The European Court of Justice (the Court) has ruled that EU law does not prevent Spanish legislation from requiring credit institutions (operating in Spain without being established there) to forward information necessary for combatting money laundering and terrorist financing direct to the Spanish authorities rather than through mutual cooperation routes. This judgment, delivered in Jyske Bank Gibraltar Ltd v Administración del Estado (Case C-212/11), has potential read-across to other EU legislation.
Directive 2006/60/EC on the prevention of the use of the financial system for the purpose of money laundering and terrorist financing (the Directive) requires European Member States to:
- establish a Financial Intelligence Unit (FIU) in order responsible for receiving (and to the extent permitted, requesting), analysing and disseminating to the competent authorities, disclosures of information which concern potential money laundering, potential terrorist financing or are required by national legislation or regulation
require the institutions and persons covered by this Directive, and where applicable their directors and employees, to
- inform the FIU of the suspected commission (or attempted commission) of money laundering or terrorist financing
- provide the FIU on request with all necessary information.
The Directive expressly permits stricter national provisions to prevent money laundering and terrorist financing.
Article 56 of the Treaty on the Functioning of the European Union (TFEU) prohibits restrictions on freedom to provide services within the Union in respect of nationals of Member States who are established in a Member State other than that of the person for whom the services are intended.
Jyske Bank Gibraltar Ltd (Jyske), a branch of the Danish bank NS Jyske Bank and a credit institution established in Gibraltar and regulated by the Financial Services Commission (FSC), operated in Spain without being established there, under the rules on the freedom to provide services.
The Servicio Ejecutivo (the Spanish FIU), established that Jyske was carrying on a substantial operation in Spain which included the grant of mortgages for the purchase of property in Spain, with the support of the parent company’s branch in Spain and of two firms of lawyers in Marbella. Because the proprietor of one of the two firms was under investigation for money laundering offences and the names of both firms of lawyers had cropped up in relation to several operations reported to the Spanish FIU, the Spanish FIU considered there was a very high risk that Jyske was being used for money laundering operations in the context of its activities in Spain under the freedom to provide services.
Spanish legislation requires credit institutions operating in Spain, regardless of the place of their establishment, to inform the Spanish FIU of account transfers of more than €30,000 to or from tax havens and uncooperative territories, such as Gibraltar.
In January 2007, the Spanish FIU advised Jyske that if it did not designate an agent authorised to deal with it, the FIU would have to investigate the structure of Jyske’s organisation and procedures with regard to the activities it carried out in Spain, and asked Jyske to provide documents and information relating, in particular, to the identity of its customers. Jyske sought advice from the FSC about whether it was entitled to provide such information without infringing Gibraltar legislation on banking confidentiality and the protection of personal data. The FSC suggested to the Spanish FIU that it should adopt a process involving mutual cooperation between the regulators, but the Spanish FIU responded that Jyske was subject to obligations in relation to its activities in Spain.
Jyske sent the Spanish FIU some of the information requested in June 2007, but refused to provide the data on the identity of its clients, which was subject to banking secrecy rules applicable in Gibraltar. Jyske also did not provide any documentation on suspicious transactions carried out by Jyske since 1 January 2004 with regard to its activities in Spain. The Spanish FIU began an investigation into Jyske, alleging breaches the provisions of Law 19/1993. In April 2009, the Spanish Council of Ministers, the Consejo de Ministros, found that Jyske was in breach of its disclosure obligations under Law 19/1993 in refusing or failing to supply the information requested in writing by the Spanish FIU and in failing to supply systematic reports. An order was made in respect of Jyske for two public reprimands and two financial penalties for a total amount of €1,700,000.
Jyske’s appeal against that decision was unsuccessful before the Consejo de Ministros; in its further administrative appeal to the Tribunal Supremo, Jyske contended that under the Directive, it was subject to an obligation of disclosure only to the Gibraltar authorities, and that, in so far as the Spanish legislation sought to extend that obligation to credit institutions operating in Spain under the freedom to provide services, that domestic legislation did not comply with the provisions of that directive. The Tribunal Supremo referred the matter to the European Court for a preliminary ruling on the question of whether Article 22(2) of the Directive precludes a Member State from imposing a requirement that information must be provided by credit institutions operating in its territory without a permanent establishment directly to its own authorities responsible for the prevention of money laundering, or whether the request for information must be directed to the FIU of the credit institution’s home state regulator.
