 |
About the Ministry |  |
|
Courts | |
|
Other Ministry Services | |
|
Information & Publications |
Anti-Money Laundering and
Countering the Financing of Terrorism
Submissions on the third discussion document (Supervisory Framework)
Privacy Commissioner
30 November 2006
File Reference: L2512
FATF Inter-Agency Working Group
C/- Ministry of Justice
Crime Prevention and Criminal Justice Group
PO Box 180
Wellington
ANTI-MONEY LAUNDERING AND COUNTERING THE FINANCING OF TERRORISM: SUPERVISORY FRAMEWORK: THIRD DISCUSSION DOCUMENT
I refer to the working group's third discussion document of October 2006.
The Discussion Document sets out proposals for a new AML/CFT (anti-money laundering/countering the financing of terrorism) supervisory framework. A number of the substantive privacy concerns arising from these proposals have already been identified in our earlier feedback on discussion papers one and two.
We do not have any firm views on most of the supervisory framework questions posed in the paper but rather pick up on some issues for us that run through this paper.
1. We earlier identified the proposals to authorise information sharing between agencies and to permit transborder disclosures of personal information as potentially raising privacy issues. Information sharing is to be authorised between financial institutions, regulators/supervisors and law enforcement bodies. Transborder disclosures are to be authorised between these bodies and their overseas counterparts.
2. We suggested that these disclosures would be more readily understood and assessed if flow charts were developed to describe the proposed information flows.
3. We also noted the possible privacy impacts of extending the vetting procedures. This paper repeats the proposal to scrutinise those involved in the management and control of financial institutions for criminals or associates of criminals and to carry out fit and proper person checks on directors and senior managers. It is important that the legislation authorising such vetting, and the machinery implementing such requirements, should take careful account of the privacy impacts. For instance, the scope of the new requirement should be appropriate to the varying levels of risk, the process should be transparent (i.e. carried out with the knowledge and consent of the individuals concerned) and ensure fairness (through mechanisms to ensure the accuracy of information and enabling affected individuals to challenge adverse findings).
4. The discussion document describes the functions and powers of the Financial Intelligence Unit. It describes the unit, which is part of the Police, as having "good, albeit informal access to other government agencies for information sharing purposes". It may be timely to consider the legal basis of the existing practices, as well as options for enhanced production and disclosure powers in the future.
5. Access to credit history checks, vehicle registers, telephone subscriber records and real estate registers is said to be available pursuant to information privacy principle 11 of the Privacy Act 1993. This is a puzzling statement as the principle does not create an access regime, nor does it give the FIU authority to obtain personal information held by other agencies. Indeed it does the reverse by prohibiting agencies that hold the information from disclosing it unless disclosure is necessary for one of the exceptions listed in the principle. Agencies have a discretion, but not an obligation, to disclose information to the FIU in appropriate circumstances. Furthermore the credit information and telecommunications information disclosures are regulated by codes of practice that vary the information privacy principles, and access to the information on the motor vehicle register is principally regulated by transport legislation not the Privacy Act.
6. Once again we would urge the use of a Privacy Impact Assessment as a tool to identify and address the privacy issues. It may well be that on a proper analysis of the proposals, it will be possible to identify straightforward privacy sensitive solutions.
Staff from this office will remain available to assist in working through privacy issues including those mentioned in this submission.
Yours faithfully,
Blair Stewart
Assistant Privacy Commissioner