Banking Supervision And Criminal Investigation: Comparing The EU And US Experiences 3030121607, 9783030121600, 3030121615, 9783030121617

Table of contents :
Contents......Page 6
Abbreviations......Page 9
Chapter 1: Introduction......Page 12
References......Page 16
Part I: Mapping the Boundaries of an Intricate Playing-Field......Page 17
Chapter 2: Finding the Way in a Complex Multi-Level Legal Framework......Page 18
2.1 The Definition of “Bank” and “Financial Institution”......Page 19
2.2 Criminal Liability of Legal Persons: A Brief Overview......Page 29
2.3 The Interaction Between Administrative and Criminal Matter......Page 33
2.3.1 Managing the Risk of Transnational Bis in idem: Double Jeopardy Clause in the US Federal Legal System......Page 40
2.3.2 Ne Bis In Idem Protection in the European Convention on Human Rights......Page 50
2.3.3 Enforcing the Principle of Ne Bis In Idem in the EU......Page 59
2.3.4 Gathering Information Within Multi-Disciplinary Cooperation Networks......Page 75
2.4 Methodology: Transversal Comparative Approach Applied to a Complex and Hybrid Legal Framework......Page 80
References......Page 83
Chapter 3: Strengthening Financial Investigation and Supervision at the International Level......Page 93
3.1 The Essential Role of Self-Regulatory Bodies......Page 94
3.2 The Financial Action Task Force: Administrative Financial Supervision and Criminal Investigative Measures......Page 97
3.3 Financial Intelligence Units and the Egmont Group......Page 101
3.4 Ensuring Common Standards Against Financial Crime at Regional Level: The Council of Europe......Page 106
3.5 Ensuring Effective Banking Oversight: The Basel Committee on Banking Supervision......Page 108
References......Page 113
Part II: Criminal Profiles in Banking Supervision......Page 115
Chapter 4: The Institutional Design of EU Banking Supervision......Page 116
4.1 From the Financial Crisis to the Banking Union......Page 117
4.2 The European Supervisory Authorities......Page 122
4.3 Sanctioning Powers in the Single Rulebook: Relevant Provisions of the IV and V Capital Requirement Directive......Page 125
4.4 Banking Supervision in the Eurozone: The Single Supervisory Mechanism......Page 128
4.4.1 SSM Supervisory Powers......Page 134
4.4.2 SSM Sanctioning Powers......Page 137
4.4.3 SSM Investigations and Procedures......Page 144
References......Page 150
5.1 Collapse of a System: Deregulation and Financial Crisis in a Complex Supervisory Framework......Page 154
5.2 The Federal Reserve......Page 158
5.3 Other US Regulatory Agencies (FDIC, OCC, SEC)......Page 160
5.4 The 2010 Dodd-Frank Act: Impact and Waves of Counter-Reform......Page 163
References......Page 164
Chapter 6: The Hybrid Nature of Banking Supervision......Page 167
6.1 Banking Supervision and the BCBS Core Principles: Defining Effective Supervisory Models?......Page 168
6.1.1 Independence and Accountability of Banking Supervisors......Page 171
6.1.2 Dissemination of Collected Information and Investigative Overlapping in the US Regulatory Framework......Page 180
6.1.3 Dissemination of Collected Information Within the Single Supervisory Mechanism: Overview of Main Critical Issues......Page 183
6.2 Banking Supervisory Sanctions in the EU: A New Field of Criminal Law?......Page 190
6.3 Fair Trial Guarantees and Banking Supervision: The Right to an Independent Tribunal......Page 203
6.3.1 The Right to an Impartial Tribunal......Page 208
6.3.2 The Principle of Equality of Arms: Right to Be Heard, and Right of Access to Files......Page 213
6.3.3 Right to a Full Judicial Review......Page 225
6.3.4 Right of Legal Assistance and Right to a Public Hearing......Page 237
6.3.5 The Privilege Against Self-Incrimination......Page 241
6.3.6 The Right to Remain Silent in the SSM Legal Framework......Page 263
6.3.7 The Protection from Bis In Idem......Page 271
Scenario (i)—SSM and National Judicial Authorities......Page 273
Scenario (iii)—SSM and NCAs......Page 275
Scenario (v)—Potentially Critical Profiles Originated Within the SSM......Page 276
References......Page 277
Part III: Banking Criminal Investigations......Page 288
Chapter 7: Real-Time Monitoring of Banking Data: State of Play......Page 289
7.1 Banking Investigative Techniques and the Residual Role of Bank Secrecy Law......Page 290
7.2 Measures (i) and (ii): Access to Banking Information and Past Transactions......Page 295
7.3 Measures (iii): Real-time Monitoring of Banking Data......Page 299
7.4 Measures (iv): Freezing of Banking Accounts (Brief Overview)......Page 303
7.5 Real-time Monitoring of Banking Data in the EU......Page 304
7.6 Real-time Monitoring of Banking Data in the US......Page 312
Relevance Court Order......Page 313
Articulable Facts Court Order......Page 314
7.6.2 Judicial or Grand Jury Subpoena......Page 315
Grand Jury Subpoena......Page 316
7.6.3 Administrative Subpoena or Summons......Page 317
7.6.4 Probable Cause Search Warrant......Page 318
References......Page 325
8.1 Identifying the Fundamental Right(s) Affected by Real-Time Monitoring of Digital (Banking) Data......Page 330
8.2 Defining Procedural Rules for the Surveillance of Personal (Banking) Data......Page 342
8.3 Right to an Effective Remedy: The Authority in Charge of Real-Time Monitoring of Banking Records......Page 355
References......Page 358
Chapter 9: Conclusion......Page 361
9.1 The Compliance with Fair Trial Rights in the Single Supervisory Mechanism......Page 363
9.2 The Protection of Fundamental Rights (Right to Privacy) in the Surveillance on Personal (Banking Digital) Data......Page 366

Citation preview

Comparative, European & International Criminal Justice 1

Banking Supervision and Criminal Investigation Comparing the EU and US Experiences

Giulia Lasagni

Comparative, European and International Criminal Justice Volume 1

Editor-in-Chief Roberto E. Kostoris, University of Padua, Padua, Italy Series Editors Mirjan Damaška, Yale University, New Haven, USA Juan Luis Gómez Colomer, Jaume I University, Castellón de la Plana, Spain Giulio Illuminati, University of Bologna, Bologna, Italy John Jackson, University of Nottingham, Nottingham, UK Bruce Smith, University of Denver, Denver, USA Mark A. Zöller, University of Trier, Trier, Germany Advisory Editors Lorena Bachmaier Winter, Complutense University of Madrid, Madrid, Spain Marta Bargis, University of Eastern Piedmont Amedeo Avogadro, Vercelli, Italy Silvia Barona Vilar, University of Valencia, Valencia, Spain Mireille Delmas-Marty, Collège de France, Paris, France Emilio Dolcini, University of Milan, Milan, Italy Piotr Hofmański, International Criminal Court, The Hague, The Netherlands Maria Kaiafa-Gbandi, Aristotle University of Thessaloniki, Thessaloniki, Greece André Klip, Maastricht University, Maastricht, The Netherlands Raimo Lahti, University of Helsinki, Helsinki, Finland Renzo Orlandi, University of Bologna, Bologna, Italy Francesco Palazzo, University of Florence, Florence, Italy Viorel Pașca, West University of Timișoara, Timișoara, Romania Paulo Pinto de Albuquerque, European Court of Human Rights, Strasbourg, France Ulrich Sieber, Max Planck Institute for Foreign and International Criminal Law, Freiburg, Germany John A. E. Vervaele, Utrecht University, Utrecht, The Netherlands Anne Weyembergh, Université Libre de Bruxelles, Brussels, Belgium James Q. Whitman, Yale University, New Haven, USA Raúl Zaffaroni, Inter-American Court of Human Rights, San José, Costa Rica Associate Editors Michele Caianiello, University of Bologna, Bologna, Italy Marcello Daniele, University of Padua, Padua, Italy Michele Papa, University of Florence, Florence, Italy Pier Paolo Paulesu, University of Padua, Padua, Italy

This book series focuses on criminal justice from multiple perspectives. In particular, it addresses three main areas: –– Comparative issues, including historical ones, in order to highlight the common roots of criminal justice in common and civil law systems, both past and present. –– European issues, in order to raise awareness of the link between national and transnational levels, in the perspective of the European Union law and the European Convention on Human Rights law, in the area of criminal justice, namely focusing on the protection of fundamental rights and on judicial and police cooperation. –– International issues, namely those related to the functioning of the International Criminal Court and of the other international criminal tribunals, but also in regard to international human rights courts. The book series addresses the phenomenon of criminal justice with a particular, but not exclusive, focus on procedural aspects, from a multidisciplinary perspective – an essential approach in today’s globalized world. It provides academic readers with authoritative and timely debates on the emerging issues of criminal justice, and also offers judges and lawyers useful indications and suggestions. More information about this series at http://www.springer.com/series/16095

Giulia Lasagni

Banking Supervision and Criminal Investigation Comparing the EU and US Experiences

Giulia Lasagni University of Bologna Bologna, Italy

ISSN 2524-4558     ISSN 2524-4566 (electronic) Comparative, European and International Criminal Justice ISBN 978-3-030-12160-0    ISBN 978-3-030-12161-7 (eBook) https://doi.org/10.1007/978-3-030-12161-7 © Springer International Publishing Switzerland and G. Giappichelli Editore 2019 This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. The publisher, the authors, and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, express or implied, with respect to the material contained herein or for any errors or omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in published maps and institutional affiliations. This Springer imprint is published by the registered company Springer Nature Switzerland AG. The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland

Contents

1 Introduction ����������������������������������������������������������������������������������������������    1 References ��������������������������������������������������������������������������������������������������    5 Part I Mapping the Boundaries of an Intricate Playing-Field 2 Finding the Way in a Complex Multi-Level Legal Framework ������������    9 2.1 The Definition of “Bank” and “Financial Institution” �����������������������   10 2.2 Criminal Liability of Legal Persons: A Brief Overview ��������������������   20 2.3 The Interaction Between Administrative and Criminal Matter ����������   24 2.3.1 Managing the Risk of Transnational Bis in idem: Double Jeopardy Clause in the US Federal Legal System ������������������   31 2.3.2 Ne Bis In Idem Protection in the European Convention on Human Rights ��������������������������������������������������������������������   41 2.3.3 Enforcing the Principle of Ne Bis In Idem in the EU  ������������   50 2.3.4 Gathering Information Within Multi-Disciplinary Cooperation Networks ������������������������������������������������������������   66 2.4 Methodology: Transversal Comparative Approach Applied to a Complex and Hybrid Legal Framework ��������������������������������������   71 References ��������������������������������������������������������������������������������������������������   74 3 Strengthening Financial Investigation and Supervision at the International Level  ������������������������������������������������������������������������   85 3.1 The Essential Role of Self-Regulatory Bodies ����������������������������������   86 3.2 The Financial Action Task Force: Administrative Financial Supervision and Criminal Investigative Measures  ����������������������������   89 3.3 Financial Intelligence Units and the Egmont Group ��������������������������   93 3.4 Ensuring Common Standards Against Financial Crime at Regional Level: The Council of Europe ����������������������������������������   98 3.5 Ensuring Effective Banking Oversight: The Basel Committee on Banking Supervision  ��������������������������������������������������������������������  100 References ��������������������������������������������������������������������������������������������������  105

v

vi

Contents

Part II Criminal Profiles in Banking Supervision 4 The Institutional Design of EU Banking Supervision ����������������������������  109 4.1 From the Financial Crisis to the Banking Union ��������������������������������  110 4.2 The European Supervisory Authorities ����������������������������������������������  115 4.3 Sanctioning Powers in the Single Rulebook: Relevant Provisions of the IV and V Capital Requirement Directive  ��������������������������������  118 4.4 Banking Supervision in the Eurozone: The Single Supervisory Mechanism  ����������������������������������������������������������������������������������������  121 4.4.1 SSM Supervisory Powers  ������������������������������������������������������  127 4.4.2 SSM Sanctioning Powers ��������������������������������������������������������  130 4.4.3 SSM Investigations and Procedures ����������������������������������������  137 References ��������������������������������������������������������������������������������������������������  143 5 The US Regulatory Framework of Banking Supervision ���������������������  147 5.1 Collapse of a System: Deregulation and Financial Crisis in a Complex Supervisory Framework ����������������������������������������������  147 5.2 The Federal Reserve ��������������������������������������������������������������������������  151 5.3 Other US Regulatory Agencies (FDIC, OCC, SEC) ��������������������������  153 5.4 The 2010 Dodd-Frank Act: Impact and Waves of Counter-Reform  ����������������������������������������������������������������������������  156 References ��������������������������������������������������������������������������������������������������  157 6 The Hybrid Nature of Banking Supervision ������������������������������������������  161 6.1 Banking Supervision and the BCBS Core Principles: Defining Effective Supervisory Models? ����������������������������������������������������������  162 6.1.1 Independence and Accountability of Banking Supervisors  ����������������������������������������������������������������������������  165 6.1.2 Dissemination of Collected Information and Investigative Overlapping in the US Regulatory Framework ����������������������  174 6.1.3 Dissemination of Collected Information Within the Single Supervisory Mechanism: Overview of Main Critical Issues ��������������������������������������������������������������������������  177 6.2 Banking Supervisory Sanctions in the EU: A New Field of Criminal Law? ��������������������������������������������������������������������������������  184 6.3 Fair Trial Guarantees and Banking Supervision: The Right to an Independent Tribunal ����������������������������������������������������������������  197 6.3.1 The Right to an Impartial Tribunal  ����������������������������������������  202 6.3.2 The Principle of Equality of Arms: Right to Be Heard, and Right of Access to Files  ��������������������������������������������������  207 6.3.3 Right to a Full Judicial Review ����������������������������������������������  219 6.3.4 Right of Legal Assistance and Right to a Public Hearing  ����������������������������������������������������������������������������������  231 6.3.5 The Privilege Against Self-Incrimination  ������������������������������  235

Contents

vii

6.3.6 The Right to Remain Silent in the SSM Legal Framework ������������������������������������������������������������������������������  257 6.3.7 The Protection from Bis In Idem ��������������������������������������������  265 References ��������������������������������������������������������������������������������������������������  271 Part III Banking Criminal Investigations 7 Real-Time Monitoring of Banking Data: State of Play  ������������������������  285 7.1 Banking Investigative Techniques and the Residual Role of Bank Secrecy Law  ��������������������������������������������������������������������������������������  286 7.2 Measures (i) and (ii): Access to Banking Information and Past Transactions ����������������������������������������������������������������������������������������  291 7.3 Measures (iii): Real-time Monitoring of Banking Data  ��������������������  295 7.4 Measures (iv): Freezing of Banking Accounts (Brief Overview) ��������������������������������������������������������������������������������  299 7.5 Real-time Monitoring of Banking Data in the EU  ����������������������������  300 7.6 Real-time Monitoring of Banking Data in the US  ����������������������������  308 7.6.1 Court Order ����������������������������������������������������������������������������  309 7.6.2 Judicial or Grand Jury Subpoena ��������������������������������������������  311 7.6.3 Administrative Subpoena or Summons ����������������������������������  313 7.6.4 Probable Cause Search Warrant ����������������������������������������������  314 References ��������������������������������������������������������������������������������������������������  321 8 Introducing a Regulation on (Banking) Data Surveillance in the EU: Some Proposals  ����������������������������������������������������������������������  327 8.1 Identifying the Fundamental Right(s) Affected by Real-­Time Monitoring of Digital (Banking) Data �����������������������������������������������  327 8.2 Defining Procedural Rules for the Surveillance of Personal (Banking) Data  ����������������������������������������������������������������������������������  339 8.3 Right to an Effective Remedy: The Authority in Charge of Real-Time Monitoring of Banking Records ����������������������������������  352 References ��������������������������������������������������������������������������������������������������  355 9 Conclusion  ������������������������������������������������������������������������������������������������  359 9.1 The Compliance with Fair Trial Rights in the Single Supervisory Mechanism  ����������������������������������������������������������������������������������������  361 9.2 The Protection of Fundamental Rights (Right to Privacy) in the Surveillance on Personal (Banking Digital) Data ������������������������������  364

Abbreviations

States AT Austria BE Belgium BG Bulgaria HR Croatia CY Cyprus CZ Czech Republic DK Denmark EE Estonia FI Finland FR France DE Germany HU Hungary IE Ireland IT Italy LV Latvia LT Lithuania LU Luxembourg MT Malta NL The Netherlands PL Poland PT Portugal RO Romania SK Slovakia SI Slovenia ES Spain SE Sweden UK United Kingdom US United States ix

x

Abbreviations

Other Abbreviations ABoR ACHR AML BCFP BHC BRRD BSA BU CFMA CFREU CFT CJEU CONSOB CRA CRD CRR DOJ DGS EBA ECB ECHR ECtHR EDIS EIO EIOPA EPPO ESA ESFS ESMA FATF FBI FDIC Fed. R. Crim. P. Fed. Res. FFIEC FinCEN FIU FSB FSOC GRECO HOSSP IT

Administrative Board of Review American Convention on Human Rights Anti-Money Laundering Bureau of Consumer Financial Protection Bank Holding Company Banking Recovery and Resolution Directive Bank Secrecy Act Banking Union Commodity Futures Modernization Act Charter of Fundamental Rights of the European Union Countering the Financing of Terrorism Court of Justice of the European Union Commissione Nazionale per le Società e la Borsa Community Reinvestment Act Capital Requirements Directive Capital Requirements Regulation Department of Justice Deposit Guarantee Scheme European Banking Authority European Central Bank European Convention on Human Rights European Court of Human Rights European Deposit Insurance Scheme European Investigation Order European Insurance and Occupational Pensions Authority European Public Prosecutor’s Office European Supervisory Authority European System of Financial Supervision European Securities and Markets Authority Financial Action Task Force Federal Bureau of Investigation Federal Deposit Insurance Corporation Federal Rules of Criminal Procedure Federal Reserve Federal Financial Institutions Examination Financial Crimes Enforcement Network Financial Intelligence Unit Financial Stability Board Financial Stability Oversight Council Group of States Against Corruption Hawala and Other Similar Service Providers Information Technology

Abbreviations

JIT JST MONEYVAL

xi

Joint Investigation Teams Joint Supervisory Team Committee of Experts on the Evaluation of Anti-Money Laundering Measures and the Financing of Terrorism NCA National Competent Authority NRA National Resolution Authority OCC Office of the Comptroller of the Currency OLAF Office européen de Lutte Antifraude OTS Office of Thrift Supervision SAR Suspicious Activity Report SCA Stored Wire and Electronic Communications and Transactional Records Access Act SEC Securities and Exchange Commission SRF Single Resolution Fund SRM Single Resolution Mechanism SSM Single Supervisory Mechanism SSM FR SSM Framework Regulation SSM R SSM Regulation TBTF Too-Big-To-Fail UFIRS Uniform Financial Institutions Rating System UN United Nations USA PATRIOT ACT Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act USSC US Supreme Court

Chapter 1

Introduction

Financial transactions are a crucial element in the undertaking of criminal investigations, especially (but not exclusively) in their increasingly globalized dimension. Access to banking records and following the financial paper (or today, rather digital) trail have become imperative operations to effectively combat quite an extensive range of offences, starting from the very core from which financial investigative techniques have been developed—mainly money laundering, organised crime and terrorist financing—and progressively involving other forms of serious crimes, such as corruption, tax fraud, obstruction of public procurement or grant procedures, market abuse, human trafficking, or cybercrime. Often carried out in parallel to traditional fact-finding criminal inquiries, financial investigations consists in those techniques which allow to chase the “movement of money during the course of criminal activity” (i.e. when the money is received, where it is stored or deposited),1 and to identify and trace beneficiaries, as well as the material benefit acquired (also through third persons) by the criminal offence.2 Dealing today with banking investigations and financial investigative techniques, however, means dealing with much more extended implications than it perhaps entailed only a few decades ago. Indeed, financial transactions are regularly carried out on a globalized dimension, while the development of financial investigative techniques is still far from being characterized by an adequate level of commonality at transnational level, and rules and regulations are still highly varying from country to country. Financial investigations, therefore, currently represent a forefront arena—both at the national, and at the international level—where fundamental rights are remarkably and increasingly tested in their capability to keep pace with the development of

 FATF (2012), p. 3.  Golobinek (2006), p. 7; AA.VV. (1988); Adinolfi et al. (2006); Flick (1988).

1 2

© Springer International Publishing Switzerland and G. Giappichelli Editore 2019 G. Lasagni, Banking Supervision and Criminal Investigation, Comparative, European and International Criminal Justice 1, https://doi.org/10.1007/978-3-030-12161-7_1

1

2

1 Introduction

digital technology, the existence of multi-level systems, and an extended use of administrative punitive powers.3 This supranational dimension is even more evident once considering that banking records are today mostly represented by digital data, the treatment of which is often not only lacking common standards, but also deficient within a fair number of national legal systems.4 Moving from these assumptions, the developing of banking investigation has ultimately come across an unprecedented degree of debate and discussion at academic, legislative and (progressively) judicial level, whose results are likely to influence criminal law and procedure far beyond the mere field of financial crimes. Two in particular are the cutting-edge profiles where, in the last few years, traditional banking criminal investigations are increasingly and irretrievably challenged in their national-based, analogous and mono-disciplinary dimension: The conferral to administrative (often supranational) supervisors of severe punitive powers of potentially criminal nature, and the application of intrusive surveillance criminal investigative techniques, like the real-time monitoring of banking records, often in lack of adequate fair trial guarantees. In a comparative perspective between the EU and the US, this work examines both profiles driven by two leading questions: (a) What is in this field a balance between the need to fight crimes and that of protecting human fundamental rights which can be fairly accepted in a democratic society?, and (b) under this perspective, is the current legal framework in the EU adequate? If not, what can be done about it? Under the first profile, the notable investigating and above all sanctioning powers applicable by supranational banking regulators has opened a series of critical issues on the independency and accountability of such supervisors in the field of banking investigations, and, especially in Europe, also on the substantial (administrative or criminal) nature of supervisory penalties, due to the autonomous and non-­formalistic approach developed for the definition of matière a coloration pénale by the European Court of Human Rights and the Court of Justice.5 Under the second profile, digital technical development and massive production of data are increasingly leading to integrate legal sources imposing reporting obligations of suspicious activities upon credit institutions,6 with forms of real-time or  Bradley (2014), 271 et seq.  Cf. Sect. 7.5–7.6. 5  Which will be analysed in Part II of this work (Chaps. 4, 5, and 6). 6  Periodical reporting obligations–generally addressed towards relevant supervising administrative regulators, or if the irregularities reasonably show hints of undergoing criminal activity, extended also towards judicial or law-enforcement authorities–are imposed both in the US (by the Currency and Foreign Transactions Reporting Act of 1970, commonly referred to as the “Bank Secrecy Act” or “BSA,” P.L. 91-508, codified at: 31 U.S.C. § 5311-5314e, 5316-5331, 5332e; 12 U.S.C. § 1829b, 1951-1959e) and in the EU (by the AML/CFT Directive, recently approved in its fifth version, see Directive (EU) 2018/843 of 30.05.2018 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing). While the existence of reporting obligations is a firmly established reality in most countries against money laundering, or financing 3 4

1 Introduction

3

surveillance techniques more consistent with the non-linear structure of our globalised society (also in its criminal dimensions). Analysing in which cases, and under which conditions, real-time monitoring of banking records may apply, represents today both a fundamental step for the development of banking criminal investigations against the need to protect fundamental rights like the right to privacy, and a task which cannot be further postponed: Indeed, while legal scholars and international actors are debating about the legitimacy of the use of these highly intrusive surveillance measures, the latter are already applied, with uncertain legal basis, in numerous countries by prosecutors, law-enforcement and—with different but not less worrying implications—several private commercial companies.7 To examine such complex, but at the same time crucial topics and trying to answer to the two aforementioned leading questions, this work is structured as follows. Part I (Chaps. 2 and 3) lays the foundation for the following analysis developed in Part II and III. Chapter 2 maps the boundaries of the matter under examination, identifying some bedrocks which will be a constant reference in the examination on the compliance of the European Central Bank’s investigative and sanctioning powers with fair trial rights, and on the protection of privacy and defence rights in real-time monitoring of banking records. These fundamental issues first concern the very definition of “financial institution”, a step especially relevant in an age of service dematerialization, where the assets of financial non-banking credit activities (the so-called “shadow banking”) already represents “about half the size of the regulated banking system”.8 Moreover, in the financial field (but increasingly in other relevant areas too, such as privacy, or environmental protection) applicable legal bases are today often produced by multiple actors, which differ from each other in their origin (independent, governmental) and nature (administrative, judicial, hybrid), and which have different, and though frequently overlapping investigative, regulatory and enforcement powers. These actors compose a legal framework whose complexity shall be taken in due account in any legal analysis on banking investigation. In this sense, a special focus will be put on the efficiency of multi-disciplinary cooperation networks, and the transnational application of the ne bis in idem principle.

of terrorism, the possibility of extending their scope to investigate over other criminally relevant transnational conducts, such as tax frauds or cybercrime, is still highly controversial. 7  Which will be analysed in Part III of this work (Chaps. 7 and 8). 8  In 2012 they “accounted for EUR 53 trillion, mainly concentrated in Europe (around EUR 23 trillion) and in the United States (around EUR 19.3 trillion)”, cf. European Commission, Explanatory Memorandum-Proposal for a Regulation of the European Parliament and of the Council on reporting and transparency of securities financing transactions, Brussels, 29.1.2014 COM(2014) 40 final, p. 1. The Financial Stability Board (FSB) defines the shadow banking system as “credit intermediation involving entities and activities (fully or partially) outside the regular banking system”, cf. FSB (2014); see also Weber et al. (2014), p. 171 et seq.

4

1 Introduction

Chapter 3 proposes a recollection of the main actors active in the field of financial and banking investigations at the international level, whose powers are ­particularly relevant for the development of policies of financial criminal justice in the EU and in the US, such as the Financial Action Task Force, and the Basel Committee on Banking Supervision. This will help tracing the general framework from which most domestic financial regulations derive, and identifying the fundamental parameters that banking oversight mechanisms shall maintain in compliance with. Part II (Chaps. 4, 5 and 6) analyses the criminally relevant profiles of banking supervision in the EU and in the US. Chapter 4 illustrates the main legal and institutional changes brought in the Eurozone by the Banking Union, with a specific focus on the banking investigating and sanctioning powers conferred since late 2014 to the Single Supervisory Mechanism, as part of the European Central Bank. In particular, it will be analysed the possibility for this Mechanism to impose punitive penalties, and the extent of the applicable procedural rules and safeguards. In a comparative perspective, Chap. 5 delineates the main traits of the US banking supervisory system after the last financial crisis, illustrating relevant competent authorities, as well as their investigative and sanctioning powers. In Chap. 6, the status, organization and powers of the US and EU supervisory authorities are analysed, first against the Basel Committee’s Core Principles, with special attention to the rules requiring independence and accountability, as well as effectiveness in cooperation and exchange of information. These profiles indeed result extremely meaningful also under a criminal law perspective, since their violation may already undermine at the very bases the possibility for banking supervisors to comply with fair trial guarantees. The substantive nature of the penalties imposable by the Single Supervisory Mechanism is then analysed in light of the Engel case-­law, as developed by the Court in Strasbourg and applied by the Court of Justice. Following the assumption that a significant part of those sanctions shall be recognized a punitive nature, the Chapter analyses the fairness of the SSM sanctioning proceedings in light of the fundamental fair trial rights established by the Charter of Fundamental Rights of the European Union and by the European Convention on Human Rights, highlighting potential profiles of structural non-compliance. Lastly, Part III (Chaps. 7 and 8) examines the theme of banking criminal investigations, and in particular of surveillance or real-time monitoring of banking data. Chapter 7 deals with the theme of criminal banking investigations, identifying different investigative measures and focusing in particular on real-time monitoring of banking data. In the Chapter, it is argued why establishing a proper regulation on the matter is increasingly necessary, especially in the banking and financial sector, where currently fundamental rights pay for the lack of adequate legal basis. To explain so, a reconstruction of the (scarce) applicable legal basis for this investigative technique will be provided with regard to both the EU and the US legal systems. Against the composite framework, Chap. 8 concludes the present work, introducing some proposals on the key features that should characterize an EU regulation on banking data surveillance, starting from the identification of the fundamental

References

5

rights at stake, above all, the right to privacy. Accordingly, basic procedural standards and safeguards are highlighted, that shall apply when such surveillance techniques are implemented (at least) in criminal proceedings, including considerations over which authority should authorize the use of real-time monitoring of banking records.

References AA.VV. (1988) Metodologie e Strumenti per le indagini bancarie e patrimoniali, Trevi 4-5-6 dicembre 1987, in Quad. C.S.M., anno 3, n. 19, ottobre 1988 Adinolfi M, Di Gregorio C, Mainolfi G (2006) Le Transazioni Finanziarie Sospette e il Contrasto al Terrorismo: Controlli e Adempimenti. Bancaria Editrice, Roma Bradley C (2014) Breaking up is hard to do: the interconnection problem in financial markets and financial regulation, a European (banking) union perspective. Tex Int’I LJ 49:271–295 FATF (2012) Operational issues  - financial investigations guidance, July 2012. http://www. fatf-gafi.org/media/fatf/documents/reports/Operational%20Issues_Financial%20investigations%20Guidance.pdf. Accessed 15 July 2018 Flick GM (1988) Informazione bancaria e giudice penale. Presupposti di disciplina. Problemi e prospettive, in Banca e Borsa 4-5:441–472 FSB (2014) Transforming shadow banking into resilient market-based financing, an overview of progress and a roadmap for 2015, 14 November 2014. http://www.fsb.org/wp-content/uploads/ shadow_banking_overview_of_progress_2015.pdf. Accessed 15 July 2018 Golobinek R (2006) Financial investigations and confiscation of proceeds from crime. Council of Europe - training manual for law enforcement and judiciary, August 2006. https://rm.coe. int/16806ef391. Accessed 15 July 2018 Weber RH, Arner DW, Gibson EC, Baumann S (2014) Addressing systemic risk: financial regulatory design. Tex Int’I LJ 49:149

Part I

Mapping the Boundaries of an Intricate Playing-Field

Chapter 2

Finding the Way in a Complex Multi-Level Legal Framework

It is not unlikely for a criminal-law jurist who approaches the matter of banking and  financial investigation for the first time to report an impression of mild bewilderment. Indeed, although representing a vital and extremely relevant part of criminal investigations, as shown for instance, by the last financial crisis, several are the profiles in this field which venture beyond the boundaries of traditional criminal law and procedure. Due to the globalization of financial services, dealing with banking investigations today means dealing not only with the rules established in this matter under criminal law, but also under banking, financial and administrative regulation: It is in fact precisely in these sectors that suspicions of a crime or information that often become crucial evidence in criminal proceedings are first identified and collected. Such an approach becomes then pivotal in those legal contexts, like the EU, where against a broad definition of “criminal matter”1 complex supervisory and sanctioning powers are into place.2 This (to date) unavoidable entanglement is further complicated by the fact that this matter is no longer regulated exclusively, or even mostly by national legislation or case-law, but involves the contemporary action of several international and supranational bodies in the definition of the applicable legal basis. To find the way in this intricate legal labyrinth, it is therefore necessary to start this work mapping the boundaries of the matter under examination, and identifying some bedrocks which will be a constant reference in the following analysis, concerning the compliance of the new European Central Bank’s investigative and sanctioning powers with fair trial rights, and the protection of privacy and defence rights in real-time monitoring of banking records.  See below, Sect. 2.3.  Cf., e.g., Franssen and Ligeti (2017), p. 1 et seq.