Consistency with the Directive
The Court held that article 22(2) of the Directive must be interpreted as not in principle precluding legislation of a Member State which requires credit institutions to communicate the information required for the purpose of combating money laundering and terrorist financing directly to the FIU of that Member State where the institutions carry out their activities in that State under the freedom to provide services, provided that the legislation does not compromise the effectiveness of EU law.
The national legislation did not compromise the principles established by the Directive concerning the reporting requirements on the part of entities subject to them, nor impair the effectiveness of existing forms of cooperation and exchange of information between the FIUs, under the Directive and Council Decision 2000/642/JHA of 17 October 2000 concerning arrangements for cooperation between financial intelligence units of the Member States in respect of exchanging information.
Article 56, TFEU
- the legislation is appropriate to attain the aim – in this case it was appropriate to prevent money laundering and terrorist financing as it enabled the Spanish FIU effectively to supervise and suspend suspicious financial transactions concluded by credit institutions offering their services in its territory and, if appropriate, to pursue and punish those responsible
- the legislation is applied in a non-discriminatory manner – in this case, it applied to all
The legislation is proportionate - in this case, the Court considered that it was:
- any additional expenses and administrative burdens created would be relatively limited
the mechanism for cooperation between FIUs at the time was deficient, because
an FIU could refuse to disclose information where the disclosure:
- could hinder a judicial inquiry carried out in the Member State
- would have consequences which are clearly disproportionate in the light of the legitimate interests of a person or the Member State concerned, or
- would result in an infringement of the fundamental principles of national law
- no time-limit for information to be forwarded was specified
- no sanctions for unjustified refusal by the requested FIU to forward the requested information were specified
the co-operation mechanism between FIUs created specific challenges:
- the host state FIU is responsible for, and best acquainted with, the risks associated with money laundering and terrorist financing in its own country; and
- to make a request for information through the cooperation mechanism, the host state FIU must already have information indicating suspicion of money laundering or terrorist financing – yet although STRs are provided to home state FIUs, there is no requirement to forward them automatically to the host state FIU.
- an FIU could refuse to disclose information where the disclosure:
The Court is effectively suggesting that national legislation of a host Member State would comply with the requirement for proportionality (to the extent that it required credit institutions without permanent establishment in the host jurisdiction to forward information direct to the host regulator) only where there is no effective mechanism ensuring full and complete cooperation between the FIUs and allowing the aim of the relevant EU legislation to be combated just as effectively.
However, few co-operation mechanisms established between regulators, whether at international, EU or national level, would meet the standards that the Court seems to consider necessary for such a mechanism to be considered “effective”. Most EU legislation and MoUs fall some considerable way short of requiring a regulator to disclose to another information which might hinder a judicial inquiry, disproportionately impact the legitimate interests of the person/Member State concerned, or infringe the fundamental principles of national law, and equally few provide for express time-limits or sanctions.
It is worth considering whether the overriding reasons of public interest were weightier in this case because what was at stake was the risk of money laundering and terrorist financing, or whether the need to police EU requirements dealing with market abuse (MAD), the supervision of credit institutions (CRD), markets in financial instruments (MiFID), etc., would create the same imperatives. Prima facie, they should, although one can certainly argue that the public importance of preventing financial crime (money laundering, terrorist financing, market abuse, and of reporting of suspicious transactions) may be greater – or at least more immediate – than the need to ensure compliance with other business conduct rules.
Firms may wish to consider whether their terms and conditions are drafted sufficiently broadly to cover the disclosure of information direct to a host regulator in respect of services being provided within its jurisdiction – where there is no permanent place of business within the jurisdiction – without breaching obligations of confidentiality owed to their clients.