Skip to main content

LUP Student Papers

LUND UNIVERSITY LIBRARIES

Förhåller sig penningtvättslagen till dataskyddsförordningen? - Studie huruvida bestämmelserna om dataskydd försvårar kundkännedomsprocessen för banker

Uka, Rina LU (2022) HARH13 20221
Department of Business Law
Abstract
Today, the world is characterized by technological development that could be considered both as an advantage and a disadvantage. For the criminal world and organized economic crime, digitalization is seen as an advantage. The modern technical solutions make it easier for the perpetrators to commit crimes, such as money laundering which is regulated in the Money Laundering Act (2017:630). Money laundering occurs both nationally and internationally. The Financial Action Task Force is an international organization that forms recommendations for the work against money laundering, thus it is not mandatory. However, the EU follows the organization’s guidelines, and therefore the EU Money Laundering Directive is based on their recommendations.... (More)
Today, the world is characterized by technological development that could be considered both as an advantage and a disadvantage. For the criminal world and organized economic crime, digitalization is seen as an advantage. The modern technical solutions make it easier for the perpetrators to commit crimes, such as money laundering which is regulated in the Money Laundering Act (2017:630). Money laundering occurs both nationally and internationally. The Financial Action Task Force is an international organization that forms recommendations for the work against money laundering, thus it is not mandatory. However, the EU follows the organization’s guidelines, and therefore the EU Money Laundering Directive is based on their recommendations. Five different money laundering directives have been formed over the years, which are implemented in every member state. Therefore, the money laundering act is based on the EU Money Laundering Directive. The act describes various measures to fight money laundering, of which customer due diligence is an important measure.

Personal data is processed to obtain information when taking measures for customer due diligence, which means that the General Data Protection Regulation (2016/679) becomes pertinent. This study centers on the customer knowledge process, which is an essential part of the money laundering work. The following process is the core of the work and consists of collecting information about customers to prevent crimes under the Money Laundering Act. To collect relevant data, personal data needs to be processed. Thus, operators such as banks are required to process personal data in accordance with the General Data Protection Regulation. Customer risk assessments need to be made since this determines how comprehensive the measures should be.

The results demonstrate, among other things, that there is a systemic conflict between the regulations that complicates the work for the operators. It is important to stay within the framework of the purpose when processing personal data to not breach the individual’s personal integrity. Lack of routines at work, also means lack of protection for the individual. Whether there is parity between the Money Laundering Act and the General Data Protection Regulation depends. The lack of case-law contributes both to divided interpretations where the legal situation is unclear, and an indication that there is parity between the regulations. (Less)
Abstract (Swedish)
Idag präglas världen av teknikutvecklingen som både anses vara en fördel och en nackdel. För den kriminella världen och organiserade ekonomiska brottsligheten är digitaliseringen en fördel. Moderna tekniska lösningar gör det enklare för gärningsmännen att begå brott, såsom penningtvätt vilket regleras i penningtvättslagen (2017:630). Penningtvättsbrott förekommer både nationellt som internationellt. Financial Action Task Force är en internationell organisation som skriver rekommendationer för arbetet mot penningtvätt, vilka i sig inte är bindande. Däremot följer EU den internationella organisationens riktlinjer och därmed bygger EU:s penningtvättsdirektiv på deras rekommendationer. Genom åren har fem olika penningtvättsdirektiv utformats,... (More)
Idag präglas världen av teknikutvecklingen som både anses vara en fördel och en nackdel. För den kriminella världen och organiserade ekonomiska brottsligheten är digitaliseringen en fördel. Moderna tekniska lösningar gör det enklare för gärningsmännen att begå brott, såsom penningtvätt vilket regleras i penningtvättslagen (2017:630). Penningtvättsbrott förekommer både nationellt som internationellt. Financial Action Task Force är en internationell organisation som skriver rekommendationer för arbetet mot penningtvätt, vilka i sig inte är bindande. Däremot följer EU den internationella organisationens riktlinjer och därmed bygger EU:s penningtvättsdirektiv på deras rekommendationer. Genom åren har fem olika penningtvättsdirektiv utformats, vilka implementeras i medlemsstaterna. Därav grundar sig penningtvättslagen på EU:s penningtvättsdirektiv. Följande förmedlar olika åtgärder för att bekämpa penningtvätt, varav kundkännedom är en central åtgärd.

