Suspension of public access to the Beneficial Owners Register
Copyright 2022 Christiana Aristidou LLC
In a landmark decision on 22/11/2022, the Court of Justice of the European Union (CJEU) in joined cases C-37/20 and C-601/20, WM, Sovim SA v Luxembourg Business Registers, decided that Article 1(15)(c) of the 5th AML Directive is invalid.
According to Article 1(15)(c) of Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU:
“Member States shall ensure that the information on the beneficial ownership is accessible in all cases to:
(a) competent authorities and FIUs, without any restriction;
(b) obliged entities, within the framework of customer due diligence in accordance with Chapter II;
(c) any member of the general public.
The persons referred to in point (c) shall be permitted to access at least the name, the month and year of birth and the country of residence and nationality of the beneficial owner as well as the nature and extent of the beneficial interest held.
Member States may, under conditions to be determined in national law, provide for access to additional information enabling the identification of the beneficial owner. That additional information shall include at least the date of birth or contact details in accordance with data protection rules.”
The landmark case
In particular, the CJEU stated that “Article 1(15)(c) of Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU, is invalid in so far as it amended point (c) of the first subparagraph of Article 30(5) of Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC, in such a way that point (c) of the first subparagraph of Article 30(5), as thus amended, provides that Member States must ensure that information on the beneficial ownership of companies and of other legal entities incorporated within their territory is accessible in all cases to any member of the general public”.
According to the CJEU, the data available on the Register contain information on identified individuals (beneficial owners of corporate and other legal entities) and thus “the access of any member of the general public to those data affects the fundamental right to respect for private life, guaranteed in Article 7 of the Charter”. The fact that the “data concerned may relate to activities of a professional nature” was irrelevant. In addition, “making available those data to the general public in that manner constitutes the processing of personal data falling under Article 8 of the Charter”.
The court also added that “information available to the general public in such a manner that it is then accessible to a potentially unlimited number of persons and the lack of any control over the use of data after it had been made available to the general public render it “difficult, or even illusory, for those data subjects to defend themselves effectively against abuse”.
As a result, the court found that “the general public’s access to information on beneficial ownership… constitutes a serious interference with the fundamental rights in Articles 7 and 8 of the Charter”.
Although the EU recognized that providing access to beneficial ownership registers to any member of the general public would help fight financial crime and keep trust in the integrity of business transactions and of the financial system, this landmark decision provides that Members States should ensure that beneficial ownership registers are not being publicly available in a way contrary to the decision. It remains to be seen how the Members States will treat this decision. Further guidance by the EU is expected as well.
As for Cyprus, on 16 December 2020, the Cyprus Council of Ministers appointed the Registrar of Companies (RoC) as the competent authority to maintain the beneficial owners (UBO) register concerning companies and other legal persons.
The day after the approval of the “Prevention and Suppression (amendment) Law of 2021 by the Cypriot Parliament, the Registrar of Companies (RoC) announced that “One of the basic provisions of the Amendment Law regards the establishment, maintenance and operation of a Beneficial Owners Register for corporate and other legal entities, by the Registrar of Companies.” Consequently, the collection of UBO data was started.
In light of the judgment of the CJEU, the Cyprus Registrar of Companies on the 28 of November 2022, announced that access to the general public of the personal information of the Beneficial Owners is suspended from the 23rd of November since compliance with the European case law is a requirement.
As a Member State of the EU, the Republic of Cyprus is bound by the judgment of the CJEU. Therefore, a relevant amendment shall be made to Law 188(I)/2007 in order for Cyprus to be compliant. The obligation to submit and update the data of the Beneficial owners still remains the same and the relevant authorities which will seek access to the records and/or information will have to additionally provide a Responsible Declaration that will ensure that the details are sought in the context of taking the due diligence measures.