FantasticSearch

1. Member States shall put in place centralised automated mechanisms, such as central registers or central electronic data retrieval systems, which allow the identification, in a timely manner, of any natural or legal persons holding or controlling payment accounts, or bank accounts identified by IBAN, including virtual IBANs, securities accounts, crypto-asset accounts and safe-deposit boxes held by a credit institution or financial institution within their territory. Member States shall notify the Commission of the characteristics of those national mechanisms as well as the criteria pursuant to which information is included in those national mechanisms.

2. Member States shall ensure that the information held in the centralised automated mechanisms is directly accessible in an immediate and unfiltered manner to FIUs, as well as to AMLA for the purposes of joint analyses pursuant to Article 32 of this Directive and Article 40 of Regulation (EU) 2024/1620. The information shall also be accessible in a timely manner to supervisory authorities to fulfil their obligations under this Directive.

3. The following information shall be accessible and searchable through the centralised automated mechanisms:

(a) for customer-account holders and any person purporting to act on behalf of a customer account holder: the name, complemented by either the other identification data required under Article 22(1) of Regulation (EU) 2024/1624 or a unique identification number as well as, where applicable, the dates on which the person purporting to act on behalf of the customer started and ceased to have the power to act on behalf of the customer;

(b) for beneficial owners of customer-account holders: the name, complemented by either the other identification data required under Article 22(1) of Regulation (EU) 2024/1624 or a unique identification number as well as the dates on which the natural person became and, where applicable, ceased to be the beneficial owner of the customer account holder;

(c) for bank accounts or payment accounts: the IBAN number, or where the payment account is not identified by an IBAN number, the unique account identifier, and the date of account opening and, where applicable, the date of account closing;

(d) for virtual IBANs issued by a credit institution or a financial institution: the virtual IBAN number, the unique account identifier of the account to which payments addressed to the virtual IBAN are automatically redirected, and the dates of account opening and closing;

(e) for securities accounts: the unique identifier of the account, and the dates of account opening and closing;

(f) for crypto-asset accounts: the unique identifier of the account, and the dates of account opening and closing;

(g) for safe-deposit boxes: the name of the lessee complemented by either the other identification data required under Article 22(1) of Regulation (EU) 2024/1624, or a unique identification number and the date on which the lease started and, where applicable, the date on which it ended. In the case of a virtual IBAN, the customer account holder as referred to in point (a) of the first subparagraph shall be the holder of the account to which payments addressed to the virtual IBAN are automatically redirected. For the purposes of points (a) and (b) of the first subparagraph, the name shall comprise for natural persons, all names and surnames and for legal entities, legal arrangements or other organisations with legal capacity, the name under which they are registered.

4. The Commission may establish, by means of implementing acts, the format for the submission of the information to the centralised automated mechanisms. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 72(2).

5. Member States may require other information deemed essential for FIUs, for AMLA for the purposes of joint analyses pursuant to Article 32 of this Directive and Article 40 of Regulation (EU) 2024/1620 and for supervisory authorities to fulfil their obligations under this Directive to be accessible and searchable through the centralised automated mechanisms.

6. The centralised automated mechanisms shall be interconnected via the bank account registers interconnection system (‘BARIS’), to be developed and operated by the Commission. The Commission shall ensure such interconnection in cooperation with Member States by 10 July 2029. The Commission may set out, by means of implementing acts, the technical specifications and procedures for the connection of Member States’ centralised automated mechanisms to BARIS. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 72(2).

7. Member States shall ensure that the information referred to in paragraph 3 is available through BARIS. Member States shall take adequate measures to ensure that only the information referred to in paragraph 3 that is up to date and corresponds to the actual bank account and payment account, including virtual IBANs, securities account, crypto-asset account and safe-deposit box is made available through their national centralised automated mechanisms and through BARIS. Access to that information shall be granted in accordance with data protection rules. The other information that Member States consider essential for FIUs and other competent authorities pursuant to paragraph 4 shall not be accessible and searchable through BARIS.

8. Member States shall ensure that information on holders of bank accounts or payment accounts, including virtual IBANs, securities accounts, crypto-asset accounts and safe-deposit boxes is made available through their national centralised automated mechanisms and through BARIS during a period of 5 years after the closure of the account. Without prejudice to national criminal law on evidence applicable to ongoing criminal investigations and legal proceedings, Member States may, in specific cases, permit such information to be retained, or require that such information be retained, for an additional maximum period of 5 years where Member States have established that such retention is necessary and proportionate for the purpose of preventing, detecting, investigating or prosecuting suspected money laundering or terrorist financing.

9. FIUs and, for the purposes of joint analyses pursuant to Article 32 of this Directive and Article 40 of Regulation (EU) 2024/1620, AMLA shall be granted immediate and unfiltered access to the information on payment accounts and bank accounts identified by IBAN, including virtual IBAN, securities accounts, crypto-asset accounts and safe-deposit boxes in other Member States available through BARIS. Supervisory authorities shall be granted access in a timely manner to the information available through BARIS. Member States shall cooperate among themselves and with the Commission in order to implement this paragraph. Member States shall ensure that the staff of the national FIUs and supervisory authorities that have access to BARIS maintain high professional standards of confidentiality and data protection, are of high integrity and are appropriately skilled. The requirements laid down in the second subparagraph shall also apply to AMLA in the context of joint analyses and when acting as a supervisor.

10. Member States shall ensure that technical and organisational measures are put in place to ensure the security of the data to high technological standards for the purposes of the exercise by FIUs and supervisory authorities of the power to access and search the information available through BARIS in accordance with paragraphs 5 and 6. The requirements laid down in the first subparagraph shall also apply to AMLA in the context of joint analyses and when acting as a supervisor.