Europol’s Accountability: Tension Between Secrecy and Supervision

By Elisabeth, Furat, Joseph and Matthew

Europol’s Accountability: Tension Between Secrecy and Supervision

This blogpost addresses the tension between effective policing and democratic oversight in the context of Europol’s extensive data collection used for ‘predictive policing’. This practice raises questions about the balance between security and individual privacy rights in the digital age. This blogpost provides an oversight of Europol’s powers and corresponding accountability, with the goal in mind of asking whether the Joint Parliamentary Scrutiny Group’s (JPSG) supervisory powers are sufficient to ensure robust and effective oversight of Europol’s operations. It’s important to note that while Europol’s role involves information collection and sharing, it’s distinct from predictive policing, a specific approach that relies on information to anticipate criminal activity. Predictive policing is not widely used in many European countries, and its relationship with Europol’s functions is complex.

A Brief Introduction to Europol:

Europol was created by the Treaty of Maastricht, which established a “Union-wide system for exchanging information within a European Police Office.” Initially, Europol’s role was limited to coordinating cross-border drug investigations. Despite its limited powers, the agency faced accountability concerns from the start, falling within the Maastricht treaty’s third pillar concerning police and judicial cooperation. Crucially, this domain was insulated from judicial review, meaning the Court of Justice had no means of ensuring Europol’s (admittedly limited) policing activities complied with fundamental rights.

Europol’s role has gradually expanded throughout the years, becoming a full EU agency in 2010. As an agency, Europol is tasked with additional responsibilities such as the collection and analysis of intelligence. However, with increased responsibility came the need for enhanced accountability.

The Treaty of Lisbon, brought an end to the pillar system which had kept Europol ‘at arm’s length’ from the Court’s oversight under Maastricht. For many, Lisbon signaled an end to Europol’s accountability concerns. Article 88 TEU provided the European Parliament with oversight for the first time, and along with it came “increased democratic accountability – at least superficially.” The JPSG is one of the core components of this newfound accountability. The group was established in April 2017 by the EU Speakers Conference, which brings together the national and the European Parliaments. The JPSG, which meets twice a year, is co-chaired by the European Parliament and the country holding the rotating presidency of the Council.

The group’s oversight powers are mostly supervisory. Under Article 51(2) of the Europol Regulation, the JPSG’s purpose is to “politically monitor Europol’s activities.” To facilitate the group’s supervision, Article 51(4) allows the JPSG to request documents from Europol and Article 12 of the Regulation requires Europol’s management board to make the agency’s annual work program available to the JPSG. So, the question is – are these supervisory powers sufficient when Europol oversteps its mandate?

Is Europol headed for ‘1984 reloaded?’ 

Supervising law enforcement agencies is a complex task. Law enforcement, after all, requires a degree of secrecy, which in turn stands in the way of transparency and supervision. In today’s digital society, this tension between secrecy and supervision is manifested in “predictive policing”, a practice which refers to gathering vast datasets and developing algorithms to identify criminals. Europol is no exception to this tension, as data collection and analysis is one of the core components of Europol’s tasks as the EU’s “principle information hub.” While Europol is permitted to collect personal data, Article 28 of the Europol Regulation requires that this data be relevant and necessary for the purposes for which it is processed.

Europol understands the collection of personal data is a touchy subject. In a 2012 publication from the agency, Europol asked “are we headed for ‘1984’ reloaded?”, referencing George Orwell’s novel which depicts a dystopian society of invasive state surveillance. In an effort to put concerns to rest, Europol reaffirmed its commitment to ensuring “the highest standards of data protection.”

Despite this commitment, “serious concerns” have been raised regarding data mining practices at Europol, which saw Europol retaining data related to huge numbers of individuals for indeterminate periods. The sheer scale of Europol’s data mining saw its dataset of 4 petabytes (equivalent to 2 trillion printed pages) compared to a “black hole” and the scandal compared to the mass surveillance program uncovered by Edward Snowden in the U.S. So where was the JPSG amidst this scandal?

What role for the JPSG? 

Under Article 51 of the Europol Regulation, the JPSG is responsible for supervising Europol’s activities which impact fundamental rights. Given that the European Data Protection Supervisor (EDPS) found that Europol’s data mining practices have a “potentially severe impact” on data subjects’ fundamental rights, data mining at Europol would seem to fall squarely within Europol’s supervisory powers.

The problem is the limited extent of the JPSG’s supervisory powers. Europol is only required to report to the JPSG on a yearly basis and has no oversight over the agency’s day-to-day activities. This creates a real gap in the group’s supervisory powers. This gap is demonstrated by the fact that it was Europol itself, not the JPSG, which reported concerns regarding its data handling practices to the EDPS.

Real tension between secrecy and supervision is also evident with regards to the JPSG’s requests for documents. Different rules apply to requests for sensitive documents, which Europol handles a lot of as a law enforcement agency. This tension came into play when the JPSG requested access to correspondence between Europol and the EDPS relating to Europol’s data collection software, to which Europol provided only a limited reply, indicating only the types of software used.

Moreover, adherence to the Law Enforcement Directive (LED) reinforces accountability by mandating strict data protection standards for law enforcement authorities, including Europol. The EDPS’s oversight ensures Europol’s predictive policing complies with these standards, highlighting the critical need for enhanced supervisory mechanisms to protect personal privacy and uphold fundamental rights in the era of data-driven law enforcement.

The JPSG’s limited supervisory powers have been harshly criticised. Some have even said that the group’s limited role gives the agency a “blank cheque” to self-regulate. What then can be done to improve the JPSG’s supervisory role? One solution could be allowing the JPSG more access to Europol’s management board meetings. As it stands, under Article 14 of the Regulation, the JPSG is only required to be invited to two board meetings per year. If the board addressed the JPSG’s summary conclusions and the group’s representatives participated more actively, it would greatly enhance both transparency and effectiveness as the JPSG would have a better grasp on Europol’s day-to-day activities. Such improvements are essential for the JPSG to execute its oversight responsibilities more effectively. 

 

 

 

 

The Fundamental Rights Officer: Just what the EUAA needed  

By Elaine, Gersi, Joris and Leonoor


The Asylum Crisis 

Granted with a new mandate following the adoption of Regulation (EU) 2021/2303 on 19 January 2022, the European Union Agency for Asylum (EUAA) has transitioned into a full-fledged agency. Its goal is to improve the functioning of the Common European Asylum System (CEAS). As the successor of the European Asylum Support Office (EASO), the EUAA is tasked with upholding and promoting respect for fundamental rights within the European Union’s (EU) asylum system. 

Fundamental rights are particularly relevant in the CEAS. This is especially so, given that migrants and asylum seekers often find themselves in a vulnerable position. This can be due to for example their lack of resources, and poor living and material conditions. Following the mass influx of refugees on the EU’s shores leading to the asylum crisis of 2015, a reform of the CEAS was needed to create ‘a more humane, fair, and efficient European asylum policy’. In light of this, the EUAA has implemented a more robust fundamental rights strategy. This strategy contains several safeguards.  

One of these safeguards is the new Fundamental Rights Officer (FRO). The FRO portraits the enforcement of, and adherence to fundamental rights within the EUAA. In this blog post it will be argued that, as follows from the 2022 Ombudsman initiative, the FRO adds value to the workings of the EUAA. This is because the FRO aids the Agency in several ways within the field of fundamental rights. 

