Source: OJ L, 2024/1640, 19.6.2024Current language: EN
- Anti-money laundering
Basic legislative acts
- Sixth anti-money laundering (AML 6) directive
Article 21 Access to information
Summary What does Article 21 of the Sixth anti-money laundering (AML 6) directive say?
This is a notably detailed article that defines the broad information access rights of Financial Intelligence Units (FIUs).
It directly supports Article 19, which establishes the FIU's core functions, by ensuring those functions can actually be carried out.
The article sets out three categories of information FIUs must have access to: financial information (such as bank account data, fund transfers, crypto-asset transfers, mortgages, and securities), administrative information (an extensive list spanning tax data, real estate registers, travel databases, beneficial ownership registers, weapons registers, and more), and law enforcement information (including criminal records, asset freezes, and investigation data).
For law enforcement data, access may be direct or indirect, with Member States permitted to restrict access on a case-by-case basis where an ongoing investigation could be jeopardised.
The article also clarifies what "direct and immediate" access means in practice, and confirms that FIUs can request information from obliged entities even without a prior suspicious transaction report having been filed.
Important points:
- Member States are required to guarantee FIUs access to a wide range of financial, administrative, and law enforcement information to carry out their tasks.
- FIUs can request information from obliged entities without a prior suspicious transaction report, though obliged entities are not required to comply where legal privilege applies.
- Access to law enforcement information may be restricted on a case-by-case basis where providing it would jeopardise an ongoing investigation.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
Member States shall ensure that FIUs, regardless of their organisational status, have access to the information that they require to fulfil their tasks, including financial, administrative and law enforcement information. Member States shall ensure that FIUs have at least:
immediate and direct access to the following financial information:
information contained in the national centralised automated mechanisms in accordance with Article 16;
information from obliged entities, including information on transfers of funds as defined in Article 3, point (9), of Regulation (EU) 2023/1113 and transfers of crypto-assets as defined in Article 3, point (10), of that Regulation;
information on mortgages and loans;
information contained in the national currency and currency exchange databases;
information on securities;
immediate and direct access to the following administrative information:
fiscal data, including data held by tax and revenue authorities as well as data obtained pursuant to Article 8(3a) of Council Directive 2011/16/EU(40);
information on public procurement procedures for goods or services, or concessions;
information from BARIS as referred to in Article 16, as well as from national real estate registers or electronic data retrieval systems and land and cadastral registers;
information contained in national citizenship and population registers of natural persons;
information contained in national passports and visas registers;
information contained in cross-border travel databases;
information contained in commercial databases, including business and company registers and databases of politically exposed persons;
information contained in national motor vehicles, aircraft and watercraft registers;
information contained in national social security registers;
customs data, including cross-border physical transfers of cash;
information contained in national weapons and arms registers;
information contained in national beneficial ownership registers;
data available through the interconnection of central registers in accordance with Article 10(19);
information contained in registers of non-profit organisations;
information held by national financial supervisors and regulators, in accordance with Article 61 and Article 67(2);
databases storing data on CO2 emission trading established pursuant to Commission Regulation (EU) No 389/2013(41);
information on annual financial statements by companies;
national migration and immigration registers;
information held by commercial courts;
information held in insolvency databases and by insolvency practitioners;
information on funds and other assets frozen or immobilised pursuant to targeted financial sanctions;
direct or indirect access to the following law enforcement information:
any type of information or data which is already held by competent authorities in the context of preventing, detecting, investigating or prosecuting criminal offences;
any type of information or data which is held by public authorities or by private entities in the context of preventing, detecting, investigating or prosecuting criminal offences and which is available to competent authorities without the taking of coercive measures under national law.
The information referred to in point (c) of the first subparagraph shall include criminal records, information on investigations, information on the freezing or seizure of assets, or on other investigative or provisional measures and information on convictions and on confiscations.
Member States may allow the restriction of access to the law enforcement information referred to in point (c) of the first subparagraph on a case-by-case basis, where the provision of such information is likely to jeopardise an ongoing investigation.
Access to the information listed in paragraph 1 shall be considered direct and immediate where the information is contained in an IT database, register or data retrieval system from which the FIU can retrieve the information without any intermediate steps, or where the following conditions are met:
the entities or authorities holding the information provide it expeditiously to FIUs; and
no entity, authority or third party is able to interfere with the requested data or the information to be provided.
Member States shall ensure that, whenever possible, the FIU is granted direct access to the information listed in paragraph 1, first subparagraph, point (c). In cases where FIU is provided with indirect access to information, the entity or authority holding the requested information shall provide it in a timely manner.
