The couple say the transfers were made, often on a daily basis and including transfers from Swedbank to SEB, while one of them was residing outside Estonia, adding that a year's-worth of statements from the woman's Wise account were also requested.

According to the financial regulatory authority, scrutiny of this kind by a bank must be based on actual risks.

Erik (full name known to the editors – ed.) told ERR that his partner had received a letter from SEB requesting more information about transfers he made to her, between mid-April of last year and early March this year. More specifically, the bank wanted to see evidence of invoices, delivery notes, contracts, and similar documents related to transactions with certain descriptions.

The transfer descriptions that caught the bank's attention included, among others, those tagged with the references: "Majutus reisil" ("accommodation on trip"), "Viisa", "ravimid" ("medicines"), "Narva ujukad&presskruus&muu" ("Narva swimsuits, travel mug and other") and "Veebr rent".

"In addition, we ask that you explain your relationship with this individual," the bank wrote, also requesting a statement of the woman's account with international money transfer provider Wise for the same period.

Erik told ERR he understands the banks' due diligence obligations and the need to counter money laundering, but added he can't understand how a bank can demand explanations for transfers between two private individuals.

He and his partner frequently transfer money, because she has an account in the bank of their current country of residence, while Erik does not.

"From time to time, we calculate our shared expenses and I transfer my share to her SEB account, from which she then transfers the necessary amount via Wise to a local bank," Erik explained. "I transfer to her SEB account from my Swedbank account."

As might be expected the couple did not set up any loan agreements ahead of the transactions, though the man had included explanations for what each transfer was for, to give both of them a clear overview of expenses.

Erik turned to the Estonian Financial Supervision Authority (Finantsinspektsioon) with his question and asked for an assessment of whether the bank had the right to request data of this kind.

Erik said: "Neither of us has been involved in illegal transactions or transfers. Also, it should not be under any bank's authority to inquire about someone's personal relationships, unless an investigation or something similar has been initiated," he stated in a letter to the authority. "Isn't thi an unlawful collection of private personal data?"

Authority: The bank has an obligation to verify justified suspicions

Financial Supervision Authority communications specialist Kaisa Gabral told ERR that one of the main responsibilities for financial institutions in preventing money laundering is to verify whether the payments being processed originate from legitimate sources.

As to whether the bank's interest in private transactions in this case is justified, Gabral said the authority can only respond in general terms, without evaluating the specific case in question.

She said: "The extent of such checks may vary; how and to what extent they are applied depends on the specific client, their risk level, the purpose of the business relationship, activities, transactions, the nature of the payments, as well as significant changes in the client's previous profile, and so on."

Gabral added that financial institutions are capable of distinguishing unusual patterns from typical client behavior and transactions.

"If a bank, while enacting its legally required due diligence measures, has a justified suspicion and assesses that the origin of received funds needs closer inspection, it is obliged to carry it out," the authority representative said.

However, such information requests must be proportionate and based on actual indications of risk, which is initially assessed by each financial service provider, Gabral added. In other words, it's up to the bank to decide whether the risk is significant enough to warrant asking for additional data.

Gabral could not specify how often the authority receives similar complaints. She noted that the agency receives various complaints, including those related to account services, and these serve as valuable input for supervisory activities.

SEB: Information requests depend on the level of risk

Monika Kallas-Anton, head of customer risk management and security at SEB, stated that, as a bank, SEB are obliged to comply with current regulatory requirements.

She said: "A risk-based approach applies in the implementation of standard due diligence measures, and the scope of these measures, including how much information is requested from the client and checked, depends on the level of risk."

According to Kallas-Anton, the scope and content of questions put to clients correspond to the additional clarifications the bank deems necessary to ensure an acceptable risk level and smooth service to the client.

Liisi Mets, head of the finance authority's anti-money laundering department, has previously stated that banks do not have a blank check on what questions they can ask to clients – questions must be relevant and must be targeted at assessing whether there any risk of money laundering or terrorist financing is present, and how significant that might be.

Mets said: "For instance, the bank may ask about the client's income, sources of transactions, business relationships, and other financial data."

At the same time, clients have the right to ask the bank for explanations if the questions asked the seem superfluous, and also to obtain information on why the data requested is needed and how it relates to anti-money laundering requirements.

According to Mets, the financial service provider must be able to provide justification as to why the information requested is needed, while the client does have the right to refuse to provide it. In that case, however, the client must then bear in mind that this refusal may affect service availability, due to the rules put in place on the banks.

The authority pointed out: "Financial service providers are not permitted to complete transactions or establish business relationships and must terminate them if they cannot apply the necessary due diligence measures to a client, i.e., if the client refuses to provide the required data," the Financial Supervision Authority representative pointed out.

--

Follow ERR News on Facebook and Twitter and never miss an update!