On 20 January 2023, Liebrich Hiemstra defended her PhD dissertation which shows the financial side of the energy sector: the trade in energy derivatives and how such trading is supervised by EU and national regulatory authorities. One of the main findings is that the supervision in this sector is too opaque and that the effectiveness of the legal remedies available to market players is questionable.Continue reading “Trading in Energy Derivatives: who’s watching?“
Mira: The topic of supervision of markets and enforcement of norms and policies in the EU is an exciting, yet complex one to discuss, to design and to research (see my new chapter in Maggetti et al. 2022 aiming at capturing all relevant elements and dilemmas). The classic debates concern such pertinent issues as to which types of supervision – public and/or private, EU and/or national, compliance and/or deterrent oriented, to name but a few – should be most optimal to ensure specific policy goals and promotion of values. Next to these, new trends and challenges – globalisation and digitalisation of markets and hence enforcement, promoting sustainability and yet competitive businesses, etc. – add to the ‘to do’ list for researchers and practitioners. Knowledge accumulation and exchange on these questions across jurisdictions, policy fields and disciplines are thus essential to advance academic and policy debates, and this blog post aims to contribute to this. It shows the pertinent research and policy questions and research conclusions of five 2022 LLM Law & Economics master graduates who have written their impressive master theses on the topics of their choice in the area of supervision of markets, enforcement and agencies under my supervision. Their results and suggestions for future research on integer (banking) supervision, sustainable, fair (digital) competition and finance are impressive and aim to promote achieving policy objectives and boost further research attention and discussion in enforcing the areas of banking, financial, digital markets and sustainability goals and beyond.
The Single Supervisory Mechanism (SSM) is the legislative and institutional framework that grants the European Central Bank (ECB) exclusive competence to authorize and supervise banks in the eurozone. Yet, even in the context of such a high degree of Europeanization, the ECB is not completely autonomous but often relies on the powers and expertise of the national supervisors (NCAs). Various final decisions are therefore adopted on the basis of composite administrative procedures. While SSM procedures are indeed highly integrated, the protection of fundamental rights is split between the EU and the national legal orders, which may lead to gaps in complete fundamental rights protection.
By Natalia, Magali, Robin & Kristina
Money laundering is one of humanity’s most deceitful crimes. Huge money laundering scandals have occurred in the EU over the past decade. One of the main reasons is the insufficient exchange of suspicious activity/transaction reports (SARs/STRs) between Financial Intelligence Units (FIUs). FIUs form a bridge between the private sector and law enforcement bodies in the information exchange. But depending on their legal status, they may be subject to different rules of data protection regimes. Therefore, FIUs may be restricted in accessing SARs/STRs in cross-border cases. To coordinate the FIUs, the European Commission (Commission) proposed a new specialized Agency: the Authority on Anti-Money Laundering and the Countering of Financing Terrorism (AMLA). AMLA would be authorized to draft binding Implementing Technical Standards (ITS) on the templates of SARs/STRs. This is important because SARs/STRs’ content vary between Member States (MSs). For example, regarding the activities that are considered to be ‘suspicious’ and the extensiveness of the SARs/STRs. A cause for these differences lie in the fact that the MS uphold diverging thresholds for submitting a SAR/STR. AMLA would also be empowered to host the server FIU.net. FIU.net is considered to be a good and safe alternative to bilateral requests for SARs/STRs. In this blogpost we aim to show how the AMLA could improve the exchange of information between the different FIUs whilst upholding the EU data protection safeguards.
A Scandalous History
Money laundering (ML) is a crime with a strong international dimension. It has been a priority of the EU since the 1990s in response to increased drug trafficking. The EU thus recognized that a highly coordinated response from the EU as a whole is required to tackle AML effectively. This coordinated response is, among others, accomplished through the FIUs. These receive information from the private sector by means of SARs/STRs. The FIUs must forward the reports to national competent authorities and foreign FIUs. Although the SARs/STRs differ across the EU, they are crucial to stop ML. Namely because they can serve as intelligence for the initiation of a criminal investigation. The picture below illustrates how the aforementioned exchange of information goes.
However, the Commission identified in 2021 that there was an insufficient detection of suspicious transactions and activities by FIUs. A main reason, according to the Commission, is insufficient oversight of how entities subject to AML rules apply them. The insufficient detection limits the FIUs’ capacity to suspend transactions and to quickly send relevant information to competent authorities and other FIUs. Consequently, huge ML scandals have happened in the last decade. For example, the Danske Bank case in 2018 where almost €200 billion of suspicious transactions took place before the Danish authorities intervened.
Partly in light of the foregoing, the Commission proposed a Regulation on establishing the Authority for Anti-Money Laundering (AMLA) and the Countering the Financing of Terrorism (proposal). The AMLA would become the EU coordinator of national authorities to ensure that the private sector applies EU rules effectively. Given that a considerable amount of the MSs requested for EU oversight, establishing another agency seems to be an adequate measure. However, it is also known that the Commission does not always consider better alternatives for setting up a new agency . Hence, the question arises whether the proposal would be an improvement for the coordination of FIUs. Hereafter we elaborate on the problems in exchange of information between FIUs and how AMLA could be a solution.