François Deleu: the man for the job 

Following the new fundamental rights strategy, Article 49 Regulation 2021/2303 requires the Management Board of the Agency to install a FRO. The FRO is appointed to design a new Fundamental Right Strategy, manage a new complaints mechanism, and contribute to the Agency’s Monitoring Mechanism. Appointed in May 2023, François Deleu is the first to take on this task.  

“I will develop and uphold a robust Fundament Rights Strategy that will build on what is already in place, ensuring that the respect for fundamental rights is central to all the Agency’s growing activities” ~ François Deleu 

While the FRO works independently, Deleu collaborates with the Agency’s Consultative Forum of Civil Society Organisation to create the new Fundamental Right Strategy. The Consultative Forum has an advisory function: it is established to exchange information with relevant civil society organisations and bodies operating in the field of asylum. This includes the European Union Agency for Fundamental Rights and the European Border and Coast Guard Agency (Article 50 Regulation 2021/2303). Together, the FRO and Consultative Forum aim to ensure that the Fundamental Right Strategy is properly reflected in the Agency’s workings. They also work towards preventing breaches of the Charter of Fundamental Rights of the European Union (Charter). 

The FRO is designed as a response to the 2019 Ombudsman decision on maladministration in the practice of the EASO. The FRO therefore manages a complaints mechanism created for individuals who may have suffered a violation of their fundamental rights by an expert employed by the EUAA. The FRO moreover contributes to the Agency’s Monitoring Mechanism of Member States’ asylum systems. The FRO does so by ensuring that this mechanism takes fundamental rights concerns into account.  


Organisational structure of the EUAA 

A Slow Start… 

Following the 2021 revamping of the EUAA framework, the European Ombudsman opened a new strategic initiative. In this initiative, the Ombudsman posed 16 questions to the Agency. This included questions on how the EUAA complies with its fundamental rights obligations and how it ensures accountability for potential violations. These questions related to the renewed protection offered by the 2021 Regulation. It therefore raised attention to the FRO. What followed was a back-and-forth correspondence between the Agency and the Ombudsman.  

It should be mentioned here that the Ombudsman does not issue legally binding decisions. However, its reports are valuable in assessing the Agency’s compliance with its fundamental rights obligations. This follows from its mandate of investigating ‘instances of maladministration in the activities of the Union institutions, bodies, offices or agencies’ (Article 228(1) TFEU).  

At the time of the investigation, Deleu had not yet been appointed. One of the questions therefore rested on when the Agency anticipated this position to become operational. In the Agency’s initial reply of 11 July 2022, it walked through the appointment procedure for the FRO. The reply highlighted that certain steps like kick-starting the selection process were taking longer than expected. This could be owed to the “extensive consultations” held with all involved stakeholders. These consultations were needed to ensure that the necessary attention to detail was afforded in the selection of candidates. 

The Ombudsman later expressed disappointment in February of 2023 that the position remained vacant more than a year after the 2021 Regulation came into force. It urged the Agency to fill this position as “a matter of urgency”, because of the need to operationalise the Agency’s other fundamental rights mechanisms. In this way, the FRO can be seen as the catalyst for all EUAA fundamental rights mechanisms.  

 …But a Promising Future 

As mentioned, the FRO position was eventually filled in 2023. At the time of writing, Deleu now holds office for nearly a year. So, what can be said for this new development?

At the end of June 2023, the Agency replied to the Ombudsman observations. In the reply, the Ombudsman was informed of this long anticipated appointment. Also, it was stated that the fundamental rights strategy was expected to be adopted in March/April 2024. At the time of writing, it can therefore be expected any day. 

Additionally, the response addressed recommendations for the FRO to review all operational plans signed between the Agency and EU Member States. It highlighted that Deleu had already reviewed plans with Spain, Bulgaria and Lithuania since entering office. Here, the value of the FRO can be seen through its direct involvement in scrutinising Member State plans. 

In July of 2023, the EUAA also published its Annual Report about asylum in the EU. In the Annual Report, it discusses its newly developed escalation process. This process is outlined under Article 18(6)(c) of the 2021 Regulation. It stipulates that the Agency’s Executive Director can suspend or terminate asylum support teams in a Member State that is violating fundamental rights or international protection obligations. This is done after consultation with the FRO. 


An overview of the EUAA's timeline (made by the authors of this post)
  

A Well-Rounded Appointment 

As a final note, the recruitment process’ emphasis on maintaining the FRO’s independence towards the Executive Director should be highlighted. This is important due to the weight placed on independence in the FRO’s mandate. The selection committee for the post therefore included external stakeholders, like the European Commission Directorate-General for Migration and Home affairs. So, while the position is appointed internally, individuals from outside the Agency have a say in deciding the next FRO. Based on the selection procedure, a list of candidates is sent to the Management Board, which ultimately takes the final decision. Ultimately, it is therefore an internal decision with external input.  

The importance attributed to the FRO in the Ombudsman initiative has now been shown. The office’s essential role in upholding the new framework’s mechanisms is also evident. Hence, the FRO can be seen to hold great added-value for the Agency, with further-untapped potential. 

 

The Role of Frontex in Enforcing ETIAS

By Ariana, Beatrice and Elsa

Due to increasing global mobility and security challenges, Europe has reinforced its border management strategies. The European Border and Coast Guard Agency, commonly known as Frontex, is essential to this policy. Frontex is in charge of assisting the Member States in managing the European Union’s external borders. On this subject, a new system will be implemented: the European Travel Information System (ETIAS). This new system contributes to fortifying the external European borders, and Frontex has a significant role in its implementation.


Photo: European Travel to Become Payable: EU Introduces ETIAS. Source: Collage The Gaze

The European Travel Information and Authorization System (ETIAS): a brief explanation 

What is ETIAS?  

ETIAS was introduced by Regulation 2018/1240. This new European travel authorization system will be implemented in 2025. It will be completed via an online application that will cost €7 for people aged 18 to 70.  

This travel authorization will impose on travelers the obligation to provide personal data, including the level of education, occupation, the address of the first intended stay, and prior convictions for criminal or terrorist offenses. This data will assess the risk of the threats above and create an ETIAS watchlist concerning people at risk of committing or having committed a terrorist offense.

This new electronic authorization system is intended to apply to visa-exempt visitors from third countries traveling to a Member State of the European Union or the Schengen area (except Ireland) for less than 90 days.  



European Travel Information and Authorisation System (ETIAS): In a nutshell

What is the goal of implementing ETIAS?

The European Commission aims to strengthen controls at the external borders to preserve freedom of movement within the internal market and, more generally, the Schengen area.  

The establishment of ETIAS answers several objectives. This system has been designed to reinforce security at the borders, especially against terrorism and irregular immigration. By conducting security risk assessments of visitors before their arrival at the border, the goal is to prevent potential threats, even potential epidemic threats, from entering the Schengen area.

Moreover, this system aims to support the objectives of the Schengen Information System (SIS), the platform Schengen area members utilize to exchange real-time data on individuals and objects of interest. ETIAS will contribute to preventing, detecting, and investigating terrorist offenses and serious criminal activities.

Finally, the other purpose of ETIAS is to streamline border management to facilitate legitimate travel.   

How will ETIAS work?

