On Nov. 22, 2022, the Court of Justice of the European Union decided on two joined cases (Case C-317/21 G-Finance SARL, DV v Luxembourg Business Registers) brought against the Luxembourg authorities regarding its Register of Beneficial Ownership. The CJEU’s opinion carefully weighed privacy rights, the EU's anti-money laundering directive and many other factors. The CJEU went through a detailed legal analysis balancing numerous areas of concern and provided a comprehensive rationale regarding its ruling. 

The CJEU ruled a specific portion of the EU’s anti-money laundering directive to be invalid.  This in turn made public access to EU member state registers, which contain information on beneficial owners, a substantial issue. These registers, although they promoted transparency and other societal benefits, had to restrict access to records to protect the privacy rights of the beneficial owners.

Items that heavily influenced the CJEU’s decision

The CJEU reviewed the Luxembourg law that established its RBO, and noted extensive information regarding beneficial owners of registered entities were mandated to be included in the RBO, which then could be viewed by the public at large and included the following:

• Surname.
• Forename(s).
• Complete private or professional address.
• For residents, their national identification number.
• For non-residents, their foreign identification number.
• Country of residence.
• Month of birth.
• Day of birth.
• Year of birth.
• Nature of the beneficial interests held.
• Extent of the beneficial interests held.
• Nationality or nationalities.
• Place of birth.

In the instant matter before the CJEU, the beneficial owner expressed serious concerns about the personal information required by Luxembourg’s RBO law. The beneficial owner, listed as “WM,” stated the general public’s access to that level of detailed information “would seriously, actually and immediately expose WM and his family to a disproportionate risk and risk of fraud, kidnapping, blackmail, extortion, harassment, violence or intimidation.” WM further pleaded his business affairs require him to frequently travel to countries where there are high crime rates,  … “which creates a significant risk of his being kidnapped, abducted, subjected to violence or even killed.”

The CJEU clearly recognized the importance of the EU's anti-money laundering directive, as it stated “... Confidence in financial markets from investors and the general public depends in large part on the existence of an accurate disclosure regime that provides transparency in the beneficial ownership and control structures of companies. … The potential increase in confidence in financial markets should be regarded as a positive side effect and not the purpose of increasing transparency, which is to create an environment less likely to be used for the purpose of money laundering and terrorist financing.”

Understanding CJEU’s analysis

The CJEU emphasized a balance between multiple important factors, and said although the anti-money laundering directive is beneficial for the public at large, the significant privacy risks were far too great.

The CJEU noted “In all cases, both with regard to corporate and other legal entities, as well as trusts and similar legal arrangements, a fair balance should be sought in particular between the general public interest in the prevention of money laundering and terrorist financing and the data subjects’ fundamental rights.” The CJEU weighed factors including but not limited to:

• Articles 7 and 8 of the Charter of Fundamental Rights of the European Union.
• Article 8 of the European Convention on Human Rights.
• Article 1(15)(c) of Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849.
• Articles 5, 25, 44-50, and 94 of the EU General Data Protection Regulation.

The CJEU’s preliminary ruling was as follows:

“Article 1 (15)(c) of Directive (EU) 2018 / 843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015 / 849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009 / 138 / EC and 2013 / 36 / EU, is invalid in so far as it amended point (c) of the first subparagraph of Article 30(5) of Directive (EU) 2015 / 849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648 / 2012 of the European Parliament and of the Council, and repealing Directive 2005 / 60 / EC of the European Parliament and of the Council and Commission Directive 2006 / 70 / EC, in such a way that point (c) of the first subparagraph of Article 30(5), as thus amended, provides that Member States must ensure that information on the beneficial ownership of companies and of other legal entities incorporated within their territory is accessible in all cases to any member of the general public.”

Impacts, potential consequences and next steps

To ensure compliance with the CJEU’s preliminary ruling, a number of EU member states have already suspended access to their respective public RBOs.  Transparency experts and advocates have taken exception to CJEU’s ruling, as there is a strongly held belief that access to beneficial ownership is critical to preventing and detecting money laundering, tax evasion, terrorism financing, fraud, corruption and other wrongdoings. Weighing and balancing privacy risks against competing societal interests will undoubtedly continue to persist in national security concerns, freedom of press, freedom of expression, public health risks and many others. The courts will continuously grapple with balancing the public interests in privacy with other countervailing public interests on a case-by-case basis.

To redress the heightened transparency concerns regarding public RBO access, the following points have been discussed in the legal and business communities, and specifically have been raised by civil society organizations:

• European Parliament and the European Council need to address access in the current 6th EU Anti-Money Laundering Directive.
• The European Commission already stated it would “thoroughly analyze the implications” and was “ready to work with co-legislators to ensure full compliance with the judgment.”
• A careful analysis of Article 13 of the UN Convention against Corruption, which the EU and EU member states are all parties to, must be undertaken.
• There needs to be a careful reexamination of different standards of protection that could be applied to “legal persons” versus “natural persons.”
• There has been a call to action for key players, including the Financial Action Task Force, the World Bank, Organisation for Economic Co-operation and Development, the Council of Europe’s Group of States Against Corruption and prominent civil society organizations, such as Transparency International, to become more proactive in the ongoing debate process.

The CJEU’s decision has created ripple effects, which will likely lead to more robust discussions among interested parties and ultimately to the establishment of new rules regarding public RBOs that provide the desired transparency — but with less risks to privacy.