At present, there are only limited circumstances under which the public prosecutor can obtain financial information. The Minister of Justice has prepared a preliminary draft act to further expand the powers of the public prosecutor to obtain such information.
Whereas in the past there were limited possibilities for transferring and holding funds, nowadays these possibilities have been greatly expanded. In addition to traditional banking, today's financial sector also includes other players, such as asset management companies, listed companies and insurance companies. Additionally, payments can now be executed through various channels, e.g. by means of virtual currency (cryptocurrencies), cellphone applications and text messages.
Despite the higher degree of diversification in methods of payment, the powers of the public prosecutor to obtain information remain limited and are only suited to the more traditional methods of payment.
At present, the public prosecutor is only allowed to order the production of the following information in relation to an individual or a legal person (article 46quater §1 Code of Criminal Procedure):
- a list of bank accounts, bank safes or restrictively enumerated financial instruments, e.g. securities and financial contracts for difference;
- the banking transactions that are carried out during a certain time period on certain bank accounts or financial instruments; and
- information regarding the (proxy) holders who have had access to the bank safes within a certain time period.
Additionally, under art. 46quater §2 Code of Criminal Procedure, the public prosecutor can, under certain circumstances, order that:
- the banking transactions concerning certain bank accounts, bank safes or financial instruments of a suspect are monitored during an extendable period of two months; and
- certain assets are frozen for a maximum of five days.
To comply with modern needs – which are clearly present in everyday practice – the Minister of Justice recently presented a preliminary draft act setting out an expanded duty of cooperation with which the financial sector must comply.
Although it is currently only a preliminary draft, we consider it useful to give an overview of the key features. The preliminary draft has already been given the green light by the Council of Ministers. Furthermore, one of the most important hurdles has been lifted, as the Data Protection Authority has given a positive opinion (except for two reservations – see below). The opinion of the Council of State is currently awaited, after which the proposal can be sent to Parliament.
Expansion of the list of entities that are subject to a duty of cooperation
The first proposed expansion included in the preliminary draft is an expansion of the list of entities that are subject to a duty of cooperation. Whereas the current provisions only impose a duty to comply on banking and credit institutions, the preliminary draft expands this to "the entire regulated financial sector". This concept is defined by reference to the preventive anti-money laundering legislation (Act of 18 September 2017 on the prevention of money laundering and terrorist financing and on restriction of the use of cash) and includes a list of entities which are likewise subject to the latest changes within the expanded requirement to notify the Belgian Financial Intelligence Processing Unit ("CFI"/"CTIF" – article 5 §1 of the aforementioned Act). This would include asset managers, listed companies and insurance companies, amongst others.
The preliminary draft also takes aim at persons and establishments that offer services regarding virtual assets, such as bitcoin. These are called "intermediaries regarding virtual assets". In the explanatory memorandum, they are described as "platforms, exchangers, payment service providers that offer debit and credit cards linked to virtual coins, etc.". It remains to be seen whether this concept of "intermediaries regarding virtual values" will make it into the final text, since the Data Protection Authority indicated that it found the definition too vague. According to the Data Protection Authority, uncertainty about whether or not one is subject to the obligation to cooperate may result in future dilemmas for service providers. If they "cooperate" and provide the requested information without being legally obliged to do so, they could be in unjustifiable breach of the General Data Protection Regulation. The Data Protection Authority suggested specifying that the services aimed at are those enabling the exchange of regulated assets into unregulated virtual assets.
Territorially, this duty of cooperation applies to vendors of virtual currency that are directed towards the territory of Belgium (and thus make available or provide their services in Belgium). Defining such a broad territorial scope aims at avoiding a situation where foreign intermediaries offering services in Belgium via the internet might refuse to collaborate.
Expansion of the requested information
In addition to the expansion of the list of entities that are subject to a duty of cooperation, the kind of information that can be requested has also been significantly expanded.
At present, only a list of bank accounts, bank safes and other traditional financial instruments like stocks and obligations, the banking transactions that are carried out on these bank accounts or financial instruments and information regarding the (proxy) holders can be requested. The preliminary draft act intends to change this to the generic term "the necessary information concerning financial products, services and transactions and virtual currencies, with regard to the suspect". The term "necessary" is particularly striking and obviously makes the definition subjective, hence leaving (too much) room for interpretation. The explanatory memorandum lists some examples: communication with financial institutions, the IP addresses that were used, opening documents, supporting documents and other information that has to be retained in the context of anti-money laundering legislation.
In its opinion, the Data Protection Authority expressed a reservation concerning this point. The authority believes that the aforementioned subjectivity needs to be remedied for the sake of transparency and legal certainty by defining the (categories of) personal data that have to be handed over to the public prosecutor.
To sum up, we can conclude that the recent preliminary draft act from the Minister of Justice will bring about important changes in relation to the duty of the financial sector to collaborate with the public prosecutor. The legislator should be wary of disproportionate expansion that could leave room for arbitrariness and which might negatively influence legal certainty. The Data Protection Authority has rightly expressed two reservations regarding the draft act.
Given the far-reaching implications for the financial sector, it is important to be aware of this forthcoming change in regulation.