ETIAS is an automated IT system that performs tasks or processes automatically without continuous human intervention. ETIAS will use artificial intelligence (AI) to analyze applications from third-country nationals wishing to stay in the Schengen area for less than 90 days. Nationals from the 60 countries covered by ETIAS will have their applications automatically analyzed by various European databases, such as Frontex or Europol, to ensure they do not constitute a threat. Applicants will mostly receive an answer in less than an hour, but it could take up to a month. Frontex has stated that, on average, 97% of applications would receive rapid authorization. Regarding the remaining 3%, these applications will be reviewed manually by the ETIAS Central Unit. Frontex is responsible for setting up and operating this Central Unit.

ETIAS, THE ELECTRONIC TRAVEL AUTHORISATION FOR EUROPE

 The Role of Frontex…

Frontex, created in 2004, is one of the most critical European agencies. Its relevance has grown over the years and, with a budget of over 845 million euros in 2023, plays a crucial role in enforcing EU borders policy. This European agency provides support to Member States in their efforts to control and secure the external borders of the Schengen. Therefore, it is logical that Frontex plays a pivotal role in enforcing ETIAS.  

…in enforcing ETIAS

According to Article 7 of the ETIAS Regulation, Frontex is responsible for setting up and operating the ETIAS Central Unit. This Unit is within Frontex’s organization and manages ETIAS.





Frontex

First, concerning online application provided by the travelers. During the processing of the data sent by the applicant, if there is a hit, the ETIAS Central Unit will have the responsibility to cross-check the information of the person in question against the information contained in the Central System. Information encloses in the Central System include other EU information systems, Europol, and Interpol data. This will allow the Central Unit to determine whether the applicant is welcome in the Schengen area.

Frontex is further tasked with performing audits of the processing of applications to safeguard fundamental rights in this process. In doing this, Frontex agents will have to examine how the continental Unit manages online applications’ fundamental rights, such as the right to privacy and non-discrimination. The ETIAS central unit must respect these rights throughout the data analysis process but also subsequently regarding their storage.

Frontex officials are responsible for ensuring the data entered in application files is up to date. The Central Unit is tasked with publishing an annual activity report containing statistical data on ETIAS’s functioning and general information on its activities, activities, and concerns. The report is made to the European Parliament, the Council, and the Commission.

One of the most critical tasks of Frontex is that it is charged with defining, revising, and deleting, as well as assessing risk indicators to ensure the security of Europe’s borders, according to Article 33 of the ETIAS Regulation. These risk indicators are listed in Recital 27 of the ETIAS regulation and relate to threats regarding security, irregular immigration, or high epidemic risks. The risk indicators are based on the factors provided by the ETIAS online application, which include nationality, residence, education, and employment status. Those criteria have been chosen to avoid discrimination. Applications will be automatically checked against this list of risk indicators. If a hit is triggered, the Central Unit cross-checks this(/these) hit(s) against other databases and, depending on the result, either issues a travel authorization or refers the case to a competent Member State authority, who will manually process the information and either grant or refuse the travel authorization. This meticulous process ensures that ETIAS balances security concerns with respect for individual rights and non-discrimination principles.

Frontex and Fundamental Rights Protection – Much Ado About Nothing

By Yanfui, Ana, Clara and Sebastian

As the European Union agency for “European integrated border management”, Frontex is the centre for border control activities at the EU’s external borders, sharing intelligence and expertise with all Member States and with neighboring non-EU countries affected by migratory trends and cross-border crime. It plays an active role in return operations. Under Article 3 of Directive 2008/115, return decisions are taken when the stay of the third-country national is declared illegal, which occurs when the person does not fulfill the requirements of that Member State, not carrying the required visa or residence permit.

Regarding the critics to Frontex, according to a report from 2020, Frontex faces two main challenges concerning pushbacks: accountability and transparency. These issues have become increasingly visible in recent years. Nevertheless, the protection of Fundamental Rights has still not been sufficiently improved. This is particularly paradoxical, as this topic has been the subject of countless publications in the legal literature and the EU legislator is also aware of the problematic situation, given that the protection of Fundamental Rights is mentioned more than 230 times in the corresponding Regulation. In the context of this blogpost, we will show where the greatest deficits exist regarding transparency and accountability, and thus where the greatest need for legislative action exists. To wake up the legislator and ultimately to push the legislator to real sustainable action, we will suggest that the Ombudsman could take on a decisive role

When Borders Become Barriers: The Unintended Consequences of Europe’s Approach to Border Control

In February, the sinking of a vessel carrying 59 refugees from Turkey to Italy was blamed on Greece. With regards to Frontex, it has cooperated in protecting the coast, which made refugees decide on circumventing the Greek islands and taking the more life-risking approach by attempting to reach Italy. Consequently, both Greece and Frontex have been accused of taking part in those deaths, and we still lack information on their participation in this incident during their border protection activity.

Unfortunately, this is only one of numerous examples in which migrants coming in seek of asylum are subject of violence, detained, stripped, confiscated of their belongings, and pushed back to their territory.

No transparency in reality

Despite being an extremely regulated agency, the observable deficits in Frontex’s way of functioning raise doubts about its role as a border control agency. The lack of transparency and accountability in Frontex’s activities has been subject to debate since the Agency was created, with several calls demanding a solution to this issue at a national and European level, with no significant changes to this date.

When Frontex does not meet its transparency obligations, holding it effectively accountable for its actions is further complicated by the non-accessibility of all information. Even though a transparency mechanism can be found in Regulation 1049/2001 -to which Frontex is subject to- access to Frontex’s documents remains highly restricted on account of the nature of the information they contain. This cult of secrecy is further increased by the requisites prescribed in the Regulation: To access Frontex’s documents the person must be a citizen of the European Union. This reduces many potential information requests, as those primarily affected by Frontex’s actions do not meet this requirement.

Moreover, from an accountability point of view much has been reviewed and promised yet no noticeable changes can be seen. Being an EU Agency, Frontex is bound by the Charter, which consequently shields migrants from refoulement and collective expulsions. It also prohibits the conduction of push backs, as well as any sort of participation in them and the omission of acting against them. At first sight, the law is clear, and the system should work. Yet it is still extremely complicated to hold Frontex accountable when it does not comply with said obligation, even when tools created with significant effort such as the ‘individual complaint mechanism’ exist. The reason is not surprising: Frontex’s is formed by multiple actors from quite diverse backgrounds which makes it particularly challenging to allocate responsibility in case of wrongdoing, specifically in the context of pushbacks.

Enhancing political attention as the way forward in addressing the non-accessibility hurdle

The main changes needed to improve accessibility are more or less obvious. The right of access to information must be made more effective by also granting it to non-EU citizens. In addition, the requirements for refusing the right to information on public security grounds must be made more stringent, so that this straightforward way of denying access is no longer available. Since the EU legislator, despite frequent and repeated criticism, has so far not genuinely chosen to strengthen the fundamental rights protection at the expense of less effective border protection, the question arises how the legislator can be pushed to such legislative changes.

For this purpose, the European Ombudsman should be involved to a greater extent by receiving complaints about Frontex activities. The broad mandate from Art. 228 (1) TFEU would allow the Ombudsman to deal with such complaints, to make them public and to enter into an accountability dialogue with Frontex. It is true that here, too, only natural persons residing within the EU can file a complaint, which will probably never be the case in practice regarding persons who have been pushed back. However, legal persons located within the EU can also file corresponding complaints and thus draw the attention of the Ombudsman to deficiencies in the work of Frontex at the border. Such legal persons are non-governmental organizations (NGOs), most of which have a registered office within the EU. These could serve here as a spokesperson for the third-country nationals who have been pushed back. The Ombudsman can then forward the submitted complaints to the European Parliament through so-called special reports, which would ensure that the issue is debated and thus gains political attention.

