Republic of Latvia

Cabinet
Regulation No. 393
Adopted 22 June 2021

Procedures for Requesting and Providing the Non-disclosable Information at the Disposal of a Credit Institution, also Information in Case of Transaction Monitoring

Issued pursuant to
Section 63, Paragraphs 3.¹ and 3.² of the Credit Institution Law

1. General Provisions

1. The Regulation prescribes the procedures by which:

1.1. the person directing the proceedings and the body performing operational activities (hereinafter - the authority) shall request and credit institution shall provide the non-disclosable information at the disposal thereof, also information in case of transaction monitoring (hereinafter - the data exchange), the time limit for the provision of such information, the sample form of the request, and the structure of the machine-readable data;

1.2. a credit institution shall provide information to the Financial Intelligence Unit of Latvia (hereinafter - the Unit) and a court in case of transaction monitoring, and also the time limit for the provision of such information.

2. The authority shall indicate the information on the confirmation of an investigating judge referred to in Criminal Procedure Law, the approval of a judge or the consent of a prosecutor referred to in Operational Activities Law to request non-disclosable information at the disposal of a credit institution or carry out transaction monitoring in the data exchange request. The authority shall not present to the credit institution the document which contains the confirmation of an investigating judge, the approval of a judge, or the consent of a prosecutor.

2. Data Exchange via Intermediation of the Data Distribution Network

2.1. Commencement and Ensuring of the Data Exchange

3. In order to commence the data exchange with the intermediation of the data distribution network of the State Information Systems' integrator (hereinafter - the data distribution network) managed by the State Regional Development Agency (hereinafter - the Agency), the Information Centre of the Ministry of the Interior (hereinafter - the Centre) and a credit institution shall request the right of user of the data distribution network from the Agency. The abovementioned request shall be sent to the official electronic address of the Agency or electronic mail address, using the forms posted on the website https://viss.gov.lv/. The Agency shall, within five working days from the day of receipt of the request, send the notification of the granted rights to the electronic mail address indicated in the request. The Agency shall ensure a test environment for the data distribution network.

4. The Centre shall publish on its website the names of its channels of the data distribution network.

5. When a credit institution and the Centre, by using the test environment of the data distribution network ensured by the Agency, have ascertained the possibility to retrieve and place data in the data distribution network, the credit institution shall send the connection request to the channel of the data distribution network of the Centre, and the Centre shall receive an automatic notification thereon.

6. After obtaining the right of user of the data distribution network environment,, but not later than 10 working days before sending a connection request to the channel of the data distribution network of the Centre, a credit institution shall send the following information to the official electronic address of the Centre:

6.1. the name and registration number of the credit institution;

6.2. the electronic mail address of the credit institution to which the connection approval of the credit institution and other information related to the data exchange shall be sent;

6.3. the date from which the credit institution plans to commence the data exchange;

6.4. the given name, surname, position, and phone number of the contact person of the credit institution.

7. The Centre shall, within five working days from the day of receipt of the automatic notification referred to in Paragraph 5 of this Regulation, inform a credit institution of approval of the connection request by sending the approval and the following information to the electronic mail address referred to in Sub-paragraph 6.2 of this Regulation:

7.1. the phone number and electronic mail address of the Centre to which the issues on the data exchange are to be notified (except for the issues on operation of the data distribution network);

7.2. the date (not earlier than five working days from the day of approval of the connection request) by which the data exchange will be started. In determining the date from which the data exchange will be started, the Centre shall take into account the date indicated by the credit institution from which the credit institution plans to commence the data exchange.

8. A credit institution and the Centre have an obligation to mutually notify of changes in the information referred to in Sub-paragraphs 6.2, 6.4 and 7.1, of this Regulation at least three working days in advance.

9. Starting from the date referred to in Sub-paragraph 7.2 of this Regulation, the data exchange shall be carried out, using the data distribution network.

10. The authority and the credit institution shall carry out the data exchange in conformity with the XML schema structure published in the XML (Extensible Markup Language) catalogue of the State Information Systems' integrator managed by the Agency and the requirements which have been mutually harmonised and published not later than six months before the date referred to in Sub-paragraph 7.2 of this Regulation.

