Since its introduction on 1 March 2019, and after a controversial start, the Register of Beneficial Owners (RBE) has become established in the landscape. Currently, its coverage rate is 92.5%. But the problem boils down to access to information on the beneficial owners of companies.
The state authorities responsible for combating money laundering and the financing of terrorism and certain national professionals--i.e. the self-regulatory organisations with a supervisory role--need to have access to such data. It is the unconditional access of the third category covered by the law, that of the general public, that has raised questions.
But what does the “general public” represent? It is impossible to say, since consultations are made anonymously via any internet browser. But it’s a safe bet that the average person is not concerned. Therefore the general public rather refers to journalists, private investigators and even business competitors.
This is why the right of consultation does not go down well with company managers, who multiply their requests for exemption and do not hesitate to take legal action against refusal decisions.
2,049 requests for exemption filed
The law of 13 January 2019, which created the RBE following the transposition of the fifth anti-money laundering directive, created a system of exceptions for public access to RBE information.
This exception is very strictly limited. It can only be invoked where there is a risk of fraud, kidnapping, blackmail, extortion, harassment, violence or intimidation, or where the beneficial owner is a minor or is otherwise incapacitated. An exception to that rule is granted in some circumstances. According to the latest figures from the RBE, 2,049 applications for exemption concerning 3,915 beneficial owners have been received to date. Of these, 40% have been granted. And only for minors. The jurisprudence is clear and asserted: “We automatically accept requests for exemption concerning minors; requests concerning adults have all been refused.”
The practice has not gone down well with some. There are currently 637 cases brought before the courts by those denied the “right to discretion”.
The Luxembourg District Court has asked the European Court of Justice (ECJ) to give a preliminary ruling on the regime for limiting access to information on beneficial owners and to clarify the concepts of ‘exceptional circumstances’, ‘risk’ and ‘disproportionate risk’.
A first hearing was held in October and Giovanni Pitruzzella, an advocate general at the European Court of Justice, has just issued an initial opinion on the matter. The opinion has left the plaintiffs’ lawyers circumspect, to say the least. The opinion of an advocate general is in a way an expression of the European public interest, given “in complete independence and impartiality”. And the court is not obliged to follow it, even if this is what happens in practice in most cases.
The opinion contains information but no clear instructions, according to Katrien Veranneman, counsel at Elvinger Hoss Prussen, and Fabio Trevisan and Élodie Vincent, respectively partner and counsel at BSP.
Firstly, the advocate general confirms the validity of the regime of public access to information on the beneficial owners of companies.
“This is a very strong signal to the Luxembourg legislator who was, let us recall, the one who opened the possibility of access to this RBE to the general public without even demonstrating a legitimate interest. This principle, which has been heavily criticised, is considered a priori to be compliant”, says Trevisan. “The advocate general considers, however, that the authorities in charge of the registers should be aware of the identity of the people who access them, which the Luxembourg register in its current form does not allow”, comments Veranneman.
The advocate general also confirms the obligation of EU member states to limit access to the general public.
Fundamental rights come into play
The openness is found in the justification for limiting access. Luxembourg bases its ‘derogations’ either on the legal capacity of the beneficiaries of the exception--minors and incapacitated persons--or on the risk of criminal offences. Trevisan and Veranneman insist that these risks are impossible to prove. This is confirmed by the fact that the RBE has never followed up on an application based on this type of risk. “This risk must be characterised, real and present” is the policy of the RBE, which must avoid distorting the principle of transparency associated with the establishment of this register by the anti-money laundering directive.
For the advocate general, the risk to be considered is rather that of an infringement of the fundamental rights provided for by the Charter of Fundamental Rights of the Union, and more particularly the respect of private and family life, and the protection of personal data. These are more concrete elements to analyse than the risks referred to in the Luxembourg law.
Pitruzzella says the provision and disclosure of information to the public “undoubtedly constitute interference with the guaranteed fundamental rights”, yet these interferences “are not disproportionate and are not of a particularly serious nature”.
And that is all. The notions of proportionality and particular gravity are not defined. “It’s a roundabout way of dealing with this aspect,” according to Trevisan, who believes that we are back to square one in the absence of any applicable criteria.
GDPR vs RBE: the fight will not take place
Above all, the central issue of the compliance of the register of beneficial owners with the EU’s General Data Protection Regulation is completely ignored. If the problem is addressed, no consequences are drawn.
At the hearing, the European Data Protection Supervisor argued for a restriction of such access. As did Luxembourg’s national commission for data protection (CNPD), which, at the time of the transposition of the directive, argued for access to be limited to persons able to prove a legitimate interest. This approach was not adopted. The AML Directive itself had abolished the need for any member of the general public to demonstrate a legitimate interest in accessing data on the grounds that it was necessary to achieve the objective of preventing money laundering and terrorist financing.
Trevisan sees this as a desire not to put European states that have transposed the directive at odds by going further than the directive wanted--“this is the case in Luxembourg”, observes Veranneman--in the name of transparency, whereas “legally, this does not hold water because on the one hand it is incompatible with GDPR and on the other hand it leads to arbitrary interpretations in terms of the application of the exceptions that are poorly defined by the law.”
Veranneman says the opinion “could have gone further and stated more about the objections put forward in particular by the EDPS”. Trevisan and Vincent say the opinion is “disappointing and does not advance anything”.
Where do we go from here?
The RBE would not comment on “an ongoing court case”. While Trevisan and Vincent hope that the court will go against the advocate general’s opinion and will--at last--give instructions on how to benefit from the exemptions to open access.
These elements could also inspire the government, which wants to reform the legal framework governing the Register of Commerce and Companies (RCS) and the RBE. A bill with the following number 7961 was tabled on 2 February. This reform is mainly aimed at sanctioning the 7.5% of companies that do not register with the RBE. However, it may have to change if the ECJ were to establish the boundaries between the RBE and the GDPR regimes.
That is, unless the Sixth AML Directive, which is currently being drafted, tackles the issue head on.
Originally published in French by and translated for Delano