Utilizziamo cookies e tecnologie similari per migliorare l’esperienza all’interno del sito e offrire all’utente un servizio di maggior valore. I cookie presenti su questo sito sono cookie tecnici per garantire il funzionamento del sito e cookie analitici, anche di terze parti, utilizzati da noi e dai nostri partner per misurare le performance del Sito e capire i contenuti che vi interessano. Per accettare i cookie clicca «accetta i cookie analitici». Per rifiutare i cookie clicca «rifiuta i cookie analitici». Per maggiori informazioni ti invitiamo a leggere la nostra Cookie Policy.

Latvia first in EU to introduce data protection recommendations in the prevention of money laundering and terrorism and proliferation financing and sanctions fields

​​​published on 28 June 2022 | reading time approx. 2 minutes

The Latvian Financial and Capital Market Commission together with the National Data Protection authority and Finance Latvia Association have developed recommendations on the processing of natural persons' data for the purposes of anti-money laundering, countering the financing of terrorism and proliferation, and sanction compliance that were adopted on 27 May 2022. 

This is the first document of this type to be implemented within the EU. The recommendations are intended to serve as practical guidelines to be used by field professionals as well as the authorities working on improving the prevention of financial crimes. 

The recommendations are binding to various credit, payment, investment, and insurance institutions, as they include practical guidance on daily operations with personal data processing matters like:
  • basic principles and legal basis for personal data processing in the context of the anti-money laundering and sanctions regulation, and other related legal acts;
  • processing of special categories of personal data (e.g. biometric data);
  • processing of personal data on convictions and offenses;
  • ensuring compliance with the internal processes provided by GDPR;
  • observing data subjects' rights;
  • storage of personal data.

The recommendations aim to cover real-life situations and provide answers to issues that have been raised by legal practitioners. The guidelines therefore present theoretical problems through practical application: "Before processing data, the controller must verify whether, in a particular case, specific categories of personal data are concerned. In practice, processing of such data may not take place in the absence of an explicit purpose to obtain and process those data. For example, when carrying out a background check, the controller obtains information that the money is being transferred from a country where one religious belief prevails. This may give the wrong impression that data on the religious beliefs of the natural person are being processed. The inference is drawn from information about the country and not directly from the fact that a particular person has X religious belief. Consequently, information about a country cannot automatically be regarded as information on the religious beliefs of a particular individual. 

However, the verification of the status of a politically exposed person may indirectly lead to specific categories of personal data - data on the political opinions of that person (in relation to membership of political party) - but the processing of this data depends on the existence of a purpose and whether there is the existence of an adequate legal basis for processing". 

The guidelines are an addition to the existing Financial and Capital Market Commission 21 December 2021 "Recommendations for the establishment of an internal control framework and customer due diligence for the prevention of money laundering and the financing of terrorism and proliferation and sanctions risk management". The subjects covered in the new section include topics such as the foundational national and EU legislation principles of data protection, processing of biometric data, processing of data regarding convictions, criminal records and offences, automated decision-making, and transfer of data outside of the EU. The increasing regulatory and application difficulties in both fields represent the need for further development and use of such recommendations.



Contact Person Picture

Staņislavs Sviderskis

Assistant Attorney, Certified Data Protection Specialist

Senior Associate

+371 6733 8125
+371 6733 8126

Invia richiesta


​Discover more about our offices in Latvia. Read more »
Deutschland Weltweit Search Menu