Even if an EU institution would not be obliged to comply with the Ombudsman’s recommendations, it can be pressured towards compliance through public ‘naming-and-shaming’. Even if immediate changes would fail to materialize due to the lack of far-reaching powers of the Ombudsman, the Ombudsman’s activities and demands could prepare the ground for later secondary legislation changes by increasing political pressure by highlighting the deficiencies to the public. The Ombudsman’s ability to persuade the legislator to amend the legislation has been proven, for instance, by the introduction of the complaint mechanism in Art. 111 of the Frontex Regulation, which was ultimately also based on the suggestion of the Ombudsman.

 

Frontex: more powers and less responsibilities?

By Juliette, Ahmed, Katrin and Tom

(Source: European Commission, Migration and Home Affairs, available at: https://home-affairs.ec.europa.eu/agencies_en)

The shared administration, intended as the division of tasks between national authorities and Frontex regarding the protection of the European external borders, has changed over time with the enlargement of Frontex’s powers. This has raised issues of responsibility when a Fundamental Right (hereinafter FR) violation occurs. One possible solution for Frontex to escape this issue is the use of Article 46 of Regulation 2019/1896 (hereinafter the Regulation). We argue that this Regulation lacks a real distinction of responsibility between Frontex and the national authorities. This lack is then profitable to violations of FR because it is hard to sanction and prevent violations if it is not possible to correctly identify a “guilty party”.

Evolution of Frontex’s enforcement powers and shared administration

The recent evolution of Frontex, the European and Coast Guard Agency (EBCG) by the most recent Regulation illustrates a remarkable development in the EU’s institutional landscape with the transformation of Frontex into a new type of organisation equipped with direct decision-making powers. In fact, while the original operational mandate was limited to the planning, coordinating and evaluating the operations, this all changed with the new Regulation which created the permanent staff of the Agency whose executive powers are exercised under the command and control of the Member State hosting the operation. The permanent new staff of Frontex is a new resource to support national border management authorities in exceptional circumstances and in day-to-day operations. This novelty changed the very basic principle and former division of tasks between the Agency and the Member States, according to which the implementation of EU policies, such as the application of the Schengen Borders Code rules, was strictly the responsibility of national border guards or border police.

This increase in Frontex’s mandate and the modified shared administration do not include a specific accountability system between the national authorities and Frontex when the operations are wrongly conducted. The only important addition of the new Regulation is the Article 46 which provides Frontex with the possibility to suspend, terminate or not launch activities especially when there is a risk of a FR violation. This possibility exists when the dignity of its own actions, in the sense of upholding FR, cannot be guaranteed adequately. Frontex has already invoked Article 46 once in the case of Hungary in 2021. While this was an important step, the invocation only occurred after five years of pressure from the Fundamental Rights Officer and a CJEU ruling. This phenomenon clearly shows that Frontex is not prone to withdraw its actions by invoking Article 46.

Fundamental Rights violations

Frontex is required by law to ensure that human rights are upheld during operations under both EU and international law. Nevertheless, OLAF discovered that Frontex repeatedly took active actions to ensure that the human rights crimes that were occurring would not be seen, documented, investigated, or accounted for. More specifically, it demonstrates how Frontex misled the European Commission and Parliament as well as how the Fundamental Rights Officer was side-lined and internal reports on human rights abuses were distorted. Frontex was aware of FR violations by the national authorities and sometimes even participated in it. The EU Agency failed to address and effectively follow up on these violations as to prevent similar foreseeable violations in the future.

Some authors have proposed that Frontex should be held responsible both directly and indirectly, especially concerning the misuse of Article 46 when FR are violated. However, the CJEU has not ruled on this matter yet.

Lack of effective responsibility mechanism under the Regulation of 2019

Hence, while direct enforcement powers of Frontex have grown, methods for holding Frontex accountable and responsible for its actions and violations of FR have not. In the existing system, any wrongdoing by Frontex can effectively be concealed due to its reliance on national authorities who oversee the actions of Frontex’s staff during ground operations.

However, even if Frontex is dependent on the command of national authorities, this does not alleviate the European and Coast Guard Agency from the obligation to respect FR as prescribed in Article 3, paragraph 2 of the Regulation.

Also, as stated above, Article 46 gives the possibility for Frontex to suspend, terminate or not launch activities especially when there is a risk of FR violation. Nevertheless, notwithstanding the numerous reports filed by the Fundamental Rights officer, Frontex did not make use of Article 46 in the 2021 crises affecting the eastern borders of the EU. Frontex was aware of the ground-breaking legislative amendments of the alien’s laws in Lithuania at the time of their deployment. As a matter of fact, these amendments were in complete breach of the European Convention of Human Rights (ECHR) considering that they introduced limitations on accessing asylum procedures; extended the use of detention (up to six months); and restricted individuals’ access to information, interpretation, medical care and legal aid. It is only in July 2022, following a CJEU’s decision which concluded that the above-mentioned amended Lithuanian migration and asylum laws were in breach of EU law, that Frontex decided to terminate its operations when it could have triggered Article 46 much earlier.

It can thus be argued that the lack of real distinction of responsibilities between Frontex and the national authorities, combined with the practice of Frontex to not rely on Article 46, further worsens the underlying tension between the protection of FR and the protection of the external borders of the EU.

 

OLAF and the EPPO: does team work always make the dream work?

Blog post by Nicole, Thirza, Enes

As reiterated by President von der Leyen in her 2021 State of the Union speech: “The EU needs to ensure that every euro and every cent is spent for its proper purpose and in line with rule of law principles. EU funds are not allowed to seep away into dark channels”. If you have wondered which EU bodies are at the forefront of the protection of the Union’s financial interests (PIF) and how their cooperation works, you have come to the right place. In the almost two years the EPPO has been operational, the two Offices have had the first chance to interact and cooperate, as prescribed by their respective Regulations. In this blogpost, we outline the current updated EPPO and OLAF operational cooperation and its future possibilities to find out if teamwork can make the dream work.

PIF: A new player in the game

For more than 20 years, the European Anti-Fraud Office (OLAF), an administrative investigatory body with the mission to “detect, investigate and work towards stopping fraud involving European Union funds”, has been a preeminent actor in the PIF fight. However, in 2017 a new player entered the scene, the European Public Prosecutor’s Office (EPPO). For the first time in EU history, an independent European body has the power to investigate and prosecute PIF crimes (see Figure A). As a result, we have two EU bodies with different sets of powers but with one common goal in mind: “to better protect EU taxpayers’ money and to bring all crimes against the EU budget to justice as quickly as possible.”

Figure A: Missions and Tasks of EPPO. Source: https://www.eppo.europa.eu/en/mission-and-tasks

OLAF and the EPPO in a nutshell

OLAF’s mandate encompasses investigation of fraud and corruption involving EU funds and serious misconduct within the European institutions as well as development of anti-fraud policy for the Commission. OLAF carries out both ‘internal’ or ‘external’ investigations, depending on whether or not they are conducted within institutions, bodies, offices and agencies of the EU (IBOAs). While conducting its investigations OLAF cannot exercise any coercive powers, so it has to rely on cooperation with national competent authorities. At the end of these investigations, OLAF cannot sanction the suspect or bring them to court. Instead, it can draw a report, binding on the IBOAs but not on national prosecutorial or judicial authorities of the Member States (MSs), and issue recommendations. In practice, the indictment rates following OLAF’s recommendations are low and vary significantly among MSs. That is because in some jurisdictions national prosecutors tend to prioritise the national aspects of cases, neglecting their European dimension, for instance, due to their lack of expertise.

