Transparency International Slovenia – Društvo Integriteta
Pospešen dostop do bančnih podatkov prek javno‑zasebnega sodelovanja (JZS)
Avtor: Transparency International Slovenia (TI‑SI) | Program: STEP EU | Datum: september 2025.
V časovno kritičnih preiskavah korupcije in pranja denarja šteje vsaka ura. V okviru projekta STEP EU TI‑Slovenija predstavlja pospešeni mehanizem javno‑zasebnega sodelovanja (JZS), ki omogoča, da banke na ozko opredeljene, zakonito utemeljene in minimizirane zahteve odgovorijo v ≤ 72 urah (ali v ≤ 5 delovnih dneh na pospešenem tiru). Ureditev temelji na standardiziranih obrazcih, varnem kanalu in revizijski sledi ter krepi začasno zavarovanje premoženja in pakete mednarodne pravne pomoči (MLA) — brez velikih IT‑naložb.
Pospešen dostop do bančnih podatkov prek javno‑zasebnega sodelovanja (JZS)
1) Izziv
Čezmejne zadeve korupcije in pranja denarja se pogosto ustavijo, ker bančni podatki prispejo prepozno. Klasični kanali mednarodne pravne pomoči (MLA) in redne zahteve do zavezancev lahko trajajo tedne; v tem času se sredstva lahko razpršijo, sledi pa degradirajo. Ponovita se dva problema: (i) nejasne kontaktne točke znotraj bank – zlasti čezmejno – in (ii) postopkovni zamiki pred zakonitim razkritjem osnovnih podatkov o računih in transakcijah. V primeru, povezanem z javnim naročanjem in s hrvaško komponento, so slovenski organi potrebovali hitro potrditev imetnikov računov in ozke izpise transakcij pri več institucijah, da bi zavarovali premoženje in potrdili vzorce tveganj.
2) Dobra praksa
Za odpravo zamud so pristojni organi v Sloveniji v sodelovanju z bančnim združenjem in vodji skladnosti največjih bank pilotno uvedli pospešen mehanizem javno‑zasebnega sodelovanja (JZS) za nujne, ozko opredeljene zahteve. Na obeh straneh so bili imenovani pooblaščeni uradniki, uveden pa je bil dvotirni standard storitev – vedno na podlagi pravne podlage in sorazmernosti:
• Nujno (≤72 ur): identifikacija imetnika računa (KYC »glava«) in kratki, natančno opredeljeni izpisi transakcij.
• Pospešeno (≤5 delovnih dni): enak obseg, kadar nujnost ni izrazita.
Zahteve so potekale po enem varnem kanalu z vnaprej potrjenimi obrazci. Vsaka zahteva je vsebovala pravni temelj, sklic zadeve, utemeljitev minimizacije in zaščitni namen (npr. predlog za začasno odredbo). Rotacijski dežurni pri bančnem združenju je skrbel za usmerjanje do prave institucije in eskalacijo, kadar je bilo potrebno.
3) Čezmejna razsežnost
Hitre domače potrditve so omogočile bolj specifične MLA zahteve na Hrvaško – z natančno označenimi računi, nasprotnimi strankami in datumi vrednosti. Specifičnost je skrajšala preglede in olajšala uskladitev ukrepov zavarovanja. Stiki med bančnimi oddelki za skladnost – vzpostavljeni prek združenja – so potrjevali tehnične podrobnosti (npr. korespondenčne poti) in zmanjšali trenja.
4) Vloga podatkov o BO/premoženju in tokov podatkov
Mehanizem sam po sebi ni orodje za dejanskega lastnika (BO), vendar povezuje podatke o BO/premoženju z bančnimi sledmi:
• usklajevanje preverjenih KYC podatkov bank z registri podjetij in posrednimi nabori BO;
• triaža na ozkih izpiskih za prepoznavanje vzorcev (kroženje sredstev, »funnel« računi, delitev računov) v kombinaciji s podatki o javnih naročilih; ter
• podpora pravočasnim predlogom za začasno zavarovanje na podlagi verodostojnih, minimalno zadostnih bančnih podatkov.