1 2

© Springer International Publishing Switzerland and G. Giappichelli Editore 2019 G. Lasagni, Banking Supervision and Criminal Investigation, Comparative, European and International Criminal Justice 1, https://doi.org/10.1007/978-3-030-12161-7_2

9

10

2  Finding the Way in a Complex Multi-Level Legal Framework

In order to do so, the Chapter proceeds as follows: Sect. 2.1 circumscribes the scope of the research, selecting—in the vast panorama of financial operators—those which will be analysed further in the inquiry over the new frontiers of banking investigations. To this aim, clarifications will be provided on the difference existing between financial and credit institutions, and on the increasingly prominent role played by alternative forms of financing, such as e-currency or Hawala. Section 2.2 offers a brief recollection of the state of play concerning criminal liability of legal persons in the EU and in the US. Although not being the main subject of this work, status of legal entities—that highly varies according to national rules and legislation—represents a necessary basis to be considered in banking investigations, especially when it comes to define the procedural rights (that should be) recognized to these subjects. Section 2.3 explains the (by now unavoidable) interaction between administrative and criminal matters, a trend that increasingly requires dealing with administrative forms of investigation and sanctioning, such as banking supervision, also under a criminal law perspective. In this sense, the analysis deals with two general phenomena whose weight in shaping any form of national and international criminal policy (including the definition and attribution of specific financial investigative powers) is increasingly-growing: The often-unpredictable role of cooperation networks, and the persistent failure to find a shared and effective management of the risks deriving from violations of the principle of ne bis in idem. Lastly, Sect. 2.4 presents the methodology and the comparative approach applied in the research, explaining the peculiarities of carrying out a comparative analysis including multi-level legal orders and especially the EU, a system whose potentially federal legal structure is still a work in progress.

2.1  The Definition of “Bank” and “Financial Institution” A first step to circumscribe the target of this research is to define which are the subjects involved in banking inquiries, beginning with an investigation on the very concepts of “credit institution” (or “bank”), and “financial institution”. These terms, in fact, are given specific technical meanings that differ according to the legal order involved: In the EU and in the US, in particular, the notion of “financial institution” is only partially overlapping. For instance, while in the US the definition includes also public institutions when exercising powers related to a series of listed financial businesses, both at the federal and at local level,3 a similar provision is not provided for in the EU legislation, which takes into account only the private sector. In most cases, however, these notions do not enjoy stable boundaries at the domestic level either, where the concepts of “bank” and “financial institution” have notably changed and extended during the last century, not always, as will be  31 U.S.C. § 5312(2), lett. (W).

3

2.1  The Definition of “Bank” and “Financial Institution”

11

described, in a way fully coherent with the risks and the evolution of the financial markets. These caveats are relevant not only for academic reasons, but also—and ­especially—because they influence the choice on the concrete regulation applicable to a certain legal entity, and thus (among others) the latter’s legal obligations, and profiles of administrative and/or criminal liability. The classification of a legal entity as “credit” or “financial” institution is also often decisive to identify under the competence of which public authorities a certain financial operator falls within, and, accordingly, which is the kind and the extent of the investigative and/or supervisory powers that may be exercised against it. In this sense, starting from a “traditional” situation in which the financial system was mainly identified in banking-networking, and the most popular investigative techniques were represented by search and production orders, it could be observed that most regulations approved in the last decades in financial criminal matter, such as those concerning Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT),4 transnational fraud,5 or market abuse,6 increasingly tend to expand their scope over both financial and credit institutions (in those contexts in which the latter are not included in the first category), to face the increasing dematerialization, globalisation and fragmentation of the financial markets. At the same time, the extent of the subjective scope and of the goal pursued by such regulations often led to conferring (or requiring to confer) to competent authorities identified at the internal level (not necessarily in judicial or law-enforcement bodies) relevant intrusive investigating powers not yet recognized, or not yet clearly classified in national criminal systems, like real-time monitoring (or surveillance) measures.7 In the EU, statutory notions of “credit” and “financial institutions” are provided for by Regulation No 575/2013, better known as Capital Requirements Regulation (CRR) recently amended by its second version (CRR II—today only partially entered into force). CRR represents, together with Directive 2013/36/EU (or Fourth Capital Requirement Directive-CRD IV also recently amended in its fifth version, not yet into force),8 a relevant part of the Single Rulebook, the legislative text 4  That is, for instance, the case of the Council of Europe Convention on Laundering, Search, Seizure and Confiscation of the Proceeds from Crime and on the Financing of Terrorism (CETS 198, Warsaw, 16.05.2005), or of the EU AML directives (see Directive 2018/843, “5th AML Directive”). 5  Directive (EU) 2017/1371 of 5.07.2017 on the fight against fraud to the Union’s financial interests by means of criminal law (hereinafter “PIF Directive”). 6  Directive 2014/57/EU of 16.04.2014 on criminal sanctions for market abuse (hereinafter “II Market Abuse Directive”), and Regulation (EU) No 596/2014 of 16.04.2014 on market abuse (hereinafter “Market Abuse Regulation”). 7  Cf. Tricot and Martìn (forthcoming). The analysis of the critical issues concerning real-time monitoring of banking data in the EU and in the US is carried out below in Chaps. 7 and 8. 8  Regulation (EU) No 575/2013 of 26.06.2013 on prudential requirements for credit institutions and investment firms and amending Regulation (EU) No 648/2012 (hereinafter “CRR”), and Directive 2013/36/EU of 26.06.2013 on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms (hereinafter “CRD IV”). CRD IV was

12

2  Finding the Way in a Complex Multi-Level Legal Framework

s­ tanding at the core of the Banking Union project.9 According to CRR, financial operators are differentiated following the type of pursued financial activities, which, it should be briefly recalled, are regulated in the EU on the basis of two fundamental principles: Mutual recognition of financial services, and the home country principle. Introduced in 1989 with Directive 89/646/EEC, the so-called Second Banking Directive,10 mutual recognition in the field of financial activities establishes that a corporation licenced in a certain Member State may use this single authorization throughout the whole Union territory to provide the services now listed in Annex I CRD IV,11 the exercise of which shall be treated in the same manner as national financial operators by the hosting Member State(s).12 Strictly connected to it, is the home country principle, also introduced by the Second Banking Directive. According to it, supervision over financial institutions, banks and branches operating in a Member State different from that of origin, is not allocated following a strict territorial competence criterion, since those subjects are kept under the oversight of the authorities of national origin even when operating abroad.13 Against this background, “financial institutions” are described by Article 4(1) (26) CRR as undertakings which have the principal goal of acquiring holdings, or pursuing one or more of certain activities subject to mutual recognition, which do not include those strictly related to insurance and credit services.14 recently amended by Directive (EU) 2019/878 of 20.05.2019 (“CRD V”), that shall be transposed by 28.12.2020. CRR will be substituted by CRR II (Regulation (EU) 2019/876 of 20.05.2019) from 28.06.2021, although a few provisions enter into force earlier. Those already into force and relevant for the present work will be highlighted in the following analysis. 9  The impact of the Banking Union, with special regard to the creation of new transnational supervisory (and sanctioning) powers is further analysed in Chap. 4, especially Sects. 4.1 and 4.3. Highlighting the relevance of such a harmonizing effort, Tröger (2012–2013), p. 208 et seq. 10  Cf. Annex 7, Second Council Directive 89/646/EEC of 15.12.1989 on the coordination of laws, regulations and administrative provisions relating to the taking up and pursuit of the business of credit institutions and amending Directive 77/780/EEC. 11  Cf. Annex I, CRD IV, List of Activities Subject to Mutual Recognition: 1. Taking deposits and other repayable funds. 2. Lending including […] 3. Financial leasing. 4. Payment services […] 5. Issuing and administering other means of payment […] 6. Guarantees and commitments. 7. Trading for own account or for account of customers […] 8. Participation in securities issues […] 9. Advice to undertakings on capital structure, industrial strategy and related questions and advice as well as services relating to mergers and the purchase of undertakings. 10. Money broking. 11. Portfolio management and advice. 12. Safekeeping and administration of securities. 13. Credit reference services. 14. Safe custody services. 15. Issuing electronic money. 12  For the concept of “EU passporting” see also Haentjens and De Gioia-Carabellese (2015), p. 9. Tröger (2012–2013), p. 203 et seq.; Montedoro, Supino (2018), p. 86 et seq. 13  Cf. Article 13, Second Council Directive 89/646/EEC, and Article 3, First Council Directive 77/780/EEC of 12.12.1977 on the coordination of the laws, regulations and administrative provisions relating to the taking up and pursuit of the business of credit institutions. 14  And precisely those listed “in points 2 to 12 and point 15 of Annex I” CRD IV. Cf. also Article 1, First Council Directive. According to CRR II (in this part entered into force since 27.06.2019) also “other than a pure industrial holding company”.

2.1  The Definition of “Bank” and “Financial Institution”

13

From that it derives, that in the EU “banks”—identified stricto sensu as those undertakings the business of which is to take deposits or other repayable funds from the public, and to grant credits for their own account15—are not included in the category of “financial institutions”. Similarly, insurance undertakings, insurance ­holding companies and mixed-activity insurance holding companies, that belong and are active in the financial market, are not considered “financial institutions” either.16 On the contrary, a much broader definition of “financial institution” may be found in the US Code, which provides for a copious list of operators under that label, applying a functional approach. In particular, 31 U.S.C. § 5312 encompasses not only credit institutions (listed as: Insured, commercial and investment banks; and agencies or branches of a foreign bank in the United States), but also investment firms (listed as: Broker or dealer registered with the Securities and Exchange Commission; broker or dealer in securities or commodities; and investment company), as well as insurance companies.17 Dealers in precious metals, stones, or jewels; travel agencies; casinos; telegraph companies; businesses engaged in vehicle sales including automobile, airplane, and boat sales; persons involved in real estate closings and settlements; and the Postal Service-all further lato sensu financial operators, which are not explicitly considered by CRR, are also included in the number under US federal law.18 The list is then completed by a broad safeguard clause, which affirms that any business or agency engaging in any activity which the US Secretary of the Treasury determines, by regulation, to be similar to, related to, or substitute for any of those previously described, or whose cash transactions have “a high degree of usefulness in criminal, tax, or regulatory matters” falls within the definition of “financial institution”.19 In light of the above, it is apparent that the same financial operator, including some key actors like banks or insurance companies, may be differently classified in the EU and in the US, and therefore differently regulated, depending on which is the applicable legal framework. This situation, that on one side certainly appears compatible with the principles of state sovereignty and national jurisdiction, results however much less straightforward once considering that many, if not most, financial operators are today active in a global (and not just national) financial market, and that most of financial transactions are nowadays dematerialized, so that identifying a specific territorial legal competence is a task much more demanding than it was in the past. Against this difference of approaches in the EU and in the US, moreover, ­currently it is not possible to find strictly-speaking legal criteria that clearly point to which interpretation should prevail. The most authoritative attempt in this direction has been provided for by the Financial Action Task Force (FATF), which, ­considering  Cf. Article 4(1)(1) and (3) CRR, not modified by CRR II.  Cf. Article 4(1)(5) and (27, lett. h-j) CRR. 17  31 U.S.C. § 5312(2), letters (A),(B),(D),(G),(H),(I),(M). 18  Idem, letters (N),(Q),(S),(T),(U),(V),(X). 19  Idem, letters (Y) and (Z). 15 16

14

2  Finding the Way in a Complex Multi-Level Legal Framework

the increasing globalized context where financial operators are performing and following a functional approach, linked the financial character of the institutions to the pursuing of certain listed activities.20 According to the definition established in the FATF International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation, “financial institution” means any natural or legal person who conducts as a business for, or on behalf of a customer, one or more services including: Acceptance of deposits and other repayable funds from the public; lending; financial leasing; money or value transfer services; issuing and managing means of payment (including electronic money); financial guarantees and commitments; trading in money market instruments, foreign exchange, exchange, interest rate and index instruments, transferable securities, and commodity futures trading; participation in securities issues and the provision of related financial services; individual and collective portfolio management; safekeeping and administration of cash or liquid securities, or otherwise investing, administering or managing funds or money on behalf of other persons; underwriting and placement of life insurance and other investment related insurance, and money and currency changing.21 Thus, conversely to CRR, the FATF explicitly contemplates corporations such as banks and insurance companies in the category of “financial institutions”. Its Standards, however, as it will be further discussed, do not possess legal binding force, and thus their value is limited to that of influential, but not directly enforceable guidelines.22 However, taking into account that the difference between “credit” and “financial” activities is in practice much more blurring than it appears on paper, adopting the broader FAFT (and US) approach to “financial institution” appears preferable for the purpose of this work. This choice reflects the position, shared by the author, of those who acknowledge the necessity, and the urgency of extending oversight mechanisms and investigative techniques beyond the traditional boundaries of financial regulations, which was originally developed for a less crowded panorama of economic operators with perhaps a clearer allocation of tasks, and activities. Indeed, both in the EU and in the US, regulations concerning financial operators drastically changed over the last century, especially as far as the range of permitted activities in relation to the level of risk-management pursued by national authorities is concerned. Since public control in the field of financial transactions has always been strictly connected to the pace of the financial markets, the weight and the extent of financial legislation have frequently been modified to patching the national or international systems after systemic or occasional crises. In this sense, following the Great Depression of 1929–1930, in the US and in most of Europe financial institutions, and especially credit institutions were strongly incentivized to specialize in their services, to delimit their risk exposure in the financial market, and better safeguard depositors. With time, however, this specialization  The role played by the FATF will be illustrated in Sect. 3.2.  Cf. definition of “Financial Institutions” in FATF (2012), p. 117–118. 22  Cf. also Sect. 3.2. 20 21

2.1  The Definition of “Bank” and “Financial Institution”

15

greatly failed under a deregulation phenomenon that occurred in almost all Western countries, and which substantially freed banks from the control of their supervisors in relevant fields of their activities. Nowadays, under the model of “­universal bank”,23 credit institutions are generally allowed to trade in financial products, whilst previously this activity was restricted to other financial operators, such as securities firms and insurance companies.24 In the US, in particular, the prohibition of banks to engage in proprietary trading was eliminated starting from the 1999 repeal of the Glass-Steagall Act.25 This reform also allowed banks, securities firms and insurance companies to cooperate, and exempted investment banks holding companies from direct federal regulations.26 Such an opportunity led several financial groups to merge together creating the so-called “Too-Big-To-Fail” (TBTF) financial institutions: Giant corporations able to provide a whole package of financial services; the size, complexity, interconnectedness, and critical functions of which are such that, should they disorderly fail, the rest of the financial system and the economy would face severe adverse consequences.27 In the EU, the official acknowledgment of the universal banking model was reached in 1989 with the Second Banking Directive and its national transpositions, which included trading in financial futures and options in the list of activities ­subject  This model reduced the relevance on distinguishing the type of activities exercised by banks, which previously were the bases for identifying Commercial banks (which “is authorized to receive both demand and time deposits, to make loans, to engage in trust services, to issue letter of credit, to rent time-deposit boxes, and to provide similar services”) and Investment banks (“whose primary purpose is to acquire financial businesses, esp. through the sale of securities” and “does not accept deposits, and apart from selling securities, does not deal with the public at large”), cf. Garner (2014), p. 173; Ferran (2012), p. 39 et seq; Bradley (2014), p. 286 et seq. 24  Although also before the lifting of the ban similar results were often achieved establishing financial groups composed by corporations of different nature and sector of activities. 25  Glas-Steagall Act of 1933, also known as the Banking Act, P.L. 73–66. 26  Gramm-Leach-Bliley Act of 1999, also known as the Financial Services Modernization Act, P.L. 106–102. 27  The term TBTF became popular since 1984, when it was used by a Connecticut Congressman, Stewart B. McKinney, during a debate concerning the Federal Deposit Insurance Corporation’s intervention to rescue the Continental Illinois Bank, and it does not imply, of course, the impossibility for those entities to fail, as the Lehman Brothers example clearly showed. Currently, the TBTF problem, that includes also a substantial inability to prosecute, is monitored by the Financial Stability Board (FSB) that explicitly deals with Systemically Important Financial Institutions (SIFIs), cf. FSB (2017). The same institution has also released a list of the SIFIs or TBTF banks, recently updated, which includes 30 institutions such as (in descending order): JP Morgan Chase, Bank of America, Citigroup, Deutsche Bank, HSBC, Bank of China, Barclays, BNP Paribas […] Goldman Sachs […] Morgan Stanley […], Royal Bank of Scotland, Santander, Société Générale […], Unicredit Group. The critical issues related to those huge banking groups are taken into account also at EU level, see, e.g., European Commission, European Financial Stability and Integration Report 2012, 24.04.2013, SWD(2013) 156 final, p. 56 et seq. http://ec.europa.eu/internal_market/economic_analysis/docs/efsir/130425_efsir-2012_en.pdf. Accessed 17 July 2018. Cf. Black (2010), p. 6. Reporting how this concept could be set aside in light of the Holder banking investigation’s policy, Vervaele (2017), p. 167; contra Rakoff (2014). 23

16

2  Finding the Way in a Complex Multi-Level Legal Framework

to mutual recognition that banks may exercise within the whole territory of the Union.28 Unfortunately, a link between this trend and the burst of the last financial crisis appears far from been casual. Indeed, as pointed out by several studies, over the past 20 years the more typical case of banking crises “has been one in which banks in various countries have faced capital requirements set too low based upon the overall riskiness of their activities”. Policy towards financial liberalization—blindly carried out in an environment in which banks are inadequately capitalized and bank regulation and supervision are weak—has been meaningfully defined as “a recipe for disaster”.29 This de-regulation trend persisted during the last century until, starting from 2009 to 2010, some changes appeared under the repercussions of the last financial crisis. In the aftermath of the economic collapse, indeed, several were the authors who pointed out how the phrase the “privatisation of gains and the socialisation of losses” has come to epitomise the crisis, also due to the model of universal banking and Too-Big-Too-Fail credit institutions.30 The financial crisis indeed revealed all the limits of a banking system in which credit institutions are «global in life, but national in death».31 In the US, the most tangible sign in this sense is expressed by the Congress’ approval of the Dodd-Frank Act, and especially by the so-called Volcker Rule, which re-established some restraints on the possibility for banks and other large financial institutions to engage in proprietary trading and investments in hedge funds, although without seriously affecting the endurance of the system of universal banking.32 This profile was specifically tackled in the European Union by the Liikanen Group, promoted by the European Commission to study the reforms necessary to the banking system. In 2012, a report from the Group clearly asserted the urgency to revise the paradigm of universal bank, to reduce the exercise of high-risk operations undertaken by banks active in the deposit services. In this sense, the Group  Cf. Annex, 7(c), Second Council Directive 89/646/EEC. In Italy, for instance, the removal of the separation of activities (realized with R.D.L. 12.03.1936, no 375 “legge bancaria”), begun with the law, 30.07.1990, no 218 (“legge Amato”) and was completed with the issuing of the new banking code in 1993 (d.lgs. 1.09.1993, no 385, “Testo Unico delle leggi in materia bancaria e creditizia–T.U.B.”). Recently, the Parliamentary Committee on banking investigations issued a final report in which several proposals concerning also the banking system have been included, among which the recommendation to pursue a separation of investment and commercial banks at the European level, cf. Senato della Repubblica, Legislatura 17a, Commissione parlamentare di inchiesta sul sistema bancario e finanziario, Resoconto sommario n. 47, 30 January 2018, at 9.5, no. 21, http://www.parlamento.it/japp/bgt/showdoc/frame.jsp?tipodoc=SommComm&leg=17&id =01064008&part=doc_dC-sedetit_a1&parse=no#_Toc505072310. Accessed 18 July 2018. 29  Cf., e.g., Barth et al. (2004), pp. 43–45. 30  Black (2010), p. 3 et seq. 31  King (2009), p. 36; Black (2010), p. 33 et seq.; Bradley (2014), p. 280. 32  Cf. “Volcker Rule,” Section 619 of the Dodd–Frank Wall Street Reform and Consumer Protection Act, P.L. 111–203, H.R. 4173, better known as Dodd–Frank Act, effective from July 21, 2010. For some critical considerations on the external jurisdiction contained in this rule, and in the DoddFrank Act, see Vervaele (2017), pp. 185–187. 28

2.1  The Definition of “Bank” and “Financial Institution”

17

concluded that “it is necessary to require legal separation of certain particularly risky financial activities from deposit-taking banks within the banking group. The activities to be separated would include proprietary trading of securities and derivatives, and certain other activities closely linked with securities and derivatives markets […] The central objectives of the separation are to make banking groups, especially their socially most vital parts (mainly deposit-taking and providing financial services to the non-financial sectors in the economy) safer and less connected to trading activities; and, to limit the implicit or explicit stake taxpayer has in the trading parts of banking groups. […] Separation of these activities into separate legal entities is the most direct way of tackling banks’ complexity and interconnectedness”.33 This notwithstanding, as in the US, the model of universal banking was not really deserted in the EU either, where the reforms rather focused on the creation of a centralized supervisory model under the launch of the Banking Union.34 Another reason to adopt a broader notion of “financial institution” is that it seems to better account for the considerable number of “unconventional” subjects which have entered the financial market–subjects that are often able to offer lower prices and higher velocity in transactions compared to “traditional” financial operators, thanks to alternative payment channels. Indeed, while financial institutions (in its broader, but traditional meaning) and above all banks, are bound by legal obligations, and exposed to investigative powers derived from various sources of administrative and criminal law, many are the entities that in practice perform financial operations which are let slip from a public oversight proportionate to their increasing weight in the day-by-day management of financial transactions. This is the case, for instance, of e-currency providers and crowdfunding platforms, that provide some credit services without being proper credit institutions,35 or informal money-transfer systems deriving from specific geographic regions or ethnic communities, which mostly spread worldwide through migration flows. Among the latter, the most notorious certainly is the Hawala, a network extensively operating since many centuries in South Asia, and now particularly common in the Middle East and in Africa. In the Hawala model, service providers operate at a transnational level through non-bank settlement methods founded on mutual trust, such as: Physically moving currency or precious metals or stones; importing or exporting of goods; settlement of pre-existing debts; and paying or receiving money from third party accounts.36  Cf. Liikanen (2012)(chaired by), p. 100 et seq.  The impact of the Banking Union is further analysed in Chap. 4, especially Sects. 4.1 and 4.3. 35  A proposal to regulate equity crowdfunding was issued by the Commission, cf. Proposal for a Regulation of The European Parliament and of The Council on European Crowdfunding Service Providers (ECSP) for Business, Brussels, 8.3.2018 COM(2018) 113 final, see e.g., p. 10. 36  The Hawala (transfer, in Arabic, from which also derives the Italian word avallo) is believed to have developed with the need of financing long-distance trades, especially among Italian cities and the Muslim world, in the early medieval period, introducing the concept of transfer of debt, other33 34

18

2  Finding the Way in a Complex Multi-Level Legal Framework

Of course, opting for Hawala and Other Similar Service Providers (HOSSPs),37 as well as for other “alternative” financial operators, such as bit-coin payment ­system platforms,38 represents an absolutely legitimate choice in light of fundamental principles, such as the freedom to conduct a business, and the protection of privacy, recognised in most domestic legal orders as well as by the Charter of Fundamental Rights of the European Union (CFREU),39 the European Convention on Human Rights (ECHR),40 and the American Convention on Human Rights (ACHR).41 Likewise, the need of expatriate workers to transfer personal remittances to their countries of origin provides a perfectly legitimate explanation for the creation of financial systems within ethnical communities in different countries. Hawala may even be considered essential, to support the financial development of areas in which access to “traditional” banking services is limited, or boast little confidence for geographical, cultural and historical reasons. These “alternative” financial systems, however, are characterized by particularly relevant features: A pronounced fragmentation of providers; the use of form of payments (such as cash or value) that usually leave few or no paper (or rather digital) trail42; and a general absence of public supervision.43 As a consequence, operators, wise not allowed under Roman law. Even if hawala is not a universal term, there is a universal recognition of the existence of hawala or hawala-like providers across jurisdictions, characterized by similar and unique mechanisms; see Badr (1978). For a comparative analysis on the impact of HOSSPs, see also FATF (2013). 37  “HOSSPs, for the purpose of the typology, are defined as money transmitters, particularly with ties to specific geographic regions or ethnic communities, which arrange for transfer and receipt of funds or equivalent value and settle through trade, cash, and net settlement over a long period of time”, see FATF (2013), p. 9. 38  For an overview on the bit-coins, see, e.g., EBA (2014); Bryans (2014), p. 441 et seq.; Christopher (2014), p. 1 et seq.; Marian (2015), p. 53 et seq.; Ajello (2015), pp. 435–461; Malone (2014); Brito et al. (2015); Tapscott and Tapscott (2017); Zou (2014); Stokes (2012); Pflaum and Hateley (2014); Kleiman (2013); Gruber (2013). 39  Cf. Articles 16 and 7, Charter of Fundamental Rights of The European Union (CFREU), OJ C 326, 26.10.2012, pp. 391–407. 40  Cf. Article 8 Convention for the Protection of Human Rights and Fundamental Freedoms (better known as European Convention on Human Rights-ECHR), CETS 005, Roma, 04.11.1950, and Article 1, Protocol to the Convention for the Protection of Human Rights and Fundamental Freedoms, CETS 009, Paris, 20.03.1952. 41  Cf. Articles 21 and 11, American Convention on Human Rights, adopted at the Inter-American Specialized Conference on Human Rights, San José, Costa Rica, 22.11.1969, and entered into force in 18.07.1978 (signed but never ratified by the US). 42  Analysing the digital dimension of banking data in real-time monitoring Sect. 8.1. 43  Notwithstanding the international support for the development and financing of supervisory practices, cf. Special Recommendation VI and its interpretative note, in FATF (2001). The Recommendation has been transposed at EU level by Directive 2007/64/EC of 13.11.2007 on payment services in the internal market amending Directives 97/7/EC, 2002/65/EC, 2005/60/ EC and 2006/48/EC and repealing Directive 97/5/EC, under the Commission initiative, see Communication from the Commission to the Council and the European Parliament on the Prevention of and the Fight against Terrorist Financing through measures to improve the exchange of information, to strengthen transparency and enhance the traceability of financial transactions, Brussels, 20.10.2004 COM(2004) 700 final, p. 7.

2.1  The Definition of “Bank” and “Financial Institution”

19

customers, and transactions performed through these channels are not easily identifiable. Unsurprisingly then, “alternative” financial operators may also result very attractive means for realizing low-risk illicit transactions, sometimes involving serious crimes such as transnational tax fraud, money laundering, and terrorist financing.44 Facing the extreme difficulties in establishing an effective form of oversight (if any) above HOSSPs, some countries opted for an explicit prohibition of such ­systems; a choice which though revealed itself to be of little or any success in reducing their use in daily transactions, as it is unpractical to enforce a ban when a target is virtually undetectable.45 Also countries where HOSSPs are formally legal, ­however, have a particularly hard time in officially identifying, licensing or regulating these systems, not last due to the difficulties in gathering substantive data over these phenomena. In the US, forms of alternative remittance are under the combined supervision of several federal agencies: The Financial Crimes Enforcement Network (FinCEN), the Homeland Security Investigations (HSI) and the FBI.46 In the EU, the oversight on HOSSPs relies mainly at the national level, in the coordination among Financial Intelligence Units,47 and in the occasional establishment of Joint Investigative Teams.48 The intrinsic transnational dimension of HOSSPs and e-commerce, as well as their virtual and instantaneous character however, often require a level of cooperation among competent authorities which is still far from being achieved due to lack of political will, training, or resources—circumstances that frequently make already

 On the possible use of HOSSPs for illicit purposes, see e.g. FATF (2013), p. 27 et seq.; FATF (2015, 2017); European Parliament (2011), p. 42; Roth et al. (2004), p. 68. 45  Such as in India, or Pakistan. “Among the 33 surveyed countries, 18 countries treat hawala and other similar service providers as illegal while 15 countries consider them legal if registered or licensed. Interestingly, most developed countries allow licensing or registration of HOSSPs, while developing countries do not. Within the developed countries respondents, only six out of 17 countries define hawala and other similar service providers as “illegal” and the remaining eleven have legalised hawala and other similar activity if service providers are either registered or licensed. On the other hand, 12 out of 16 developing countries respondents define hawala and other similar activity as “illegal” and only 4 countries allow them to operate legally if licensed or registered (See Table 3.1). One of the reasons put forward by developing countries”, cf. FATF (2013), p. 45; see also pp. 11–25: “In the first decade after 9/11, the globe has been largely ineffective in supervising HOSSPs […] the scale of unregulated hawalas is unknown and is impossible to generalize. Most countries have difficulties reaching credible estimates of the size of unregulated hawala and other similar service providers”. 46  HSI, Hawalas, in The Cornerstone Report, Volume VII, 2, Summer 2010, pp. 1–2. https://www. ice.gov/doclib/news/library/reports/cornerstone/cornerstone7-2.pdf. Accessed 18 July 2018. 47  The FinCEN represents the US Financial Intelligence Unit; cf. Sect. 3.3. 48  Also the approval of the EU Directive on Payment Services (PSD) represents an important step towards a comprehensive registration of the transmitters, taking into account the risk-profile of the providers, cf. Directive (EU) 2015/2366 of 25.11.2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC. 44

20

2  Finding the Way in a Complex Multi-Level Legal Framework

critical for most legal orders to realize effective supervision over “traditional” financial transactions and institutions.49 For this reason, and also considering the heterogeneity characterizing the category of “alternative” financial operators (if even it would be possible to gather them all under a single label), this work focuses mainly on “traditional” financial institutions. Among those, banks will be especially taken into account, as the most relevant developments regarding criminal investigations in the financial matter of the last few years—namely the establishment of transnational investigative and ­sanctioning powers,50 and the surveillance on banking (and personal) records51— had precisely seen credit institutions as their main targets. Keeping in mind the existence and the impact of “alternative” financial institutions, however, remains necessary to provide the essential perspective that no analysis on banking investigations should ever forget: As much as establishing effective rules and procedures applicable to “traditional” financial institutions already appears a goal difficult to achieve, that represents just a small step in the fight against financial (or other forms of) crimes; a step which still leaves a huge bulk of the iceberg to be dealt with.

