Latvia first in EU to introduce data protection recommendations in the prevention of money laundering and terrorism and proliferation financing and sanctions fields

This is the first document of this type to be implemented within the EU. The recommendations are intended to serve as practical guidelines to be used by field professionals as well as the authorities working on improving the prevention of financial crimes. 

The recommendations are binding to various credit, payment, investment, and insurance institutions, as they include practical guidance on daily operations with personal data processing matters like:

The recommendations aim to cover real-life situations and provide answers to issues that have been raised by legal practitioners. The guidelines therefore present theoretical problems through practical application: "Before processing data, the controller must verify whether, in a particular case, specific categories of personal data are concerned. In practice, processing of such data may not take place in the absence of an explicit purpose to obtain and process those data. For example, when carrying out a background check, the controller obtains information that the money is being transferred from a country where one religious belief prevails. This may give the wrong impression that data on the religious beliefs of the natural person are being processed. The inference is drawn from information about the country and not directly from the fact that a particular person has X religious belief. Consequently, information about a country cannot automatically be regarded as information on the religious beliefs of a particular individual. 

However, the verification of the status of a politically exposed person may indirectly lead to specific categories of personal data - data on the political opinions of that person (in relation to membership of political party) - but the processing of this data depends on the existence of a purpose and whether there is the existence of an adequate legal basis for processing". 

The guidelines are an addition to the existing Financial and Capital Market Commission 21 December 2021 "Recommendations for the establishment of an internal control framework and customer due diligence for the prevention of money laundering and the financing of terrorism and proliferation and sanctions risk management". The subjects covered in the new section include topics such as the foundational national and EU legislation principles of data protection, processing of biometric data, processing of data regarding convictions, criminal records and offences, automated decision-making, and transfer of data outside of the EU. The increasing regulatory and application difficulties in both fields represent the need for further development and use of such recommendations.