Problems in the exchange of information
Despite the scandalous history, it is not that the private sector does not send SARs/STRs to the FIUs. On the contrary, the German FIU received so many SARs/STRs that it has a huge backlog. Rather, the problem lies with the exchange of the SARs/STRs between the EU FIUs. This might seem odd, considering Article 53 of Directive 2015/849 (AMLD5). FIUs are obliged to forward SARs/STRs to another FIU if they are relevant to that MS.
Important to note here though is that AMLD5 leaves discretion to the MSs to decide upon the legal status of their FIUs. Consequently, 4 different models of FIUs have been developed: ‘administrative’ ‘law enforcement’, ‘judicial’ and ‘hybrid’. Due to this diversity, MSs doubt what the applicable data protection rules are when FIUs exchange information. This results in different content of or access to the STRs/SARs. It hinders the efficiency of the FIUs’ coordination and reduces the capacity to detect money laundering effectively. The fact that FIUs must cooperate with one another regardless of their legal status unfortunately did not prevent the current problems (Article 52 AMLD5).
As previously mentioned, the AMLA is to become a central actor to support the cooperation among the FIUs and facilitate their coordination for better detecting the illicit financial flows of a cross-border nature. Considering this focus, the Commission wants AMLA to coordinate the FIUs by drafting binding Implementing Technical Standards (ITS) on the template of SARs/STRs (Article 42 proposal). The AMLA shall submit its draft ITS to the Commission for adoption. At the same time, the AMLA shall send them to the European Parliament and the Council of the European Union for information purposes.
In any event, the Commission may not alter the content and adopt the ITS before discussing them with the AMLA. Hence, the AMLA would essentially be able to oblige all the EU reporting entities to forward the same type of SARs/STRs to the FIUs. Currently, each FIU uses a different type of SAR/STR. For example, the Dutch FIU receive reports on all ‘unusual transactions’. In comparison, the Sonly receives reports based on a ‘grounded suspicion’. If AMLA were to impose one template, then it would become easier for FIUs to coordinate their operations. This would also be in line with recommendations of various scholars. Therefore, we are convinced that ITS would improve the coordination of FIUs.
The FIU.net’s revival
Under Article 37 of the proposal, AMLA would also be responsible for hosting and managing the FIU.net. This is a secure communication network between FIUs. AMLA would, for instance, ensure the required level of security of the system to address and reduce data protection risks. This is much needed, since FIU.net faces many technical difficulties.
This provision could definitely solve the confusion about the applicable data protection rules between FIUs. Since FIU.net is a ‘centralised decentralized system’, the 27 FIUs would have to connect their own database to the in-house server of FIU.net. It implies that FIUs cannot access each other’s data without consent. The server ensures a certain level of flexibility to exchange SARs/STRs via a hit/no-hit system. Namely because, the analyses tool ‘Match Three’ matches the SARs/STRs without revealing personal data. Thus before revealing the personal data, the SARs/STRs will first be compared to see whether there is a ‘match’. Because of this safeguard, we believe that FIUs will exchange more data with one another. Especially, since they there is a function that can automatically grant access to the FIUs’ databases.
Notwithstanding this, one could argue that the Commission clarifies which data protection regime applies in order to improve the communication between FIUs: the General Data Protection Regulation (GDPR) or the Law Enforcement Directive (LED). That is easier said than done though. For the Commission already stated in 2018 that the GDPR applies to FIUs. Yet, not all of the MSs agree with this because they have law enforcement FIUs. They are hence more inclined to apply the LED, which also happens in practice. Besides this, scholars have provided arguments in favour of both the GDPR and for the LED. Therefore, the answer as to which legal instrument applies, is far from easy. Since the discussion has existed for many years, we do not see a determination of the applicable data protection of rules as the quickest nor most adequate solution. Under these circumstances, we think that the revival of FIU.net would be more preferable in the near future.
Although it is true that few FIUs currently send SARs/STRs via FIU.net, we believe they will do so if another proposal of the Commission is adopted. The other proposal would oblige FIUs to communicate via FIU.net, which is not compulsory today. We thus believe that this proposal is one for a happily ever after. For it would balance the enhanced coordination between FIUs and the data protection rules.
The CJEU decision in the FBF case involves many crucial elements of EU law, all of which deserve careful consideration. Among the others, the decision touches upon the nature and the justiciability of soft law measures in the EU legal framework, the ESAs’ power to adopt them, and the relationship between corporate governance and product governance in the financial sector. In this blogpost, we concentrate only on some of these implications. In particular, we look at the general impact of the decision on the non-delegation doctrine, at the uncertainties surrounding the delegation of powers concerning broad matters such as corporate governance in the past and in the future regulatory framework and, finally, at how such uncertainties should guide the allocation of the power to review soft law measures. We suggest that the system of controls deserves our attention and reconsideration to adjust to the new realities of proliferation of soft, technical but also shared (enforcement) administration in the EU. This blog post is based upon the discussion speeches that the authors delivered in the online discussion organised by JMN EULEN (RENFORCE) in August 2021.