Vid åtgärder för kundkännedom behandlas personuppgifter för att inhämta information, vilket innebär att EU:s dataskyddsförordning (2016/679), GDPR, blir aktuell. Studien fokuserar på kundkännedomsprocessen som är en väsentlig del i penningtvättsarbetet. Ovan nämnda process är kärnan i arbetet och består av att samla in information om kunderna för att förhindra brott enligt penningtvättslagen. Under den här processen behöver personuppgifter behandlas för att samla in relevanta uppgifter. Därmed krävs det att verksamhetsutövare såsom banker behandlar personuppgifter i enlighet med GDPR. Riskbedömningar behöver göras på, vilket i sin tur avgör hur omfattande åtgärderna skall vara.

Av resultatet framgår bland annat att det finns en systemkonflikt mellan regelverken som försvårar arbetet för verksamhetsutövarna. Det är viktigt att hålla sig inom ramen för ändamålet med behandlingen av personuppgifter för att inte kränka individens personliga integritet. Brister rutinerna i arbetet, brister även skyddet för individen. Huruvida det föreligger paritet mellan penningtvättslagen och GDPR beror således på eftersom avsaknaden av rättspraxis både bidrar till delade tolkningar där rättsläget är oklart och samtidigt en indikation på att paritet föreligger mellan regelverken. (Less)
Please use this url to cite or link to this publication:
author
Uka, Rina LU
supervisor
organization
course
HARH13 20221
year
type
M2 - Bachelor Degree
subject
keywords
Dataskyddsförordningen(GDPR), Penningtvätt, Kundkännedom, Bank
language
Swedish
id
9100116
date added to LUP
2022-09-20 16:07:13
date last changed
2022-09-20 16:07:13
@misc{9100116,
  abstract     = {{Today, the world is characterized by technological development that could be considered both as an advantage and a disadvantage. For the criminal world and organized economic crime, digitalization is seen as an advantage. The modern technical solutions make it easier for the perpetrators to commit crimes, such as money laundering which is regulated in the Money Laundering Act (2017:630). Money laundering occurs both nationally and internationally. The Financial Action Task Force is an international organization that forms recommendations for the work against money laundering, thus it is not mandatory. However, the EU follows the organization’s guidelines, and therefore the EU Money Laundering Directive is based on their recommendations. Five different money laundering directives have been formed over the years, which are implemented in every member state. Therefore, the money laundering act is based on the EU Money Laundering Directive. The act describes various measures to fight money laundering, of which customer due diligence is an important measure.

Personal data is processed to obtain information when taking measures for customer due diligence, which means that the General Data Protection Regulation (2016/679) becomes pertinent. This study centers on the customer knowledge process, which is an essential part of the money laundering work. The following process is the core of the work and consists of collecting information about customers to prevent crimes under the Money Laundering Act. To collect relevant data, personal data needs to be processed. Thus, operators such as banks are required to process personal data in accordance with the General Data Protection Regulation. Customer risk assessments need to be made since this determines how comprehensive the measures should be.

The results demonstrate, among other things, that there is a systemic conflict between the regulations that complicates the work for the operators. It is important to stay within the framework of the purpose when processing personal data to not breach the individual’s personal integrity. Lack of routines at work, also means lack of protection for the individual. Whether there is parity between the Money Laundering Act and the General Data Protection Regulation depends. The lack of case-law contributes both to divided interpretations where the legal situation is unclear, and an indication that there is parity between the regulations.}},
  author       = {{Uka, Rina}},
  language     = {{swe}},
  note         = {{Student Paper}},
  title        = {{Förhåller sig penningtvättslagen till dataskyddsförordningen? - Studie huruvida bestämmelserna om dataskydd försvårar kundkännedomsprocessen för banker}},
  year         = {{2022}},
}