In contrast, the EPPO has criminal powers through which it can investigate and also decide to bring a case to judgement before competent national courts until it has been finally adjudicated. Moreover, since the EPPO’s legal basis, Art. 86 TFEU, allows for the mechanism of enhanced cooperation, MSs could choose whether or not to join. Therefore, currently the EPPO counts only 22 “participating” MSs.

The implementation of these powers creates a complex legislative and organisational structure (here you can find a full explanation). Despite being a single office, the EPPO is composed of a central and a decentralised level, where different authorities play a role (see Figure B). As for the legal framework in which the EPPO operates, the EPPO Regulation provides only minimum rules, referring often to national laws especially in regards to its investigatory powers.

 

Figure B: Structure of the EPPO. Source: Fabio Giuffrida, The European Public Prosecutor’s Office: King Without Kingdom? CEPS Research Report No. 2017/03, February 2017

Abbreviations: ECP: European Chief Prosecutor, EP: European Prosecutor, DCP: Deputy Chief Prosecutor, EDP: European Delegated Prosecutor.

The EPPO and OLAF cooperation: ensuring no case goes undetected

The EPPO’s creation has definitely marked the transition into a new era for European enforcement in the area of PIF. However, in order for its potential to be fully exploited, the “new player” will have to play alongside its well-experienced team-mate OLAF. That’s why, expanding on the few ad hoc provisions contained in their respective Regulations, in 2021 OLAF and the EPPO further specified their obligations to cooperate by signing a Working Arrangement (WA). Considering this combined legal operational framework, let’s describe the most important aspects. First, in line with the principle of non duplication, OLAF needs to terminate its investigation if the EPPO is conducting one into the same facts. However, OLAF may support the EPPO in its investigations by means of operational, forensic, and analytical expertise and tools. Importantly, when providing this support, OLAF needs to respect the stricter criminal procedural safeguards contained in the EPPO Regulation. Additionally, under its own initiative or upon the EPPO request, OLAF can conduct parallel complementary investigations to address essential aspects of the protection of the EU’s financial interests, such as speedy recovery or the adoption of administrative precautionary measures.

Figure C: OLAF and EPPO Joint Enforcement

Moreover, the EPPO and OLAF can mutually exchange information, which enriches the capacities of both offices, enabling them to avoid duplicate investigations, and streamlining their operations. Additionally, the WA sets up a system for the reporting and transmission of potential cases. Since the mandates of OLAF and the EPPO do not fully overlap, this exchange is crucial to ensure that illicit activities detected by the EPPO in non-participating MSs do not escape OLAF’s investigation. Moreover, it guarantees that the EPPO is informed about any criminal offence falling under its mandate even when it was first detected by OLAF. In short, the exchange of both information and cases ensures that the EU’s resources are spent effectively and that every case is tackled by the appropriate authority.

Towards a joint enforcement mechanism?

A closer look at the envisioned OLAF and the EPPO cooperation supports the conclusion that the EU legislator aimed to create more than just two separate EU agencies. On the contrary, it seems that this could be the first step towards a comprehensive joint EU law enforcement system (see Figure C). Indeed, an integrated end-to-end cycle starting with OLAF investigations and ending with the EPPO indictments could be the future of the PIF enforcement in the EU.

Years of cooperation will be necessary to find out if teamwork will make this dream work or if it will remain but a distant dream. So far, it seems that both offices got off on the right foot and the EPPO 2022 annual report enthusiastically highlights the achieved results. Nonetheless, if a lasting relationship is to be built on these foundations, one must not forget that this increase in the powers of EU authorities should be accompanied by both guidance to and cooperation with national authorities and by appropriate guarantees for private individuals.

The Qatargate scandal and the EU’s anti-fraud enforcement: a sheet too short? DRAFT

By Isabella, Renuka, Thomas, and Yutong

Corruption scandal at the top of the EU

Increasing anti-fraud enforcement: the need to tackle fraud on a broader level

The European Union is a very complex structure, with a budget of a little less than EUR 190 billion for 2023. This could present an ideal environment for fraudsters, who may take advantage of this to commit and mask their crimes. We can give you an example: imagine you sit at one of the highest positions in the European Parliament, and you are approached by certain countries’ representatives willing to pay you so you can lobby in their favour at Parliament’s meetings. That is fraud and it – unfortunately – happened in real life, as seen in Qatargate.

Although Qatargate involved bribes paid to MEPs, constituents of an EU institution, it was not investigated by EU bodies, but by national authorities from Belgium. Therefore we formulated to research the case in-depth and the anti-fraud framework within the EU with the aim of providing an understanding as to why EU anti-fraud bodies, especially the European Anti-Fraud Office (OLAF) and European Public Prosecutor’s Office (EPPO), have not been directly involved in Qatargate.

Although the importance of these institutions in the EU cannot be overstated, the effectiveness of their power is subject to limitations. Firstly, their competencies, whilst broad, do not fully encapsulate the various forms that European financial fraud may take, and secondly, their relationship with the relevant national competent authorities. This was evidenced by the manner in which the investigation into Qatargate was conducted.

Anti-fraud enforcement in the EU: OLAF and EPPO

As already mentioned before, OLAF and EPPO are the two main bodies established to fight fraud in the EU; and even though both bodies pursue a common objective, significant differences exist between the two.

For OLAF, the investigation powers can be classified into external (concerning the area of the Member States and other countries) and internal investigations (focused within the EU institutions), however, it does not have any sanctioning powers. Because of that, there are concerns about its lacking of sufficient criminal enforcement and judicial materialisation of OLAF’s recommendations caused by national prosecutors in certain Member States, who narrow down their investigations to national aspects.

Unlike OLAF, EPPO is granted shared competence to investigate and prosecute offences with an EU dimension which are related to fraud that has a direct impact on the EU finances/budget. Furthermore, EPPO exercises its competence only via an investigation or by deciding to use its right of evocation. If the latter applies, EPPO will determine whether it wants to take over the case initiated by the Member State(s) after deliberation with the respective national authorities. In that case, the national authorities are required to confer the proceedings to EPPO.

Qatargate: a scandal in the EU Parliament and the EU’s anti-fraud enforcement

The view from the VIP lounge

Currently, Qatargate has only been investigated at the national level, by the Belgian authorities, instead of by OLAF and EPPO, but that does not mean they have not been kept busy. At approximately the same time which Qatargate took over the news, OLAF and EPPO were involved in another investigation into the Parliament.

In December 2022, OLAF issued an investigative report regarding a “suspicion of fraud detrimental to the EU budget, in relation to the management of the parliamentary allowance”, specifically regarding money paid to parliamentary assistants. It is interesting to point out that, as clarified by OLAF Director-General Ville Itälä, “there is no link between the issues investigated by OLAF and the issues under investigation in the ‘Qatargate’. When it comes to the so-called Qatargate, OLAF is following the matter very closely, in line with its investigative experience and analytical expertise. We are in contact with the Belgian authorities on the matter”.