2.2  Criminal Liability of Legal Persons: A Brief Overview Although not representing the main subject of this work, dealing with financial institutions in criminal investigations also requires to briefly take into account the debate over the possibility for a collective entity to be held responsible for criminal offences.52 In the US, this option was introduced at the beginning of the last century, through the Supreme Court decision New York Central & Hudson River Railroad Co. v. United States, which extended the tort doctrine of respondeat superior to criminal cases.53 Since then, and regardless of several and often severe critics,54 criminal liability of legal persons or organizations, mainly corporations, has become an established feature in the US judicial system.55  Cf. FATF (2013), p. 68.  Descripting these powers Chap. 4 (analysed in light of fair trial rights, cf. Chap. 6). 51  Analysed in Chaps. 7 (state of play) and 8 (proposals for a possible way forward). 52  Presenting though critical profiles originated by the need to adapt rules of criminal procedure to legal persons as defendants, such as: the identification of the liable subjects within the legal person; the nature of legal corporate liability; the value of corporate compliance programmes; and the potential conflicts in terms of defence rights between the physical members of the legal entity and the entity itself. See Beale (2014), pp. 27–54; Lupária (2010), p. 801; Cerqua et al. (2014); Zagaris (2017), pp. 19–56; Cappel (2017), pp. 57–78; Renzetti (2017). 53  212 U.S. 481 (1909). 54  See Khanna (1996), Moore (2010), Coffee (1981), Robinson (2003) and Hamdami and Klement (2008). 55  Also in the Model Penal Code adopted by some States, in fact, the principle of corporation’s 49 50

2.2  Criminal Liability of Legal Persons: A Brief Overview

21

The theoretical possibility to enforce such a liability, however, does not mean per se that in practice criminal convictions for corporations are frequently pursued. Indeed, the decision to charge a corporation is particularly delicate, especially when considering the consequences that sanctions might have on shareholders and employees. In the US, this awareness—substantially increased after the notorious Arthur Anderson LLP case in the wake of Enron’s collapse just a few years before the breaking out of the last financial crisis56—led to a drastic slowdown in targeting corporations and to a shift towards the liability first of senior corporate executives and then of even lower-level employees instead.57 This phenomenon however, did not cause organizations criminal liability to be evicted from the American legal system, but merely operated a swing in the goals pursued through it. Rather than a direct incriminating mechanism, presently corporate criminal liability remains appreciated in the US as a valuable prosecutorial tool apt to force a corporation to adopt internal measures, and opt for form of pre-trial resolution, such as deferred prosecution or non-prosecution agreements.58 In Europe, the situation over criminal responsibility for legal persons looks more fragmented.59 While the EU has strongly promoted the implementation of forms of liability towards organizations committing or facilitating the commission of crimes,60 it also left—as typical in the Area of Freedom, Security and Justice—full criminal liability is not denied, even if the burden of proof is significantly higher for the Government, cf., e.g., Section 2.07(1); see also Strader (2011), p. 20 et seq. 56  United States v Arthur Andersen, LLP, 374 F.3d 281, 284 (6th Cir. 2004), rev’d, 125 S. Ct. 2129 (2005). According to the Sentencing Commission’s yearly reports of corporate convictions, from 2007 to 2012 fewer than 200 corporations were convicted per year in the federal courts, see, e.g., U.S. Sentencing Commission (2016), Organisational Sentencing Practice-Table 51, reported also (in its 2012 version) by Beale (2014), p. 22. For opposite comment to the impact of such a practice related to the financial crisis, see Rakoff (2014) and Uhlmann (2013). 57  Who nowadays are reported to be increasingly charged and convicted, see Brickey (2006), p. 15, according to whom “The corporate fraud prosecution cycle following Enron’s collapse has produced an unparalleled number of criminal trials of senior corporate executives in just three years. While guilty pleas and cooperation agreements are strategically significant in developing these cases, the number of CEOs, CFOs, and other senior managers who have been charged and tried belies critics’ assertions that mid- level managers who plead guilty become scapegoats, while their superiors go scot free”. Giving reason of the shifting towards lower-level employees Rakoff (2014) and Garrett (2014). 58  That was the case for instance of relevant financial institutions, such as Merrill Lynch & Co, and Monsanto, see Beale (2014), p. 24, citing Garrett (2007). On Deferred Prosecution Agreements see, e.g., Cunningham (2014), Kaal and Lacine (2014) and Ruggiero (2015). On the extent of prosecutorial powers with regard to compliance programs, see Zagaris (2017), p. 57 et seq. 59  Beale and Safwat (2004), pp. 97–98. 60  Cf. Articles 5–6, Directive 2011/36/EU of 5.04.2011 on preventing and combating trafficking in human beings and protecting its victims; Article 12, Directive 2011/92/EU of 13.12.2011 on the assessment of the effects of certain public and private projects on the environment; Recital (18) and Article 8, Market Abuse Directive; Article 30, lett. j), Market Abuse Regulation; Article 6, Directive 2014/62/EU of 15.05.2014 on the protection of the euro and other currencies against counterfeiting by criminal law; Article 17, Directive (EU) 2017/541 of 15.03.2017 on combating terrorism;

22

2  Finding the Way in a Complex Multi-Level Legal Framework

discretion to the Member States in choosing the actual nature of such responsibility as long as the sanctions imposed are “effective, proportionate and dissuasive”.61 As a result, similarly to the US, also in the EU legal entities may be held responsible for their involvement in criminal activities, facing however rather different consequences according to the applicable regulation enforced at the national level: Following the Union’s commitment, most Member States opted for models of ­criminal liability62; a consistent group of countries, though, went for alternative forms of responsibility, namely administrative (i.e. DE and EL), or for hybrid models combining some features of both paradigms (e.g. IT).63 This discretion gave rise to an inhomogeneous legal framework, inasmuch critical as the context in which most corporations—and particularly financial ones—are nowadays operating takes place on a European, if not global, level. Within these frameworks, banks may be the direct target of criminal investigations for a wide range of crimes, for instance pertaining to accounting frauds, the deception of conflicts of interest or other irregularities at the expenses of their own customers, and of the general safety and soundness of the market. Clear examples of these conducts directly come from the last financial crisis, where undisclosed conflicts of interest have been decisive both in producing a false impression of safety for most of the too-late-discovered junk securities, and in exacerbating the already tragic consequences suffered by a vast majority of investors.64 As reported by the US Senate Permanent Subcommittee on Investigations in 2011 “the crisis was not a natural disaster, but the result of high risk, complex financial products; undisclosed conflicts of interest; and the failure of regulators, the credit rating agencies, and the market itself to rein in the excesses of Wall Street”.65 Notable cases in this sense may be found in the violations of disclosure duties required by securities law perpetrated by Goldman Sachs in the years 2006–2007 when, after having built a strong proprietary position in the mortgage market, the bank started to bet against it, in some cases taking positions “that paid off only when some of its clients lost money on the very securities that Goldman Sachs had sold to them and then shorted. Altogether in 2007, Goldman’s mortgage department made Article 6 PIF Directive; Articles 7–8, Directive (EU) 2018/1673 of 23.10.2018 on combating money laundering by criminal law. 61  This expression is typically repeated in most legislative acts of the Union when it comes to impose sanctions (independently from the administrative or criminal nature) since the notorious Greek Maize case (Commission of the European Communities v Hellenic Republic, Case 68/88, 21.09.1989, ECLI:EU:C:1989:339, § 24), cf., e.g., European Commission, Towards an EU Criminal Policy: Ensuring the effective implementation of EU policies through criminal law, Brussels, 20.9.2011 COM(2011) 573 final, p. 9; and the current version of Article 325 TFEU. 62  Cf. Mongillo (2012), pp. 75–95; Clifford Chance (2012). 63  Also AT, BG, SE, SK and PL opted for a hybrid system, cf. Mongillo (2012), p. 85. 64  The influence of conflicts of interests under the profile of independence required to banking supervisors by the Basel Core Principles is analysed below in Sect. 6.1.1 (for the Basel Core Principles, see Sect. 3.5). 65  U.S. Senate Permanent Subcommittee on Investigations (2011), p. 1; Padoa Schioppa (2009); Caprio and Klingebiel (2003).

2.3  The Interaction Between Administrative and Criminal Matter

23

$1.1 billion in net revenues from shorting the mortgage market”.66 Subject to several civil suits, in 2016 Goldman Sachs eventually agreed to settle the claims with a fine of about $ 5 billion, accompanied by the admission of having provided incomplete information to the investors in the portfolio selection process as far as their economic adverse interest to the bank was concerned.67 Similar conducts, of course, are not restricted to overseas actors. In the EU, for instance, hidden conflicts of interest and illicit cartels among banking and financial institutions brought to the so-called “Libor/Euribor scandal”, involving several major banking groups such as Deutsche Bank, JP Morgan, Citicorp, Barclays, Royal Bank of Scotland, Bank of America, UBS, HSBC, ICAP, Société Générale. What came to light in 2012 was that the panels determining both indexes68—that have a great influence on consumers, since they represent the daily reference rates for mortgages, consumer lending products, futures, options, swaps and other derivative financial instruments—had been deliberately manipulated since almost 15 years, for the benefit of some banks and securities traders which requested fixed figures to take advantage of, and consequently faced several civil, administrative and criminal proceedings both in the US and in the EU.69 Due to the relevant interests involved, especially when consistent bulks of private investors become victims of hazardous speculative financial operations, cases like those described above easily arise public attention on legal profiles (already extensively debated at the academic level) such as the boundaries of corporate criminal liability and the extent of the imposable sanctions. The following analysis, on the other side, deals with an aspect of corporate criminal liability which has not so far received a comparable public attention, albeit holding a prominent role in shaping the development of new powers and safeguards in criminal proceedings: The interaction between administrative and criminal matter.  Id., p. 36.  Cf. Goldstein (2016) and Free (2012). 68  The London Interbank Offered Rate (Libor) consists of “a daily compilation by the British Bankers Association of the rates that major international banks charge each other for large-volume, shorT-term loans of Eurodollars, with monthly maturity rates calculated out to one year. These daily rates are used as the underlying interest rates for derivative contracts in currencies other than the euro”; while the Euro Interbank Offered Rate (Euribor) is “a measure of what major international banks charge each other for large-volume, shorT-term loans of euros, based on interesT-rate data provided daily by a panel of representative banks across Europe” cf. Garner (2014), respectively p. 1085 and p. 671. 69  Cf. European Commission, Antitrust: Commission fines banks € 1.49 billion for participating in cartels in the interest rate derivatives industry, Brussels, 4.12.2013, http://europa.eu/rapid/pressrelease_IP-13-1208_en.htm#footnote-1. Accessed 18 July 2018. Citicorp, JPMorgan Chase & Co., Barclays PLC, The Royal Bank of Scotland PLC, and UBS AG agreed to plead guilty to felony charges to the US Department of Justice, cf. DOJ, Five Major Banks Agree to ParenT-Level Guilty Pleas, 20.05.2015. https://www.justice.gov/opa/pr/five-major-banks-agree-parenT-level-guiltypleas. Accessed 18 July 2018. For an analysis of the Fortis Bank case, see Vervaele (2014), p. 61 et seq., and more recently also on Libor/Euribor and BNP Paribas (the latter concerning however an embargo violation), Vervaele (2017), pp. 10–174. For an analysis of the changes in bank corporate governance after the financial crisis, see Hopt (2012), p. 343 et seq. 66 67

24

2  Finding the Way in a Complex Multi-Level Legal Framework

2.3  T  he Interaction Between Administrative and Criminal Matter The increasingly strict connection between administrative and criminal matters is a phenomenon that today cuts across several fields of criminal law, but whose impact in financial and banking investigations has in the last few years become nothing less than essential.70 The conclusion that these two legal fields should not be studied only as separated systems has long been affirmed by scholars, even though often without receiving an adequate acknowledgement till very recent times.71 Adopting a comprehensive approach, in any case, becomes imperative in the analysis of procedural paradigms in which multi-disciplinary cooperation, both at the internal and at the transnational level, plays a relevant role. That certainly is the case of financial and banking investigations, where a complete picture of the investigative powers, and subsequent procedural safeguards, shall not only take into account the critical issues arising from special investigative techniques applicable in criminal proceedings (such as production orders, or realtime monitoring of banking records72), but also, and increasingly, the supervisory powers which banks are subject to at the administrative level.73 Interaction between criminal and administrative matter usually arises because a single conduct may be relevant under both forms of liability.74 Critical profiles thus emerge first with regard to the possibility of exchange information among different proceedings, as the guarantees recognized to the subject(s) involved may notably vary according to the procedure (administrative or criminal) that applies in (or is chosen for) the concrete case.75 Moreover, this procedural overlapping, which may end up also in a substantive duplication of sanctions, often appears problematic in light of the prohibition of double jeopardy, or bis in idem (as usually referred to, respectively, in the US and in Europe).76

 Singh (2015), p. 458, that underlines how “The growth in the use of administrative sanctions is nevertheless based on a systematic process of decriminalising regulatory offences, which has curtailed the use of criminal sanctions for all but the most serious offences. It is only in more recent times, in the aftermath of the global financial crisis, that we have seen a re-emergence of criminal sanctions to complement other enforcement sanctions”. 71  The necessity of this comprehensive approach has been recognized already in the 1980s, see, e.g., Paliero (1980), p. 1254 et seq.; on the persistent difficulty to affirm this approach, see Vervaele (2017), p. 168. 72  For a classification of the main banking investigative measures, cf. Chap. 7, Sects. 7.2 to 7.4. 73  Cf. Chap. 4, Sects. 4.4.1 to 4.4.3 for the Eurozone, and Chap. 5 for the US legal system. 74  On the increasingly blurring difference between administrative and criminal law see, e.g., Franssen and Ligeti (2017), pp. 10–11. 75  Cf. below, Sect. 2.3.4; for the US and the EU analysis, Chap. 6 (respectively, Sects. 6.1.2 and 6.1.3). 76  Cf. below, Sects. 2.3.1, 2.3.2 and 2.3.3. 70

2.3  The Interaction Between Administrative and Criminal Matter

25

These issues, in particular, have become a major concern in the EU, where a consolidated jurisprudence of the Court in Strasbourg (ECtHR) clearly adopted a substantial approach to autonomously identify the notion of “criminal” or “punitive” matter, since its 1976 landmark decision Engel and others v. The Netherlands, which famously established three criteria.77 The first Engel criterion concerns the classification of the provision in question under national law. In the interpretation of the Court, however, this parameter is relevant only if national regulations classify the provision under criminal law; this not being the case, the determination of the substantive nature must rely only on the two other criteria.78 According to the second Engel criterion, la matière pénale shall be defined considering the nature of the offence. This feature, as interpreted by the ECtHR following case-law looking in a comparative perspective to the practices followed by the Contracting States, shall be assessed determining: Whether the legal rule in question is directed solely at a specific group or has a generally binding character79; whether it has a punitive or deterrent purpose80; and whether the imposition of any penalty is dependent upon a finding of guilt.81 The first sub-criterion, the identification of potential targets has been mainly developed by the Court to try at distinguishing criminal from disciplinary proceedings, which are “generally designed to ensure that the members of particular groups comply with the specific rules governing their conduct”.82 Often, however, this parameter appears inconclusive, as numerous are the cases in which offences have a “mixed character” (disciplinary and criminal),83 or where a criminal law provision can apply only to certain subjects (minors, civil servants, banks…).84 On the other side, the sub-criterion concerning the purpose of the sanction is frequently applied to distinguish criminal from compensatory sanctions; this might happen, for  Engel and o. v the Netherlands, 8.06.1976, Application no. 5100/71; 5101/71; 5102/71; 5354/72; 5370/72. Among the extensive body of literature that examined the implications of the Engel caselaw in general terms see, e.g., Van Dijk (2006), pp. 543–554; Trechsel (2005), p. 13 et seq.; Harris et al. (2014), p. 373 et seq.; Ubertis (2009), p. 25 et seq.; Mazzacuva (2013), p. 1899 et seq.; Manes (2012), p. 258 et seq.; Lupária (2017), p. 940; Weyemberg and Galli (2014). 78  See, e.g., Campbell and Fell v the United Kingdom, 28.06.1984, Application nos. 7819/77; 7878/77, § 72; Demicoli v Malta, 27.08.1991, Application no. 13057/87, § 34. See also Van Dijk (2006), pp. 543–544; Trechsel (2005), p. 18; Harris et al. (2014), pp. 373–376. 79  Cf., e.g., Bendenoun v France, 24.02.1994, Application no. 12547/86, § 47. See Trechsel (2005), p. 30, according to which this criteria should be the “essential one”. 80  Cf. e.g. Öztürk v Germany, 21.02.1984, Application no. 8544/79 § 53; Bendenoun v France § 47. 81  Cf., e.g., Benham v the United Kingdom, 10.06.1996, Application no. 19380/92, § 56; A.P., M.P. et T.P. v Switzerland, 29.08.1997, 71/1996/690/882, § 42. Cf. also Trechsel (2005), pp. 19–21, and in particular p. 19, underlining the ambiguity in jurisprudence of the Court, that in Benham refers to the nature of the proceedings, rather than of the offence. 82  Weber v Switzerland, 22.05.1990, Application no. 11034/84 § 33, see also Demicoli v Malta§ 33. 83  Cf. Trechsel (2005), p. 21, according to whom “these two types of sanctions should be determined in different sets of proceedings. At any rate, if there is only one set of proceedings, it must be criminal”, and p. 27, recognizing the “weakness” of this criterion. 84  Cf. Van Dijk (2006), p. 544. 77

26

2  Finding the Way in a Complex Multi-Level Legal Framework

instance, in tax law, where “purely” tax penalties are usually considered administrative, while surcharges may be recognized a punitive character.85 The third Engel criterion concerns the nature and degree of severity of the penalty,86 to be evaluated on the basis of the sanction potentially applicable to the subject, rather than on what is practically inflicted.87 Restrictions of personal ­freedom have been usually considered by the Court as a clear sign of substantive criminal nature; however, the fact that an offence is not punishable by imprisonment is not decisive in itself to prevent a similar conclusion too.88 In particular, the ECtHR has repeatedly classified under the label of criminal matter several proceedings in which the penalties imposed were mostly pecuniary, such as those relating to tax surcharges,89 customs law,90 or pertaining to certain national administrative independent authorities with powers in the spheres of economics, financial or competition law.91 This criterion, however, implies a certain margin of appreciation in its application, as the Court has not established clear thresholds above which a penalty may be considered severe enough as to integrate a criminal nature.92 According to the ECtHR case-law, the second and third Engel criteria may be applied alternatively, so that it is not necessary to ascertain both the real nature of the offence, and the severity of the penalty to recognize the substantive criminal character.93

 Cf. e.g., Bendenoun v France, § 47; J.J. v The Netherlands, 27.03.1998, 9/1997/793/994, § 37; E.L., R.L. and J.O.–L. v Switzerland, 29.08.1997, 75/1996/694/886, § 46; J.B. v Switzerland, 3.05.2001, Application no. 31827/96, § 47–49. 86  Engel, §§ 82–83. Cf. also Van Dijk (2006), pp. 548–554; Trechsel (2005), pp. 23–27. 87  Campbell and Fell v the United Kingdom, § 38; on the issue, see also Trechsel (2005), p. 26. 88  Öztürk v Germany, § 53; Nicoleta Gheorghe v Romania, 3.04.2012, Application no. 23470/05, § 26; Garyfallou Aebe v. Greece, 24.09.1997, 93/1996/712/909, § 34. However, not all imprisonment sanctions are per se implying a criminal nature, cf. Van Dijk (2006), p. 550 and case-law there mentioned. 89  “On the basis of the following elements: (1) the law setting out the penalties covered all citizens in their capacity as taxpayers; (2) the surcharge was not intended as pecuniary compensation for damage but essentially as a punishment to deter reoffending; (3) it was imposed under a general rule with both a deterrent and a punitive Purpose; (4) the surcharge was substantial”, cf. Jussila v. Finland, 23.11.2006, Application no. 73053/01, § 32. 90  Salabiaku v France, 7.10.1988, Application no. 10519/83. 91  Cf. Lilly France S.A. v France, 14.10.2003, Application no. 53892/00; Dubus S.A. v France, 11.06.2009, Application no. 5242/04; A.  Menarini Diagnostics S.r.l. v Italy; 27.09.2011, Application no. 43509/08; Grande Stevens and others v Italy, 4.03.2014, Application no. 18640/10; Nodet v France, 6.06.2019, Application no. 4732/14, see De Amicis (2014), p. 201; Viganò (2014), p. 219. 92  Cf. Van Dijk (2006), pp. 551–552; Trechsel (2005), pp. 23–24, contra—considering that having a fixed threshold is not practicable—Gravenwarter (1997), p. 97 et seq. 93  Cf. e.g. Öztürk v Germany, § 54; Lutz v Germany, 25.08.1987, Application no. 9912/82, § 55; Ravnsborg v Sweden, Application no. 14220/88, 23.03.1994, §§ 30 and 35; Garyfallou, § 33 although the Court has not always been consistent in this respect, cf. Trechsel (2005), pp. 27–28. 85

2.3  The Interaction Between Administrative and Criminal Matter

27

As renown, the declaration by the Court in Strasbourg that a certain provision belongs to the matière a coloration pénale has relevant practical effects, first of all the scrutiny over the legitimacy of the whole proceeding according to the “fair trial” parameters provided for by Article 6 of the European Convention on Human Rights (ECHR). Unsurprisingly therefore, the Engel case-law brought major implications for national legal systems. Indeed, deciding whether to incriminate or not certain conducts is a delicate policy decision, and the criminal matter, regardless of the formal competence of the Union, is an area still largely regulated by national laws, which greatly differ one from the other. The jurisprudence of the ECtHR thus represents a direct challenge to the possibility for national legal labels to hold valid within and outside national borders; a stand to which a globalized context, characterized by intense transnational cooperation and free movement of persons, goods, capitals and services, had already caused much distress. This effect results even more pronounced due to the fact that the Engel jurisprudence now finds a certain application also at the EU level. Indeed, the Court of Justice (CJEU) has—at least to some extent—embraced the ECtHR substantial approach to the criminal matter since its 1999 decision Hüls AG v Commission. In that case, recalling Öztürk, the Court recognized the need to guarantee the core rights of fair trial in criminal matter (and particularly the presumption of innocence) to procedures assessing infringements of competition rules which may result in the application of fines or periodic penalty payments characterized by a certain “nature and degree of severity”.94 The CJEU repeatedly confirmed this case-law in the field of competition law,95 both with specific regard to the presumption of innocence,96 and to other typical criminal law principles such as the nonretroactivity of penalties, which “requires that the penalties imposed correspond with those fixed at the time when the infringement was committed” and, according to the Court, must be observed also when fines “are imposed for infringement of the competition rules”.97 The CJEU, however, has so far never recognized a substantial criminal nature to competition fines. The arguments at the basis of this interpretation rely mainly on  Hüls AG v Commission of the European Communities, Case C-199/92, 8.07.1999, ECLI:EU:C:1999:358, § 150; see, e.g., Lupária (2017), p. 940 et seq. The notion and extent of the presumption of innocence in competition law, and in the ECB supervisory proceedings is analysed in Sects. 6.3.5–6.3.6. 95  Cf. Montecatini v Commission, Case C-235/92 P, 8.07.1999, ECLI:EU:C:1999:362, §§ 175–176; Groupe Danone v Commission, Case T-38/02, 25.10.2005, ECLI:EU:T:2005:367, §§ 215–216. 96  Romana Tabacchi Srl v European Commission, Case T-11/06, 5.10.2011, ECLI:EU:T:2011:560, §§ 129. 97  FRANSSEN Rørindustri A/S (C-189/02 P), Isoplus Fernwärmetechnik Vertriebsgesellschaft mbH and Others (C-202/02 P), KE KELIT Kunststoffwerk GmbH (C-205/02 P), LR af 1998 A/S (C-206/02 P), Brugg Rohrsysteme GmbH (C-207/02 P), LR af 1998 (Deutschland) GmbH (C-208/02 P) and ABB Asea Brown Boveri Ltd (C-213/02 P) v Commission of the European Communities, Joined Cases C-189/02 P, C-202/02 P, C-205/02 P to C-208/02 P and C-213/02 P, 28.06.2005, ECLI:EU:C:2005:408, § 202.

94

28

2  Finding the Way in a Complex Multi-Level Legal Framework

the consideration that recognizing so “would infringe seriously on the effectiveness of Community competition law”98 and on the explicit provision of Council Regulation No 1/2003 on the implementation of the rules on competition. Indeed, according to Article 23(5) of such Regulation—a provision mainly originated, in a pre-Lisbon context, by the will of Member States to deny any competence in criminal matter to the European Community99—fines in this field “shall not be of a criminal law nature”.100 This restrictive case-law still persists today, even though the statutory label attributing a certain nature to a fine is considered by the Court in Strasbourg, and in other fields of law, by the same Court of Justice, only a residual criterion.101 Indeed, outside of competition law, the CJEU adoption of the Engel criteria has been much more explicit, starting from the 2009 Spector decision, concerning a preliminary ruling in a Belgian insider dealing case, where the Court recognized the substantial criminal nature of the applicable sanctions “in the light of the nature of the infringements at issue and the degree of severity of the sanctions which may be imposed”.102 The Engel criteria had also been applied by the CJEU in other preliminary rulings, such as the 2012 Bonda case, concerning administrative penalties at EU level on recipients of agricultural aid103; in the landmark decision Fransson (2013),104

 Cf. Volkswagen v Commission, Case C-338/00 P, 18.09.2003, ECLI:EU:C:2003:473, §§ 96–97; Compagnie maritime belge v Commission, Case T-276/04, 1.07.2008, ECLI:EU:T:2008:237, § 66. 99  Cf. Waelbroeck and Frignani (1997), p. 419 and references; Legros (1964), p. 194. 100  Article 23(5), Council Regulation (EC) No 1/2003 of 16.12.2002 on the implementation of the rules on competition laid down in Articles 81 and 82 of the Treaty, which was already contained also in the previous version of the Regulation, see Article 15(4) Regulation No 17: First Regulation implementing Articles 85 and 86 of the Treaty, of 6.02.1962. 101  Cf., e.g., Shell v Commission, Case T-11/89, 10.03.1992, ECLI:EU:T:1992:33, §§ 39 and 349; Tetra Pak International SA v Commission of the European Communities, Case T-83/91, 6.10.1994, ECLI:EU:T:1994:246, § 235; Cimenteries Cbr and Others v Commission, Joined Cases T-25/95, T-26/95, T-30/95 TO T-32/95, T-34/95 TO T-39/9S, T-42/95 TO T-46/95, T-48/95, T-50/95 TO T-65/95, T-68/95 TO T-71/95, T-87/95, T-88/95, T-103/95 and T-104/95, 15.03.2000, ECLI:EU:T:2000:77, § 718; HFB Holding für Fernwärmetechnik Beteiligungsgesellschaft mbH & Co. KG and Others v Commission, Case T-9/99, 20.03.2002, ECLI:EU:T:2002:70, § 390; Schindler Holding Ltd and others, Case T-138/07, 13.07.2011, ECLI:EU:T:2011:362, § 54; Bolloré v European Commission, Case T-372/10, 27.07.2012, ECLI:EU:T:2012:325, § 54; Coats Holdings Ltd v European Commission, Case T-439/07, 27.06.2012, ECLI:EU:T:2012:320, §§ 169 and 171; and, de facto, in Powszechny Zaklad Ubezpieczen na Zycie S.A., Case C-617/17, 3.04.2019, ECLI:EU:C:2019:283. 102  Spector Photo Group, Case C-45/08, 23.12.2009, ECLI:EU:C:2009:806, § 42; cf., e.g., Tison and Vandendriessche (2010); Hansen (2010), pp. 98–105. 103  Criminal proceedings against Łukasz Marcin Bonda, 5.06.2012, C-489/10, ECLI:EU:C:2012:319, § 36–46; see also Opinion of Advocate General Kokott, in Case C-489/10, delivered on 15.12.2011, §§ 42–71. 104  Judgement in Åklagaren v Hans Åkerberg Fransson, C-617/10 [GC], 26.02.2013, ECLI:EU:C:2013:280, §§ 35–37 (analysed below with regard to the scope of application of the Charter and to the extent of the ne bis in idem protection in the EU legal order, see Sect. 2.3.3). 98