Continue reading ““The past is the past. The future is all that’s worth discussing” (Lord Baelish, The Game of Thrones). Some reflections on the non-delegation doctrine and its impact on the ESAs powers after the CJEU decision on the FBF case”
Under the aegis of the SSM, which comprises the ECB and 19 national central banks (NCAs), the ECB carries out banking supervision vis-à-vis euro area banks. To this end, the EU watchdog has been entrusted with various direct law enforcement powers. Yet, for executing its tasks, it still depends to a significant extent on the expertise and powers of the NCAs. For instance, a large part of banks’ (punitive) sanctioning is still being dealt with by the NCAs, upon the ECB’s request. In our recent study ‘EU administrative investigations and the use of their results as evidence in national punitive proceedings’, which was part of the report Admissibility of OLAF Final Reports as Evidence in Criminal Proceedings, we have pointed out the challenges that stem from the fact that certain ECB investigations and their concomitant results can be used as evidence for punitive sanctioning at the national level; in the absence of EU rules providing for clear guidance on the admissibility of EU gathered materials in national proceedings, numerous questions can be raised concerning the protection of defense rights in a composite law enforcement setting. We have identified three types of challenges: how to protect defense rights at the interface of i) different legal orders, ii) non-punitive and punitive law enforcement, iii) administrative and criminal law enforcement. We concluded that the introduction of EU rules facilitating the interoperability of SSM materials as evidence in national proceedings should be put high on the agenda.
Ensuring effective judicial protection appears to be a challenge in the case of the increasingly integrated administrative procedures. The judicial powers are generally more strictly divided between the EU and the national level, while composite procedures may require a more integrated judicial control. Is the Court of Justice of the EU (CJEU) moving into this direction in the recent case of Berlusconi by confirming its exclusive competence to review non-binding national preparatory measures that are part of an EU decision-making process? The ruling clarifies the CJEU’s jurisdiction and avoids a strict separation of the EU and the national level, but it remains to be seen if it serves as an actual next step towards integrated judicial protection. Just how the CJEU can review the national part of the procedure is still unclear, as are the types of preparatory measures to be covered. It seems to nevertheless be a welcome step towards clarifying judicial protection in the case of composite procedures.
Based on ‘Criminal Liability of Managers in Europe. Punishing Excessive Risk’, (2019) Hart Publishing
“In retrospect, many firms … took on too much risk and did not have sufficient resources to manage those risks effectively in a rapidly changing environment.” (Written Submission of Morgan Stanley to the Financial Crisis Inquiry Commission, John J Mack, Chairman, January 2010)
Every managerial decision is risky, at least to some extent. Conducting business is impossible without venturing into new territories and even the most ordinary daily choices could turn out to be failures. Excessive risk, however, can be very detrimental as was starkly illustrated by the most recent financial crisis. By criminalising managers’ excessive risk-taking criminal law enters a sphere at the core of business activity. But it also provides for criminal punishment for courses of conduct that can be extremely harmful.
This blog has paid careful attention to the current strengthening of centralized enforcement of EU law by European institutions, organisms and bodies, which is increasingly replacing national implementation in many areas of law. This process is also taking place when national authorities were entrusted with the enforcement of EU secondary law that provided for transnational administrative acts. In particular, both transnational authorizations and ex post administrative measures adopted by national authorities are being substituted by enforcement decisions taken by EU agencies, at times after the implementation of a composite procedure. The point that I want to make here is twofold: leaving aside its impact on EU law effectiveness, centralization transfers problems of compliance with constitutional requirements of administrative enforcement towards EU agencies, and ultimately it intensifies the constitutional dimension of the Court of Justice of the European Union (CJEU).
The establishment of the European Banking Union (EBU) stands as a paradigm for how the EU has become increasingly involved in directly enforcing EU law throughout recent years. The institutional centerpiece of the EBU is the so-called Single Supervisory Mechanism (SSM), a supervisory network under the auspices of the European Central Bank (ECB) assigned with the task to monitor the Euro-area banking system. Apart from its coordinating functions in relation to the national competent authorities (NCAs), the ECB is responsible for directly supervising the business activities of the 120 most significant credit institutions in the Euro-area in accordance to the so-called Single Rulebook, a set of harmonised prudential rules which credit institutions registered in the EU must adhere to.
This blog post is not doubting the importance of this type of vertical monitoring of market participants through public supervisory action. However, the recent crisis has shown that public enforcement is subject to several vulnerabilities. Even though the EBU may be able to overcome some of these vulnerabilities, several others will certainly remain. Thus, it is argued here that the existing supervisory architecture should be complemented by horizontal mechanisms of behavioral control. Central to this approach is a private enforcement of the Single Rulebook, i.e. the granting of individual causes of action for damages resulting from an institutions’ violation of EU banking regulation (as it is well-established for example in the area of EU competition law).