Based on what we have discussed above, the inner logic of such clarification is the fact that, unlike EPPO, OLAF does not have any sanctioning powers. This means that OLAF does not possess the power to conduct criminal investigations and prosecutions; so without a request from national authorities, it cannot initiate an investigation, and can only provide limited information support. Currently, OLAF shows the willingness to support the investigation into Qatargate, but it does not seem to be actively engaged in Qatargate.

The most notable fact is that OLAF is a non-prosecutorial body, and is reliant on the individual Member States for their cooperation. For example, in 2015, Hungarian authorities refused to comply fully with an investigation into bid tenders related to the disbursement of funds under the Economic Operative Programme. In such instances, OLAF cannot compel a Member State to assist in its investigations other than to request the National Competent Authorities (NCAs) do so themselves or for the European Parliament. Progress in this regard has been made, with OLAF and the Office of the Prosecutor General of Hungary, its NCA, signing a cooperation agreement last year to protect EU funds from fraud and embezzlement in the country by strengthening the closeness of its investigations.

A similar problem exists for EPPO, in that Member States retain an ‘opt-out’ from the Area of Freedom, Security, and Justice (AFSJ). Currently, Hungary, Poland, and Sweden have not joined EPPO, with Denmark and Ireland maintaining the opt-out on a case-by-case basis. While negotiations remain ongoing with Denmark and Ireland as to the level of cooperation EPPO can expect from their NCAs, this highlights the issue EPPO, and OLAF, face in an inability to force Member States to cooperate if it simply wishes not to comply.

Having explained why OLAF is not directly involved, EPPO’s reasoning is different. EPPO’s main focus is the protection of the EU budget, and because of that, as there is no evidence, so far, that the wrongdoings investigated in Qatargate have an impact on EU finances, this body – even though it has the power to conduct judicial investigations – was not involved. Yet.

Overlaps between OLAF and EPPO

In addition to the matters raised in the section above, there is another aspect that needs to be considered. Given OLAF and EPPO’s similar roles, there can often be unintentional overlap in the investigations they carry out, see the graph below.

To ensure there are no conflicts, EPPO’s Regulation expressly directs the organisation to maintain a close relationship with OLAF based on mutual cooperation, information exchange, and complimentary support. However, EPPO does not have to inform OLAF of its investigations, per Article 8(1) of the OLAF Regulation, creating a potential lack of communication and duplication of investigative resources. EPPO is only required to consider doing so where there is suspected illegal conduct relating to the financial interests of the EU. This may have occurred with Qatargate given OLAF was investigating Eva Kaili’s parliamentary assistants before EPPOs publication of its investigation.

Protecting your money: How OLAF and the EPPO can help each other fight the misuse of EU funds.

OLAF and EPPO are considerable investigative forces in the EU, but due to the factors discussed in this blog post, might be possible that fraudulent practices that hurt the EU’s and its citizens’ interests go undetected and unprosecuted, given that fraud is unavoidable to a degree in a Union so large. Therefore, expanding the strength of their investigative and prosecutorial powers and increasing their cooperation, will, in the authors’ opinion, decrease the overall levels of financial mismanagement and fraud in the EU.

Defending yourself against the powerful EPPO, what to expect? DRAFT

By Eloise, Marina and Amber

The EPPO

Imagine you are a national who is a suspect or accused in a criminal proceeding of the EPPO. Are you aware of your exact rights as a defendant?

Defence rights in EPPO proceedings: Who cares?

The European Public Prosecutor’s Office (EPPO) is a powerful body. It can investigate and prosecute the offences that are affecting the EU’s financial interests. The actual prosecution by the EPPO always takes place before a national court in one of the EU Member States. A consequence could be that you as an individual have to take on the battle against the EPPO in a criminal proceeding. Now, it can be noticed that specific defence rights are not laid down in the EPPO Regulation itself. How could you defend yourself properly in this case?

In this blog post, we will provide you with some answers. We will guide you through the problems that we potentially have to deal with in a criminal proceeding by the EPPO. Especially in the case that the proceedings are referred to as a cross-border case. Additionally, we will lay out the arguments that you as the defendant could make. To make sure that in the end, you still stand a chance of effectively arranging your defence.

The defendant (left) against the powerful EPPO (right)

Criminal proceedings with a cross-border dimension: What to expect, or maybe even fear?

The EPPO has the power to choose a different Member State for prosecution than your own. It might therefore not be foreseeable before which court your trial will be held. Do you have any possibility to request a change of jurisdiction? Or that you will at least be heard before such a jurisdictional change is made? Unfortunately not. You do not have a voice or choice when it comes to the forum selection.

Secondly, in the case of a so-called cross-border prosecution, the investigation and obtaining evidence by the EPPO has taken place in multiple Member States. The delegated prosecutors of the EPPO are allowed to exchange and submit relevant evidence to the case file. Therefore, you as the defendant could be confronted with multiple documents based on different national procedural rules. If you want to argue that a piece of foreign evidence is illegally obtained, you need to take into account that the court will evaluate this argument based on its national procedural law. You could be confronted with the issue that the ‘potentially illegal’ evidence is stipulated as legal under their applicable procedural standards.

Another complexity you should become aware of is that your right to access the case file is limited. There are no uniform standards for handling the information in the case file laid down in the EPPO Regulation. There are no rules regarding access to such case files, nor are there any safeguards to ensure that the content of the information in the case management system always adequately reflects the case file.

Lastly, the EPPO Regulation does refer to the Charter of Fundamental Rights of the European Union as well as the ABC-Directives, to guarantee procedural rights. Therefore, it would seem that you receive enough protection and defence rights against the acts of the EPPO. But do not cheer too quickly. As noted, the national law of the state where the trial is held determines the procedural standards applicable. If a Member State has not implemented specific defence rights from these Directives, you can rely solely on the national procedural safeguards applicable. The level of protection of defence rights will be determined by the procedural rules of the state where the proceedings take place.

How to set up a successful defence

Looking at the issue of forum selection, you should be granted the ability to have more insight into where the proceedings will take place. Especially since this could simplify the process of selecting a lawyer. On this basis, you could use the argument that there should be a right to request a change of jurisdiction. Or at least, you should be granted a chance to be heard before such a jurisdictional change is made. Consideration should be given to your personal circumstances. The issue of foreseeability and the possibility of forum shopping means that the defendant must be guaranteed that there will be no change in the court’s jurisdiction during ongoing proceedings, as it is difficult to predict the court where the trial will be held.

Access to the case file is another important defence element. You could argue that complete access to information is necessary in order to prepare an effective defence strategy. The EPPO Regulation’s limited provision of free exchange of evidence makes it almost impossible for you to become aware of all documents obtained under all various procedural rules. You could use the argument of disproportionality in light of all the knowledge necessary to actually be able to understand the case file. The extra costs for an effective defence due to this complexity can be deemed unbearable.

The same argument can be used to challenge the lack of specific defence rights in the EPPO Regulation itself. As a defendant, it does not seem right to be dependent on the procedural rules of the Member State in which the proceedings take place.

Goal achieved?

