Förhåller sig penningtvättslagen till dataskyddsförordningen? - Studie huruvida bestämmelserna om dataskydd försvårar kundkännedomsprocessen för banker

Sammanfattning: Today, the world is characterized by technological development that could be considered both as an advantage and a disadvantage. For the criminal world and organized economic crime, digitalization is seen as an advantage. The modern technical solutions make it easier for the perpetrators to commit crimes, such as money laundering which is regulated in the Money Laundering Act (2017:630). Money laundering occurs both nationally and internationally. The Financial Action Task Force is an international organization that forms recommendations for the work against money laundering, thus it is not mandatory. However, the EU follows the organization’s guidelines, and therefore the EU Money Laundering Directive is based on their recommendations. Five different money laundering directives have been formed over the years, which are implemented in every member state. Therefore, the money laundering act is based on the EU Money Laundering Directive. The act describes various measures to fight money laundering, of which customer due diligence is an important measure. Personal data is processed to obtain information when taking measures for customer due diligence, which means that the General Data Protection Regulation (2016/679) becomes pertinent. This study centers on the customer knowledge process, which is an essential part of the money laundering work. The following process is the core of the work and consists of collecting information about customers to prevent crimes under the Money Laundering Act. To collect relevant data, personal data needs to be processed. Thus, operators such as banks are required to process personal data in accordance with the General Data Protection Regulation. Customer risk assessments need to be made since this determines how comprehensive the measures should be. The results demonstrate, among other things, that there is a systemic conflict between the regulations that complicates the work for the operators. It is important to stay within the framework of the purpose when processing personal data to not breach the individual’s personal integrity. Lack of routines at work, also means lack of protection for the individual. Whether there is parity between the Money Laundering Act and the General Data Protection Regulation depends. The lack of case-law contributes both to divided interpretations where the legal situation is unclear, and an indication that there is parity between the regulations.