On 2 May 2024, the European Banking Authority (EBA) announced that, starting from May 2024, supervisors across the EU will be able to report names of natural persons to EuReCA, the EU central database AML and CFT of the EBA. In this context, the EBA published a summary of the EBA’s updated data protection impact assessment (DPIA) for EuReCA, a factsheet on EuReCA that explains what the database is, who reports to it and what it contains, as well as a data protection notice that explains how personal data are processed.

EuReCA contains information on serious AML/CFT deficiencies in individual financial institutions (FIs) that were identified by EU supervisors and contains information on the measures taken by supervisors to address said deficiencies. If a serious deficiency or a measure is linked to a natural person, for instance a customer or a beneficial owner (BO), supervisors will be able to report this information to EuReCA. They can also report the name of a member of the management body or a key function holder in a FI, if necessary. The AML Authority (AMLA) will be able to build on EuReCA as the new EU supervisory framework takes shape.