Since you as a defendant are facing the consequences of an EPPO proceeding, you should be protected in all of your rights to be able to set up an effective and fair defence. In light of the difficulties that the defendant could face in a cross-border procedure of the EPPO, the individual needs to be made aware of applicable rights and possibilities to arrange his defence as effectively and successfully as possible. The Charter and the ABC-Directives are well-known instruments for defence rights. However, it would be easier and more efficient to include defence rights provisions, forum selection and a regression clause in the already existing EPPO Regulation. Cross-border prosecution is complex and deserves a general, harmonised and clear defence rights framework.

 

 

 

Hacking for Justice: How Europol Walks the Tightrope Between Fighting Crime and Protecting Fundamental Rights

By An Nhien, Iman, Liudmila, Timothy and Alice

National Security vs. Privacy

By An Nhien, Iman, Liudmila, Timothy and Alice

In the ever-evolving battle against serious and organized crime, law enforcement agencies (LEAs) are turning to a new weapon: lawful hacking. But as the supporting role of using hacking techniques by the and other agencies becomes more prevalent, questions are being raised about the impact on fundamental rights, particularly the right to privacy. With events like the high-profile EncroChat case and a landmark decision of the Court of Justice of the European Union (‘CJEU’), the legality and implications of hacking techniques in general, and the supporting role of Europol in facilitating lawful hacking in particular, are under intense scrutiny. Join us as we delve into the legal limbo and decode the delicate balance between privacy and public safety in the realm of facilitating lawful hacking by Europol.

What is Lawful Hacking?

There is no singular definition at the EU level. Similar terms such as “lawful hacking”, “law enforcement hacking”, “government hacking”, or “network investigative techniques” are often used interchangeably. However, Liguori argued that “lawful hacking” could be the most appropriate term as it broadly implies both the technical means of this investigative method and the lawful nature of the activity. Hence, he defines “lawful hacking” as the use of hacking techniques by LEAs to gain access to computer systems and networks for the purpose of investigating criminal activity. Simply put, LEAs would exploit the vulnerabilities of software, hardware, or firmware, to gain access to technical devices and then extract data and evidence from such devices. For instance, LEAs can conduct a forensic examination of seized smartphones after using algorithms to find the password of such smartphones.

Europol has declared the need to use lawful hacking due to the strong encryption on electronic devices that undermines the investigation and prosecution of organized crimes as the data is unavailable or unidentifiable. The use of encryption has increased the number of serious crimes, which has been identified by Europol as a threat to public order and safety, the efficiency of the criminal justice system, and the rule of law. On the contrary, the use of lawful hacking itself can also pose risks to the protection of fundamental rights. Indeed, the application of this method can, for instance, potentially interfere with individuals’ privacy if LEAs excessively access personal data without sufficient valid reasons or legitimate aims. As such, LEAs’ use of lawful hacking has become a contentious issue in the European Union (EU), raising questions about the balance between LEAs’ needs and individual privacy rights. The landmark is a stark example of the potential impact of lawful hacking by Europol and national LEAs on fundamental rights, particularly the right to privacy. Keep reading as we uncover the ramifications of lawful hacking, considering the EncroChat case.

EncroChat’s Downfall: Privacy at Stake.

In the world of encrypted communication networks, EncroChat was the king of security – until its downfall. EncroChat, an encrypted communication network advertised as a secure means of communication with complete anonymity, was dismantled by a French-Dutch joint investigation team in July 2020. Specifically, in the Encrochat case, LEAs hacked into a secure messaging platform that has been believed to be exploited by criminals, gaining access to private conversations and gathering evidence and leading to the arrest of several suspects across Europe. While the investigative method of lawful hacking helped in capturing criminals, does it also negatively impact the privacy of other normal users like us?

Article 8 of the European Convention on Human Rights (ECHR) guarantees our privacy rights. However, the EncroChat operation involved the development and distribution of malware disguised as an update, raising questions about the legality of the evidence obtained and the right to privacy. The lack of transparency in the methods used has caused uproar in legal circles, with debates about the potential misuse of lawful hacking. This means that while LEAs might have legitimate aims when they broke into the EncroChat system, they should do this very carefully because of the complex legal issues that arise alongside them, especially those related to privacy protection. In short, before deciding to apply or assisting the lawful hacking application, LEAs must take into account whether and to what extent this method can interfere with the individual’s privacy.

Legal Limbo: Hacking Techniques Challenged by European Parliament and CJEU.

In a report published by the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE) in 2017, even before the EncroChat case, concerns about the legality of lawful hacking activities conducted or supported by LEAs were raised. According to the report, there is a risk that the use of hacking techniques may infringe on fundamental rights. These concerns have been further amplified by the CJEU’s decision in the case of Accordingly, the CJEU ruled that the UK’s regime for public authorities’ retention and access to communications data, including LEAs, was inconsistent with EU law. The Court held that communications data’s retention on a general and indiscriminate basis, without any differentiation, limitation, or exception for the objective of fighting crime, was impermissible.

Privacy vs. Public Safety: Decoding Lawful Hacking by Europol

Although there are concerns about the possible violation of privacy rights by lawful hacking, it should be noted that this right is not absolute as it can be restricted under certain circumstances. Simply put, your privacy is only respected if it does not hamper the protection of the fundamental rights of other individuals or, on a larger scale, the interests of public safety/national security. If your privacy affects the latter, it is justified for you to “compromise” your interests for that of public security when you are legally requested, for instance, to provide access to your personal information by LEAs. It is, therefore, a matter of balancing different (and perhaps opposing) fundamental rights and interests of different parties involved. Concerning the use of lawful hacking for investigation purposes, one of the most important tasks of LEAs is to balance individuals’ right to privacy and national security, public safety and/or other individuals’ fundamental rights. To do this, Europol must refer to the Charter of Fundamental Rights of the EU (The Charter) and the ECHR since these legal documents protect and balance fundamental rights within the EU.

For instance, Article 8(2) ECHR states that a public authority cannot restrict privacy right unless it adheres to the law and is necessary to protect national security/public safety, etc. This interpretation was confirmed by the Court in Malone v. UK, ruling that a method allowing communications interception to support investigations by LEAs was essential if it met conditions provided by Article 8(2). Three main conditions for a lawful interception by LEAs include:

  1. such interference/interception is provided by the law;
  2. it is necessary and proportionate, and
  3. it aims to pursue legitimate aims such as the protection of public safety or national security or the prevention of crime/disorder

Since lawful hacking is one example of lawful interception, it is also subjected to these requirements. As long as the three conditions are met, the role of Europol in supporting lawful hacking does not violate the right to privacy enshrined in the ECHR and the Charter. Europol, in the joint Eurojust-Europol annual report on encryption in 2021, emphasizes it would follow such requirements by stating that their technologies must be accompanied by suitable protections, such as standards of necessity and proportionality to ensure the admissibility of collected electronic evidence in court. So, don’t worry whenever the LEAs are hacking your devices because they will respect and protect your privacy while doing so.

 

Safety and privacy

 

 

 

 

 

 

 

 

 

 

 

How to resolve a bank? The role of the Single Resolution Board (SRB) in averting the next banking crisis – looking at the Banco Popular case

By Georgios, Maren & Julian

 

 

Significant banks can still cause severe dangers to the European financial market as shown by the SRBs first resolution case, Banco Popular. Banco Popular had severe liquidity issues which endangered the financial stability of Spain and Portugal. The swift resolution could have prevented a tremendous impact on the economy and possible costs of a state bail-out. The blog post aims to give an insight into how the SRB makes such a resolution decision looking at the Banco Popular case. Which shows that decisions made by the SRB are subject to democratic legitimacy concerns in the form of: judicial accountability, institutional balance and the amounts of discretion the Agency thereby.