11. The changes in the XML schema structure and the requirements mutually harmonised by the authorities and the credit institutions shall be published with the intermediation of the Centre in the in the XML catalogue of the State Information Systems' integrator managed by the Agency not later than six months before the day of entry into effect of the changes if a new XML schema structure has been developed, and not later than two months before the day of entry into effect of the changes if changes have been made in the existing XML schema structure. The data exchange in conformity with the new XML schema structure and the requirements shall commence from the date which is indicated in the description of the XML scheme published in the XML catalogue of the State Information Systems' integrator managed by the Agency as the date of entering into effect of changes.

12. The Agency shall ensure operation of the data distribution network in conformity with Cabinet Regulation No. 374 of 14 June 2016, Regulations Regarding the State Information Systems' Integrator. The Centre shall transfer the information received from the Agency to the authority without interruptions in the operation of the data distribution network. The operation of the data distribution network shall mean its availability in a continuous regime:

12.1. on weekdays from 8.30 to 17.00 - not less than 99 % per month;

12.2. during the other time - not less than 97 % per month.

13. The Agency shall ensure data integrity and confidentiality in respect of requests of the authority and replies thereto.

14. The Agency, the Centre, and the credit institution shall ensure the use of such technical and organisational means and management of users which protect personal data and prevent illegal processing thereof in conformity with the requirements laid down in the field of personal data protection.

15. The credit institution and the authority are prohibited to carry out the activities which endanger information confidentiality, integrity, or accessibility, and also the activities which may cause avoiding security of the data distribution network, unjustified overload or damage thereof or which are directed thereto.

16. The Agency, the Centre, and the credit institution shall ensure that audit notes on the placement of the requests of the authority and replies thereto in the data distribution network and retrieval therefrom are kept for two years.

17. The Agency, the Centre, and the credit institution shall, on the basis of s written request of the authority, provide the audit notes referred to in Paragraph 16 of this Regulation according to the competence within 10 working days. The Agency and the Centre shall, on the basis of a written request of the credit institution, provide the audit notes referred to in Paragraph 16 of this Regulation according to the competence within 10 working days.

2.2. Data Exchange

18. In order to carry out the data exchange, the authority shall prepare the data exchange request (Annex 1) electronically in the Information System of Criminal Proceedings or another appropriate information system and, using the data distribution network, send it to the credit institution. When sending the abovementioned request, the authority shall receive an automatic notification of the data distribution network regarding acceptance of the data exchange request for execution in the credit institution. If the automatic notification is not received after sending the data exchange request, the authority shall send the abovementioned request repeatedly.

19. The authority shall place the data exchange requests in the data distribution network and retrieve replies to them from the data distribution network at any time of the day-and-night.

20. The credit institution shall retrieve the data exchange request which has been notified during the previous working day from the data distribution network not later than by the end of the next working day (23.59 o'clock). The credit institution shall immediately inform the Agency and the authority of unplanned interruptions of the operation of the data distribution network which have affected retrieval of the data exchange request from the data distribution network and, as soon as it is technically possible, retrieve the data exchange request from the data distribution network.

21. After retrieval of the data exchange request from the data distribution network, the credit institution shall place the reply to the request in the data distribution network:

21.1. if it is requested to make the data exchange on the object which is a person or account and in the amount of the account statement which does not exceed the time period of five years until the time of preparation of the data exchange request - immediately, however not later than within three working days;

21.2. if it is requested to make the data exchange on the object which is not a person or account or in the amount which exceeds the amount of the account statement, or if the account statement is requested which exceeds the time period of five years until the time of preparation of the data exchange request - within 10 working days;

21.3. if the data exchange transaction refers to the provision of data in case of transaction monitoring in the amount of an account statement (the transactions carried out) - immediately, however not later than within one working day;

21.4. if the data exchange request applies to the provision of data in case of transaction monitoring on the request for the disbursement of cash at a branch of the credit institution - until the end of the relevant working day if the application is submitted until 16.00, or until the end of the next working day if the application is submitted after 16.00.

22. If the credit institution has established content non-conformities in the data exchange request of the authority which hinder processing of the received information or identification of a person or account, it shall, within one working day, place a notification of the non-conformity established for the relevant authority in the data distribution network (in conformity with the XML schema structure).

23. The credit institution and the Centre shall ensure that the channel in the data distribution network is not overloaded.