2.3  The Interaction Between Administrative and Criminal Matter

29

and in Menci (2018),105 both concerning double-track proceedings in tax matter; and in two decisions on market abuse, Garlsson Real Estate SA and Di Puma-Zecca (both from 2018106). In Bonda and Fransson, in particular, the Court clearly declared the need to apply the Engel criteria also in the interpretation of EU law, even though—as highlighted by Advocate General Campos Sánchez-Bordona—the Court’s implementation of the criteria differs: While in Bonda “it applied the Engel criteria itself before accepting that the administrative penalty imposed on farmers in receipt of unlawful aid was criminal in nature; in the latter […] the Court referred the application of those criteria” to the national court.107 This second approach was confirmed but partially amended in Menci and Garlsson where, referring to its previous jurisprudence on the matter of immigration,108 the CJEU reminded how “although it is for the referring court to assess, in the light of those criteria, whether the criminal and administrative proceedings and penalties at issue in the main proceedings are criminal in nature for the purposes of Article 50 of the Charter, the Court, when giving a preliminary ruling, may nevertheless provide clarification designed to give the national court guidance in its assessment”.109 In this sense, the CJEU, substantially reproducing the case-law of the Court in Strasbourg, confirmed the residual value of the first Engel criterion, and recommended that, in the assessment concerning the second (intrinsic nature of the offence), the mere fact that a penalty pursues not only punitive but also deterrence purposes does not per se make it administrative in substance, while, “by contrast, a measure which merely repairs the damage caused by the offence at issue is not criminal in nature”. In Garlsson, in particular, the CJEU affirmed how a penalty that “may, in certain circumstances […] be increased by up to 3 times its amount or up to an amount 10 times greater than the proceeds or profit obtained from the offence” and that ­moreover “always involves the confiscation of the product or the profit gained as a  Criminal proceedings against Luca Menci, Case C-524/15, 20.03.2018, ECLI:EU:C:2018:197, §§ 26–33, cf. Galluccio (2018). 106  Garlsson Real Estate SA and Others v Commissione Nazionale per le Società e la Borsa (Consob), Case C-537/16, 20.03.2018, ECLI:EU:C:2018:193, §§ 28–35; Enzo Di Puma v Commissione Nazionale per le Società e la Borsa (Consob) and Commissione Nazionale per le Società e la Borsa (Consob) v Antonio Zecca, Joined Cases C-596/16 and C-597/16, 20.03.2018, ECLI:EU:C:2018:192, § 38; cf. Galluccio (2018). 107  Cf. Opinions of Advocate General Campos Sánchez-Bordona, delivered on 12.09. 2017, in case Menci (C-524/15), §§ 28–31 and note 20; in case Garlsson Real State SA (C-537/16), §§ 62–68; and in Joined cases Di Puma (C-596/16) and Zecca (C-597/16), §§ 58–63. See Simonato (2017). 108  Bashir Mohamed Ali Mahdi, Case C-146/14 PPU, 5.06.2014, ECLI:EU:C:2014:1320, §§ 79 and case-law there cited. 109  Cf. Menci, Case C-524/15, § 27; Garlsson Real Estate SA, Case C-537/16, § 29. This interpretation was also supported by Advocate General Campos Sánchez-Bordona, that called for a smoother application of the Engel case-law at national level, encouraging the Court to provide some additional criteria (Opinions cit., especially in Menci, §§ 110–119). 105

30

2  Finding the Way in a Complex Multi-Level Legal Framework

result of the offence and the goods used for the commission thereof […] is not only intended to repair the harm caused by the offence” but pursues also a punitive purpose and accordingly, possess a substantial criminal nature.110 With regard to the third Engel criterion, the Court also recognised that fines consisting “of 30%” of the tax due or which can be of an amount “up to 10 times greater than the proceeds or profit obtained” have a “high degree of severity which is liable to support the view that that penalty is of a criminal nature”.111 The CJEU, therefore, although formally leaving the determination of the criminal matter to national judges, de facto requires an harmonized interpretation of the latter, mostly based on sub-criteria that seem to be aligned (at least, so far) with those developed by the European Court on Human Rights. This conclusion allows to question the aforementioned interpretation of the CJEU over the nature of some competition fines. Indeed, already during the negotiations of Regulation 1/2003, the European Parliament considered “probable” that “the fines which can be imposed by the Commission come to be regarded as criminal penalties for the purposes of Article 6” ECHR.112 Their classification as merely administrative has been considered questionable by legal scholars,113 former members of the Court,114 and the same Commission.115 A substantial “sanctionative” nature to competition fines has also been recognized in several Opinions submitted before the Court by different Advocates General in the last two decades.116  Cf. Menci, Case C-524/15, § 31; Garlsson Real Estate SA, Case C-537/16, §§ 33–34.  Cf. Menci, Case C-524/15, § 33; Garlsson Real Estate SA, Case C-537/16, § 35. 112  European Parliament position, 1st reading or single reading, OJ [2002] C 72/236, 21.03.2002. 113  See, among others, Bronckers and Vallery (2011), p. 542; Ehlermann (1994); Slater et al. (2008), pp. 7–8; Jones and Sufrin (2016), pp. 897–898 and literature mentioned there, reporting how “in the EU it had already been generally accepted that the Commission’s fining procedures were ‘criminal’ within Article 6 ECHR”; D’Ambrosio (2017), p. 1032. 114  Cf. Everling (2007), pp. 773–789; Id. (2008), pp. 527–531. 115  Cf. Wils (2004), p. 209, according to which “it appears difficult to deny that the application of the criteria set out in the case law of the European Court of Human Rights leads to the conclusion that proceedings based on Regulation No 1/2003, leading to decisions in which the Commission finds violations of Articles 81 or 82 EC, orders their termination and imposes fines relate to “the determination of a criminal charge” within the meaning of Article 6 ECHR”; Veenbrink (2015), p. 131. 116  See Advocate General Ruiz-Jarabo Colomer in the Cement cases (cf. also below, Sect. 2.3.3); Opinion of Adovcate General Sharpston, delivered on 10.02.2011, in Case C-272/09 P, KME Germany AG, KME France SAS and KME Italy SpA v European Commission, ECLI:EU:C:2011:63, §§ 60–67 and in particular § 64 “In the light of those criteria, I have little difficulty in concluding that the procedure whereby a fine is imposed for breach of the prohibition on price-fixing and markeT-sharing agreements in Article 81(1) EC falls under the ‘criminal head’ of Article 6 ECHR as progressively defined by the European Court of Human Rights”; Opinion of Advocate General Ruiz-Jarabo Colomer, delivered on 11.02.2003, in Case C-217/00 P, Buzzi Unicem v Commission, ECLI:EU:C:2003:83, § 29: “The procedure for finding infringements of Articles 81 EC and 82 EC is sanctionative by nature. As well as putting an end to anti-competitive practices, it seeks to punish the conduct which gave rise to them and confers on the Commission the power to impose financial penalties on those responsible. To that end, the Commission has wide powers of investigation and inquiry but, precisely because of that nature and because one and the same body is invested with 110 111

2.3  The Interaction Between Administrative and Criminal Matter

31

2.3.1  M  anaging the Risk of Transnational Bis in idem: Double Jeopardy Clause in the US Federal Legal System In Europe, as it will be further illustrated, the application of the Engel case-law brought disruptive effects on one of the most critical profiles concerning the interaction between administrative and criminal matters: The principle of ne bis in idem. This profile, however, is also extremely problematic in legal contexts, like the United States, where the definition of criminal matter is still linked to formal, rather than substantial parameters. The enforcement of the prohibition of bis in idem has long been recognized as a fundamental right by several international, regional and national legal sources.117 Already considered a severe risk with regard to stricto sensu criminal proceedings, multiple prosecutions and/or punishment become particularly significant in the context of transnational relationships, and multi-disciplinary regulations, which present a number of “systemic disadvantages” for the subjects under investigation, starting from a shuttling among jurisdictions, courthouses and independent authorities which causes a loss of “whatever minimal sense of stability, reliability, and security a defendant would have been able to muster in the case of successive single-­ sovereign prosecutions”.118 A poor regulation of multiple proceedings, however, may result detrimental also under a prosecutorial point of view. In a time in which a huge part of financial investigation involves authorities belonging to different countries, the shortage of common criteria for allocating jurisdiction at the transnational level (among national judicial authorities, and among the latter and national administrative authorities) risks resulting in a “first come first served”119 approach, which is neither adequate in guaranteeing the defence its fundamental rights, nor efficient in fighting crime. the power to conduct investigations and the power to take decisions, the rights of defence of those subject to the procedure must be recognised without reservation and respected”; Opinion of Advocate General Léger, delivered on 3.02.1998, in Case C-185/95 P, Baustahlgewebe GmbH v Commission of the European Communities, ECLI:EU:C:1998:37, at 31 “It cannot be disputed— and the Commission does not dispute—that, in the light of the case-law of the European Court of Human Rights and the opinions of the European Commission of Human Rights, the present case involves a ‘criminal charge’”; Opinion of Advocate General Vesterdorf, delivered on 10.07.1991, in Case T-1–4 and 6–15/89, Rhône–Poulenc SA v Commission of the European Communities, ECLI:EU:T:1991:38, pp. 884–885 “In view of the fact—in my view confirmed to some extent by the judgment of the Court of Human Rights in the Öztürk case10—that the fines which may be imposed on undertakings pursuant to Article 15 of Regulation No 17/62 do in fact, notwithstanding what is stated in Article 15(4), have a criminal law character […]”. 117  Such as Article 14(7) of the International Convenant on Civil and Political Rights of 19 December 1995 (United Nations, Treaty Series, vol. 999, p. 171); Article 20 of the Rome Statute establishing the International Criminal Court (UN Doc A/CONF 183/9). For an historical reconstruction of the origin of the principle see, e.g., Dissenting Opinion of Judge Pinto De Albuquerque in ECtHR, A and B v Norway, 15.11.2016, Applications nos. 24130/11 and 29758/11, §§ 3–15; see also Nascimbene (2018). 118  Cf. Adler (2014), p. 475. 119  Luchtman and Vervaele (2014a), p. 219; Luchtman (2017), p. 194; Luchtman (2013).

32

2  Finding the Way in a Complex Multi-Level Legal Framework

Indeed, against this background, it is totally possible for one jurisdiction to bar prosecution in another one simply carrying out faster proceedings (criminal or administrative), or even using “sham” trials or sanctions.120 The issue emerges quite critically in multi-level systems, whose organization in multiple local and central structures brings, by definition, much more internal conflicts.121 That is true for the US, which presents a model with a clear separation between federal and local jurisdictions, and it is even more evident in the European Union, which is not equipped by an autonomous judicial system, and where such a distinguishing is far more blurring to detect, as often also in matters falling within the competence of the Union, the law applicable to a concrete case derives from the combination of EU and national provisions.122 In addition, the EU still lacks an efficient regulation on the prevention and settlement of transnational conflicts of jurisdiction in criminal proceedings. To be precise, Council Framework Decision 2009/948/JHA has created an obligation for Member States to enter direct consultations in case the existence of parallel proceedings is established, in order to reach a consensus on the State where to allocate them.123 Whether it is not possible to find an agreement, the Framework Decision identifies in Eurojust the subject with the power to decide over such conflicts.124 However, according to the Decision, Eurojust’s written opinions do not have binding value over the conflicting parties, and thus they do not really constitute an effective tool in this field, unless the latter are already prone to agree upon a common solution.125 Given this context, both in the US and in the EU, the protection provided against double jeopardy assumes a pivotal role in shaping the practical development of an investigation, and especially the real degree of guarantees that the parties involved in it can rely upon. In the US, the ne bis in idem principle arises above all from the Fifth Amendment of the Constitution, which states that “nor shall any person be subject for the same offense to be twice put in jeopardy of life or limb”.126 There are two main elements of this provision that shall be underlined in light of the case-law of the US Supreme

 Cf. Adler (2014), p. 477.  For the notion of multi-level systems and their relevance to this analysis cf. below Sect. 2.4. 122  On the hybrid nature of EU law, see below Sect. 2.4. 123  Cf. Article 10, Council Framework Decision 2009/948/JHA of 30.11.2009 on prevention and settlement of conflicts of exercise of jurisdiction in criminal proceedings. 124  Cf. Article 12(2), Council Framework Decision 2009/948/JHA. 125  Cf. Article 7(2), Council Decision 2009/426/JHA of 16.12.2008 on the strengthening of Eurojust and amending Decision 2002/187/JHA setting up Eurojust with a view to reinforcing the fight against serious crime. For an analysis of the issue see, e.g., Vervaele (2013a), p. 173; Id. (2017), pp. 180–183; Amalfitano (2017), pp. 1027–1028; Id. (2009), p. 1293 et seq. 126  The principle is also provided, with little practical effect on US courts, by the American Convention on Human Rights (as interpreted by the Inter-American Court of Human Rights), cf. Article 8(4), American Convention on Human Rights: “An accused person acquitted by a nonappealable judgment shall not be subjected to a new trial for the same cause”. 120 121

2.3  The Interaction Between Administrative and Criminal Matter

33

Court (USSC), which may be dated back to the 1873 case Ex Parte Lange.127 First, although the text explicitly mentions only proceedings threatening “life or limb”, the protection of the Fifth Amendment has been extended to all felonies, misdemeanours and juvenile offenses, regardless from the kind of punishment prescribed. Second, when it comes to the definition of idem, the US Constitution clearly opted for a formal criterion, that is the legal qualification of the conduct (“same offence”), rather than focusing on the recognition of the “same fact”.128 At federal level, the most renowned criteria applied by the USSC to define the concept of “sameness” have been famously established in the 1932 decision Blockburger v United States. Under that decision, “A single act may be an offense against two statutes; and if each statute requires proof of an additional fact which the other does not, an acquittal or conviction under either statute does not exempt the defendant from prosecution and punishment under the other”.129 Accordingly only if offences contain identical elements or if one is a lesser-included offense of the other, they are considered as the same offence. This interpretation has been criticized under opposite perspectives.130 From one side, one could argue that Blockburger established a too-broad criterion, as the possibility to “irrebuttably bar also proceedings for not exactly the same offence” (such as attempted murder, and premeditated murder; robbery and armed robbery) represents an obvious violation of the very letter of the Constitution.131 On the contrary, it could also be claimed that the test unreasonably limits the level of protection granted by the Fifth Amendment, since Blockburger makes possible for the same subject to be prosecuted multiple times for the same conduct as long as the charged offences are “sufficiently” differentiated in the applicable legislation (such as, for instance, prosecution for continuing criminal enterprise against a subject who had already been convicted of a lesser-included predicate drug felony132). According to some authors, the test does not deprive defendants from their rightful constitutional protection, as the double jeopardy clause is supplemented by “several broader but more flexible commonsense principles protected by the Due Process Clause” expressed by the Fourteenth Amendment, such as the principle of

 85 U.S. 163 (1873). In that case, even if the relevant statute only authorized one of two punishments (fine or imprisonment), the defendant was convicted with both. The decision was overruled by the Supreme Court. The caselaw was confirmed also over the years, see e.g., North Carolina v. Pearce, 395 U.S. 711, 716-18 (1969); and Whalen v. United States, 445 U.S. 684, 689 (1980) according to which, “If a federal court exceeds its own authority by imposing multiple punishments not authorized by Congress, it violates not only the specific guarantee against double jeopardy, but also the constitutional principle of separation of powers”. 128  Cf., e.g., Böse (2017), p. 211 et seq. 129  284 U.S. 299 (1932), in conformity with the Supreme Court of Massachusetts in Morey v Commonwealth, 108 Mass. 433 (1871). 130  Contra, affirming that Blockburger represents an example that should be followed also by the European Court on Human Rights, see Trechsel (2005), p. 398. 131  Cf., e.g., Amar (1997), p. 1819. 132  As occurred in Garrett v. United States, 471 U.S. 773 (1985). 127

34

2  Finding the Way in a Complex Multi-Level Legal Framework

collateral estoppel,133 “and by certain other rules and principles rooted in the Sixth Amendment Jury Trial Clause”.134 For others, instead, this goal could be achieved thanks to a non-literal interpretation of Blockburger, which should lead courts to take a “functional approach” that, comparing different statutes, support them in discerning whether the latter substantively describe the same offense. This approach should be based on a clear identification of the interests involved, allowing multiple prosecution only as much as it is necessary to vindicate those which have not already been vindicated by a State in the first proceeding.135 Besides for the academic debate however, over the years the Supreme Court has generally confirmed the validity of the Blockburger test, with a few relevant detours. The best-known exception in this sense is the 1990 five-to-four votes decision Grady v Corbin, a proceeding in which the defendant, driving while being drunk, killed one person and seriously injured another. In that case, the Court acknowledged that under Blockburger, for the same conduct the defendant could have been tried already four times (for failure to keep right of the median, for driving while intoxicated, for assault, and for homicide). To avoid this effect, the USSC upheld the defendant’s argument according to which the Double Jeopardy clause barred a later prosecution for reckless manslaughter and criminally negligent homicide, once Corbin had already plead guilty for traffic infringements.136 The Court explicitly stated that “[A] technical comparison of the elements of the two offenses as required by Blockburger does not protect defendants sufficiently from the burdens of multiple trials […] Thus, a subsequent prosecution must do more than merely survive the Blockburger test […] The double-jeopardy clause bars any subsequent prosecution in which the government, to establish an essential element of an offense charged in that prosecution, will prove conduct that constitutes an offense for which the defendant has already been prosecuted”.137 But this substantive overruling did not last long. No later than in 1993, in another five-to-four decision, United States v Dixon, the Supreme Court affirmed that although it “does not lightly reconsider precedent, it has never felt constrained to follow prior decisions that are unworkable or badly reasoned”. Specifically, Grady was accused by the Court of having “contradicted an unbroken line of decisions”, “produced confusion”, and “proved unstable in application”.138  Collateral estoppel is “A doctrine barring a party from relitigating an issue determined against that party in an earlier action, even if the second action differs significantly from the first one” cf. Garner (2014), p. 318. 134  Cf. Amar (1997), p. 1809. 135  Adler (2014), pp. 451–483. 136  Against a similar conclusion, in the European academic debate, e.g. authoritatively Cordero (2012), p. 1204 et seq. 137  495 U.S. 508 (1990). 138  509 U.S. 688 (1993), according to which: “The double-jeopardy clause’s protection attaches in non-summary criminal contempt prosecutions just as it does in other criminal prosecutions. In the contexts of both multiple punishments and successive prosecution, the double–jeopardy bar applies if the two offenses for which the defendant is punished or tried cannot survive the ‘same elements’ or ‘Blockburger’ test”. 133

2.3  The Interaction Between Administrative and Criminal Matter

35

This criticism was shared also by distinguished scholars, which first pointed out how the reasoning of Grady was not apt to the facts of the concrete proceedings, where no prejudice for the defendants was at stake.139 Moreover, the overruling was not considered necessary in light of the Ashe doctrine, according to which the government is barred by the collateral estoppel principle from relitigating an issue of fact resolved in the defendant’s favour, while defendants remain free to contest issues already decided in favour of the government: That gives “the state a strong disincentive to split one case into four for strategic reasons. Whenever the state prevails on a contested issue in the first trial, it will have to prove it all over again in later trials, but if it loses once on an issue, it loses forever”.140 Reconsidered its previous orientation, the Supreme Court thus reinstated the Blockburger test as the unique criteria upon which to evaluate potential violations of the principle of ne bis in idem. The following year, however, the USSC with Department of Revenue v. Kurth Ranch again issued a somehow ambiguous decision on the matter, and especially on the relationship between criminal and civil law sanctions.141 The case concerned several members of the Kurth family, finally convicted by the State of Montana for drugs charges, and then pressed by the same State with civil charges based on a special civil law imposing particular taxes on illegal drugs. In this decision, the Supreme Court adopted an idea of sameness which clearly departed from the formalistic approach of Blockburger. Taking into account that both proceedings concerned the same “conduct”, the USSC in fact recognized a violation of the principle of ne bis in idem in the carrying out of the civil trial, and accordingly nullified it. In the following years, however, the Blockburger test continued to be applied by the Supreme Court,142 and its criteria achieved great success also beyond the federal level, being adopted as the criteria to determine violation of double jeopardy also by the majority of state jurisdictions.143 Against this case-law, a few further fundamental considerations should be kept in mind to correctly understand the effectiveness of the protection from bis in idem in the US. First, since its 1833 landmark decision Barton v. Baltimore, the Supreme Court affirmed that the Federal Bill of Rights, including the Fifth Amendment, applies at federal level, but does not bind State legislators or judiciary.144 The recognition of double jeopardy clause at State level was acknowledged only in 1969, when the Court stated that such obligation could derive from the Due Process Clause of the Fourteenth Amendment.145

 Amar (1997), pp. 1831–1835.  Cf. Ashe v. Swenson, 397 U.S. 436, 453 (1970). 141  114 S. Ct. 1937 (1994). 142  Cf., e.g., Texas v. Cobb, 532 U.S. 162 (2001). 143  For a complete list, see Klein (2000), notes 44–49. 144  32 U.S. (7 Pet.) 243 (1833). See also Fox v. Ohio, 46 U.S. (5 How.) 410 (1847). 145  Benton v. Maryland, 395 U.S. 784 (1969). 139 140

36

2  Finding the Way in a Complex Multi-Level Legal Framework

However, already in the 1852 case Moore v. Illinois, the USSC considered that “every citizen of the United States is also a citizen of a State or territory. He may be said to owe allegiance to two sovereigns, and may be liable to punishment for an infraction of the laws of either. The same act may be an offence or transgression of the law of both”.146 On such basis, the Supreme Court elaborated the so-called “dual sovereignty doctrine”. As explained in the 1985 decision Heath v. Alabama, this theory affirms that “When a defendant in a single act violates the “peace and dignity” of two sovereigns by breaking the laws of each, he has committed two distinct “offences.” As the Court again explained in Moore v. Illinois, “[a]n offence, in its legal signification, means the transgression of a law.” Consequently, when the same act transgresses the laws of two sovereigns, “it cannot be truly averred that the offender has been twice punished for the same offence; but only that by one act he has committed two offences, for each of which he is justly punishable””.147 Following this case-law, which applies also if the offenses at stake contain identical elements or even if they are expressed at statutory level with identical wording, in the US currently the prohibition of bis in idem does not enjoy basically any transnational dimension, that is the protection proves effective only within the federal or the domestic level in which the proceeding has been carried out. In practice therefore, whilst nobody in principle shall be tried twice for the same offense, in the US a same defendant could be legitimately prosecuted for separate crimes arising from the same underlying facts first at federal and then at State level, or vice versa, or in different States; a situation which is far from been uncommon.148  Moore v. Illinois, 55 U.S. (14 How.) 13 (1852), at 20.  Heath v. Alabama, 474 U.S. 82, 88 (1985) (citations omitted). For an analysis of the dual– sovereignty­doctrine, see Amar and Marcus (1995), proposing to abolish the dual sovereignty doctrine except for offenses “committed by state officials and implicating the federal government’s unique role under Section 5 of the Fourteenth Amendment”; cf. also Dawson (1992); Hellmann (1994). 148  For a reference on the impact of the doctrine, cf., e.g., Adler (2014), p. 456, note 27 where he reports the following cases “Heath v. Alabama, 474 U.S. 82 (1985) (Alabama obtained a conviction and the death penalty after the defendant pleaded guilty to avoid the death penalty in Georgia); United States v. Wheeler, 435 U.S. 313 (1978) (a defendant pleaded guilty in a tribal court to disorderly conduct and contributing to delinquency of a minor, only to be charged by the federal government for statutory rape); Abbate v. United States, 359 U.S. 187 (1959) (defendants pleaded guilty in Illinois to conspiring to destroy property and were subsequently charged and convicted by the federal government for conspiring to destroy a telephone system); United States v. Lanza, 260 U.S. 377 (1922) (defendants were convicted of and punished for violating state prohibition laws in Washington and were then charged for the same offense by the federal government); United States v. Ng, 699 F.2d 63 (2d Cir. 1983) (defendants pleaded guilty to state firearms charges in Massachusetts and were then convicted of federal firearms charges); United States v. Grimes, 641 F.2d 96 (3d Cir. 1981) (Grimes was found guilty of armed robbery by the federal government and was sentenced to twenty years in prison; he then pleaded guilty to state charges for the same offense and received an additional twenty-two to twenty-four year prison sentence, to be served consecutively); Evans v. State, 481 A.2d 1135 (Md. 1984) (defendants were convicted in federal court of conspiracy to violate victims’ civil rights and were then indicted in state court for murder and conspiracy to commit murder for the same offense); Commonwealth v. Mills, 286 A.2d 638 146 147

2.3  The Interaction Between Administrative and Criminal Matter

37

Unsurprisingly, the dual sovereignty doctrine has been, and still is harshly criticized at the academic level due to its detrimental effects on the defendant(s), for which it has been defined as a “giant blind spot in double jeopardy jurisprudence”.149 Nonetheless, the doctrine remains in place, significantly reducing the impact of the Double Jeopardy Clause. This is not however the only reason why protection from double prosecution and punishment is not extremely effective in the US. The moment from which it is possible to invoke this right shall also be taken into account. Indeed, following the USSC case-law, if someone is charged with a crime, the Double Jeopardy Clause attaches at different points depending on the type of case and its procedural posture: Once the jury is sworn,150 (in cases requiring a jury, despite some recommendations to anticipate it since the moment of the indictment)151; when the first witness is sworn (for cases tried by a judge without a jury); when the court first hears evidence in a juvenile proceeding; or when the court accepts a plea agreement between a defendant and a prosecutor.152 This last case is especially relevant since, as renowned, in the US over 90% of State and federal prosecutions end with plea bargains, inasmuch as the Supreme Court had declared that the latter “is the [US] criminal justice system”.153 According to Rule 11 Fed. R. Crim. P., trial judges enjoy discretion to accept or reject the terms of most plea bargains, a power which does not end until the sentence has been enforced.154 A particularly critical situation thus emerges in case the plea is first accepted, but then vacated ex officio by the court. (Pa. 1971) (defendants pleaded guilty to federal bank robbery charges and were then convicted under a similar state statute in Pennsylvania)”. See also Henning (2012). 149  Adler (2014), p. 483. See also pp. 450–451, where the author reports how scholars either opted for the doctrine to be totally abolished (see, e.g., Cranman (2000); Braun (1992)); replaced (see, e.g., Camina (1981), proposing a system that would avoid successive state-federal prosecutions by allowing the federal government to intervene and selectively preempt a state prosecution); or modified (see, e.g., Amar and Marcus (1995), proposing to abolish the dual sovereignty doctrine except for offenses committed by state officials and implicating the federal government’s unique role under Section 5 of the Fourteenth Amendment). 150  See Crist v. Bretz, 437 U.S. 28, 32–38 (1978). According to early American doctrine, the Clause attached once the jury renders its verdict, see Story (1991), pp. 659–660. 151  See Amar (1997), p. 1808 et seq. 152  Cf. United States v. Jerry, 487 F.2d 600, 606 (3d Cir. 1973); United States v. Vaughan, 715 F.2d 1373, 1378 n.2 (9th Cir. 1983); United States v. Patterson, 381 F.3d 859, 864 (9th Cir. 2004) (citing Vaughan, 715 F.2d at 1378 n.2); see also Hammond (2005), pp. 467–468. 153  Cf. Missouri v. Frye, 132 S. Ct. 1399, 1407 (2012), as reported by Chinn (2013). The Court recognized that 97% of convictions in the federal system and 94% of convictions in the state system result from guilty pleas. As it has been highlighted, the high rate of guilty pleas signifies widespread judicial acceptance of the assumption “that the screening processes operated by police and prosecutors are reliable indicators of probable guilt”, cf. Packer (1964), p. 11. 154  Full discretion is granted for agreements to move for dismissal or not to bring other charges (Rule 11(c)(1)(A)) and agreements to “recommend, or agree not to oppose the defendant’s request, that a particular sentence or sentencing range is appropriate or that a particular provision of the Sentencing Guidelines, or policy statement, or sentencing factor does or does not apply” (Rule 11(c)(1)(B)). The only type of plea which binds the court once it is accepted is that in which the

38

2  Finding the Way in a Complex Multi-Level Legal Framework

In this case, in fact, the traditional rule according to which “after a court accepts defendant’s guilty plea to a lesser included offense, prosecution for the greater offense violates the Double Jeopardy Clause”155 has been partially overruled by the jurisprudence following the 1984 USSC decision Ohio v. Johnson.156 Indicted of involuntary manslaughter, grand theft, murder and aggravated robbery, Mr. Johnson pleaded guilty to the first two charges—a plea which was accepted by the Court despite of the objection of the prosecutor. On review, the Supreme Court rejected the motion of the defendant for the dismissal of the remaining offences on the basis that this would violate his Double Jeopardy protection. The Court affirmed that he did not have an interest in finality or in protection from prosecutorial overreaching in this case, and thus could not make an “offensive use” of the guilty plea and of the prohibition of bis in idem “as a sword to prevent the State from completing its prosecution on the remaining charges”.157 The specific circumstances of this case, however, appear to have been overlooked in its following application.158 In United States v. Soto, just to mention one, the First Circuit did not take into account the difference between an ordinary and an “offensive” use of plea bargains by the defendant. On the contrary, the Court stated that “[u]nderlying Johnson is the proposition that an acceptance of a guilty plea is legally different from a conviction based on a jury’s verdict”. Thus, since the judges’ “mere acceptance of a guilty plea does not carry the same expectation of finality and tranquillity that comes with a jury’s verdict or with an entry of judgment and sentence”, the Court concluded that “jeopardy did not attach when the district court accepted the guilty plea to the lesser included offense and then rejected the plea without having imposed sentence and entered judgment”.159 As a result of this over-broad reading of Johnson, defendants pleading guilty may see their Double Jeopardy protection been “essentially stripped” in cases where their plea is vacated by the court on its own motion.160

prosecution and defendant agree on “a specific sentence or sentencing range… or that a particular provision of the Sentencing Guidelines, or policy statement, or sentencing factor does or does not apply” (Rule 11(c)(1)(C)), cf. also Chinn (2013), pp. 300–301. 155  Morris v. Reynolds, 264 F.3d 38 (2d Cir. 2001), at 49. 156  Ohio v. Johnson, 467 U.S. 493 (1984). 157  Ohio v. Johnson, p. 502. 158  Cf. Chinn (2013), p. 302. 159  United States v. Soto, 825 F.2d 616, 620 (1st Cir. 1987), pp. 619–620. In this case, Mr. Soto, a postal service inspector, pleaded guilty to a misdemeanor charge of obstructing the passage of correspondence, but professed his innocence. Ex officio, the judge decided to dismiss the charges and the plea. About 4 months later, Mr. Soto was indicted by a grand jury on two felony charges related to the previous allegations: theft of mail matter and obstruction of correspondence; his motion to dismiss the charges was denied and he was he was found guilty by the jury. 160  As it has been pointed out by many authors, see e.g. Chinn (2013), p. 305. Supporting the need to increase protection from double jeopardy in plea bargains also Adler (2014), p. 472 et seq. On the topic see also Goode (2012).

