Bank was granted permission to process information on legal infractions to combat money laundering

Danske Bank was granted permission to process personal data related to legal infractions for the purpose of combating money laundering and the financing of terrorism, following a decision by the Swedish Authority for Privacy Protection (IMY) in September 2022.

Private companies must seek permission from the Swedish Authority for Privacy Protection (IMY) to process personal data about legal infractions unless there is a legal basis for the processing. Danske Bank made such an application to the IMY and was granted it on September 30, 2022.

The bank aims to handle information concerning legal infractions about individuals who have been customers of the bank but with whom the bank has terminated the customer relationship due to requirements under the money laundering act.

In its decision, the IMY assesses that the data Danske Bank wishes to process constitutes such personal data as referred to in Article 10 and that the bank, in order to process the personal data, needs permission. Given the requirements of the money laundering act on banks to assess risks, the IMY further considers that Danske Bank has a legitimate interest in processing the personal data.

Within the group, the bank wants to have an exchange of information to ensure that information about, among other things, suspected money laundering or financing of terrorism is disseminated to parts of the group. The bank states that the control is necessary to prevent a customer whose customer relationship has been terminated in one branch from being able to turn to another branch within the group and become a customer there without the suspicions that arose at the first branch being considered.

For the bank to process information about legal infractions, according to the General Data Protection Regulation, the bank needs, among other things, a specific, explicitly stated, and legitimate purpose. The IMY states in its permission that the requirement for the bank to comply with the rules of the money laundering act is such a purpose.

The need to be able to perform checks against a group-internal list of legal infractions that include crimes must be weighed against the risk of intrusion into the personal integrity of the registered individuals that such checks may entail. The IMY's lawyers considered that the bank, in its application, has demonstrated that the legitimate interest in this case outweighs the registered individuals' interest in privacy.

Read more:
https://www.imy.se/nyheter/bank-far-behandla-uppgifter-om-lagovertradelser/

Previous
Previous

New report from the Swedish Police Authority on exposed areas and money laundering

Next
Next

5 tips for a successful B2C onboarding