3. Data Exchange with the Intermediation of Electronic Mail

24. If the data exchange has not been commenced in accordance with Chapter 2 of this Regulation or unplanned interruption of operation of the data distribution network has been established which cannot be rectified within one working day, the authority and the credit institution shall carry out the data exchange with intermediation of electronic mail in which transport layer security (TLS) (hereinafter - the encrypted data exchange) has been ensured.

25. In order to commence the encrypted data exchange, the authority shall, not later than one month before commencement of the encrypted data exchange, notify the credit institution of the electronic mail address of the authority to which replies to the encrypted data exchange requests should be sent (hereinafter - the contact point of the authority), using the official electronic mail address of the credit institution.

26. The credit institution shall, within five working days from the day of receipt of the notification referred to in Paragraph 25 of this Regulation, send the electronic mail address of the credit institution to which the data exchange requests should be sent (hereinafter - the contact point of the credit institution) and the given name, surname, telephone number of the contact person of the credit institution to the authority, using the contact point of the authority.

27. In order to carry out the encrypted data exchange, the authority shall prepare the data exchange request and send it to the contact point of the credit institution.

28. The credit institution shall send a reply to the data exchange request of the authority to the contact point of the authority:

28.1. if it is requested to make the data exchange on the object which is a person or account and in the amount of the account statement which does not exceed the time period of five years until the time of preparation of the data exchange request - immediately, however not later than within three working days from the day of receipt of the request;

28.2. if it is requested to make the data exchange on the object which is not a person or account or in the amount which exceeds the amount of the account statement, or if the account statement is requested which exceeds the time period of five years until the time of preparation of the data exchange request - within 10 working days from the day of receipt of the request;

28.3. if the data exchange transaction refers to the provision of data in case of transaction monitoring in the amount of an account statement (the transactions carried out) - immediately, however not later than within three working days after the transaction carried out;

28.4. if the data exchange request applies to the provision of data in case of transaction monitoring on the request for the disbursement of cash at a branch of credit institution - until the end of the relevant working day if the application is submitted until 16.00, or until the end of the next working day if the application is submitted after 16.00.

29. When carrying out the encrypted data exchange, the authority shall sign the data exchange request of the authority and the reply provided by the credit institution thereto with a secure electronic signature.

4. Data Exchange with the Intermediation of the Unit

30. If disclosure of the information on the fact of criminal proceedings or operational activities may endanger the interests of the criminal proceedings or operational activities, the authority shall turn to the Unit which ensures requesting the non-disclosable information at the disposal of the credit institution (hereinafter - the non-disclosable information) (except for the information in case of transaction monitoring) from the credit institution and transfer to the authority. Requesting and transfer of the non-disclosable information and shall take place with the intermediation of the Financial Intelligence Data Receipt and Analysis System (hereinafter - the System).

31. In order to request the non-disclosable information in the case referred to in Paragraph 30 of this Regulation, the authority shall prepare the request of the non-disclosable information (Annex 2) and send it to the Unit in the System.

32. The Unit shall, upon receipt of the request for non-disclosable information, immediately but not later than within five working days, convene a meeting of the cooperation coordination group in which the authority shall justify why disclosure of the information on the fact of the criminal proceedings or operational activities may endanger the interests of the criminal proceedings or operational activities. If the request for non-disclosable information is received from a State security institution, the Unit shall not convene a meeting of the cooperation coordination group and shall act in accordance with the procedures referred to in Sub-paragraph 33.2 of this Regulation.

33. The Unit shall, not later than within the next working day after the meeting of the cooperation coordination group on the basis of that decided at the meeting of the cooperation coordination group:

33.1. refuse to request the non-disclosable information and immediately inform the authority thereof;

33.2. process the request for non-disclosable information and prepare the request of the Unit without disclosing that the initiator of the request is the authority, and shall send it to the credit institution in the System.

34. The credit institution shall provide a reply to the request of the Unit in accordance with the procedures and within the time limit laid down in the Law on the Prevention of Money Laundering and Terrorism and Proliferation Financing.

35. The Unit shall, upon receipt of the reply of the credit institution to the request of the Unit, immediately but not later than within one working day, forward it to the authority in the System.

5. Provision of Information to the Unit and a Court in Case of Transaction Monitoring

36. A credit institution shall provide information in case of transaction monitoring:

36.1. to a court in accordance with the procedures and within the time limit referred to in Chapter 3 of this Regulation;

36.2. to the Unit in the System within the time limit referred to in Sub-paragraphs 28.3 and 28.4 of this Regulation.