2.3  The Interaction Between Administrative and Criminal Matter

39

Lastly, a third element shall be taken into account, especially in a comparative view with the European legal framework. As much as the aforementioned Kurth case seemed to open towards a substantive approach in the definition of criminal matter, since its 1938 decision Helvering v. Mitchell, the Supreme Court generally tends not to recognize violation of the Double Jeopardy Clause when punitive but not formally criminal proceedings are involved, even if they are carried out by authorities or entities with a clear competence in criminal matter, such as law-enforcement, or if they entail a punitive content.161 A clear example in this sense is provided by “civil-assets forfeiture” or “in rem” proceedings. Provided for, at federal level, by several provisions, such as 15 U.S.C. § 1177 (concerning gambling), 16 U.S.C. § 1860 (fishery), 18 U.S.C. § 981 (e.g. money laundering, monetary transactions in property derived from specified unlawful activity, prohibition of unlicensed money transmitting businesses), 21 U.S.C. § 881 (e.g. controlled substances), civil forfeiture consists in the power to confiscate private property, such as vehicles, money, or buildings, characterized by an alleged link with criminal activities.162 In practice however, due to the complexity of this legal institute and of its legal basis, the connection between the specific crime at stake and the confiscated thing(s) results highly discretional, and the consequences of the forfeiture extremely punitive if examined from the perspective of the affected individuals–not necessarily limited to those suspected of having committed a crime (for instance several are the cases in which family houses were forfeited for the mere cause that marijuana was hidden or processed inside, e.g. by a minor163). Moreover, unlike criminal forfeiture, civil forfeiture does not really require a conviction or even a criminal charge towards the owner of the thing(s) to be carried out—actually in most cases, people to whom property had been seized were never criminally charged.164 Following this lack of personal liability, forfeiture proceedings are not brought against people, but against the confiscated property (giving proceedings names such

 Helvering v. Mitchell, 303 US 391 (1938). See also United States v Ward, 448 US 242, 249–250 (1984); United States v Halper, 490 US 435 (1989); Hudson v United States, 552 US 93, 99 (1997). For a brief but complete recollection of the case-law evolution of the USSC on the matter, see Böse (2017), pp. 212–215. 162  For a complete overview on forfeiture in the US federal legal system, see U.S. Department of Justice, Criminal Division, Asset Forfeiture and Money Laundering Section, 2015. https://www. justice.gov/sites/default/files/criminal-afmls/legacy/2015/04/24/statutes2015.pdf. Accessed 18 July 2018. In the EU, a parallel to civil forfeiture might be drawn to a certain extent with the Italian system of misure di prevenzione applicable in the field of organised crime, and established by Legislative Decree no. 159 of 6.09.2011, which results highly critical in light of the ECtHR caselaw, before which several cases have been presented. 163  As reported by Oliver (2014). 164  According to the study published in 1995 by the Republican former congressman Henry Hyde, 80% of people whose property was seized by the federal government were never charged with a crime, cf. Hyde (1995); see also Oliver (2014). 161

40

2  Finding the Way in a Complex Multi-Level Legal Framework

as United States of America v. Eight Thousand Eight Hundred and Fifty Dollars ($ 8,850) in United States Currency, or United States of America … v. An Article … Consisting of 50,000 Cardboard Boxes More or Less, Each Containing One Pair of Clacker Balls, or United States of America v. Approximately 64,695 Pounds of Shark Fins165). However, in order to get their property back, owners of the seized items usually have to prove their innocence, which is a heavy burden of proof considering that they formally are not part of any proceeding, and thus could not even know which (if any) specific criminal offense they have been charged with. Owners are also granted few procedural rights, starting from the fact that civil forfeitures procedure are carried out autonomously by law-enforcement, without the involvement or authorization of any judge. Even more: In 1984, the Comprehensive Drug Abuse and Prevention Act allowed police to keep and spend forfeiture proceeds, providing a direct financial incentive to carry out these proceedings.166 In 1993 the Supreme Court found civil forfeiture to be a form of punishment for purposes of applying the Eighth Amendment’s protection against “excessive fines”.167 In its 1996 decision United States v. Ursery, however, the USSC ruled that ordinary civil forfeiture proceedings, even if “perhaps having certain punitive aspects” shall not be considered a punishment, because they serve “important nonpunitive goals”. Their application, prior, subsequent or in parallel to a criminal proceeding does not therefore represent a premise to invoke a violation of the principle of ne bis in idem.168 As critically pointed out, in Ursery the Court “came close to claiming that the civil suit at hand was merely an in rem action directed against a particular piece of drug-related property itself […] and not against Guy Jerome Ursery himself, the owner and occupant of the house. On this in rem logic, Ursery could not claim that he had ever been previously convicted or acquitted in any way that would bar his criminal prosecution. The rem gimmick here […] can lead to striking injustices if we truly buy into the fiction that the rights of individual persons are not really at stake in in rem actions”.169 Regardless for these critics, so far the USSC has generally narrowed the application of the Double Jeopardy Clause only to stricto sensu criminal proceedings, generally denying this label when civil or administrative sanctions (even extremely

 Cf. Oliver (2014).  Giving raise to what has been defined by the Institute for Justice (IJ), a “policing for profit”, as reported in The Economist explains, What civil-asset forfeiture means, April 15th 2014. https:// www.economist.com/the-economisT-explains/2014/04/14/whaT-civil-asseT-forfeiture-means. Accessed 18 July 2018. 167  Austin v. United States, 509 U.S. 602 (1993). 168  116 S. Ct. 2135, 2142–41 (1996). 169  Cf. Amar (1997), p. 1836: “and so the deepest lesson here is that when the Supreme Court overreads a clause in a prodefendant way, it often sets in motion a chain of events that can result in a rather drastic curtailment of citizens’ rights somewhere else”. 165 166

2.3  The Interaction Between Administrative and Criminal Matter

41

punitive, such as the confiscation of homes through civil forfeiture) are involved.170 Against this background, the effectiveness of the principle of ne bis in idem in the US appears rather patchy, to say the least: As it was perhaps ruthlessly but correctly summarized, in the US “Double Jeopardy Clause provides protection from multiple prosecutions and from multiple punishments. Except when it doesn’t”.171 The situation in Europe, however, is not necessarily much better.

2.3.2  N  e Bis In Idem Protection in the European Convention on Human Rights Relevant limitations in enforcing the principle of ne bis in idem may be observed also in Europe, where the protection from double jeopardy is recognized by several fundamental supranational legal sources. These sources, in fact, show some critical profiles which substantially diminish their effectiveness, especially at the transnational level. The European Convention on Human Rights provides for the principle of ne bis in idem at Article 4, Protocol No. 7, which establishes that “No one shall be liable to be tried or punished again in criminal proceedings under the jurisdiction of the same State for an offence for which he has already been finally acquitted or convicted in accordance with the law and penal procedure of that State”.172 In light of the consolidated case-law of the Court in Strasbourg, this principle includes both the right not to be punished twice (“substantive” notion of ne bis in idem), and that not to be tried twice (“procedural” notion of ne bis in idem).173 Similarly to the fair trial rights provided for in Article 6 ECHR, also the reference to “criminal proceedings” included in this double jeopardy clause shall be read in light of the Engel case-law discussed above.174 In the interpretation of the Court (at least so far) the scope of the two provisions indeed coincides, covering both criminal law stricto sensu and administrative or disciplinary punitive law.175  See, e.g., In re John P., 311 Md. 700, 706, 537 A.2d 263, 266 (1988); In re Blessen H., 392 Md. 684, 706, 898 A.2d 980, 993–94 (2006); even if the possibility to recognize a violation of the double jeopardy clause in case of civil penalty has been admitted exceptionally in United States v Halper, 490 U.S. 435 (1989). 171  Cf. Adler (2014), p. 482; Matz (1997); King (1979); Lopez (2000). 172  Cf. Bleichrodt (2006), p. 983; Trechsel (2005), p. 402; Harris et al. (2014), p. 973. 173  Cf., among others, Franz Fischer v Austria, 29.05.2001, Application no. 37950/97, §§ 25–32; Zolotukhin v Russia, 10.02.2009, Application no. 14939/03 [GC], §110. Although the principle does not prevent from the re-opening of the case if evidence of new or newly discovered facts emerge; on the ambiguity of Article 4 on this issue, see, e.g., Bleichrodt (2006), p. 983; Harris et al. (2014), pp. 971 and 973. 174  See above, Sect. 2.3. On the non-inclusion of the principle of ne bis in idem among fair trial rights, see, e.g., Harris et al. (2014), p. 970. 175  The identity of the notion of “criminal matter” under Articles 6 and 4, Protocol No. 7 ECHR had already been underlined by the Court in Göktan v France, 2.07.2002, Application no. 33402/96, § 170

42

2  Finding the Way in a Complex Multi-Level Legal Framework

Article 4 which, according to the Protocol, cannot be derogated even in time of emergency, however applies (as the whole ECHR) only to proceedings carried out within the same domestic jurisdiction. The Convention is per se lacking any direct transnational application, since so far it can be enforced only within, and not among State jurisdictions.176 Nonetheless, it is undeniable that generally—with all due caution for the different legal contexts, and the specificity of the single cases—the Court in Strasbourg possesses a strong authority in disseminating the content of the Conventional rights also beyond the direct addressees of its decisions. When it comes to the prohibition of double jeopardy, however, the potential transnational effects of the ECtHR caselaw are partially limited by the formal location of the principle. Being established in a Protocol to the Convention, and not in the Convention itself, the prohibition of bis in idem can in principle be enforced only towards those Member States who agreed to ratify it—which currently, even considering just EU countries, do not include Germany, the Netherlands, and the UK.177 The Protocol was not included either in the EU draft Accession Agreement to the ECHR, which refers only to the Convention, and its 1st and 6th Protocols.178 Of the three main elements that compose the principle (“idem”, “bis”, and “final decision”), the latter appears the less problematic in the jurisprudence of the ECtHR.179 Much more controversial, on the other side, is the case-law concerning the first two elements. As far as the interpretation of idem is concerned, the jurisprudence of the Court in Strasbourg highly varied until 2009. In Oliveira, the ECtHR linked the notion to the literal wording to “an offense” contained in Article 4.180 In Franz Fischer, on the other end, the Court did not con48, then restated in the renown cases Zolotukhin v Russia, § 53 and A and B v Norway, § 107, discussed below (although in Knut Haarvig v. Norwey, 11.12.2007, Application no. 11187/05, the Court had added further requirements, then overcome with Zolotukhin, cf. Allegrezza (2012), pp. 897–899). See also Bleichrodt (2006), p. 980; see Trechsel (2005), p. 387; Harris et al. (2014), p. 970; Böse (2017), p. 215 et seq. 176  See also Bleichrodt (2006), p.  980, and case-law there mentioned; Trechsel (2005), p.  385; Harris et al. (2014), p. 973 and, with regard to Article 14(7) of the International Covenant on Civil and Political Rights, Vervaele (2013b), p. 213 et seq. 177  Cf. http://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/117/signatures?p_ auth=MdUPhQMD. Accessed 18 July 2018. 178  Cf. Fifth Negotiation Meeting Between the CDDH Ad Hoc Negotiation Group and the European Commission on the Accession of the European Union to the European Convention on Human Rights, Final Report to the CDDH, Strasbourg, April 5th 2013. https://www.echr.coe.int/ Documents/UE_Report_CDDH_ENG.pdf. Accessed 18 July 2018. Protocols 1 and 6 to the Convention concern, respectively, the right to peaceful enjoyment of property, the right to education, and the right to free elections by secret ballot (ETS No. 009); and the abolition of death penalty (ETS No. 114). 179  Cf., e.g., Nikitin v Russia, 20.07.2004, Application no. 50178/99, §§ 35–36. Cf. Trechsel (2005), pp. 389–390, which has repeatedly identified the concept in the moment in which a decision 933 acquires the force of res judicata according to the applicable national law. 180  Cf., e.g., Oliveira v Switzerland, 30.07.1998, Application no. 25711/94, § 26.

2.3  The Interaction Between Administrative and Criminal Matter

43

sider the legal qualification of the offences, but rather proceeded to a ­comparison between the “essential elements” of the offences at stake.181 Lastly, according to a third interpretation, for instance in the renown Gradinger case, the Court opted for a more substantive approach, took into account whether the proceedings or the sanctions concerned the “same conduct”.182 All these interpretations were considered by the ECtHR in the 2009 landmark decision Sergey Zolotukhin v. Russia, where the Grand Chamber, trying to harmonize its approach to the matter, stated that “the use of the word “offence” in the text of Article 4 of Protocol No. 7 cannot justify adhering to a more restrictive approach” and reiterated “that the Convention must be interpreted and applied in a manner which renders its rights practical and effective, not theoretical and illusory”. In this sense, the Court noted that “the approach which emphasises the legal characterisation of the two offences is too restrictive on the rights of the individual, for if the Court limits itself to finding that the person was prosecuted for offences having a different legal classification it risks undermining the guarantee enshrined in Article 4 of Protocol No. 7 rather than rendering it practical and effective as required by the Convention”.183 With this perspective, and contrary to the US Supreme Court, in 2009 the ECtHR hence opted for a wider protection of the principle, ruling that the assessment over the idem shall not depend on the legal qualification of the offence, nor on a formal comparison between its “essential elements”, but rather on a fact-­based analysis. Accordingly, potential violations of ne bis in idem are now to be acknowledged also when different offences are notified to the same subject, as long as they arise from identical or substantially identical factual circumstances “involving the same defendant and inextricably linked together in time and space, the existence of which must be demonstrated in order to secure a conviction or institute criminal proceedings”.184 Since 2009, this interpretation has been repeatedly confirmed by the ECtHR, at least explicitly, although some doubts might emerge with regard to the most recent case-­ law on the matter, as will be hereinafter analysed. Much more controversial, on the other side, appears the jurisprudence of the Court concerning the notion of bis. This conclusion is due to both formal and interpretative reasons, mostly linked to the debate concerning the definition of criminal matter and the legitimacy of the so-­called “double-track” sanctioning systems, that is models providing for the possibility of investigating and sanctioning the same conduct both at administrative and criminal level.  Franz Fischer, §§ 25–30; see also Sailer v Austria, 6.06.2002, Application no. 38237/97, § 26. Highlighting the ambiguous jurisprudence of the Court on this criterion, Bleichrodt (2006), p. 982. 182  Gradinger v Austria, 23.10.1995, Application no. 15963/90, § 55. Contra, see Trechsel (2005), p. 393, according to whom “it is not for the Court in Strasbourg to interfere with the way in which these matters are dealt with in domestic law”. 183  Zolotukhin v Russia, §§ 70–84, esp. §§ 80–81. On the impact of this decision in the case-law of the Court, see, among others, Amalfitano (2017), p. 1016; Allegrezza (2012), pp. 900–902. 184  Zolotukhin v Russia, § 84. 181

44

2  Finding the Way in a Complex Multi-Level Legal Framework

First, even among those EU Member States that did ratify Protocol No. 7 to the Convention, a fair number of countries (such as Austria, France, Italy, and Portugal) lodged declarations narrowing the scope of the principle only to the criminal matter as defined by national law.185 The aim of these reservations was clear: Preserve the legality double-track sanctioning systems, excluding from the scope of Article 4 the punitive administrative matters traced back to the criminal limb by the ECtHR Engel jurisprudence. Currently, however, the actual validity of these reservations is rather uncertain. On one side, to guarantee a wide application of the principle of bis in idem, in the past, and respectively in Gradinger (1995)186 and Grande Stevens (2014),187 the Court has declared void the Austrian and Italian reservations. These decisions were based on the violation of the formal parameter required by Article 57(2) ECHR, that is the duty to provide a brief statement of the law concerned by the reservation when the latter is lodged.188 On the other side, though, considering each State discretion to “choose complementary legal responses to socially offensive conduct […] and in particular an approach involving parallel stages of legal response to the wrongdoing by different authorities and for different purposes”, the goal pursed by the invalidated reservations has been considered legitimate by the ECtHR in its 2016 notorious case A and B v Norway.189 With this decision, the Court entailed a substantive overruling of its previous jurisprudence regarding (at least) the very identification of bis in the criminal matter. In Zolotukhin (2009), the Court had clearly applied the Engel criteria to identify the existence of multiple substantially criminal proceedings, even if classified as administrative at national level.190 From this consideration, the ECtHR concluded that, since “Article 4 of Protocol No. 7 contains three distinct guarantees and provides that no one shall be (i) liable to be tried, (ii) tried or (iii) punished” multiple times for the same fact, the case in which s­ ubstantially criminal proceedings are carried out against the same conduct represents a violation of the double jeopardy clause.191 This case-law, and the jurisprudence derived from it, notably expanded the scope of ne bis in idem, and strengthened its dimension as an individual’s fundamental 185  Also Germany, that signed the Protocol, but did not ratify it, lodged nonetheless the same reservation. For a more detailed analysis, see Tomkin (2014), p. 1373 et seq. 186  Cf. Gradinger, § 51; highlighting (before A and B) the restrictive interpretation of the Court with regard to the definition of bis, see Allegrezza (2012), p. 899. 187  Grande Stevens and others v Italy, 4.03.2014, Application no. 18640/10, §§ 204–212. 188  There are still no cases concerning the German and Portuguese reservation; regarding France, the declaration was partially acknowledged in Göktan v France, 2.07.2002, Application no. 33402/96, § 51, and not declared invalid—but in that case the reservation was not an argument of the proceeding, as it was not raised by the Government, so it was not really examined by the Court. 189  Cf. A and B v Norway, 15.11.2016, Applications nos. 24130/11 and 29758/11, §§ 121–134. 190  Zolotukhin v Russia, §§ 52–57. 191  Zolotukhin v Russia, § 110 et seq.

2.3  The Interaction Between Administrative and Criminal Matter

45

right. It also forced several States to (at least partially) review their internal investigative and sanctioning systems so as to avoid illegitimate duplications not only within the criminal matter, stricto sensu but also between criminal and punitive administrative enforcement models.192 In the EU, critical cases under this perspective emerged in different contexts which touches extremely senstive States’ interests, such as market abuse regulation (where, the Market Abuse Directive193 requested to establish administrative penalties, but at the same time also allowed to impose criminal sanctions for the same conducts194), or tax law.195 The controversial decision A and B v. Norway—in which six States intervened as third-parties to defend their national tax double-track liability systems196—was taken precisely in this last field. With a remarkable concession to the national claims of the Norwegian Government and the other intervening parties, the Court introduced a relevant, not to say deflagrating exception to the possibility of finding a breach of ne bis in idem between punitive administrative and criminal proceedings.

 Cf., for all, Tomkin (2014), pp. 1380–1381; D’Ambrosio (2017), p. 1031 et seq.  Cf. Article 14(1), Directive 2003/6/EC of the European Parliament and of the Council of 28.01.2003 on insider dealing and market manipulation (market abuse), now substituted by Directive 2014/57/UE, cit., which at Recital (23) takes into account (but only in broad and general terms) the need to comply with the principle of ne bis in idem. On the changes brought by the new Market Abuse package under this perspective, see D’Ambrosio (2017), p. 1034. 194  In the aforementioned Grande Stevens case, the Court, recognized the substantial criminal nature of the administrative sanction against market abuse, found (among others) a violation of the principle of ne bis in idem for the carrying out of a criminal proceeding for the same conduct after the first had already been imposed by Consob. On this very sensitive issue for the Italian legal system see, among others, Flick (2014a, b); Flick and Napoleoni (2015); Viganò (2016a); Labianca (2017), p. 115 et seq.; Zagrebelsky (2014), p. 1196 et seq.; D’Ambrosio (2017), p. 1033. In the aftermath of Grande Stevens, two questions of constitutionality have been raised before the Italian Constitutional Court, again with regard to market abuse and ne bis in idem, which were however declared inadmissible with decision of 12.05.2016, no. 102 (cf., e.g., Viganò 2016a; Dova 2015). Whether this situation continues to be critical in light of Article 4, Protocol no. 7 ECHR appears nowadays downsized against the “overruling” of the ECtHR on the matter of ne bis in idem carried out by the notorious 2016 decision A and B v Norway (cf. C. Cost., decision of 2.03.2018, no. 43 on tax matter; Ufficio del Massimario Penale, Relazione di orientamento. Ne bis in idem. Percorsi interpretativi e recenti approdi della giurisprudenza nazionale ed europea, Rel. n. 26/17, Roma, 21 marzo 2017), partially followed also by the Court of Justice in the aforementioned 2018 decisions Menci, Garlsson, and Di Puma-Zecca, cf. above Sect. 2.3 (on the definition of criminal matter) and below Sect. 2.3.3 (on the application of ne bis in idem). A third question of constitutionality, concerning the scope of the right to remain silent in market abuse proceedings, was considered relevant by the Constitutional Court, that asked the CJEU for a preliminary ruling (order no. 117 of 10.05.2019, cf. Ruggeri (2019)). 195  For the impact of this case-law to banking supervision, see below Sect. 6.3.7. 196  Although relevant in the specific case, this is a rather recurring event in the case-law of the ECtHR. In A and B, third-party comments were received from Bulgaria, Czech Republic, Greece, France, the Republic of Moldova and Switzerland. 192 193

46

2  Finding the Way in a Complex Multi-Level Legal Framework

According to the new interpretation, in fact, multiple proceedings concerning the same conduct(s) shall not be held in violation of Article 4, Protocol 7 ECHR if they are proved “sufficiently closely connected in substance and in time”.197 To satisfy this parameter—already developed by the ECtHR in previous case-­ law, but till then never applied in practice to exclude a violation of the double jeopardy clause198—a State shall prove whether the duality of proceedings (i) pursues in concreto complementary purposes; (ii) is a foreseeable consequence, both in law and in practice, of the same impugned conduct; (iii) presents “adequate interaction between the various competent authorities” to “avoid as far as possible any duplication in the collection as well as the assessment of the evidence”; and (iv) “above all, whether the sanction imposed in the proceedings which become final first is taken into account in those which become final last”.199 With this decision, thus, the Court clearly surrendered to the claims of those Member States which demanded full discretion in shaping national enforcement systems, that include double-track mechanisms applying both administrative (punitive) and criminal sanctions. Actually, A and B risked overruling the previous Zolotukhin-oriented jurisprudence to an even greater extent. In its defence, in fact, the Norwegian Government asked the Court to establish different interpretations of matière pénale for Article 4, Protocol No. 7 and for Article 6 ECHR. Specifically, the Government requested to narrow it—in the first case—only to criminal proceedings stricto sensu, hence not only excluding the possibility to identify a violation of ne bis in idem, in that specific case, but also the application of the Engel criteria to the double jeopardy clause as such. Under this profile, however, the Court confirmed its previous case-law, finding “more appropriate, for the consistency of interpretation of the Convention taken as a whole” that also the principle of ne bis in idem shall be “governed by the same, more precise criteria as in Engel”.200 That said, with A and B the ECtHR exposed itself to sharp criticism, starting from the strong suspicious that, even if somehow delineated by the Court, the criterion of the “sufficient connection in time” is, and remains “arbitrary”.201 A practical example of the (at least) vagueness of its bequest has been provided in the 2017 decision Jóhannesson and others v Iceland. In this case, again concerning a double-track system in tax matter, it was undisputed that the administrative surcharges applied presented substantive criminal nature, and that the sanctioned facts at administrative and afterwards at criminal level, were identical.202  A and B v Norway, § 130. Cf. Viganò (2016b) and Simonato (2017).  Cf., e.g., Nilsson v. Sweden, 13.12.2005, Application no. 73661/01; Boman v. Finland, 17.02.2015, Application no. 41604/11, § 41; Nykänen v. Finland, 20.05.2014, Application no. 11828/11; Lucky Dev v. Sweden, 27.11.2014, Application no. 7356/2010. 199  A and B v Norway, § 132. 200  Cf. A and B v Norway, § 107; for the Government’s position, see § 67. 201  A and B v Norway, Dissenting Opinion of Judge Pinto De Albuquerque, § 46. 202  Jóhannesson and others v Iceland, 18.05.2017, Application no. 22007/11. See Viganò (2017) and Simonato (2017). 197 198

2.3  The Interaction Between Administrative and Criminal Matter

47

Following the criterion of the “sufficient close connection”, the Court acknowledged the existence of a violation of the principle of ne bis in idem fundamentally due to the fact that the administrative and criminal proceedings had been carried out in parallel only for a limited amount of time (about 1 year out of a 9-year overall length of the proceedings), contrary to A and B, where the period of time shared between the proceedings was a bit longer (about 2  years out of a total of about 5-year length).203 The lack of substantial connection in time was also at the basis of the 2019 Nodet decision, where the Court recognized a violation of ne bis in idem in a case in which proceedings had been carried out simultaneously for about 2 years and a half out of a total of about 7 years and half. In this decision, actually, the ECtHR took the chance to reaffirm the relevance this parameter, explicitly stating that even where the material link is sufficiently solid, the condition of the temporal connection remains and must be satisfied.204 Determining for how long should the proceedings be “parallel” in order to avoid a violation of Article 4, Protocol No. 7 ECHR though, appears a rather arbitrary calculation indeed. First, it is not clear which are the concrete criteria used by the Court to quantify the length as “sufficient” (half of the total length? One third?…). Second, the choice itself of making the application of bis in idem depending on the length of the ­proceedings does not look particularly justified, as the latter may vary rather significantly between administrative and criminal proceedings, and from State to State (or even at internal level) without that being strictly related to the exigency of achieving different levels of protection for individuals. The parameter concerning the complementarity of purposes of parallel proceedings seems rather problematic too. According to the Court in the aforementioned Nodet (2019) decision, such integration shall be analysed not only in abstracto, but also in practice. In that case, in particular, the ECtHR recognized a violation of ne bis in idem (also) due to the fact that the two parallel proceedings tended to punish the same facts and to protect the same social interests. Their aim, therefore, was not complementary, but coincident.205 In this sense it could be argued that the overruling of A and B has some repercussion (although not officially) also to the notion of idem. The legal interests protected by the norm, indeed, was one of the parameters excluded by the Court in Zolotukhin where idem was defined only on the basis of the same factual conducts. Suggesting that two parallel proceedings violate the ne bis in idem because they aim at protecting the same legal good, however, seems to open the door also to the opposite conclusion, that is: two parallel proceedings (net of all the other conditions of the A and  Dissenting Opinion of Judge Pinto De Albuquerque, § 54.  Cf. Nodet v France, Application no. 4732/14, 6.06.2019, §§ 51–53, on which see Scoletta (2019). 205  Cf. Nodet v France, § 48. It shall be noticed, however, that in that case the evaluation on the substantial identity of purposes had been already made at the national level, by the French Conseil constitutionnel. The assessment of the ECtHR on this profile, therefore, essentially follows the finding at domestic level. 203 204

48

2  Finding the Way in a Complex Multi-Level Legal Framework

B test) that aim at protecting different legal interests prosecuting the same facts could in principle be considered in compliance with the double jeopardy clause. Excluded from the official definition of idem, therefore, diverging legal interests seem to find a new life through the back door of the “complementarity” condition, further reducing the safeguarding scope of the ne bis in idem protection in both its essential elements. Moreover, the inherent approximation of this new test causes its application to be scarcely predictable by citizens, and national legislators, which need instead clear indications concerning the legitimacy or illegitimacy of double-track domestic systems. In light of the above, it is currently uncertain whether, according to the principle established by Article 4, Protocol No. 7, double-track systems are always acceptable, and above all, if so, under which conditions. In addition, as authoritatively suggested, the overruling of the Court appears to be driven by a change in the very interest protected by the principle of ne bis in idem, which traditionally have been identified both in the protection of the individual(s), and in the exigency of legal certainty.206 With its more recent jurisprudence, the Court seems to have drastically moved towards the latter meaning, making of this principle no more an “expression of a subjective right of the defendant, but a mere rule to guarantee the authority of the chose jugée, with the sole purpose of ensuring the punitive interest of the State and the impugnability of State adjudicatory decisions […] Ne bis in idem loses its pro persona character, subverted by the Court’s strict pro auctoritate stance. It is no longer an individual guarantee, but a tool to avoid the defendants’ “manipulation and impunity””207 or, as highlighted by legal scholars, a tool to improperly remedy to the excessive length of the judicial proceeding which “survives” to the first one.208 In this sense, Judge Pinto De Albuquerque drastically concluded in his dissenting opinion that “after turning the rationale of the ne bis in idem principle upside down, the present judgment opens the door to an unprecedented, Leviathan-like punitive policy based on multiple State-pursued proceedings, strategically connected and put in place in order to achieve the maximum possible repressive effect”.209 Against this background, to date the ECHR does not seem able to ensure an effective protection to the principle of ne bis in idem, neither at domestic, nor (indirectly) at transnational level. Since late 2016, indeed, the ECtHR de facto promotes an interpretation of the double jeopardy clause characterized by uncertainty of application; limited guarantees for individuals subject to multiple proceedings; and incentives to use the less procedurally guaranteed but usually faster administrative enforcement models.

