LogoRegulatory Alerts
2023-08-25

Order on a Central Automatic Mechanism for Information on Payment Accounts, Bank Accounts and Safe Deposit Boxes

The Danish Ministry of Business Affairs and the Financial Supervisory Authority issued this order to establish a central automatic mechanism for identifying physical and legal persons holding or controlling Danish payment accounts, bank accounts, or safe deposit boxes. Providers and their Danish branches are required to designate an operator to manage data processing and logging, while reporting specific customer and account details immediately upon request from the Money Laundering Secretariat or the Tax Administration. The regulation mandates strict data retention and security protocols, imposes criminal penalties for violations, and officially repeals the previous 2020 order on this mechanism.

Finanstilsynet Denmark logo

Denmark

Finanstilsynet Denmark

Click to view thumbnail

Order on a Central Automatic Mechanism for Information on Payment Accounts, Bank Accounts and Safe Deposit Boxes 1)

Pursuant to Section 30a and Section 78, paragraph 6, of the Money Laundering Act, cf. Statutory Order No. 316 of 11 March 2022, it is hereby prescribed:

Scope of Application

Section 1. This Order applies to providers of payment accounts or bank accounts identified by IBAN, providers of safe deposit boxes, and branches in Denmark of foreign companies of such providers, cf. however paragraph 2.

Paragraph 2. Section 2, paragraph 3, and Section 5 apply to the operator of the central automatic mechanism.

Central Automatic Mechanism for Reporting Information

Section 2. Providers and branches, cf. Section 1, paragraph 1, shall establish one central automatic mechanism that enables the identification of all physical and legal persons who have or control Danish payment accounts or bank accounts identified through IBAN, or safe deposit boxes. The individual providers and branches are data controllers for the processing of the personal data they enter into the central automatic mechanism.

Paragraph 2. The establishment of the central automatic mechanism shall be managed by providers and branches, cf. Section 1, paragraph 1, who shall appoint an operator who acts as a data processor for the individual providers and branches.

Paragraph 3. The operator shall log the processing activities. This includes collection, modification, search, disclosure, including transfer, merging, and deletion. The log must contain information about the time, user, type of use, and indication of the person to whom the information used relates, or the search criterion used. The log must be stored for 5 years, after which it shall be deleted.

Paragraph 4. The operator shall, upon request, make the information in the log, cf. paragraph 3, available to the Money Laundering Secretariat and the Tax Administration for the purpose of internal control of the Money Laundering Secretariat's and the Tax Administration's processing of personal data and ensuring against unauthorized access in other respects.

Obligations of Providers and Branches

Section 3. Providers and branches, cf. Section 1, paragraph 1, shall report information to the central automatic mechanism when the Money Laundering Secretariat or the Tax Administration sends an inquiry to the central automatic mechanism. The information shall be reported immediately, and no later than 3 banking days after the inquiry was sent. In urgent cases, however, the information shall be reported immediately, and no later than 1 banking day after the inquiry was sent.

Paragraph 2. Providers and branches, cf. Section 1, paragraph 1, shall report the following information to the central automatic mechanism regarding the identification of physical and legal persons who have or control payment accounts and bank accounts:

  1. Identity information, cf. Section 11, paragraph 1, no. 1, of the Money Laundering Act, for the customer (account holder) and for any person who purports to act on behalf of the customer.
  2. Identity information, cf. Section 11, paragraph 1, no. 3, of the Money Laundering Act, for the beneficial owner, cf. Section 2, paragraph 1, no. 9, of the Money Laundering Act, behind the customer (account holder).
  3. Registration and account number or IBAN number for the bank account or payment account.
  4. Date of opening and any closing of the account.

Paragraph 3. Providers and branches, cf. Section 1, paragraph 1, shall report the following information to the central automatic mechanism regarding safe deposit boxes in Denmark:

  1. Identity information, cf. Section 11, paragraph 1, no. 1, of the Money Laundering Act, for the tenant of the safe deposit box.
  2. Duration of the rental period in the form of the date of opening and closing of the safe deposit box.

Paragraph 4. Each provider and branch, cf. Section 1, paragraph 1, is responsible for ensuring that the information reported by the provider and branch through the central automatic mechanism is correct and up-to-date at the time it is reported in accordance with Chapter 3 of the Money Laundering Act on obtaining, controlling, and updating information in connection with customer due diligence procedures.

Money Laundering Secretariat and Tax Administration

Section 4. The Money Laundering Secretariat and the Tax Administration have access to the central automatic mechanism.

Paragraph 2. In the event of an inquiry regarding payment accounts, bank accounts, or safe deposit boxes in the central automatic mechanism, the Money Laundering Secretariat or the Tax Administration provides the information on physical or legal persons that is necessary for the providers and branches to identify any payment accounts, bank accounts, or safe deposit boxes and their tenants. Identification can, inter alia, be done by the Money Laundering Secretariat or the Tax Administration entering CPR numbers (Danish Personal Identification Number) or CVR numbers (Business Registration Number), IBAN numbers, or box numbers.

Storage of Data

Section 5. Inquiries and responses to inquiries shall be stored for five banking days after the expiry of the response deadline in the central automatic mechanism.

Paragraph 2. The operator is responsible for the operation of the central automatic mechanism. The operator is responsible for system errors that result in incorrect information being provided, or that the information does not arrive.

Criminal Provisions

Section 6. Intentional or grossly negligent violation of the rules in Section 2, paragraph 3, and Section 3 is punishable by a fine. Persistent or grossly negligent disregard of the operator's responsibility according to Section 5, paragraph 2, is punishable by a fine.

Paragraph 2. Companies etc. (legal persons) may be subject to criminal liability according to the rules in Chapter 5 of the Penal Code.

Entry into Force

Section 7. This Order enters into force on 1 September 2023.

Paragraph 2. Statutory Order No. 1330 of 9 September 2020 on a central automatic mechanism for information on payment accounts, bank accounts and safe deposit boxes is repealed.

Ministry of Business Affairs, 25 August 2023

Morten Bødskov / Hans Høj

25 August 2023. 2 No. 1114.

  1. The Order contains provisions that implement parts of Directive 2018/843/EU of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purpose of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU, OJ 2018, No. L 156, page 43, and parts of Council Directive 2021/514 of 22 March 2021 amending Directive 2011/16/EU on administrative cooperation in the field of taxation, OJ 2021, L 104, page 1.

Statutory Gazette A 2023 Published on 29 August 2023 25 August 2023. No. 1114. Ministry of Business Affairs, Financial Supervisory Authority, file no. 23-005344 CQ002635

Share