6. Closing Provisions

37. The authority and the credit institution shall commence the data exchange within the scope of criminal proceedings in accordance with Chapter 2 of this Regulation not later than by 1 July 2022. From 1 July 2022, Chapter 3 of this Regulation shall be applicable to the data exchange within the scope of criminal proceedings only in the case if unplanned interruption in the operation of the data distribution network which cannot be rectified within one working day is established.

38. Cabinet Regulation No. 535 of 15 June 2010, Regulations Regarding the Procedures by which a Credit Institution shall Provide Information in Relation to a Transaction Monitoring in a Customer's Account, and Time Limits for the Provision of such Information (Latvijas Vēstnesis, 2010, No. 99), is repealed.

39. The Law shall come into force on 1 July 2021.

Prime Minister A. K. Kariņš

Minister for the Interior M. Golubeva

 

Annex 1
Cabinet Regulation No. 393
22 June 2021

Sample Form of the Data Exchange Request

		Information on the confirmation (acceptance) of a judge or the consent of a prosecutor o given name, surname, full name of the position of the judge or prosecutor o the date of confirmation (acceptance) or consent
Data exchange request No. __________ Date __________________   Name of the authority Given name, surname, position, phone number, e-mail address of the contact person of the authority OR Identification number, phone number, e-mail address of the official of the State security institution
1. Credit institution	name
	registration number
Request object (point 2, 3, or 4 to be completed)
2. Natural person (resident): ○ given name, surname ____________________________ ○ personal identity number _________________________ Natural person (non-resident): ○ given name, surname ___________________________________ ○ personal identity number (previous personal identity numbers, if any) or date of birth _________________________ ○ number of a personal identification document and name of the issuing country (if any) ___________________________ ○ other information which may help to identify the person _____________________________ Legal person: ○ name ___________________________ ○ registration number _______________________ all accounts of the person OR particular account of the person:
3. Account number (if the person is not known):
4. Other object on which data search is commenced: ○ counterfeit banknote ___________________________________________ ○ code calculator ___________________________________________ ○ payment card ___________________________________________ ○ other ___________________________________________

5. Number of the investigatory records case _______________ OR Number of criminal proceedings _________, qualification of the criminal offence ___________ OR international cooperation in the field of criminal justice
6. Law or international agreement which provides for the prohibition to inform a customer and third parties of the receipt of the request
Please:
○ provide the non-disclosable information at the disposal of the credit institution (in the past)	○ carry out transaction monitoring in an account of the customer (in the future)
○ account statement (ISO standard): from _____________ (day, month, year) to ______________ (day, month, year) ○ transaction report of a payment card: from _____________ (day, month, year) to ______________ (day, month, year) date time transaction type amount currency terminals, information identifying an automated teller machine transaction status other party to the transaction country ○ report on the online banking session connection: from _____________ (day, month, year) to ______________ (day, month, year) date time user group of activities document information channel additional information Internet protocol (IP) address ○ existence, number of the securities account: from _____________ (day, month, year) to ______________ (day, month, year) ○ information on payment cards: from _____________ (day, month, year) to ______________ (day, month, year) card number (first four, last four digits) user: resident: given name, surname personal identity number non-resident: given name, surname personal identity number or ID number, or the date of birth number of a personal identification document and name of the issuing country (if any) date of issuing the card period of validity of the card ○ information on online banking: from _____________ (day, month, year) to ______________ (day, month, year) online banking is/is not connected user of online banking: resident: given name, surname personal identity number non-resident: given name, surname personal identity number or ID number, or the date of birth number of a personal identification document and name of the issuing country (if any) user number of online banking authorisation device used by the online banking user phone number for notifications on transactions in the account ○ persons authorised to act in the credit institution: from _____________ (day, month, year) to ______________ (day, month, year) scope of the rights resident: given name, surname personal identity number non-resident: given name, surname personal identity number or ID number, or the date of birth number of a personal identification document and name of the issuing country (if any) ○ beneficial owners of a legal person: from _____________ (day, month, year) to ______________ (day, month, year) resident: given name, surname personal identity number non-resident: given name, surname personal identity number or ID number, or the date of birth number of a personal identification document and name of the issuing country (if any) ○ other data: from _____________ (day, month, year) to ______________ (day, month, year) ________________________ ________________________ ○ documents for opening an account: ________________________ ________________________ ○ documents in the customer file: ________________________ ________________________ ○ other documents: from _____________ (day, month, year) to ______________ (day, month, year) ________________________ ________________________	○ account statement (ISO standard): from _____________ (day, month, year) to ______________ (day, month, year) ○ application for disbursements of cash: from _____________ (day, month, year) to ______________ (day, month, year)