 Cf., e.g., Trechsel (2005), p. 383; Koering-Joulin (1995), p. 1093; Amalfitano (2017), p. 1016.  A and B v Norway, Dissenting Opinion of Judge Pinto De Albuquerque, cit., §§ 49 and 79. 208  Cf. Viganò (2017), p. 394. 209  Idem, §§ 49 and 79. Cf. also Trechsel (2005), p. 383, according to whom the individual right notion of the ne bis in idem is the “only one likely to have any relevance under the Convention”; contra Caprioli (2010), p. 1183. 206

207

2.3  The Interaction Between Administrative and Criminal Matter

49

For the purposes of this work, especially worrying appears the sub-criterion to the A and B test concerning “adequate interaction between the various competent authorities” to “avoid as far as possible any duplication in the collection as well as the assessment of the evidence”. This parameter seems actually to push for collecting evidence either only in the criminal or in the administrative proceeding. The “independent collection and assessment of evidence” and in particular the fact that “the applicant’s conduct and his liability under the different provisions of tax and criminal law were […] examined by different authorities and courts in proceedings that were largely independent of each other” was indeed recently found by the Court a reason to recognize a ne bis in idem violation in Bjarni Armannsson (2019).210 Similar conclusion was reached also in the aforementioned Nodet case (also 2019), where the Court drew negative conclusions from the circumstance that “Il y a donc eu à tout le moins répétition dans le recueil des éléments de preuve”.211 It seems therefore that this parameter is acquiring an increasing relevance in the assessment of the Court within the A and B test. Taking into account that generally criminal investigations last longer than administrative ones, this criterion seems to favour the option in which information is first gathered within administrative proceedings, and is then transferred to be used as evidence in criminal trial. This sub-criterion however does not appear to consider the complexity of the mechanisms regulating the interaction between administrative and judicial authorities, and especially that substantially different safeguards apply to administrative and criminal investigations, above all with regard to the guarantees recognized to the subject(s) under investigations (such as the right to remain silent, and the presumption of innocence). This “automatism” in the transfer of information, already very criticized within mutual recognition systems such as the European Arrest Warrant212 and the European Investigation Order,213 and apparently in contrast with the last jurisprudence of the Court of Justice on the matter of evidence sharing,214 puts indeed at stake the

 Cf. Bjarni Armannsson v Iceland, 16.04.2019, Application no.72098/14, §§ 55–57.  Nodet v France, § 49. 212  Cf. Council Framework Decisions 2002/584/JHA of 13.06.2002 on the European arrest warrant and the surrender procedures between Member States. For a critical analysis on this issue see, among others, Panzavolta (2009), p. 179; Bulnes (2008), p. 289; Marletta (2013), p. 47 et seq.; JUSTICE, European Arrest Warrant. Ensuring an Effective Defence, 2012, p.  22. https://2bquk8cdew6192tsu41lay8T-wpengine.netdna-ssl.com/wp-content/uploads/2015/01/ JUSTICE-European-ArresT-Warrants.pdf. Accessed 18 July 2018; Fair Trials International, The European Arrest Warrant seven years on-the case for reform, May 2011. https://www.fairtrials.org/ documents/FTI_Report_EAW_May_2011.pdf. Accessed 18 July 2018. 213  See, among other, Klip (2016), p. 420 et seq.; Caianiello and Di Pietro (2016); Mangiaracina (2014), p. 116 et seq. 214  WebMindLicenses, Case C-419/14. The theme is analysed, with regard to the banking investigations involving the Single Supervisory Mechanism, in Sect. 6.1.3. For the privilege against selfincrimination and the presumption of innocence, see Sect. 6.3.5. 210 211

50

2  Finding the Way in a Complex Multi-Level Legal Framework

e­ ndurance of the rights provided for by Article 6 ECHR, and leaves the defendant in a potentially highly detrimental position.215

2.3.3  Enforcing the Principle of Ne Bis In Idem in the EU At the Union level, the prohibition of bis in idem is established in the Charter of Fundamental Rights of the European Union (CFREU), and in the Convention Implementing the Schengen Agreement (CISA),216 as well as indirectly recognized in secondary legislation.217 Similarly to the ECHR, this principle in the EU legal sources covers both multiple prosecutions and sanctions. Differently from the Conventional framework, it applies at domestic as well as at the transnational level, to Union institutions, bodies, offices and agencies, and to Member States to the extent the latter are implementing EU law (parameter related to the critical definition of the scope of the Charter under Article 51 CFREU as discussed below218). According to Article 54 CISA, “A person whose trial has been finally disposed of in one Contracting Party may not be prosecuted in another Contracting Party for the same acts provided that, if a penalty has been imposed, it has been enforced, is actually in the process of being enforced or can no longer be enforced under the laws of the sentencing Contracting Party”. At Article 55(1), the Convention allows Member States to lodge reservations narrowing down the scope of the previous provision if a State reckons that (a) the facts judged abroad took place in whole or in part in its own territory; (b) the facts  A and B v Norway, Dissenting Opinion of Judge Pinto De Albuquerque, § 64 “Between the Charybdis of the risk of contradictory findings in administrative and criminal proceedings owing to different evidentiary standards (deux poids, deux mesures) and the Scylla of the manipulation of the administrative evidence for criminal purposes, the defendant is in any event placed in an unfair position in the Norwegian double-track system”. 216  The Schengen Acquis-Convention implementing the Schengen Agreement of 14 June 1985 between the Governments of the States of the Benelux Economic Union, the Federal Republic of Germany and the French Republic on the gradual abolition of checks at their common borders, reproducing the provisions of the 1987 Convention on Double Jeopardy (AT, BE, DK, FR, DE, IT, EI, NL and PT). On the integration of the CISA into EU law under this perspective, see Tomkin (2014), p. 1376 et seq. 217  The principle is included as a ground for refusal in Article 4(2) EAW; Article 9(1)(c) Council Framework Decision 2008/909/JHA of 27.11.2008 on the application of the principle of mutual recognition to judgments in criminal matters imposing custodial sentences or measures involving deprivation of liberty for the purpose of their enforcement in the European Union; Article 11(1)(d) of the EIO Directive. Ne bis in idem is also mentioned in several EU secondary legislation (e.g. 2014 Market Abuse Directive), and recognized by multiple national Constitutional or legislative provisions; the panorama however is so diverse among Member States that its analysis could represent the subject of a separate analysis, which necessarily falls out of the scope of this work. Cf. Vervaele (2005), Galantini (2011). 218  Cf. Tomkin (2014), p. 1375, and p. 1390; Klip (2016), p. 285 et seq. 215

2.3  The Interaction Between Administrative and Criminal Matter

51

judged abroad constitute an offence against its national security or other equally essential interests; (c) the acts to which the foreign judgment relates were committed by its officials in violation of the duties of their office.219 Lastly, according to Article 56 CISA, also in case a further prosecution is brought against a person whose trial, in respect of the same acts, has been finally disposed of in another State, any period of deprivation of liberty or penalty imposed (if allowed by the applicable national law) served in the latter shall be deducted from any penalty imposed. The derogations of Article 55 CISA have been exercised by some EU Member States, such as Germany,220 and Austria.221 The validity of such reservations, however, which may substantially restrict the scope of the ne bis in idem protection, is rather controversial and represents a long-debated issue at the Union level. In particular, it remains uncertain whether—as ­supported by influential scholars222—they should be implicitly deemed abolished by the integration of the CISA into the Treaties of the European Union.223 The issue is relevant also considering that the conditions included in Article 55 CISA, and in particular the territorial condition sub (a) are also included in some EU secondary legislation as grounds for refusal to cooperation requests or orders.224 Considering invalid the reservations lodged under Article 55 CISA would then also logically imply the invalidity of those conditions too, even if this result could legally be achieved only with specific rulings of the Court of Justice.225

 Cf. Article 55 CISA, “1. A Contracting Party may, when ratifying, accepting or approving this Convention, declare that it is not bound by Article 54 in one or more of the following cases: (a) where the acts to which the foreign judgment relates took place in whole or in part in its own territory; in the latter case, however, this exception shall not apply if the acts took place in part in the territory of the Contracting Party where the judgment was delivered; (b) where the acts to which the foreign judgment relates constitute an offence against national security or other equally essential interests of that Contracting Party; (c) where the acts to which the foreign judgment relates were committed by officials of that Contracting Party in violation of the duties of their office. 2. A Contracting Party which has made a declaration regarding the exception referred to in paragraph 1(b) shall specify the categories of offences to which this exception may apply. 3. A Contracting Party may at any time withdraw a declaration relating to one or more of the exceptions referred to in paragraph 1. 4. The exceptions which were the subject of a declaration under paragraph 1 shall not apply where the Contracting Party concerned has, in connection with the same acts, requested the other Contracting Party to bring the prosecution or has granted extradition of the person concerned”. 220  BGBl. 1994 II, p. 631. 221  BGBl. III of 27.05.1997, p. 2048. 222  Cf., e.g., Vervaele (2013b), p. 228 (according to whom the reservations are incompatible with the mutual trust that should be existing among Member States); Weyembergh (2013), p.  556 (according to whom maintaining the reservations in force would create an asymmetric context, as not all the Member States did lodged declarations); see also Jagla (2007), p. 93 et seq. On a more neutral and open position, Amalfitano (2012), p. 1620 et seq. 223  Currently indicated in Protocol 19 TFEU. 224  Cf. Article 4(7) EAW Council Framework Decisions; Article 11(1)(e) EIO Directive; Article 9(2) Council Framework Decision 2008/909/JHA. 225  Cf. Amalfitano (2017), p. 1027. 219

52

2  Finding the Way in a Complex Multi-Level Legal Framework

So far, however, the answer to this question remains open, as no official position has been expressed on the matter yet,226 although the problem was touched in 2015 in Kossowski. In that case, Advocate General Bot argued that such reservations had today become obsolete, since “permitting a Member State to block the operation of the ne bis in idem principle in different circumstances would make it an empty principle, and would cast doubt over the system which forms the basis of the area of freedom, security and justice”.227 There are two main arguments supporting the Advocate General’s conclusion. First, neither when the Treaty of Amsterdam ruled for the incorporation of the Schengen Agreement into EU law,228 nor in the subsequent 1999 Council Decision determining the legal basis for each of the provisions or decisions which constitute  The issue was also raised in Criminal proceedings against Vladimir Turanský, Case C-491/07, 22.12.2008, ECLI:EU:C:2008:768, § 29, where the Austrian reservation seems implicitly to had been taken into account by the Court, although just to exclude its applicability. 227  The Court of Justice, however, did not explicitly deal with this issue in its following decision, cf. Criminal proceedings against Piotr Kossowski, case C-486/14, Opinion of Advocate General Bot, delivered on 15.12.2015, §§ 46 to 68, according to which “the reservation did not become obsolete simply because of the integration of the Schengen acquis into EU law, nevertheless it cannot work against it […] It is beyond doubt that the effect of the reservation provided for by Article 55(1)(a) of the CISA is to deprive the ne bis in idem principle of its content. Having regard to the considerations referred to above in relation to the link between this principle and that of mutual recognition and to the fundamental importance of the latter principle for the construction of the area of freedom, security and justice, this consideration alone is sufficient to conclude that the reservation should be declared invalid. An exception could only be made to this conclusion if it were justified by the need to give the reservation useful effect in favour of a superior interest which would not hinder the development of the area of freedom, security and justice. Accordingly, I shall consider, from this perspective and on the basis of the German Government’s argument, the possibility that the reservation may be useful or necessary […] It seems to me to follow from the foregoing that there is in fact no longer any necessity for the reservation provided for by Article 55(1)(a) of the CISA, either in the present case or any other. Since the Court’s case-law and the Charter make it possible to ensure that regard is had to differences of substance between offences, permitting a Member State to block the operation of the ne bis in idem principle in different circumstances would make it an empty principle, and would cast doubt over the system which forms the basis of the area of freedom, security and justice. Having regard to all the foregoing considerations, I am of the opinion that the reservation provided for by Article 55(1)(a) of the CISA does not respect the essence of the ne bis in idem principle as expressed in Article 50 of the Charter, and must therefore be declared invalid”, cf. also Marletta (2017), pp. 108–115. 228  Cf. Article 2(1) Protocol No. 2, Treaty of Amsterdam amending the Treaty on European Union, the Treaties establishing the European Communities and certain related acts–Final Act, OJ C 340, 10.11.1997, p. 115: “From the date of entry into force of the Treaty of Amsterdam, the Schengen acquis, including the decisions of the Executive Committee established by the Schengen agreements which have been adopted before this date, shall immediately apply to the thirteen Member States referred to in Article 1, without prejudice to the provisions of paragraph 2 of this Article. From the same date, the Council will substitute itself for the said Executive Committee. The Council, acting by the unanimity of its Members referred to in Article 1, shall take any measure necessary for the implementation of this paragraph. The Council, acting unanimously, shall determine, in conformity with the relevant provisions of the Treaties, the legal basis for each of the provisions or decisions which constitute the Schengen acquis […]”. 226

2.3  The Interaction Between Administrative and Criminal Matter

53

the Schengen acquis,229 any reference was made to the declarations issued by Member States under Article 55. Under a formalistic perspective, therefore, it could be concluded that only what explicitly included into EU law could now be successfully opposed among Member States at the transnational level. Second, the CISA is not the only source providing for a double jeopardy clause in the EU legal framework, as the principle is also established by Article 50 CFREU. According to the latter “No one shall be liable to be tried or punished again in criminal proceedings for an offence for which he or she has already been finally acquitted or convicted within the Union in accordance with the law”. The wording of Article 50, thus, does not make any reference to the possibility of lodging reservations to its scope of application as possible under Article 55. Actually, it also appears to contradict Article 54 CISA. The latter, in fact, can be invoked exclusively if a sanction has been imposed, executed, is being enforced, or if that has become impossible according to the law of the executing State.230 These restrictions, at first sight, appear to run counter the text of Article 50 CFREU, which provides for an extended protection of ne bis in idem, that apparently does not take into account such limitations.231 The contrast could be solved considering the status of the two legal sources at stake. Indeed, as renown, after the entry into force of the Lisbon Treaty, the status of the Charter has been directly equalized to that of the Treaties by Article 6(1) TEU; on the contrary, the link between EU primary law and the Schengen acquis is represented only by a secondary piece of legislation, the already mentioned 1999 Council Decision. Therefore, according to the hierarchy of sources, the wider provision of Article 50 CRFEU shall take precedence over Article 54 CISA. This does not automatically imply, however, that the conditions established by Articles 54 and 55 CISA shall be considered invalid under EU law. The issue has been faced, with exclusive regard to Article 54, by the Court of Justice in the notorious Spasic case, concerning a Serbian national, prosecuted for the same organized fraud both in Germany and in Italy, where he executed the penalty paying the fine he had been convicted to.232 In the decision, the CJEU took into account the Explanatory Report of Article 50, which includes Articles 54-58 CISA as criteria for interpreting the Charter.233  Council Decision 1999/435/EC of 20.05.1999 concerning the definition of the Schengen acquis for the purpose of determining, in conformity with the relevant provisions of the Treaty establishing the European Community and the Treaty on European Union, the legal basis for each of the provisions or decisions which constitute the acquis, which identified the legal basis for Articles 54–58 CISA in Articles 31 and 34 Treaty of the EU, now repealed by Articles 82, 82 and 85 TFEU. 230  According to the case-law of the CJEU, also the suspension of the execution of the penalty is equalized to the execution itself, cf. Criminal proceedings against Jürgen Kretzinger, Case C-288/05, 18.07.2007, ECLI:EU:C:2007:441, §§ 44 and 52. 231  Cf. Amalfitano (2017), pp. 1023–1024. 232  Judgment in Criminal proceedings against Zoran Spasic, C-129/14 PPU, 27.05.2014, EU:C:2014:586; cf., e.g., Vervaele (2015); Recchia (2015); Wasmeier (2014), pp. 534–555. 233  Even if in Criminal proceedings against M., C-398/12, 6.02.2014, ECLI:EU:C:2014:65, the Court affirmed rather the opposite approach, that is “since the right not to be tried or punished 229

54

2  Finding the Way in a Complex Multi-Level Legal Framework

Specifically, the Court agreed with the Report, and considered that the conditions set by Article 54 CISA may fall under the exceptions established by Article 52(1) CFREU, according to which limitations to the rights contained in the Charter are legitimate as long as they (i) are provided for by law; (ii) respect the essence of those rights and freedoms; (iii) are necessary and (iv) genuinely meet the objectives of general interest recognized by the Union or the need to protect the rights and freedoms of others, in light of the proportionality principle.234 Against this background, the Court hence concluded that the limitations established in Article 54 CISA could be hold valid also under Article 50 CFREU.235 If the position of Article 54 is then clear(er) at least for the time being, uncertainties remain regarding the reservations grounded on Article 55 CISA, to which it does not seem possible to automatically apply the argument developed in Spasic. Indeed, while also this provision is listed among those recalled by the Explanatory Report, the compliance of the broad derogatory clauses contained in Article 55(1) sub b) and c) CISA (national security or other equally essential interests, and acts committed by officials in violation of the duties of their office) with the proportionality requirements provided for by Article 52(1) CFREU (especially sub ii), iii) and iv) appears more critical to be affirmed in abstract and generalized terms. It appears more likely, then, that an intervention of the CJEU will be required to solve the issue on a case-­by-­case basis.236 Coming to the definition of the two main elements of the double jeopardy clause under EU law (bis and idem237), the CJEU decided, following the wording of Article twice in criminal proceedings for the same criminal offence is also set out in Article 50 of the Charter, Article 54 of the CISA must be interpreted in the light of that provision”. Cf. also Draft Charter of Fundamental Rights of the European Union. Text of the explanations relating to the complete text of the Charter as set out in CHARTE 4487/00 CONVENT 50, Brussels, 11.10.2000, sub Article 50, p. 45. http://www.europarl.europa.eu/charter/pdf/04473_en.pdf. Accessed 18 July 2018, according to which “In accordance with Article 50, the “non bis in idem” principle applies not only within the jurisdiction of one State but also between the jurisdictions of several Member States. That corresponds to the acquis in Union law; see Articles 54 to 58 of the Schengen Convention, Article 7 of the Convention on the Protection of the European Communities’ Financial Interests and Article 10 of the Convention on the fight against corruption. The very limited exceptions in those Conventions permitting the Member States to derogate from the “non bis in idem” principle are covered by the horizontal clause in Article 52(1) of the Charter concerning limitations. As regards the situations referred to by Article 4 of Protocol No 7, namely the application of the principle within the same Member State, the guaranteed right has the same meaning and the same scope as the corresponding right in the ECHR”. 234  Spasic, §§ 55–64. 235  Idem, §§ 59. Briefly recollecting the arguments of the Court, also Amalfitano (2017), p. 1024. 236  Cf. Amalfitano (2012), p. 1620 et seq. In any case, even if the limitations contained in Article 55 CISA could be recognized under Article 50 CFREU, the safeguard clause established by Article 56 CISA would still apply, see e.g. Amalfitano (2017), p. 1027; Id. (2002), p. 937. 237  Given the substantial identity between the ECtHR and the CJEU interpretation of what is a “final” decision, as long as the decision considered the merit of the case, cf., e.g., Criminal proceedings against Hüseyin Gözütok (C-187/01) and Klaus Brügge (C-385/01), 11.02.2003, ECLI:EU:C:2003:87, §§ 25–31; Turanský, Case C-491/07, cit., §§ 35–36; Criminal proceedings against Filomeno Mario Miraglia, Case C-469/03, 10.03.2005, ECLI:EU:C:2005:156, § 35;

2.3  The Interaction Between Administrative and Criminal Matter

55

54 CISA that refers to “the same act” and since its 2006 case Van Esbroeck to adopt a factual approach to the definition of idem, looking at the “nature of the acts in dispute” rather than to their legal classification.238 Appropriately, the Court considered that, as “there is no harmonisation of national criminal laws, a criterion based on the legal classification of the acts or on the protected legal interest might create as many barriers to freedom of movement […] In those circumstances, the only relevant criterion for the application of Article 54 of the CISA is identity of the material acts, understood in the sense of the existence of a set of concrete circumstances which are inextricably linked together”.239 This approach, already applied by the Inter-American Court of Human Rights,240 was maintained by the CJEU also after the entry into force of the Lisbon Treaty, regardless from the fact that the wordings of Article 50 CFREU, and of secondary legislation in the matter of transnational cooperation, such as the EAW, do not refer to “facts”, but to “offences”.241 As repeatedly recalled by the Court, also in its 2018 decision Menci and Garlsson Real Estate SA (as well as, in the background, in Di Puma-Zecca), “the relevant criterion for the purposes of assessing the existence of the same offence is identity of the material facts, understood as the existence of a set of concrete circumstances which are inextricably linked together which resulted in the final acquittal or conviction of the person concerned”.242 Again, the CJEU justifies its jurisprudence with the need to confer an harmonized scope to the protection from bis in idem, which would otherwise vary from one Member State to another, if left to the legal classification of facts and legal interests established under national law.243 Against this background, the Court for instance recognized as idem, both in the field of VAT fraud and market manipulation, criminal and administrative punitive Criminal proceedings against Giuseppe Francesco Gasparini and Others, Case C-467/04, 28 September 2006, ECLI:EU:C:2006:610, §§ 22–33; Klaus Bourquain, Case C-297/07, 11.12.2008, ECLI:EU:C:2008:708, §§ 34–37. On this issue see, for all, Amalfitano (2017), pp. 1021–1022; D’Ambrosio (2017), p. 1041; Tomkin (2014), p. 1391 et seq. 238  Cf. Vervaele (2014), p. 190; Amalfitano (2017), p. 1019; Rafaraci (2009), p. 93 et seq.; Neagu (2012), p. 955 et seq.; Schomburg (2012), p. 311 et seq.; Tomkin (2014), p. 1398 et seq. 239  Criminal proceedings against Leopold Henri Van Esbroeck, C-436/04, 9.03.2006, ECLI:EU:C:2006:165, §§27, 35 and 36; Gasparini, Case C-467/04, cit., §§ 53–56; Van Straaten, cit., §§ 40–53; Kretzinger, cit., §§ 28–36; Criminal proceedings against Norma Kraaijenbrink, C-367/05, 18.07.2007, ECLI:EU:C:2007:444, §§ 23–29. With regard to the EAW, see Gaetano Mantello, Case C-261/09, 16.11.2010, ECLI:EU:C:2010:683, §§ 32–51. 240  Loayza-Tamayo v. Peru, 17.09.1997, Series C No. 33, § 66: “This principle is intended to protect the rights of individuals who have been tried for specific facts from being subjected to a new trial for the same cause. Unlike the formula used by other international human rights protection instruments (for example, the United Nations International Covenant on Civil and Political Rights, Article 14(7), which refers to the same ‘crime’), the American Convention uses the expression ‘the same cause’, which is a much broader term in the victim’s favour”. 241  Cf., e.g., Gaetano Mantello, C-261/09, § 39. 242  Menci, Case C-524/15, § 35; Garlsson Real Estate SA, Case C-537/16, § 37. For a preliminary analysis, see e.g. Amalfitano (2017), pp. 1029–1030; Simonato (2017); Galluccio (2018). 243  Menci, Case C-524/15, § 36; Garlsson Real Estate SA, Case C-537/16, § 38.

56

2  Finding the Way in a Complex Multi-Level Legal Framework

provisions punishing the same conducts, although only in the first ones, it was necessary to prove a subjective element, not required by the administrative penalty.244 Under this profile, the case-law of the Court of Justice seems hence aligned to the jurisprudence of the ECtHR. That does not mean, however, that the latter is automatically and systematically adopted before the Judges in Luxembourg. Actually the need for the Court of Justice, and for the EU as such, to develop an autonomous notion of the rights enshrined in the Charter was raised in Fransson by Advocate General Cruz Villalón,245 and later by the same CJEU, for instance in the notorious case Tele2-Watson.246 This thesis had been reaffirmed in the 2018 aforementioned decisions with specific regard to the ne bis in idem. There, again, the Court explicitly recalled that the ECHR does not constitute “for as long as the European union has not acceded to it, a legal instrument which has been formally incorporated into EU law”, (although Article 6(3) TEU recognizes the fundamental rights of the Convention as “general principles of EU law”), and regardless of the equivalence clause contained in Article 52(3) CFREU.247 Accordingly, questions concerning the status of fundamental rights in the EU shall be examined, if not exclusively certainly largely “in the light of the fundamental rights guaranteed by the Charter”.248 The coincidence between the interpretation of the Court of Justice and that of the ECtHR concerning the notion of idem shall therefore, at least in the perspective of the CJEU, be welcomed as a reasonable convergence between European Courts, but it should not be given for granted. In this sense, it is worth recalling that traditionally, the Court of Justice had recognized a different standard for the definition of idem applied to competition law, where it applied much restrictive criteria, acknowledging the existence of idem only if there is (i) identity of facts; (ii) unity of the offender and of (iii) the legal interest protected.249 Theoretically, therefore, the Court could decide to apply this restrictive approach also to substantive matters other than competition law. This result however could  Menci, Case C-524/15, § 38; Garlsson Real Estate SA, Case C-537/16, § 40.  Opinion of Advocate General Cruz Villalón, in Case C-617/10, delivered on 12.06.2012, §§ 81–87. Highlighting arguments contrary to this reconstruction Böse (2017), p. 220. 246  Joined cases Tele2 Sverige AB (C-203/15) v PosT- och telestyrelsen and Secretary of State for the Home Department v Tom Watson and Others (C-698/15), 21.12.2016, ECLI:EU:C:2016:970, § 127 and case-law there cited, which will be further analysed with regard to real-time monitoring of banking data in Sect. 8.2. 247  Garlsson Real Estate SA, Case C-537/16, § 24; Menci, Case C-524/15, § 24. 248  Garlsson Real Estate SA, Case C-537/16, § 26; Menci, Case C-524/15, § 24; Criminal proceedings against Massimo Orsi and Luciano Baldetti, Joined Cases C-217/15 and C-350/15, 5.04.2017, ECLI:EU:C:2017:264, § 15 and case-law there cited. 249  Cf., among others, Joined cases Aalborg Portland A/S (C-204/00 P), Irish Cement Ltd (C-205/00 P), Ciments français SA (C-211/00 P), Italcementi-Fabbriche Riunite Cemento SpA (C-213/00 P), Buzzi Unicem SpA (C-217/00 P) and Cementir-Cementerie del Tirreno SpA (C-219/00 P) v Commission of the European Communities, 7.01.2004, ECLI:EU:C:2004:6, §§ 338–340; Toshiba Corporation and Others v Úřad pro ochranu hospodářské soutěže, C-17/10, 14.02.2012, ECLI:EU:C:2012:72, § 97. On the CJEU exceptionalism in competition law cf. also Van Bockel (2010), p. 170 et seq; Di Federico (2011); Amalfitano (2017), p. 1019; Tomkin (2014), p. 1399. 244 245

2.3  The Interaction Between Administrative and Criminal Matter

57

not only narrow the protection granted to European citizens, but also violate Article 53(2) CFREU, at least until the case-law of the ECtHR will provide for a higher standard of protection under this profile.250 Critical considerations arising from the “autonomous” approach to the double jeopardy clause may be drawn also with regard to the CJEU interpretation of bis.251 Indeed, as already mentioned, the Court of Justice has since long embraced the Engel doctrine in its jurisprudence (especially in Spector, Bonda, and Fransson252). In Fransson, in particular, the CJEU recognized that the scope of Article 50 CFREU is defined by a substantive interpretation of matière pénale. In this sense, while Article 50 CFREU “does not preclude a Member State from imposing, for the same acts of non-compliance” administrative and criminal penalties, or a combination of the two, if the first “is criminal in nature […] and has become final that provision precludes criminal proceedings in respect of the same acts from being brought against the same person”.253 This position, apparently in line with the pre-A and B v Norway case-law of the Court of Strasbourg, contained however a relevant exception: Already in Fransson, in fact, the CJEU specified that the exclusion of one punitive line was to be considered admissible only “as long as the remaining penalties are effective, proportionate and dissuasive”.254 The protection against ne bis in idem was, therefore, de facto limited by its compliance with the principle of effectivity, leaving a rather high margin of discretion to the Member States (especially with regard to double-track systems).255 This background has been further developed—although with limited room for improvement in terms of legal certainty—in early 2018, when the CJEU partially took into account the revirement in the ECtHR jurisprudence with regard to the interaction between criminal and administrative punitive enforcement models. In these cases, in fact, also the Court of Justice dismissed the arguments previously applied by the Court in Strasbourg in Zolotukhin and Grande Stevens, and explicitly affirmed that double prosecution and/or punishment concerning the same conduct does not, in itself, represent a violation of the principle of ne bis in idem. This holds true regardless of the fact that, as recognized by the CJEU in Fransson and again in Garlsson, the individual right of Article 50 CFREU does not require any further action on the part of the EU or national authorities for its application, as  Along this line, see Amalfitano (2017), p.  1020. These arguments, together with the need to ensure a uniform approach to the principle at the EU level, brought the Court to (at least implicitly) revise its case-law in competition law in the recent case Powszechny Zaklad Ubezpieczen na Zycie S.A., C-617/17, 3.04.2019, ECLI:EU:C:2019:283, § 32. 251  Besides for the applicability of the conditions of Article 54 CISA to the definition of the principle established in the Charter, previously discussed. 252  Cf. Spector, Case C-45/08, § 42; Bonda, C-489/10, § 37; Fransson, Case C-617/10, § 34 et seq. See above, paragraph 3, and, for all, Tomkin (2014), p. 1385; Böse (2017), p. 218 et seq. 253  Fransson, Case C-617/10, § 34. 254  Fransson, Case C-617/10, § 36. 255  See, for all, Tomkin (2014), pp. 1387–1388; 1385; 1391 et seq. and 1405 et seq. 250

58

2  Finding the Way in a Complex Multi-Level Legal Framework

it confers on individuals a right which is directly applicable in concrete specific disputes (from which it follows the duty of national judges to disapply potential conflicting national provisions).256 In Menci, Garlsson Real Estate SA, and Di Puma-Zecca, in fact, the Court partially justified the existence of double-track systems on the basis of Article 52(1) CFREU, according to which, as already mentioned, limitations to the rights of the Charter must (i) be provided for by law, (ii) respect the essence of that rights, and (iii) in light of the principle of proportionality be necessary and (iv) meet objectives of general interests recognized by the EU or the need to protect the rights and freedoms of others.257 In the 2018 cases, the assessment of criteria (i) and (iv) was not especially critical, since the existence of legal basis in national legislation was undisputed (and in any case, relatively easy to assess), as well as it was the conclusion that the protection of the integrity of financial markets (in Garlsson and Di Puma-Zecca) and the correct collection of VAT (in Menci) represent general interests of the Union.258 Rather more controversial, not to say thoughtless, for the (residual) value of the double jeopardy clause in EU law appear instead the considerations made by the Court with regard to the (ii) criterion, concerning the respect of the essence of the right at stake. Under this perspective, in fact, the CJEU seems to deduce from the mere circumstance that national legislation allows for a duplication of proceedings and penalties “only under certain conditions which are exhaustively defined”, the consequence that “the right guaranteed by Article 50 is not called into question as such” and therefore it is respected in its essential content.259 Here indeed, the Court appears to oversee the fact that even limitations provided only upon specific conditions may, as underlined in the dissenting opinion of A and B v Norway, transform the nature of double jeopardy clause from an individual fundamental right to a mere organizational rule. And this mutation does seem to violate the essence of the original scope of Article 50 CFREU.260 The CJEU seems also to follow the recent approach of the Court in Strasbourg in its assessment of the (iii) criterion concerning the “necessity” requirement. According to the proportionality principle, in fact, limitations to the rights of the Charter, and in the specific case, duplication of proceedings and penalties for the same conduct, shall at least not “exceed what is appropriate and necessary in order  Garlsson Real Estate SA, Case C-537/16, §§ 64–68 and case-law there mentioned; Fransson, Case C-617/10, § 45. 257  Garlsson Real Estate SA, Case C-537/16, §§ 42–43; Menci, Case C-524/15, §§ 41–42; Di Puma–Zecca, Joined Cases C-596/16 and C-597/16, § 41, as already affirmed in Spasic, Case C-129/14 PPU, §§ 55–56. 258  Garlsson Real Estate SA, Case C-537/16, §§ 44 and 46; Di Puma-Zecca, Joined Cases C-596/16 and C-597/16, § 42; Menci, Case C-524/15, § 44. On the European interests in VAT collection, long disputed between EU institutions and Member States, but now included among the PIF crimes (if particularly serious) see, if you please, Lasagni (2016), p. 341 et seq. 259  Garlsson Real Estate SA, Case C-537/16, § 45; Menci, Case C-524/15, § 43. 260  Cf. above Sect. 2.3.2. 256