Vse zahteve so bile vezane na konkretno zadevo, minimizirane, beležene in revidirljive.
5) Učinek
• Čas do prvega odgovora bank v nujnih primerih: iz tednov na ≤72 ur (pilotni KPI).
• Kakovost MLA paketov: natančnejši IBAN‑i/koristniki in ožji datumski okviri → manj dopolnjevanj v tujini.
• Začasno zavarovanje premoženja: bančno potrjena dejstva v prilogah sodnim predlogom.
• Zaupanje in predvidljivost: manj nejasnih ali preširokih zahtev na obeh straneh.
6) Ključne komponente in varovalke
• Imenovani kontaktni uradniki z dežurstvi in eskalacijskimi tokovi.
• Poenoteni obrazci z obveznimi polji (pravni temelj, nujnost/sorazmernost, minimizacija).
• Šifriran prenos in popolna revizijska sled (hramba dnevnikov).
• Dve ravni nujnosti za preprečevanje “vse je nujno”.
• Usposabljanja in kratki pregledi za preiskovalce in vodje skladnosti.
• Jasne rdeče črte: brez množičnega “ribičenja”; brez sekundarne uporabe izven konkretne zadeve brez nove pravne podlage.
7) Nauki / naslednji koraki
Mehanizem JZS je smiselno kodificirati v lahek nacionalni protokol. Čezmejno ponovljivost krepijo vnaprej dogovorjeni kontakti in obrazci z bližnjimi FIU/tožilstvi, poravnani z obstoječimi EU kanali. Sistematično vključite registre BO/premoženja v obrazec zahteve in spremljajte metrike (odzivni časi, delež popolnih odgovorov, primeri, kjer so nujni bančni podatki podprli zavarovanje). Redno se posvetujte z organom za varstvo osebnih podatkov (Data Protection Authority – DPA) in, kjer je potrebno, izvedite oceno učinka v zvezi z varstvom podatkov (Data Protection Impact Assessment – DPIA); letni skupni pregledi naj zagotavljajo sorazmernost in skladnost.
8) Zakaj je to “dobra praksa”
Pristop temelji na upravljanju in koordinaciji, ne na dragih IT‑rešitvah. Vsaka jurisdikcija lahko z bančnim združenjem in pristojnimi organi dogovori (i) imenovane kontakte, (ii) ravni nujnosti, (iii) standardne obrazce in (iv) varen kanal z revizijsko sledjo. Čezmejno prenosljivost povečujejo skupni metapodatki (IBAN, BIC, časovna okna) in sidranje v obstoječe pravne podlage (nacionalni kazensko‑procesni/AML okvirji in instrumenti MLA). Analogni, procesni posegi so lahko zelo učinkoviti.
English version:
Fast‑Track Access to Banking Data via Public–Private Cooperation (PPC)
In time‑critical corruption and money‑laundering investigations, hours matter. Under the STEP EU programme, TI‑Slovenia documents a fast‑track public–private cooperation (PPC) workflow that enables banks to answer narrow, law‑based and minimised requests within ≤ 72 hours—or within ≤ 5 working days on an accelerated track. Built on standard templates, a secure channel and a full audit trail, the mechanism strengthens interim asset‑preservation and mutual legal assistance (MLA) packages — delivering impact without heavy IT builds.
1) The Challenge
Cross‑border corruption and related money‑laundering cases often stall because banking information arrives too late. Traditional mutual legal assistance (MLA) channels and routine obliged‑entity requests can take weeks. By that time, funds may be dissipated and evidentiary trails degraded. Two recurrent issues were identified: (i) unclear points of contact inside banks—especially across borders—and (ii) procedural lags before banks can lawfully disclose basic account and transaction data. In a procurement‑linked case with a Croatian strand, Slovenian authorities needed fast account‑holder confirmation and narrow transaction snapshots across several institutions to preserve assets and corroborate red‑flag patterns.