In the context of its functions, each FIU shall be able to request, obtain and use information from any obliged entity to perform its functions pursuant to Article 19(3) of this Directive, even if no prior report is filed pursuant to Article 69(1), the first subparagraph, point (a), or Article 70(1), of Regulation (EU) 2024/1624. Obliged entities shall not be obliged to comply with requests for information made pursuant to this paragraph when they concern information obtained in the situations referred to in Article 70(2) of that Regulation.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
Definition
crypto-asset services
Definition
supervisor
Definition
securities
Definition
financial mixed activity holding company
Definition
crypto-asset service provider
Definition
cash
Definition
funds or other assets
Definition
financial supervisor
Definition
credit institution
- a credit institution as defined in Article 4(1), point (1), of Regulation (EU) No 575/2013;
- a branch of a credit institution, as defined in Article 4(1), point (17), of Regulation (EU) No 575/2013, when located in the Union, whether its head office is located in a Member State or in a third country;
Definition
politically exposed person
- in a Member State:
- heads of State, heads of government, ministers and deputy or assistant ministers;
- members of parliament or of similar legislative bodies;
- members of the governing bodies of political parties that hold seats in national executive or legislative bodies, or in regional or local executive or legislative bodies representing constituencies of at least 50 000 inhabitants;
- members of supreme courts, of constitutional courts or of other high-level judicial bodies, the decisions of which are not subject to further appeal, except in exceptional circumstances;
- members of courts of auditors or of the boards of central banks;
- ambassadors, chargés d’affaires and high-ranking officers in the armed forces;
- members of the administrative, management or supervisory bodies of enterprises controlled under any of the relationships listed in Article 22 of Directive 2013/34/EU either by the state, or, where those enterprises qualify as medium sized or large undertakings or medium sized or large groups, as defined in Article 3(3), (4), (6) and (7) of that Directive, by regional or local authorities;
- heads of regional and local authorities, including groupings of municipalities and metropolitan regions, with at least 50 000 inhabitants;
- other prominent public functions provided for by Member States;
- in an international organisation:
- the highest ranking officials, their deputies and members of the board or equivalent functions of an international organisation;
- representatives to a Member State or to the Union;
- at Union level:
functions at the level of Union institutions and bodies that are equivalent to those listed in points (a) (i), (ii), (iv), (v) and (vi);
- in a third country:
functions that are equivalent to those listed in point (a);
Definition
parent undertaking
- for groups whose head office is located in the Union, an obliged entity that is a parent undertaking as defined in Article 2, point (9), of Directive 2013/34/EU that is not itself a subsidiary of another undertaking in the Union, provided that at least one subsidiary undertaking is an obliged entity;
- for groups whose head office is located outside of the Union, where at least two subsidiary undertakings are obliged entities established in the Union, an undertaking within that group established in the Union that:
- is an obliged entity;
- is an undertaking that is not a subsidiary of another undertaking that is an obliged entity established in the Union;
- has a sufficient prominence within the group and a sufficient understanding of the operations of the group that are subject to the requirements of this Regulation; and
- is given the responsibility of implementing group-wide requirements under Chapter II, Section 2 of this Regulation;
Definition
crypto-asset
Definition
property
Definition
competent authority
- a Financial Intelligence Unit (FIU);
- a supervisory authority;
- a public authority that has the function of investigating or prosecuting money laundering, its predicate offences or terrorist financing, or that has the function of tracing, seizing or freezing and confiscating criminal assets;
- a public authority with designated responsibilities for combating money laundering or terrorist financing;
Definition
terrorist financing
Definition
targeted financial sanctions
Definition
group
Definition
money laundering
Definition
financial institution
- an undertaking other than a credit institution or an investment firm, which carries out one or more of the activities listed in points (2) to (12), (14) and (15) of Annex I to Directive 2013/36/EU of the European Parliament and of the Council(32), including the activities of currency exchange offices (bureaux de change), but excluding the activities referred to in point (8) of Annex I to Directive (EU) 2015/2366, or an undertaking the principal activity of which is to acquire holdings, including a financial holding company, a mixed financial holding company and a financial mixed activity holding company;
- an insurance undertaking as defined in Article 13, point (1), of Directive 2009/138/EC of the European Parliament and of the Council(33), insofar as it carries out life or other investment-related assurance activities covered by that Directive, including insurance holding companies and mixed-activity insurance holding companies as defined, respectively, in Article 212(1), points (f) and (g), of Directive 2009/138/EC;
- an insurance intermediary as defined in Article 2(1), point (3), of Directive (EU) 2016/97 where it acts with respect to life insurance and other investment-related insurance services, with the exception of an insurance intermediary that does not collect premiums or amounts intended for the customer and which acts under the responsibility of one or more insurance undertakings or intermediaries for the products which concern them respectively;
- an investment firm as defined in Article 4(1), point (1), of Directive 2014/65/EU of the European Parliament and of the Council(34);
- a collective investment undertaking, in particular:
- an undertaking for collective investment in transferable securities (UCITS) as defined in Article 1(2) of Directive 2009/65/EC and its management company as defined in Article 2(1), point (b), of that Directive or an investment company authorised in accordance with that Directive and which has not designated a management company, that makes available for purchase units of UCITS in the Union;
- an alternative investment fund as defined in Article 4(1), point (a), of Directive 2011/61/EU and its alternative investment fund manager as defined in Article 4(1), point (b), of that Directive that fall within the scope set out in Article 2 of that Directive;
- a central securities depository as defined in Article 2(1), point (1), of Regulation (EU) No 909/2014 of the European Parliament and of the Council(35);
- a creditor as defined in Article 4, point (2), of Directive 2014/17/EU of the European Parliament and of the Council(36) and in Article 3, point (b), of Directive 2008/48/EC of the European Parliament and of the Council(37);
- a credit intermediary as defined in Article 4, point (5), of Directive 2014/17/EU and in Article 3, point (f), of Directive 2008/48/EC, when holding the funds as defined in Article 4, point (25), of Directive (EU) 2015/2366 in connection with the credit agreement, with the exception of the credit intermediary carrying out activities under the responsibility of one or more creditors or credit intermediaries;
- a crypto-asset service provider;
- a branch of a financial institution referred to in points (a) to (i), when located in the Union, whether its head office is located in a Member State or in a third country;
Definition
self-regulatory body
Definition
third country
Definition
funds
Definition
supervisory authority
Definition
obliged entity
Footnote 40
Footnote 41