2.3  The Interaction Between Administrative and Criminal Matter

59

to attain the objectives legitimately pursued by that legislation” meaning that “when there is a choice between several appropriate measures, recourse must be had to the least onerous and the disadvantages caused must not be disproportionate to the aims pursued”.261 In absence of EU law harmonizing which kind of penalties should be applied to a specific conduct, however, the Court first considered that Member States shall have the right to provide for double-track systems to pursue “objective, complementary aims relating, as the case may be, to different aspects of the same unlawful conduct at issue”.262 In those circumstances, says the CJEU, “the proportionality of national legislation […] cannot be called into question by the mere fact that the Member State concerned chose to provide for the possibility of such a duplication, without which that Member State would be deprived of that freedom of choice”.263 Against this background, the Court interprets the necessity requirement based on the proportionality principle as imposing upon national legislation: (a) To be foreseeable, meaning that it should provide for clear and precise rules allowing individuals to predict which acts or omissions are liable to be subject to a duplication of proceedings and penalties, and (b) to ensure that the disadvantages resulting, for the persons concerned, from such a duplication are limited to what is strictly necessary to achieve the objective(s) of general interests. In particular, in order to assess the latter condition, national legislation shall: (b1) Ensure coordination rules so as to reduce the additional disadvantage caused for the persons concerned by such a duplication to what is strictly necessary; and (b2) ­guarantee that the severity of all the penalties imposed does not exceed the seriousness of the offence concerned, i.e. the amount of the second penalty applied should take into account that of the penalty already imposed.264 In line with the approach inaugurated with Fransson,265 the compliance of national legislation with all these parameters is not for the CJEU, but for national judges to assess, balancing, on one side, the seriousness of the offence at stake and, on the other, the actual disadvantage resulting for the subjects involved.266 Within this constraints, the CJEU positively assessed the existence of “coordination rules” (sub-criterion b1) both in Garlsson, (between the Italian prosecution service and Consob),267 and in Menci, where it favourably considered the mechanism according to which the enforcement of administrative punitive penalties had to

 Garlsson Real Estate SA, Case C-537/16, § 48; Menci, Case C-524/15, § 46.  Garlsson Real Estate SA, Case C-537/16, §§ 46–47; Menci, Case C-524/15, §§ 44–46. 263  Garlsson Real Estate SA, Case C-537/16, § 49; Menci, Case C-524/15, § 47. 264  Garlsson Real Estate SA, Case C-537/16, §§ 51–63; Menci, Case C-524/15, §§ 49–64. 265  See above, Sect. 2.3. 266  Menci, Case C-524/15, § 59. 267  As provided for in Article 187i of Legislative Decree No 58 of 24 February 1998, consolidating all provisions in the field of financial intermediation (the so-called TUF); cf. Garlsson Real Estate SA, Case C-537/16, § 57. 261 262

60

2  Finding the Way in a Complex Multi-Level Legal Framework

be suspended during criminal proceedings against the same VAT fraudolent conduct, and even definitely prevented if the latter had terminated with a conviction.268 As for the parameter regarding the proportionality of the overall penalty (sub-­ condition b2), in Menci the Court positively pointed out that criminal penalties were to be limited to particularly serious offences (unpaid VAT exceeding EUR 50,000), and that voluntary payment of the tax debt covering also the imposed administrative penalty constituted a special mitigating factor to be taken into account in criminal proceedings.269 On the contrary, the CJEU did not consider this condition fulfilled in Garlsson, where the range of (punitive) administrative and criminal fines applicable for the same conduct of market manipulation (notably deriving from the national transposition of Directive 2003/6/EC270) was considered unnecessarily burdensome. This conclusion was also supported by the fact that safeguards against the excessive severity of the cumulated penalties in that field found application only among pecuniary penalties, but not between punitive administrative fine and imprisonment.271 Similarly, negative considerations were drawn by the Court also in Di Puma-Zecca (possibly the less controversial of the three 2018 cases), where the possibility to bring proceedings for an administrative punitive fine following a criminal trial for the same conduct already terminated with an acquittal was also considered exceeding the necessity required by the principle of proportionality.272 While the conditions concerning the proportionality of the penalty imposed may seem relatively straightforward in their concrete application, several are the uncertainties created and left unsolved by the Court with this more recent jurisprudence. First, the circumstances of the cases examined do not answer as to whether the CJEU would include in the parameter on the “coordination rules” also the need to concentrate the phase of evidence gathering between administrative and criminal proceedings. From the general wording drawn by the Court, it is not possible to rule out this condition, included in the A and B test, nor all the critical issues related to it as previously analysed273 which risk, to raise also into EU law serious questions on the effectivity of defence rights for the affected individual(s). Second, the CJEU, similarly to A and B, and contrary to what previously affirmed in Zolotukhin or Grande Stevens, has opted for an interpretation that, certainly meeting the interests of several Member States, does not really allow individuals to know, in advance, whether their specific situation could be considered a violation of Article 50 CFREU or a legitimate limitation of the latter. Indeed, the parameters identified by the Court of Justice, although not including the “substantial connection in time”—perhaps the most arbitrary condition of the A

 Menci, Case C-524/15, § 56.  Menci, Case C-524/15, §§ 54–56. 270  See above note 195. 271  Garlsson Real Estate SA, Case C-537/16, §§ 58-59-60. 272  Di Puma-Zecca, Joined Cases C-596/16 and C-597/16, §§ 43–44. 273  Cf. above Sect. 2.3.2. 268 269

2.3  The Interaction Between Administrative and Criminal Matter

61

and B test274—are far from reaching that threshold of clarity and precision that the same CJEU requires from national legislation to comply with Article 52(1) CFREU. Both under EU law and at the Conventional level, therefore, it seems that— besides for self-evident cases—there will not be a foreseeable way for individuals to actually know whether they are entitled to effectively invoke the principle of ne bis in idem. The only effective content left to this principle, at least when applied to the (broad) notion of punitive matter, seems therefore the right for individuals to be subject to overall proportionate penalties. This jurisprudence appears thus to limit ne bis in idem only to a part of its substantive notion (proportionality of sanctions), totally forgetting the needs of protection arising also from the mere double protection.275 A solution against which, with a hint of provocation, even the limited, but clearer boundaries of the double jeopardy clause in the US legal framework may seem preferable. With this 2018 case-law, hence, the Court did not, as hoped by many and as explicitly suggested by Advocate General Sánchez-Bordona took the chance to establish a higher level of protection compared to the ECtHR.276 On the contrary, the CJEU sensibly lowered the content of the principle, anchoring the “quality” of its interpretation to the consideration that it ensures “a level of protection of the ne bis in idem principle which is not in conflict with that guaranteed by Article 4 of Protocol No 7 to the ECHR, as interpreted by the European Court of Human Rights” in A and B v Norway.277 This case-law does not even has the positive effect of preventing the aforementioned “first come first served” phenomenon,278 that follows from the application of strict rules on ne bis in idem in a legal framework which does not include binding rules for the allocation of jurisdiction (and that perhaps represented the most sensitive criticism that could be lifted against the Zolotukhin doctrine). In Garlsson, in fact, the CJEU affirmed that bringing of proceedings relating to an administrative punitive fine that follows a criminal conviction “exceeds what is strictly necessary in order to achieve the objective [of general interest-sub criterion (iv)], in so far as that criminal conviction is such as to punish the offence committed in an effective, proportionate and dissuasive manner” given, for instance, the harm caused to the company by the offence committed.279 Such argument—theoretically reasonable—appears however especially critical in its concrete application. Indeed, in the specific case, it was considered “effective” a final criminal penalty imposed at the end of a negotiated proceeding (initiated after the first conviction at the administrative level, and terminated before the  Cf. Opinion of Advocate General Campos Sánchez-Bordona, delivered on 12.09.2017, in case Menci (C-524/15), §§ 55–56. 275  Besides for what affirmed by the Advocate General Wahl in C-617/17 delivered on 29.11.2018, ECLI:EU:C:2018:976, § 22. 276  Id., §§ 60; 74–77; cf. also Galluccio (2018). 277  Menci, Case C-524/15, §§ 60–62 and in particular, § 62. 278  Cf. above Sect. 2.3.1. 279  Garlsson Real Estate SA, Case C-537/16, § 57. 274

62

2  Finding the Way in a Complex Multi-Level Legal Framework

exhaustion of the appeals against the administrative fine) which was never enforced since it was extinguished as a result of a pardon. This circumstance was considered “irrelevant for the purpose of assessing whether national legislation such as that at issue in the main proceedings is strictly necessary”.280 This argument not only raises again problems of compliance of Article 50 CFREU with Article 54 CISA (as such case could be considered as falling into the deerogations to ne bis in idem there provided)281 but also clearly shows how a system in which guilty plea (even not enforced) is largely applied could de facto prevent the application of any administrative punitive fine: Again a “first come first served” approach, but without the benefits deriving from having at least clear criteria for the application of the double jeopardy protection. Similarly to the Conventional framework, therefore, also in the EU the protection from double jeopardy seems to come out rather dilapidated by the recent development of the case-law. The limits in the recognition of a transnational application to the principle of ne bis in idem in the EU shall finally also take into account the scope of application of the Charter itself. While the rights of the Charter may be invoked by every natural or legal person whose legal interests have been affected by EU law282, the reference to “EU law” is far from being unequivocal in this context.283 In fact, according to Article 51(1) CFREU, the Charter is legally binding towards institutions, bodies, offices and agencies of the Union, and towards Member States when they “are implementing Union law”. This last clause was interpreted by the Court as an obligation for Member States to comply with the Charter when they are acting within the scope of EU law284; in  Id., § 62.  Unless that in intended at certifying a different notion of the ne bis in idem principle in its domestic and transnational dimensions. 282  The applicability of the Charter specifically towards legal entities was underlined by the Court of Justice also in cases concerning banks, such as Bank Saderat Iran v Council, Case T-494/10, 5.02.2013, ECLI:EU:T:2013:59, §§ 33–44. 283  See, for all, Ward (2017), p. 1431 et seq.; see also Safjan (2012), pp. 3–6; Groussot et al. (2011), pp. 13–14; Tomkin (2014), p. 1385 et seq. 284  Cf. Opinion of Advocate General Kokott, in Case C-489/10, delivered on 15.12.2011, §§ 13–20; this interpretation had already been expressed in Hubert Wachauf v Bundesamt für Ernährung und Forstwirtschaft, Case 5/88, 13.07.1989, ECLI:EU:C:1989:321; Elliniki Radiophonia Tiléorassi (ERT) AE and Panellinia Omospondia Syllogon Prossopikou v Dimotiki Etairia Pliroforissis and Sotirios Kouvelas and Nicolaos Avdellas and others, Case C-260/89, 18.06.1991, ECLI:EU:C:1991:254; Daniele Annibaldi v Sindaco del Comune di Guidonia and Presidente Regione Lazio, Case C-309/96, 18.12.1997, ECLI:EU:C:1997:631. More recently, see Fransson, cit., § 21 “Since the fundamental rights guaranteed by the Charter must therefore be complied with where national legislation falls within the scope of European Union law, situations cannot exist which are covered in that way by European Union law without those fundamental rights being applicable. The applicability of European Union law entails applicability of the fundamental rights guaranteed by the Charter”. Affirming instead that the assessment shall be made exclusively in relation to EU provisions was J. McB v L.E., Case C-400/10 PPU, 5.10.2010, ECLI:EU:C:2010:582, 280 281

2.3  The Interaction Between Administrative and Criminal Matter

63

particular, State authorities are subject to the Charter when they apply domestic law that has the purpose of enforcing EU provisions (in that including also the case in which a Member State exercises discretionary powers conferred by EU law285). The interpretation of this vague clause has long been debated, especially to determine whether advocating the application of the general principles of the EU law in a certain field would be a sufficient condition to trigger the protection of the Charter.286 This argument was recognized as valid by the Court in all fields in which EU law determines the action of Member States (such as in the EAW, or presumably, the EIO287). Slightly different is the case where EU law determines only partially the legal grounds applicable to the case, which was examined by the CJEU in the aforementioned Fransson decision, where the subject matter was tax law (only in part regulated at the EU level with regard to VAT).288 According to the Court, in such situations, “national authorities and courts remain free to apply national standards of protection of fundamental rights, provided that the level of protection provided for by the Charter, as interpreted by the Court, and the primacy, unity and effectiveness of European Union law are not thereby compromised”.289 Here too, however, due to the reference to the primacy of EU law, it has been reasonably argued that national standards may apply instead of

§ 51–53. For a recollection of the criminal law matters falling under the scope of Article 50 CFREU, see Tomkin (2014), pp. 1386–1387. 285  Joined cases N.S. (C-411/10) v Secretary of State for the Home Department and M.  E. and Others (C-493/10) v Refugee Applications Commissioner and Minister for Justice, Equality and Law Reform, 21.12.2011, ECLI:EU:C:2011:865, § 68; on the point see, for all, Ward (2017), pp. 1437–1439. Specific limitations to the application of the Charter, and above all to the possibility of its provisions to be judicially cognizable by the Court of Justice, are in place for UK and PL (while CZ is on the process to join the Protocol), due to Article 1(1) of Protocol No. 30 TFEU. This provision however was not considered by the ECJ as justifying and exemption for such States from the obligation to comply with the Charter, at least with regard to the rights and principles that are not part of Title IV of the Charter (economic, social and cultural rights), cf. N. S., Joined Cases C-411/10 and 493/10, § 50. 286  Cf., e.g., Vervaele (2014), p. 192. 287  Concerning the primacy of EU law in these contexts, also when the rights provided for by EU law provided for a lower standard of protection than that established at national level, see famously Stefano Melloni v Ministerio Fiscal, Case C-399/11, 26.02.2013, ECLI:EU:C:2013:107. 288  The issue had actually been already examined by the Court in Murat Dereci and others v Bundesministerium für Inneres, Case C-256/11, 15.11.2011, ECLI:EU:C:2011:734, § 72. 289  Fransson, Case C-617/10, § 29; cf. Sarmiento (2013), pp. 1294–1296; Ward (2017), pp. 1433– 1437. Different criterion was instead adopted in the Opinion of Advocate General Cruz Villalón, in Case C-617/10, delivered on 12.06.2012, according to which judicial review should be carried out at national level, while the exceptional cases where the CJEU should be competent shall be based on a “reference to a specific interest of the Union in ensuring that that exercise of public authority accords with the interpretation of the fundamental rights by the Union. The mere fact that such an exercise of public authority has its ultimate origin in Union law is not of itself sufficient for a finding that there is a situation involving the ‘implementation’ of Union law” (§ 40).

64

2  Finding the Way in a Complex Multi-Level Legal Framework

the Charter only in cases of “severe breach of constitutionally protected principles inherent to the EU’s legal order”.290 Moreover, in Robert Pfleger (2014) the CJEU, affirmed that the Charter covers also situations in which Member States use “exceptions provided for by EU law in order to justify an obstruction of a fundamental freedom guaranteed by the Treaty”. These cases too should therefore be regarded as “implementing Union law” within the meaning of Article 51(1) CFREU.291 Nonetheless, not every connection with EU law is sufficient to trigger the application of the Charter.292 Often, in fact, the Court has required the Union to had already exercised its competence on the specific matter, issuing some act of secondary legislation, to be able to enforce the rights provided for by the Charter. An example in this sense is provided by the 2016 joined cases Tele2-Watson on data retention,293 where one of the issues at stake concerned precisely whether the challenged national legislation could still fall under the scope of EU law even though the directive from which it was deriving had been annulled by the CJEU294). Most interestingly, to assess so, in that case the Court concluded for the applicability of the Charter to the subject matter tracing the Swedish and British legislation at stake—originally derived from the annulled directive—back to a different piece of secondary EU legislation on data retention, the so-called “ePrivacy” directive.295  Sarmiento (2013), p. 1295.  Robert Pfleger and others, Case C-390/12, 30.04.2014, ECLI:EU:C:2014:281, §§ 30–37, and in particularly § 36. In that case, the legislation at stake was acting within the area of games of chance, which is not harmonized at the EU level; nonetheless, the Court considered that “where it is apparent that national legislation is such as to obstruct the exercise of one or more fundamental freedoms guaranteed by the Treaty, it may benefit from the exceptions provided for by EU law in order to justify that fact only in so far as that complies with the fundamental rights enforced by the Court. That obligation to comply with fundamental rights manifestly comes within the scope of EU law and, consequently, within that of the Charter”; see also Fransson, Case C-617/10, § 19, and Lenaertes (2011), p. 88; Ward (2017), pp. 1428–1429. 292  Cf. Cruciano Siragusa v Regione Sicilia, Case C-206/13, 6.03.2014, EU:C:2014:126, §§ 16–36 (concerning environmental restrictions); Sindicato dos Bancários do Norte and Others v BPN, Order of the Court C-128/12, 7.03.2013, EU:C:2013:149, §§ 8–14 (concerning salary treatment); Criminal proceedings against Magatte Gueye (C-483/09) and Valentín Salmerón Sánchez (C-1/10), 15.09.2011, ECLI:EU:C:2011:583, § 69 (on the interest of victims), where the Court declared it was not competent as there was no “implementation of EU law”. 293  Cf. Joined cases Tele2 Sverige AB (C-203/15) and Watson (C-698/15), §§ 65–81, for the implications of this decision in real-time monitoring of personal (banking) data, cf. also Chap. 8. 294  Cf. Judgment in Digital Rights Ireland Ltd v. Minister for Communications, Marine and Natural Resources and Others and Kärntner Landesregierung and Others, 8.04.2014, C-293/12, ECLI:EU:C:2014:238, in which the Court declared invalid Directive 2006/24/EC of 15.03.2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC; for the implications of this decision in the context of real-time monitoring of personal (banking) data, cf. also Chap. 8. 295  Directive 2002/58/EC of 12.07.2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector. 290 291

2.3  The Interaction Between Administrative and Criminal Matter

65

As it has been highlighted by legal scholars, however, the case-law of the CJEU on the parameter of Article 51(1) CFREU is likely to further develop and significantly increase in the next future. This is true especially with regard to criminal law, thanks to the many opportunities of triggering a preliminary ruling on the bases of the package of directives approved to safeguard the defendant and the victim of criminal proceedings in the aftermath of the Stockholm Programme.296 And indeed in the last few years, although in a somewhat ambivalent way, the Court has started to define more clearly its competence with regard to the criminal matter, sometimes with a narrow approach, such as in the very controversial Milev decision (2018), sometimes with a more inclusive interpretation, as in Moro (2019).297 Finally, it shall be pointed out that while the case-law of the CJEU and of the ECtHR recognize the protection from double jeopardy for natural persons, both Courts are far more cautious when it comes to legal entities. This issue is particularly relevant in financial criminal or administrative investigations, where legal persons, such as banks or financial institutions are quite frequently the target. Indeed, in the debate about the scope of defence rights and fair trial principles, only certain prerogatives are unquestionably acknowledged also towards legal entities, such as the right to legal assistance and to legal aid.298 Emblematic in this sense is the presumption of innocence, whose application to organizations has been recognized by the two European Courts (although with strong limitations with regard to the privilege against self-incrimination before the CJEU),299 but (at least in the intentions) excluded by the EU legislation with Directive 2016/343.300 In lack of any specific indication on the matter, the extension of the principle of ne bis in idem also towards legal persons, largely supported by academics,301 seems to be substained by the European Courts.302 An effective protection against multiple  Allegrezza (2017), p. 971. Cf. also Sect. 6.3.5.  Cf. Criminal proceedings against Emil Milev, C-439/16 PPU, 27.10.2016, ECLI:EU:C:2016:818; Criminal proceedings against Gianluca Moro, C-646/17, 13.06.2019, ECLI:EU:C:2019:489. 298  DEB Deutsche Energiehandels– und Beratungsgesellschaft mbH v Bundesrepublik Deutschland, C-279/09, 22.12.2010, ECLI:EU:C:2010:811. 299  For the Court of Justice see, e.g., Commission of the European Communities v SGL Carbon AG, Case C-301/04 P, 29.06.2006, ECLI:EU:C:2006:432, § 406; Mannesmannröhren-Werke AG v Commission of the European Communities, Case T-112/98, 20.02.2001, ECLI:EU:T:2001:61, §§ 36–77; Orkem v Commission of the European Communities, Case C-374/87, 18.10.1989, ECLI:EU:C:1989:387, § 30–31. For the European Court of Human Rights, see, e.g., Synnelius & Edsbergs Taxi AB v. Sweden, 17.06.2008, Application no. 44298/02, §1; Haralambidis, Y. Haralambidis-Liberpa S.A. & Liberpa Ltd v. Greece, 23.03.2000, Application no. 36706/97, § 4; Zegwaard & Zegwaard B.V. v. the Netherlands, 9.09.1998, Application no. 26493/95, §§ 34–51. 300  Cf. Recitals (12) to (15), Directive (EU) 2016/343 of the European Parliament and of the Council of 9.03.2016 on the strengthening of certain aspects of the presumption of innocence and of the right to be present at the trial in criminal proceedings. For the first general comments on the Directive see, e.g., Cras and Erbežnik (2016), p. 25 et seq.; Lamberigts (2016a), p. 36 et seq.; Id. (2016b); Camaldo (2016); Canestrini (2016), p. 2224 et seq.; De Caro (2016). 301  See, among others, De Moor Van Vugt (2012), p. 18 et seq.; Weyembergh (2013), p. 548 et seq.; Tomkin (2014), p. 1391 et seq.; Amalfitano (2017), p. 1019; D’Ambrosio (2017), pp. 1040–1041. 302  See, e.g. Garlsson Real Estate SA, Case C-537/16. 296 297

66

2  Finding the Way in a Complex Multi-Level Legal Framework

proceedings may result critical in practice in those countries where only forms of— officially—administrative liability have been implemented. Against this background, in the EU recognizing a satisfactory level of protection from transnational bis in idem to legal persons, like banks, is a goal often far from being achieved. Even more worryingly the scope of the principle as such in the areas of criminal and administrative punitive liability results scarcely predictable: “a veritable Sargasso Sea which could not fail to challenge the most intrepid judicial navigator”.303

2.3.4  Gathering Information Within Multi-Disciplinary Cooperation Networks A last profile related to the interconnection of administrative and criminal matters plays a fundamental role in today banking investigation: The dissemination of evidence in cooperation networks. Thanks to the polyvalent relevance, in terms of liability, of certain conducts, many criminal financial investigations originate from notifications sent to judicial authority, when reasonable suspicions of crime emerge in administrative proceedings. Administrative authorities—generally banking regulators, securities market antitrust supervisors, or tax agencies—may gather criminally relevant information either during their investigations, sharing the elements collected through cooperation agreements with prosecutorial and/or law-enforcement authorities, or thanks to the obligation imposed on financial institutions to directly report any suspicious activity to their supervisor(s). Due to the scale and intrinsic complexity of the financial markets, and of applicable legal frameworks, in multi-level legal orders like the EU and the US, financial operators are normally overseen by numerous governmental and/or independent administrative agencies, so that the responsibility to carry out financial criminal inquiries rarely relies on a single investigating body. In the US, banking regulatory tasks are shared—just to mention the federal level—among the Office of the Comptroller of the Currency, the Federal Reserve, the Federal Deposit Insurance Corporation, the Securities Exchange Commission and, until 2010, the Office of Thrift Supervision.304 A proliferation of competent authorities at the central level characterizes the US system also on the side of criminal inquiries, where investigative powers are commonly shared among federal attorneys and several law-enforcement agencies, such as: The Federal Bureau of Investigation, the Drug Enforcement Administration, the US Marshals Service (under the Department of Justice); the US Customs and Border Protection, the US  Albernaz v. United States, 450 U.S. 333, 343 (1981). For the impact of this case-law, as applied in the EU legal framework, to banking supervision, see below Sect. 6.3.5–6.3.6. 304  The competence and powers of these authorities in the US are illustrated in Chap. 5. 303

2.3  The Interaction Between Administrative and Criminal Matter

67

Immigration and Customs Enforcement, the US Secret Service, and the Homeland Security Investigations (under the Department of Homeland Security); not to mention the criminal division of the Internal Revenue Service (under the Department of the Treasury). In the EU, the situation about criminal prosecution is even more fragmented, where—also for crimes with a transnational European dimension—competent authorities are mostly established at national level. Accordingly, the interaction between criminal and administrative matters usually occurs first at national level (among prosecutors, investigating judges, law-enforcement, banking supervisors, and tax and customs agencies of each single Member State), and then (eventually) at transnational level. The strict national dimension of criminal prosecution is however partially derogated in the area of financial investigations, as (so far) only in this field the European Union managed to establish some form of quasi-federal investigative body, namely the European Anti-Fraud Office (better known as OLAF, in its French acronym), and the European Public Prosecutor Office (EPPO), where national authorities have (or will have, in the EPPO case) to cooperate with in a vertical dimension that is added to the ones previously illustrated.305 OLAF, created since 1999 to face the consequences of the Santer scandals,306 is an independent office placed within the European Commission, granted with broad administrative investigative powers concerning any irregularity affecting the budget of the EU. The Office plays an extremely relevant role in this field, because it investigates over conducts which may well also be target of criminal inquiries (such as in case of corruption, misappropriation of funds, or fraud) and operates within a very broad cooperation network that keeps together different types of tax, custom and criminal authorities. Nonetheless, once OLAF has terminated its investigations, the Office has no power to bring a case to court, and the choice to prosecute or not is entirely remitted to the discretion of national authorities.307

 For a rather recent analysis of the cooperation in this area see, among others, Luchtman (2017), p. 191; Kuhl (2017), p. 135 et seq. 306  Cf. Commission Decision of 28.04.1999 establishing the European Anti-fraud Office (OLAF), 1999/352/EC, ECSC, EURATOM, and following amendments (Commission Decision 2013/478/ EU of 27.09.2013; Commission Decision (EU) 2015/512 of 25.03.2015). In 1999, Jacques Santer, the head of the European Commission, and his fellow commissioners, were forced to resign en masse over a corruption scandal, concerning fraud and nepotism for serious management failings. For press reports of the scandal see, e.g., Bates (1999); BBC, EU plunges into crisis, 16.03.1999. http://news.bbc.co.uk/2/hi/europe/297457.stm. Accessed 18 July 2018. 307  Cf. Article 11, Regulation (EU, Euratom) No 883/2013 of 11.09.2013 concerning investigations conducted by the European Anti-Fraud Office (OLAF) and repealing Regulation (EC) No 1073/1999 and Council Regulation (Euratom) No 1074/1999. The Regulation is currently under revision, see European Commission, Proposal for a Regulation of The European Parliament and of the Council amending Regulation (EU, Euratom) No 883/2013 as regards the establishment of a Controller of procedural guarantees, Brussels, 11.6.2014 COM(2014) 340 final 2014/0173 (COD); see also Luchtman and Vervaele (2017). 305

68

2  Finding the Way in a Complex Multi-Level Legal Framework

The European Public Prosecutor, on the contrary, was granted both investigative and indictment powers against serious crimes affecting the financial interests of the Union (the so-called “PIF” crimes308) and other criminal offences “inextricably linked” to the criminal conduct mentioned above.309 Within its scope, the EPPO thus represents the Union body that is more reassembling a sort of “federal” structure, although several are its structural features that heavily suffered from the lack of political consensus in the long negotiations that brought to its creation. First, the Office was created with an enhanced cooperation procedure to which to date not all EU Member States have adhered.310 Second, the internal organization of the EPPO, contrary to the initial Commission’s proposal, is now built upon a collegial structure that emphasizes the national origin of prosecutors, putting the entire project at risk of being sieged by national interests. Lastly, cases with European dimensions processed by the Office will not be tried at European, but at national level, and therefore following different national procedural rules, which in practice represents a formidable disincentive in having prosecutors investigating over cases originated in jurisdictions different than that of their own nationality (beyond what, presumably, they do not possess the necessary legal expertise).311 The situation is only slightly more simplified when it comes to banking oversight. Indeed, also in the EU financial supervision is involving several authorities, which, just with specific regard to the credit institutions, include the European Banking Authority (EBA), the European Central Bank (ECB), and the Member States’ National Competent Authorities (NCAs), often, but not always represented by national central banks.312 Since late 2014, in particular, the ECB has taken supervisory functions towards banks with the creation of the Single Supervisory Mechanism (SSM), whose investigative and sanctioning powers represent one of the most relevant innovation in the  As defined by the PIF Directive (2017/1371), cit., substituting the previous “PIF Convention” (Council Act of 26.07.1995 drawing up the Convention on the protection of the European Communities’ financial interests), and its Protocols, from 6.07.2019. These offences include: Fraud (VAT fraud only if the damage involved is of at least 10 million euros), corruption, and misappropriation affecting the EU financial interests, as implemented by national law. 309  Cf. Article 22, of the Council Regulation (EU) 2017/1939 of 12.10.2017 implementing enhanced cooperation on the establishment of the European Public Prosecutor’s Office (hereinafter “EPPO Regulation”). 310  After long and troubled negotiations, the procedure was launched on 3.04.2017. Up until now [June 2019] 22 Member States have joined the enhanced cooperation (PL, SE, HU, IE, DK and UK have still not accessed the EPPO). Cf. https://ec.europa.eu/info/law/cross-border-cases/judicialcooperation/networks-and-bodies-supporting-judicial-cooperation/european-public-prosecutorsoffice_en. Accessed on 15 June 2019. 311  These and other critical profiles of the EPPO have been widely stressed out by legal scholars see, e.g., Ligeti (2018); Caianiello (2013), pp. 115–125; Ligeti and Simonato (2013); Allegrezza (2013); Luchtman and Vervaele (2014b); Salazar (2017); Lupo (2014); Mitsilegas and Giuffrida (2018). 312  The role and powers of these authorities, and of the other authorities composing the European System of Financial Supervision will be illustrated in Chap. 4. 308

