Europe says about1% of the EU’s GDPis tangled up in “suspicious” financial flows. That estimate comes fromEuropol (2017), and Brussels trots it out like a battering ram every time it rolls out another anti–money laundering package.
Fine. Nobody’s lining up to defend money launderers or terror financiers.
But here’s the rub: the EU’s method has been to stack rule on top of rule, more monitoring, more reporting, more tracing, until huge chunks of ordinary people’s financial lives become data points. Data that can be searched, shared, and, in some cases, exposed far beyond law enforcement. And when Europe’s own top court says, “Yeah, no, that’s too much,” Americans should pay attention. Because the same logic, “we’re fighting crime, so hand over the data”, travels well.
The beneficial-owners registry: transparency for cops, a shopping list for creeps
A big flashpoint is the EU’s5th Anti–Money Laundering Directive (AMLD5), which pushed wider access to registers listing a company’s“beneficial owners”, the real humans behind shell companies, trusts, and other legal contraptions that can hide dirty money.
On paper, it’s straightforward: if you want to break up shady structures, you need to know who controls what. So the registry includes personal details, names, country of residence, nationality, so investigators (and others) can connect dots.
The problem is the “and others.” TheCourt of Justice of the European Unionruled thatpublic accessto these beneficial-ownership registers clashes with fundamental rights toprivacyanddata protection. Translation: you don’t get to open a firehose of personal information to the entire planet just because you’ve invoked the magic words “fighting crime.” You need tight limits on who can look, why they’re looking, and what happens to the data afterward.
Picture a small-business owner with a family company. Or an investor who’s not doing anything illegal, just doesn’t want their net worth broadcast like a yard sign. A too-open registry turns into a handy catalog for competitors, scammers, stalkers, and every two-bit fraud artist with Wi‑Fi.
A tax lawyer once told me off the record that “total transparency” is a jurist’s fantasy. In real life, it attracts predators. And that’s before you get to the unglamorous mess: bad data, outdated entries, sloppy updates, bureaucracy doing what bureaucracy does.
The “risk-based approach” that quietly treats everyone like a suspect
The EU loves a phrase:“risk-based approach.”The idea is to rank customers, transactions, and industries by risk, then crank up scrutiny when something smells off.
In practice, that means more identity checks, more documentation demands, more intrusive questions, and more automated flags when your behavior doesn’t match whatever the bank’s compliance software thinks is “normal.” And once anti–money laundering got formally tied tocounter-terrorism financing, the pressure only intensified. After major security shocks, governments reach for tools. That’s the political reflex.
But rights-wise, it creates a nasty gray zone: you can end up having to prove you’re “normal.” Wire money abroad? Trade crypto? Run a business with a complicated payment chain? Congratulations, you may land in the “higher risk” bucket without committing a crime.
The EU model also deputizes banks and other professionals as the front line: they’re expected to spot and report suspicious activity. Add regulatory fear, big fines, reputational damage, and you get defensive behavior. Accounts get closed. Customers get rejected. People get asked for the same documents again and again.
A retail banker told me the unspoken rule is simple: don’t make waves. If a file looks complicated, dump it. That can catch some real crooks. It also steamrolls plenty of ordinary people who just don’t fit the template.
Criminal penalties vs. fundamental rights: the line is thinner than politicians admit
One EU law tries to put guardrails back on the road.Directive (EU) 2018/1673spells out that criminal enforcement against money laundering has to respect basics like thepresumption of innocence, the right to afair trial, access to a lawyer, and the right not to self-incriminate.
That’s not decorative language. Once you criminalize behavior and start punishing people, you’re messing with liberty. And the temptation is always the same: widen the net, collect more data, share it faster. Then everyone acts shocked when courts step in, like they did on public access to beneficial-owner registries.
The slope keeps getting slicker. The EU’s newerRegulation (EU) 2024/1624expands anti–money laundering obligations to additional players, includinginvestment-migration advisers, the folks who help wealthy clients buy residency or citizenship abroad, citing corruption and tax-evasion risks. The rationale is easy to understand. The pattern is the point: once a sector is labeled “vulnerable,” it gets pulled into a compliance-and-surveillance regime.
And that’s the real fight: how far do you go to catch criminals without turning everyday financial life into a permanent suspicion machine?
Key takeaways
•Europe’s top court said public access to beneficial-owner registries violates privacy and data-protection rights.
•The EU’s “risk-based” system ramps up monitoring and reporting, and regular customers feel it through closures, refusals, and endless paperwork.
•EU rules acknowledge anti–money laundering enforcement still has to respect due-process rights like presumption of innocence and the right to a defense.
FAQ
Why does the EU want beneficial-owner registries?
To identify the real people controlling companies and legal structures, making it harder to hide money through opaque setups. The controversy starts when access gets too broad and personal data spills out without strong safeguards.
What is the “risk-based approach” in anti–money laundering?
A system that scales scrutiny based on perceived risk: higher-risk customers or transactions face heavier checks and monitoring. In real life, that often means more documentation demands and banks making overly cautious decisions.
Can anti–money laundering rules hit people who did nothing wrong?
Yes. A lot of the system is preventive and outsourced to banks and professionals. “Unusual” behavior can trigger scrutiny even without any crime, raising real questions about proportionality and civil liberties.
Key Takeaways
- Public access to beneficial ownership registers was found to be incompatible with privacy and data protection.
- The risk-based approach strengthens controls and reporting, with real-world effects on ordinary customers.
- EU rules remind that anti-money laundering enforcement must respect the presumption of innocence and the rights of the defense.
Frequently Asked Questions
Why does the EU want beneficial ownership registers?
To identify the people who actually control companies or legal entities, and to limit opaque arrangements used to launder money or hide financial flows. The problem arises when access becomes too broad and exposes personal data without sufficient safeguards.
What is the “risk-based” approach in anti-money laundering?
It’s a method that tailors the intensity of checks to the estimated level of risk: the riskier a customer, sector, or transaction appears, the more verification and monitoring are increased. In practice, this can lead to more requests for supporting documents and cautious decisions by banks.
Can anti-money laundering rules affect people who haven’t done anything wrong?
Yes, because part of the system relies on preventive detection and on obligations imposed on banks and professionals. Behavior seen as unusual can trigger checks even without any offense, which raises questions about proportionality and respect for fundamental rights.