Minister for the Interior M. Golubeva

 

Annex 2
Cabinet Regulation No. 393
22 June 2021

Sample Form of the Request for Non-disclosable Information at the Disposal of a Credit Institution from the Financial Intelligence Unit of Latvia

		Information on the confirmation (acceptance) of a judge o given name, surname, full name of the position of the judge o the date of confirmation (acceptance)
Request for Non-disclosable Information at the Disposal of a Credit Institution from the Financial Intelligence Unit of Latvia   No. __________ Date ______________       Name of the authority Given name, surname, position, phone number, e-mail address of the contact person of the authority OR Identification number, phone number, e-mail address of the official of the State security institution
1. Credit institution	name
	registration number
Request object (point 2, 3, or 4 to be completed)
2. Natural person (resident): ○ given name, surname ____________________________ ○ personal identity number ____________________________ Natural person (non-resident): ○ given name, surname ____________________________ ○ personal identity number (previous personal identity numbers, if any) or date of birth ____________________________ ○ number of a personal identification document and name of the issuing country (if any) ____________________________ ○ other information which may help to identify the person Legal person: ○ name ____________________________ ○ registration number ____________________________ all accounts of the person OR particular account of the person: ____________________________________________
3. Account number (if the person is not known): ○ __________________________________________
4. Other object on which data search is commenced: ○ counterfeit banknote __________________________________________ ○ code calculator __________________________________________ ○ payment card __________________________________________ ○ other __________________________________________

5. Number of the investigatory records case __________________ OR Number of criminal proceedings _________, qualification of the criminal offence ______________________ OR international cooperation in the field of criminal justice

6. Justification why disclosing the information on the fact of criminal proceedings or operational activities may endanger the interests of the criminal proceedings or operational activities ________________________

Please:

○ Request non-disclosable information at the disposal of a credit institution (in the past)

○ account statement (ISO standard): from _____________ (day, month, year) to ______________ (day, month, year) ○ transaction report of a payment card: from _____________ (day, month, year) to ______________ (day, month, year) date time transaction type amount currency terminals, information identifying an automated teller machine transaction status other party to the transaction country ○ report on the online banking session connection: from _____________ (day, month, year) to ______________ (day, month, year) date time user group of activities document information channel additional information Internet protocol (IP) address ○ existence, number of the securities account: from _____________ (day, month, year) to ______________ (day, month, year) ○ information on payment cards: from _____________ (day, month, year) to ______________ (day, month, year) card number (first four, last four digits) user: resident: given name, surname personal identity number non-resident: given name, surname personal identity number or ID number, or the date of birth number of a personal identification document and name of the issuing country (if any) date of issuing the card period of validity of the card ○ information on online banking: from _____________ (day, month, year) to ______________ (day, month, year) online banking is/is not connected user of online banking: resident: given name, surname personal identity number non-resident: given name, surname personal identity number or ID number, or the date of birth number of a personal identification document and name of the issuing country (if any) user number of online banking authorisation device used by the online banking user phone number for notifications on transactions in the account ○ persons authorised to act in the credit institution: from _____________ (day, month, year) to ______________ (day, month, year) scope of the rights resident: given name, surname personal identity number non-resident: given name, surname personal identity number or ID number, or the date of birth number of a personal identification document and name of the issuing country (if any) ○ beneficial owners of a legal person: from _____________ (day, month, year) to ______________ (day, month, year) resident: given name, surname personal identity number non-resident: given name, surname personal identity number or ID number, or the date of birth number of a personal identification document and name of the issuing country (if any) ○ other data: from _____________ (day, month, year) to ______________ (day, month, year) ____________________________________ ____________________________________ ○ documents for opening an account: ____________________________________ ____________________________________ ○ documents in the customer file: ____________________________________ ____________________________________ ○ other documents: from _____________ (day, month, year) to ______________ (day, month, year) ____________________________________ ____________________________________

Minister for the Interior M. Golubeva

---

Translation © 2023 Valsts valodas centrs (State Language Centre)