised in accordance with that Directive and which has not designated a management company, that makes available for purchase units of UCITS in the Union;
- an alternative investment fund as defined in Article 4(1), point (a), of Directive 2011/61/EU and its alternative investment fund manager as defined in Article 4(1), point (b), of that Directive that fall within the scope set out in Article 2 of that Directive;
- a central securities depository as defined in Article 2(1), point (1), of Regulation (EU) No 909/2014 of the European Parliament and of the Council(35);
- a creditor as defined in Article 4, point (2), of Directive 2014/17/EU of the European Parliament and of the Council(36) and in Article 3, point (b), of Directive 2008/48/EC of the European Parliament and of the Council(37);
- a credit intermediary as defined in Article 4, point (5), of Directive 2014/17/EU and in Article 3, point (f), of Directive 2008/48/EC, when holding the funds as defined in Article 4, point (25), of Directive (EU) 2015/2366 in connection with the credit agreement, with the exception of the credit intermediary carrying out activities under the responsibility of one or more creditors or credit intermediaries;
- a crypto-asset service provider;
- a branch of a financial institution referred to in points (a) to (i), when located in the Union, whether its head office is located in a Member State or in a third country;
Definition
self-regulatory body
Definition
third country
Definition
crypto-asset account
Definition
funds
Definition
beneficial owner
Definition
supervisory authority