2) The Good Practice
To address delays, competent Slovenian authorities, in coordination with the national banking association and compliance leads of major banks, piloted a fast‑track public–private cooperation (PPC) mechanism for urgent, narrowly scoped data requests. Named, authorised officials were designated on both sides and a two‑tier service standard was introduced—subject to legal basis and proportionality:
• Urgent (≤72 hours): account‑holder identification (KYC header) and short, tightly defined transaction extracts.
• Accelerated (≤5 working days): the same scope where urgency is lower.
Requests moved through a single secure channel using pre‑approved templates. Each request stated the legal grounds, case reference, a data‑minimisation justification and the protective purpose (e.g., application for a restraining order). A rotating duty officer at the banking association ensured routing to the right institution and escalation where needed.
3) Cross‑Border Dimension
In the Slovenian–Croatian strand, fast domestic confirmations enabled more specific MLA requests to Croatia—pinpointing accounts, counterparties and value‑dates. The improved specificity shortened review times and helped align preservation steps with Croatian counterparts. Bank‑to‑bank compliance contacts—already in place via the association—validated technical details (e.g., correspondent paths), reducing friction.
4) Role of BO/Asset Data and Data Flows
Although not a beneficial‑ownership (BO) tool per se, the mechanism linked BO/asset information to banking trails by:
• aligning banks’ verified KYC data with company registers and proxy BO datasets;
• enabling triage on narrow extracts to identify patterns (round‑tripping, funnel accounts, invoice‑splitting) when combined with procurement‑award data; and
• supporting timely applications for interim asset‑preservation measures based on credible, minimally sufficient bank data.
All requests were case‑bound, minimised, logged and auditable; banks returned only what was necessary for the next lawful step.
5) Impact
- Time to first bank response in urgent cases fell from weeks to ≤72 hours (pilot KPI).
- MLA packages improved in quality (specific IBANs/beneficiaries and narrowed date windows), reducing clarification loops abroad.
- Interim asset‑preservation outcomes strengthened by attaching bank‑verified facts to judicial applications.
- Trust and predictability increased between investigators and bank compliance teams; both sides reported fewer ambiguous or over‑broad requests.
6) Key components and safeguards
• Named liaison officers with duty schedules and escalation trees on both sides.
• Standardised request templates mandating legal basis, necessity/proportionality and data minimisation.
• Secure encrypted transmission and a full audit trail (logs retained per retention rules).
• Two‑tier urgency to prevent “everything is urgent” overload and protect bank capacity.
• Briefings and training for case officers and bank compliance leads on framing urgent, minimised requests.
• Clear red lines: no bulk fishing; no secondary use beyond the specified case without a renewed legal basis.
7) Lessons Learned / Way Forward
Codify the PPC mechanism by moving from pilot MoUs to a light national protocol endorsed by the banking association and competent authorities. Replicate cross‑border by agreeing contact lists and urgent‑request templates with neighbouring FIUs/prosecutors’ offices and aligning with existing EU cooperation channels. Systematically integrate BO/asset registries into the request template, and track metrics (response times, share of fully compliant responses, cases supported by urgent bank data). Refresh consultations with the Data Protection Authority (DPA) and, where needed, conduct Data Protection Impact Assessments (DPIA); carry out annual joint reviews to ensure proportionality and compliance.
8) Why This Is a “Good Practice”
The approach relies on governance and coordination rather than costly IT builds. Any jurisdiction can convene its banking association and competent authorities to agree (i) named contacts, (ii) urgency tiers, (iii) standard templates and (iv) an encrypted channel with an audit trail. Cross‑border transferability is enhanced by using common metadata (IBANs, BICs, date‑time windows) and anchoring the workflow in existing legal bases (national criminal‑procedure/AML frameworks and MLA instruments). Analog interventions can be impactful: significant gains are possible without heavy IT investment.