WKB Legal Alert | Restricted public access to beneficial ownership registers
LEGAL FRAMEWORK, AML DIRECTIVE, CRBO
Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015, as amended by Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 (further as the “AML Directive”) imposed a duty on Member States to establish central, public registers which hold information on the beneficial owners of corporate entities. This duty was intended to protect the interests of market participants by ensuring their access to information on potential clients, as well as aiding in the fight against money laundering and terrorist financing.
In Poland, access to the Central Register of Beneficial Owners (Centralny Rejestr Beneficjentów Rzeczywistych; further as the “CRBO”) was opened on 13 October 2019, on the basis of the Act of 1 March 2018 on the counteracting of money laundering and terrorist financing. Since then, the information recorded in the CRBO has been available to the public, without limits and free of charge. However, this could soon change as a result of the Judgment of the Court of Justice of the European Union (further as the “CJEU”) of 22 November 2022.
CJEU JUDGMENT: FACTS
In 2019, based on the national measure transposing the AML Directive, Luxembourg established a register of beneficial owners (the “RBE”), intended to retain any and all information on the beneficial ownership of registered legal entities. The data published in the RBE were also available through the internet, however, notwithstanding the principle of transparency, the Luxembourgish measure provided for certain limits on access to such data. Under these provisions, a beneficial owner could lodge an application to the entity maintaining the register (“LBR”) to restrict access to such information in justified circumstances (for example, where such access would expose the beneficial owner to disproportionate risk of fraud, kidnapping, blackmail, or harassment).
In this context, two actions were brought before the Luxembourg District Court by, respectively a Luxembourgish company and a beneficial owner, who had unsuccessfully lodged applications with LBR to restrict public access to their information. The complainants argued, among others, that the refusal to grant their applications exposed them to the disproportionate risk and infringed their fundamental rights. However, in light of LBR’s refusal to restrict access to the beneficial owner information in question, the Luxembourg District Court referred a number of questions to the CJEU for a preliminary ruling concerning the interpretation of certain provisions of the AML Directive and their validity under the Charter of Fundamental Rights of the EU.
CJEU JUDGMENT: RULING
In response to the questions posed by the Luxembourg District Court, the CJEU issued a judgment on 22 November 2022 in jointed cases C-37/20 and C-601/20, where it questioned the public access to information on companies’ beneficial owners and found that such access constitutes an interference with the rights to privacy and the protection of personal data enshrined in Articles 7 and 8 of the Charter of Fundamental Rights of the EU and under the GDPR. Consequently, the CJEUR found that point (c) of the first subparagraph of Article 30(5) of the AML Directive, as amended, which imposed a duty on Member States to ensure that information on the beneficial ownership of companies and of other legal entities incorporated in their territory is accessible in all cases to any member of the general public was invalid.
The CJEU found that granting the general public access to information on beneficial owners constituted a serious interference with the fundamental rights to respect for private life and the protection of personal data. The lack of any access restrictions where data concerning the beneficial owner’s material and financial situation and personal identifying data is made available through a publicly accessible register could potentially result in such data’s dissemination to and retention by a potentially unlimited number of persons. Such improper use of personal data cannot be justified by the interest in combating money laundering and terrorist financing.
CONCLUSIONS
The long-term consequences of the CJEU Judgement discussed above are yet to be seen, and one should wait to see what proportional measures the Member States will implement. However, the short-term consequences were already visible the day after the judgment was issued, when both LBR and the Dutch Ministry of Finance restricted the (general) public’s access to the registers they respectively maintain. The CJEU’s judgment will certainly result in amendments regarding the public disclosure of beneficial owner data to any interested party, most likely limiting the entities to which such data is made available to the appropriate state authorities or solely to obliged entities. The Polish legislature will also need to resolve this issue in the near future.
If you have any questions related to any of the topics above, please contact the lawyers in our AML team: Anna Wojciechowska, Agata Szczepańczyk-Piwek, Anna Fennig, Karina Chrostowska-Kozioł and Monika Obiegło.
The alert can be uploaded HERE.