 

Let’s talk about the development of the EBU and the SRB subsequent to the financial crisis

In response to the global financial crisis the EU created the SRB, an EU agency, to make the financial market more resilient and stable and to move towards the European Banking Union (EBU). This is one of the most significant developments in European Integration since the establishment of the Economic and Monetary Union; which was meant  to restore confidence in the European banking systems after the double threat of the international financial crisis and the sovereign debt crisis. The EBU consists of 3 pillars: the Single Supervisory Mechanism, the Single Resolution Mechanism (SRM) and the European Deposit Insurance Scheme which is still under construction, as can be seen in Figure 1.

(Figure 1 – Banking Union)

The SRB is the EBUs resolution authority and therefore part of the SRM and has been established by the SRM Regulation (Regulation No 806/2014 (SRMR)). When a bank is failing or is likely to fail despite stronger supervision through the SSM, the SRM allows the effective resolution of the bank. The core mission of the SRB is to ensure an orderly resolution of failing banks, with minimum impact on the economy and public finances of EU countries, avoiding state bail-outs, which happened to a massive extent during the financial crisis to the detriment of the taxpayers.

The SRB as an EU agency has a broad mandate and an autonomous budget as independence is especially crucial when resolving significant banks. This mission is one of great societal relevance and one the author’s stand behind.

 

How does the SRB resolve a bank looking at the Banco Popular case

(Figure 2 – Resolution making process)

The procedure according to which the SRB adopts resolution schemes and according to which the resolution becomes a fully-fledged resolution plan, is described in Art. 18 SRMR. (Figure 2).

More specifically, in order for the SRB to draft a resolution scheme three conditions need to be fulfilled:

  • Step1: Bank is failing or likely to fail
  • Step 2: Private sector financing or any other private alternative does not exist
  • Step 3: Public interest assessment

Step1: Bank is failing or likely to fail

First, the ECB should find a bank is failing or likely to fail, but it is also possible for the SRB to proceed to a similar assessment on its own. However, this only happens when the ECB is specifically requested by the SRB to make an assessment and when the ECB fails to act within three days of the request. In the case of Banco Popular the SRB initiated proceedings on the 3rd June 2017 and asked the ECB to assess Banco Populars situation. On the 6th June 2017 the ECB determined that the bank was failing or likely to fail as ‘[i]t is likely that the institution will not be able to pay back its debts or other liabilities in the near future’ (Art. 2). Thereby, the first condition of Article 18 (1)(a) is fulfilled, the bank is having severe liquidity issues endangering the financial stability of Spain and Portugal.

Step 2: Private sector financing or any other private alternative does not exist

Secondly, the SRB should assess that there is no reasonable prospect that any private sector financing, other private alternative or supervisory action could prevent the failure of the entity. The resolution, in other words, must be rendered as the most suitable and proportionate measure to avert the collapse of a certain bank. SRB in cooperation with the ECB determined that there is no reasonable prospect for private measures (Art. 3).

Step 3: Public interest assessment

Lastly, the adoption of the resolution must serve the public interest (Art. 18 (1), (5) SRMR). The SRB in cooperation with the ECB determined that the resolution is in the public interest to safeguard financial stability in Spain and Portugal (Art. 4).

In the Banco Popular case, the SRBs executive session, which consists of the Chair and four full-time members, which are observed by the Commission and the ECB, determined the three conditions given. Shortly after, it adopted the resolution scheme on the 7th June at 5:30 am according to Art. 18 (1) SRMR.

Thereafter, the Commission, within 24 hours of the transmission, could endorse or object to the resolution draft. If specific circumstances under the SRMR are given, within 12 hours of the transmission, the Council could be involved and asked to endorse or object to the draft within the next 12 hours. When the Commission remains silent and does not express any objections, the resolution enters into force automatically after 24 hours (Art. 18 (7) SRMR). If the draft is objected to, the SRB should reform the draft, incorporating the objections within the next 8 hours.

In the Banco Popular case, the Commission took 1 hour (5:30-6:30) to assess the decision and endorsed it. In a statement of reasons it stated: ‘[t]he Commission agrees with the resolution scheme[,] [i]n particular it agrees with the reasons of the SRB why it is necessary in the public interest’. This short time frame gives doubts to whether it just copy-pasted the decision or actually assessed it as required per the Art. 18 (7) SRMR and whether they sufficiently assessed the discretionary aspect of the scheme. Although the Commission is an observer in the entire process, it does not show how they assessed and evaluated each decision made by the SRB. Instead of merely saying ‘we agree’ some thorough reasoning why the Commission agrees is important to avoid future democratic legitimacy concerns in the SRB’s decision making process.

The SRB decided to use the sale of business tool (Figure 3), which enabled the conversion of capital into shares which were subsequently bought by Banco Santander for the symbolic amount of 1 Euro. Banco Santander was able to provide the necessary liquidity and Banco Popular was able to open the next day as a subsidiary of Banco Santander.      

    

(Figure 3 – Resolution Tools)

The implementation of the adopted resolution relied solely on the relevant National Resolution Board. Nonetheless, according to Art. 29 SRMR, where a national resolution authority has not applied, not complied or has applied it in a way which poses a threat to any of the resolution objectives or the efficient implementation, the SRB may take over the implementation of the resolution, after informing the Authority and the Commission. In the Banco Popular case the Spanish authority swiftly implemented the SRB resolution scheme.

What democratic legitimacy challenges may arise from this process?

In our opinion it seems like the Banco Popular resolution has been successful in the way that it has prevented depositors of the bank and the taxpayer to lose money and safeguarded the financial stability in Spain and Portugal. However, despite the evident effectiveness of the resolution and the resolution-making process, legal and institutional challenges remain, which were also raised by the shareholders borning the burden of the bank’s rescue. The General Court rejected all of their claims in five separate cases. However, democratic legitimacy concerns persist to arise, also from certain aspects of the overall resolution making process provided in the SRMR as:

Firstly, even though it did not occur in Banco Popular, the SRB could come to the assessment that the three criteria are not fulfilled, thus no resolution decision would be concluded. As occurred in the ABLV case, whereto the ECJ decided  that the SRB’s non-resolution decision could not be challenged (Ernests Bernis case). The action for annulment (Art. 263 TFEU) by the shareholders, on which the decision had an economic effect, was inadmissible due to the missing legal effect on them. This makes the non-resolution decision unchallengeable for the ones economically affected, questioning the legal accountability.

Secondly, the SRB’s resolution scheme can be automatically adopted, if the Commission remains silent for the 24 hours after transmission. Then the SRB exercises discretionary policy-making powers with questionable safeguard of accountability in place.

Thirdly, even when the SRB’s decisions are reviewed by the Commission or the Council, the short deadlines of 24 hours and 12 hours provided by the SRMR, could cause doubt to a thorough review. Creating concerns about the de facto integrity and actual facilitation of such a review process. The 77 minute long Commission’s review of the Banco Popular resolution scheme, indicates more of an approval of  SRB’s decisions, without any real assessment. although it could be argued that the Commission is involved as an observer beforehand and therefore steers the SRB, using their final say as a negotiation tool. However, is this sufficient to quantify a thorough assessment.

These three questions relating to democratic legitimacy remain after looking at the Banco Popular ‘saga’ and the SRB’s resolution process.