2.3  The Interaction Between Administrative and Criminal Matter

69

European legal framework of the last few years, and whose implications under a criminal law perspective are analysed in detail in the course of this work.313 The concomitant presence of all these administrative and judicial agencies within a same territory, often with competences over the same subjects, and with sometimes overlapping but still diverging goals, clearly shows how the coordination issue has become pivotal at all levels. Indeed, cooperation of financial and banking institutions with supervisory authorities is essential to supply the latter with due information about alleged irregularities; and coordination among regulatory supervisors is necessary to realize both an efficient oversight, and to allow judicial authorities to promptly counteract against financial crimes. This aim does not only answer to general workability reasons, but, both in the US and in the EU, shall also be assessed in light of the efficiency standards set on the matter by the Core Principles of the Basel Committee on Banking Supervision.314 To achieve this, effective rules are needed, either at the legislative and/or inter-­ agency level; good regulations (however) are often not enough to ensure satisfactory results: When it comes to cooperation, mutual trust and personal relationships still play a critical role for success.315 That is clearly showed by the US and EU examples. On paper, the US cooperation model seems to work rather smoothly as long as criminal offences are involved, thanks to the leading principle according to which if a crime is discovered or suspected during an administrative inquiry, all evidence collected should be reported to the competent criminal agencies, with generally no restriction whatsoever concerning their further use. Nonetheless, as it will be analysed in the course of this work, in practice the high number of federal regulators, and their sometimes-overlapping partition of competences represent overseas a most debated issue.316 Indeed, as illustrated by the US Senate Permanent Subcommittee on Investigations in its analysis on the breaking out of the 2006–2008 financial crisis, the undertaking of contemporary or subsequent parallel proceedings by different authorities has often resulted in open rivalry rather than institutional collaboration.317

 Cf. Sect. 4.4 for the description of the SSM supervisory, investigative and sanctioning powers; and Chap. 6 for the analysis of the latter in light of the Basel Core Principles, and of the Engel criteria and the fair trial rights. 314  The Core Principles are analysed in Sect. 3.5. 315  That is particularly evident in the field of the so-called “spontaneous cooperation” “one of the most innovative and interesting tools for closer co-operation in fighting serious crimes. The boosted circulation of information is, in fact, indicative of a renovated and advanced conception of relationships between judicial authorities, which finds its most meaningful expression in the coordination of parallel investigations”, cf. Simonato (2011), p. 220; Calvanese (2003). 316  See, e.g., Myers II (2011), p. 1849. The critical issues arising from cooperation within the US supervisory system are analysed in Sect. 6.1.2. 317  Cf. U.S. Senate Permanent Subcommittee on Investigations (2011), p. 4 et seq.; U.S. Senate Permanent Subcommittee on Investigations (2010). 313

70

2  Finding the Way in a Complex Multi-Level Legal Framework

Moreover, while the obligation to directly share with criminal authorities all potentially relevant elements gathered during administrative inquiries certainly lifts the efficiency of investigations up under a prosecutorial point of view, when (often) data are collected by administrative authorities lacking substantive procedural guarantees, that also raises substantial concerns in relation to defence rights, privacy protection, and the risk of double jeopardy. In the EU, the principle of sincere cooperation is expressed by Article 4(3) of the Treaty on European Union (TEU), which establishes the duty for Member States to assist each other in ensuring the fulfilment of the Treaty obligations.318 Within this general provision, administrative and judicial cooperation has notably increased in its horizontal, vertical and diagonal (cross-sectoral) dimensions.319 Contrary to the US however, at Union level not all the information gathered during administrative investigations may freely circulate for purposes different from those they had been collected for. That is the case, for example, of inquiries carried out by the Commission through the Directorate-General for Competition, where information, notwithstanding its potential multidisciplinary value, can only be used for the purposes of ensuring the internal market protection from conducts causing prevention, restriction or distortion of competition.320 The most critical situation, however, concerns the case in which information are disseminated between administrative and criminal proceedings, given the different level of guarantees provided for in the two systems for the persons affected by the investigations. This case, which has been partially examined by the Court of Justice in its 2015 renown decision WebMindLicence, originates fundamental critical issues also in the field of banking supervision and investigation and, under this perspective, is accordingly analysed in the course of this work.321  Consolidated version of the Treaty on European Union, C 326/13 Official Journal of the EU, 26.10.2012, Article 4(3) “Pursuant to the principle of sincere cooperation, the Union and the Member States shall, in full mutual respect, assist each other in carrying out tasks which flow from the Treaties. The Member States shall take any appropriate measure, general or particular, to ensure fulfilment of the obligations arising out of the Treaties or resulting from the acts of the institutions of the Union. The Member States shall facilitate the achievement of the Union’s tasks and refrain from any measure which could jeopardise the attainment of the Union’s objectives”. 319  For a general analysis of the different cooperation models in the EU, see Klip and Vervaele (2002), pp. 9–47; Klip (2016), p. 373 et seq. For an analysis of the theme applied to VAT and customs fraud, see Tesoriero (2016). 320  According to Articles 101–102 of the Treaty (former Articles 81–82), cf. Article 12, Council Regulation (EC) No 1/2003 of 16.12.2002 on the implementation of the rules on competition laid down in Articles 81 and 82 of the Treaty; Article 15(4), Commission Regulation (EC) No 773/2004 of 7.04.2004 relating to the conduct of proceedings by the Commission pursuant to Articles 81 and 82 of the EC Treaty; Articles 107–142, Commission Notice on Best Practices for the Conduct Of Proceedings Concerning Articles 101 and 102 TFEU, 2011/C 308/06; Article 48, Commission Notice on the Rules for Access to the Commission File in Cases Pursuant to Articles 81 and 82 of the EC Treaty, Articles 53, 54 and 57 of the EEA Agreement and Council Regulation (EC) No 139/2004, OJ C 325, 22.12.2005, p. 7–15; Recital (33), Commission Notice on Immunity from Fines and Reduction of Fines in Cartel Cases, 2006/C 298/11. 321  WebMindLicenses, Case C-419/14. Cf. Sect. 6.1.3 and, with special focus on the privilege against self-incrimination, Sect. 6.3.5. 318

2.4  Methodology: Transversal Comparative Approach Applied to a Complex…

71

Against this fragmented background, anyway, also European cooperation networks, similarly to the US, highly rely upon the authorities’ willingness to exchange information and enforce the requests issued by foreign counterparts. This conclusion is not challenged by the most recent EU legislation on the matter, and in particular by Directive 2014/41 establishing the European Investigation Order (EIO). Regardless of being adopted to strengthen cooperation practices, and the exchange of evidence within the EU, in fact, many legal scholar highlighted how this tool provides for such a huge amount of grounds for refusal to cooperation requests, that de facto leaves the execution of the investigative orders to the discretional choice of the requested agency.322 In the following analysis, therefore, a comprehensive perspective is adopted, that considers the impact of multi-disciplinary actors and regulations in defining the content of procedural rules and rights.

2.4  Methodology: Transversal Comparative Approach Applied to a Complex and Hybrid Legal Framework To carry out the present analysis, a transversal comparative approach has been adopted. In particular, the substantial nature of banking supervisory sanctions, and therefore the applicable procedural rights, and real-time monitoring of financial data are discussed comparing two selected legal orders, that is the European Union, and the United States. The reason why these countries have been picked up is twofold. First, they represent two of the most developed banking systems in the world, both for their historical background, and their actual weight in the global financial market. Secondly, the EU and the US are complex legal orders, organized in multi-­ level structures. The concept of “multi-level” governance was developed starting from the 1980s in the field of political science and public administration theory, and successfully applied in the context of studies on the European integration after the entry into force of the Maastricht Treaty. Although the very meaning of “level” may appear quite hard to define, the expression “multi-level” is here used to describe a legal system characterized by the presence of several authorities, at domestic as well as at central or federal level that: (a) operate in an environment of simultaneous and complex interaction; (b) are not included in a strict hierarchical organization; (c) share

 Directive 2014/41/EU of 3.04.2014 regarding the European Investigation Order in criminal matters. For an overall analysis on the EIO Directive, see, e.g., Ruggeri (2013), p. 279 et seq.; Daniele (2017b); Allegrezza (2014), p. 51 et seq.; Caianiello (2015), p. 1; Caianiello and Di Pietro (2016); Daniele (2017a), p. 418 et seq. For an analysis of the impact of the directive with regard to banking investigations, and especially real-time monitoring of banking records see below Sect. 7.5.

322

72

2  Finding the Way in a Complex Multi-Level Legal Framework

governance responsibilities, and competences; and (d) are often internally shaped by uneven principles.323 Within this structure, the variables mentioned above—the existence and need of extensive cooperation networks, and the enforcement of the prohibition of bis in idem—already relevant in domestic criminal justice system due to the interaction between administrative and criminal law, are emphasized, and assume a pivotal role in shaping the effectiveness and fairness of any punitive paradigm. Global dimension impact, and multi-level organization are also elements that make the comparative analysis between the EU and the US a meaningful operation, regardless for the existence of other relevant differences, starting from the fact that the United States is a well-established federal legal order, more than 200-years old. The European Union on the other side, consists of a particularly complicated system, which results from the interaction of numerous and different national, supranational and intergovernmental legal sources, that often provide for dissimilar requirements and standards of protection. This notwithstanding, in the field of banking investigations the US multi-level structure does not appear much more simplified than the European one. Indeed, as shown by the last financial crisis, the American financial system is characterized by an intricate network of agencies, whose tasks are not always easily distinguishable from another,324 and which are placed within a framework devoid of a ne bis in idem principle applicable between federal and local level. In light of these common features, a comparative analysis between the US and the EU can be usefully carried out, keeping in mind that the legal system of the latter does not have (at least yet) an autonomous status, but it rather appears as a hybrid of supranational and national regulations. Indeed, especially but not exclusively regarding procedural rules, the EU presents a legal framework deeply affected by the complexity of transnational relations, and a highly fragmented criminal policy, which—in its constant search for harmonization and approximation—shows all its political limitations.325 The Lisbon Treaty explicitly included legal basis for the EU competence in criminal matters,326 which has been further strengthened by the recognition of full juris-

 See Hooghe et al. (1996), pp. 341–378; Hooghe and Marks (2001); Id. (2010), pp. 17–31.  The structure of the US supervisory financial system is dealt with in Chap. 5. 325  The difference between harmonization and approximation methods, both explicitly specified by Articles 81–82 TFEU, is not always clearly identifiable, since they share the same goals, even if the latter is mainly oriented towards the concurrence of legislative texts, rather than principles, and represents a weaker stimulus for the integration process, cf. Klip (2016), p. 33; Kostoris (2017), p. 68 et seq. In general terms on the fragmentation and hybrid legal basis of EU law concerning economic and financial criminal law, see Blomsma (2017), p. 225 et seq. 326  Cf. Consolidated version–Treaty on the Functioning of the European Union, C 326/52 Official Journal of the European Union 26.10.2012, Title V, Area of Freedom, Security and Justice, Articles 67–89, and especially Articles 82–89. 323 324

2.4  Methodology: Transversal Comparative Approach Applied to a Complex…

73

diction to the Court of Justice on the Area of Freedom, Security and Justice (AFSJ) starting from 1st December 2014.327 This transition marked the official end of the “third pillar”, even though not the exhaustion of all the peculiarities of this area.328 As a result, the EU criminal justice system represents neither a homogeneous paradigm, structured in the way internal national legal orders usually are, nor a proper federal one, still lacking a real ­democratic accountability for criminal policy choices, and clear identification of its objectives and scope of application. In the middle of the integration process, whose outcomes are far from being foreseeable, the AFSJ—besides for the recent creation of a European Public Prosecutor Office (EPPO)329—also persists in missing an autonomous European judicial system, as well as a systematic repartition of competences between the central and the local levels, even though the Treaty clearly lists this Area among those whose responsibility is shared between the EU and the Member States.330 While the creation of the EPPO represents a first step towards a more “federal” idea of Europe, this fragmented situation persists so far, as also the new investigating authority will be acting in a highly hybrid legal system.331 Indeed, shared competence and acknowledgment of the supremacy of supranational law are not yet undisputed features in the EU as it is typically in most federal legal order.332 In the US, moreover, these principles are applied in a context where  Cf. Article 10(1)–(3), Protocol (No 36) on Transitional Provisions concerning acts adopted on the basis of Titles V and VI of the Treaty on European Union prior to the entry into force of the Treaty of Lisbon. 328  Such as the possibility of opting-in (DK) and out (IE, UK); the emergency break procedure, and the substantial limitation in the subject (both on a substantive and procedural law perspective). 329  Cf. above, Sect. 2.3.4. 330  Cf. Article 4(2)(j) TFEU: “Shared competence between the Union and the Member States applies in the following principal areas: […] area of freedom, security and justice” and Article 325, para 3 and 5: “Without prejudice to other provisions of the Treaties, the Member States shall coordinate their action aimed at protecting the financial interests of the Union against fraud. To this end they shall organise, together with the Commission, close and regular cooperation between the competent authorities […] The Commission, in cooperation with Member States, shall each year submit to the European Parliament and to the Council a report on the measures taken for the implementation of this Article”. 331  Cf., e.g., Article 5(3)—determining the applicable legal basis—and Articles 36 and 42—determining the jurisdiction of national Courts and of the CJEU-of the EPPO Regulation. 332  Even if it is “a cornerstone principle of Community law”, the principle of primacy of EU law is not explicitly stated in the Treaties, even if this fact “shall not in any way change the existence of the principle and the existing case-law of the Court of Justice, which firstly developed its content” (see Judgment in Flaminio Costa v E.N.E.L., Case 6–64, 15.07.1964, ECLI:EU:C:1964:66), cf. 17. Declaration concerning primacy, in TFEU, A.1.Declarations Concerning Provisions of the Treaties (“The Conference recalls that, in accordance with well settled case law of the Court of Justice of the European Union, the Treaties and the law adopted by the Union on the basis of the Treaties have primacy over the law of Member States, under the conditions laid down by the said case law”), and attached Final Act the Opinion of the Council Legal Service on the primacy of EC law as set out in 11197/07 (JUR 260). In the US, the same principle, expressed by article VI, Sec. 2 US Constitution (“This Constitution, and the laws of the United States which shall be made in pursuance thereof; and all 327

74

2  Finding the Way in a Complex Multi-Level Legal Framework

local and federal law possess each an intrinsic autonomy.333 On the contrary in the EU former “third pillar” area, most legislative texts at central level adopt the form of a directive, an act which is generally not self-executing, and that becomes enforceable only after its transposition by national legislators: A phenomenon that is unknown to the American federal system. Therefore, while in the US the applicable federal law is defined by the combination of federal statutory legislation and case-law, in the EU the applicable European law is resulting from the combination of EU legislation, CJEU case-law, and national transposing legislation (not to mention the fundamental role played by the European Court of Human Rights, and the case-law of national courts on domestic legislation implementing EU acts). As a result, the Union’s competence in criminal policy is deeply characterized by a hybrid structure, in which national and EU law may apply together at the same time, integrating each other.334 This feature, which notably differentiates the legal bases grounding the US and the EU criminal justice systems, shall be kept in mind in starting the analysis on the new frontiers of banking and financial investigations, one of the fields in which the Union’s criminal competences are today more developed.

References Adler AJ (2014) Dual sovereignty, due process, and duplicative punishment: a new solution to an old problem. Yale Law J 124(2):448 Ajello NJ (2015) Fitting a square peg in a round hole: bitcoin, money laundering, and the fifth amendment privilege against self-incrimination. Brooklyn Law Rev 80(2):435–461 Allegrezza S (2012) sub art. 4, Prot. 7, CEDU.  In: Bartole S, De Sena P, Zagrebelsky V (eds) Commentario breve alla Convenzione europea per la salvaguardia dei diritti dell’uomo e delle libertà fondamentali. CEDAM, Padova, p 894 et seq Allegrezza S (2013) Verso una Procura europea per tutelare gli interessi finanziari dell’Unione. Idee di ieri, chances di oggi, prospettive di domani, in Dir. pen. cont., 31 ottobre 2013 Allegrezza S (2014) Collecting criminal evidence across the European Union: the European investigation order between flexibility and proportionality. In: Ruggeri S (ed) Transnational evidence in multicultural inquiries in Europe developments in EU legislation and new challenges for human rights-oriented criminal investigations in cross-border cases. Springer, Heidelberg, pp 51–67 Allegrezza S (2017) Commento all’art. 48. In: Mastroianni R, Pollicino O, Allegrezza S, Pappalardo F, Razzolini O (eds) Carta dei diritti fondamentali dell’Unione europea. Giuffrè, Milano, p 946

treaties made, or which shall be made, under the authority of the United States, shall be the supreme law of the land; and the judges in every state shall be bound thereby, anything in the Constitution or laws of any State to the contrary notwithstanding”) has also been affirmed in several leading cases, see, e.g., McCulloch v Maryland, 17 U.S. 316 (1819); Gibbons v Ogden, 22 U.S. 1 (1824); Hammer v Dagenhart 247 U.S. 251 (1918). 333  For instance, as provided by the Tenth Amendment of the US Constitution: “The powers not delegated to the United States by the Constitution, nor prohibited by it to the states, are reserved to the states respectively, or to the people”. 334  Cf. Klip (2016), p. 1 et seq.

References

75

Amalfitano C (2002) Dal ne bis in idem internazionale al ne bis in idem europeo. Rivista di Diritto Internazionale Privato e Processuale 38:923–960 Amalfitano C (2009) La risoluzione dei conflitti di giurisdizione in materia penale, in Dir. pen. proc., 1293 et seq Amalfitano C (2012) La discutibile inderogabilità del ne bis in idem in virtù dell’art. 50 della Carta dei diritti fondamentali dell’Unione europea, in Giur. merito, p 1620 et seq Amalfitano C (2017) Commento all’art. 50. In: Mastroianni R, Pollicino O, Allegrezza S, Pappalardo F, Razzolini O (eds) Carta dei diritti fondamentali dell’Unione europea. Giuffrè, Milano, p 1016 et seq Amar AR (1997) Double jeopardy law made simple. Yale Law J 106:1807. Faculty Scholarship Series, 1-1-1997, Paper 943 Amar AR, Marcus JL (1995) Double Jeopardy law after Rodney King. Columbia Law Rev 95:1 Badr GM (1978) Islamic law: its relation to other legal systems. Am J Comp Law 26:187. Spring 1978 [Proceedings of an International Conference on Comparative Law, Salt Lake City, Utah, February 24–25, 1977] Barth JR, Caprio G Jr, Nolle DE (2004) Comparative international characteristics of banking, in OCC Economics working paper, 1:1–77 Bates S (1999) Santer: sleepwalking into a scandal, in The Guardian, 16 March 1999. https://www. theguardian.com/world/1999/mar/16/eu.politics4. Accessed 18 July 2018 Beale SS (2014) The development and evolution of the U.S. law of corporate criminal liability. ZStW 126:27–54 Beale SS, Safwat AG (2004) What developments in Western Europe tell us about American critiques of corporate criminal liability. Buffalo Crim Law Rev 8:89–163. 97–98 Black J (2010) Managing the financial crisis–the constitutional dimension. LSE Law, Society and Economy Working Papers 12/2010 Bleichrodt E (2006) Ne Bis in Idem. In: van Dijk P, van Hoof F, van Rijn A, Zwaak L (eds) Theory and practice of the European convention on human rights, 4th edn. Intersentia, Cambridge, p 983 Blomsma J (2017) Challenges in the field of economic and financial crime from a European perspective. In: Franssen V, Ligeti K (eds) Challenges in the field of economic and financial crime in Europe and the US. Hart Publishing, Oxford, p 225 et seq Böse M (2017) The consecutive application of different types of sanctions and the principle of Ne Bis in Idem: the EU and the US on different tracks? In: Franssen V, Ligeti K (eds) Challenges in the field of economic and financial crime in Europe and the US. Hart Publishing, Oxford, p 211 et seq Bradley C (2014) Breaking up is hard to do: the interconnection problem in financial markets and financial regulation, a European (banking) union perspective. Tex Int’I LJ 49:271–295 Braun DA (1992) Praying to false sovereigns: the rule permitting successive prosecutions in the age of cooperative federalism. Am J Crim Law 20:1. 10 Brickey KF (2006) The changing face of white-collar crime: in Enron’s wake: corporate executives on trial. J Crim Law Criminol 96:397. Symposium Winter 2006 Brito J, Hoegner S, Friedman J, Rae N, Osborne P (2015) The law of Bitcoin. iUniverse, Indiana Bronckers M, Vallery A (2011) No longer presumed guilty? The impact of fundamental rights on certain dogmas of EU competition law. World Compet 4:542 Bryans D (2014) Bitcoin and money laundering: mining for an effective solution. Indiana Law J 89:441–472 Bulnes J (2008) European arrest warrant and surrender procedures: essential guarantees. In: De Hoyos Sancho M (ed) El proceso penal en la Uniòn Europea. Garantias esenciales/Criminal Proceedings in the EU. Essential safeguards. Lex Nova, Valladolid, p 289 Caianiello M (2013) The proposal for a regulation on the establishment of an European public prosecutor’s office: everything changes, or nothing changes? Eur J Crime Crim Law Crim Just 21:115–125

76

2  Finding the Way in a Complex Multi-Level Legal Framework

Caianiello M (2015) La nuova direttiva UE sull’ordine europeo di indagine penale tra mutuo riconoscimento e ammissione reciproca delle prove, in Proc. pen. e giust., 3, 1 Caianiello M, Di Pietro A (eds) (2016) Indagini penali e amministrative in materia di frodi IVA e doganali. L’impatto dell’European Investigation Order sulla cooperazione transnazionale. Cacucci, Bari Calvanese E (2003) Cooperazione giudiziaria tra stati e trasmissione spontanea di informazioni, in Cass. pen., 2:452 Camaldo L (2016) Presunzione di innocenza e diritto di partecipare al giudizio: due garanzie fondamentali del giusto processo in un’unica Direttiva dell’Unione europea, in Dir. pen. cont., 23 marzo 2016 Camina OS (1981) Note, selective preemption: a preferential solution to the Bartkus-Abbate Rule in successive federal-state prosecutions. Notre Dame Law 57:340. 362–363 Canestrini N (2016) La direttiva sul rafforzamento di alcuni aspetti della presunzione di innocenza e del diritti di presenziare al processo nei procedimenti penali, in Cass. pen., p 2224 Cappel A (2017) The necessity of compliance programmes under German Law-‘Burden’ or ‘Blessing’? In: Franssen V, Ligeti K (eds) Challenges in the field of economic and financial crime in Europe and the US. Hart Publishing, Oxford, pp 57–78 Caprio G Jr, Klingebiel D (2003) Episodes of systemic and borderline banking crises. World Bank, Mimeo Caprioli F (2010) Sui rapporti tra ne bis in idem processuale e concorso formale di reati, in Giur. it., p 1183 Cerqua LD, Canzio G, Lupária L (eds) (2014) Diritto penale delle società. CEDAM, Padova Chinn P (2013) A deal is a deal: plea bargains and double jeopardy after Ohio v. Johnson. Seattle Univ Law Rev 37:285–306 Christopher CM (2014) Whack–a–mole: why prosecuting digital currency exchanges won’t stop online money laundering. Lewis Clark Law Rev 18:1–36 Clifford Chance (ed) (2012) Corporate liability in Europe, London Coffee JR (1981) No soul to damn: no body to kick: an unscandalized inquiry into the problem of corporate punishment. Mich Law Rev 79:386 Cordero F (2012) Procedura penale, 9th edn. Giuffrè, Milano Cranman EM (2000) Comment, The dual sovereignty exception to Double Jeopardy: a champion of justice or a violation of a fundamental right? Emory Int Law Rev 14:1641. 1671–1674 Cras S, Erbežnik A (2016) The directive on the presumption of innocence and the right to be present at trial. EUCRIM 1:25 Cunningham LA (2014) Deferred prosecutions and corporate governance: an integrated approach to investigation and reform. Fla Law Rev 66:1 D’Ambrosio R (2017) Commento all’art. 50. In: Mastroianni R, Pollicino O, Allegrezza S, Pappalardo F, Razzolini O (eds) Carta dei diritti fondamentali dell’Unione europea. Giuffrè, Milano, p 1031 et seq Daniele M (2017a) L’ordine europeo di indagine penale (o.e.i.). In: Kostoris RE (ed) Manuale di procedura penale europea, 3rd edn. Giuffrè, Milano, p 418 et seq Daniele M (2017b) L’ordine europeo di indagine penale entra a regime. Prime riflessioni sul d. lgs. n. 108 del 2017, in Dir. pen. cont., 28 luglio 2017 Dawson MA (1992) Note, Popular sovereignty, double jeopardy, and the dual sovereignty doctrine. Yale Law J 102:281. 302 De Amicis G (2014) Ne bis in idem e ‘doppio binario’ sanzionatorio: prime riflessioni sugli effetti della sentenza ‘Grande Stevens’ nell’ordinamento italiano, in Riv. trim Dir. pen. cont., 3–4:201 De Caro A (2016) La recente direttiva europea sulla presunzione di innocenza e sul diritto alla partecipazione al processo. http://www.quotidianogiuridico.it/documents/2016/02/23/ la-recente-direttiva-europea-sulla-presunzione-di-innocenza-e-sul-diritto-alla-partecipazioneal-processo. Accessed 18 July 2018 De Moor Van Vugt A (2012) Administrative sanctions in EU law. Rev Eur Adm Law 5(1), Spring 2012

References

77

Di Federico G (2011) EU competition law and the principle of Ne Bis in Idem. Eur Public Law 17(2):241–260 Dova M (2015) Ne bis in idem e reati tributari: nuova condanna della Finlandia e prima apertura della Cassazione (C. eur. dir. uomo, Quarta Sezione, sent. 10 febbraio 2015, Kiiveri c. Finalandia) in Dir. pen. cont., 27 marzo 2015 EBA (2014) Opinion on ‘virtual currencies’, EBA/Op/2014/08, July 4, 2014. https://www.eba. europa.eu/documents/10180/657547/EBA-Op-2014-08+Opinion+on+Virtual+Currencies.pdf. Accessed 18 July 2018 Ehlermann CD (1994) Developments in community competition law procedures. EC Competition Policy Newsletter 1(1):2. Spring 1994 European Parliament (2011) Directorate general for internal policies–policy department D: budgetary affairs, how does organised crime misuse EU funds?, May 2011. http://www.europarl. europa.eu/meetdocs/2009_2014/documents/cont/dv/crime_misuse_/crime_misuse_en.pdf. Accessed 18 July 2018 Everling U (2007) Die Mitgliedstaaten der Europäischen Union unter der Aufsicht von Kommission und Gerichtshof. In: Depenheuer O, Heintzen M, Jestaedt M (eds) Festschrift for Isensee. Müller, Heidelberg, pp 773–789 Everling U (2008) Zur Gerichtsbarkeit der Europäischen Union. In: Ipsen J, Stüer B (eds) Festschrift for Rengeling. Carl Haymanns, Cologne, pp 527–531 FATF (2001) IX Special Recommendations, October 2001 (incorporating all subsequent amendments until February 2008, including Combating the Abuse of Alternative Remittance Systems: International Best Practices, June 2003, OECD, Paris). http://www.fatf–gafi.org/media/fatf/ documents/reports/FATF%20Standards%20-%20IX%20Special%20Recommendations%20 and%20IN%20rc.pdf. Accessed 16 July 2018 FATF (2012) International standards on combating money laundering and the financing of terrorism & proliferation, February 2012. http://www.fatf-gafi.org/publicationsfatfrecommendations/documents/fatf-recommendations.html. Accessed 16 July 2018 FATF (2013) Report: the role of hawala and other similar service providers in money laundering and terrorist financing, October 2013. http://www.fatf-gafi.org/publications/methodsandtrends/ documents/role-hawalas-in-ml-tf.html. Accessed 18 July 2018 FATF (2015) Report: emerging terrorist financing risks, October 2015; ESMA, Questions and Answers. Investment-based crowdfunding: money laundering/terrorist financing, 1 July 2015. http://www.fatf-gafi.org/media/fatf/documents/reports/Emerging-Terrorist-Financing-Risks. pdf. Accessed 18 July 2018 FATF (2017) Report: financing of recruitment for terrorist purposes, January 2018. http:// www.fatf–gafi.org/media/fatf/documents/reports/Financing-Recruitment-for-Terrorism.pdf. Accessed 18 July 2018 Ferran E (2012) Crisis-driven regulatory reform: where in the world is the EU going? In: Hill JG, Moloney N (eds) The regulatory aftermath of the global financial crisis. Cambridge University Press, Cambridge, p 1 Flick GM (2014a) Reati fiscali, principio di legalità e ne bis in idem: variazioni italiane su un tema europeo, in Dir. pen. cont., 14 settembre 2014 Flick GM (2014b) Cumulo tra sanzioni penali e amministrative: doppio binario o binario morto? (“materia penale”, giusto processo e ne bis in idem nella sentenza della Corte EDU, 4 marzo 2014, sul market abuse) in Riv. soc., fasc. 5:953–990 Flick GM, Napoleoni V (2015) A un anno di distanza dall’affaire Grande Stevens: dal bis in idem all’e pluribus unum?, in Riv. AIC, n. 3:34 Franssen V, Ligeti K (eds) (2017) Challenges in the field of economic and financial crime in Europe and the US. Hart Publishing, Oxford Free C (2012) The Goldman sachs abacus 2007-ACI controversy: an ethical case study, January 19th 2012. http://www.e-ir.info/2012/01/19/the-goldman-sachs-abacus-2007-aci-controversyan-ethical-case-study/. Accessed 15 July 2018

78

2  Finding the Way in a Complex Multi-Level Legal Framework

FSB (2017) 2017 List of global systemically important banks (G–SIBs) 21 November 2017. http:// www.fsb.org/wp-content/uploads/P211117–1.pdf. Accessed 15 July 2018 Galantini N (2011) Il ne bis in idem nello spazio giudiziario europeo: traguardi e prospettive, Testo della relazione al Workshop dell’Osservatorio permanente sulla criminalità organizzata su La costruzione di uno spazio di libertà, sicurezza e giustizia nell’UE dopo il Trattato di Lisbona, Siracusa, 23–24 aprile 2010, in Dir. pen. cont., 22 febbraio 2011 Galluccio A (2018) La Grande sezione della Corte di giustizia si pronuncia sulle attese questioni pregiudiziali in materia di bis in idem, in Dir. pen. cont., fasc. 3 Garner BA (ed) (2014) Black’s law dictionary, 10th edn. Thomson Reuters, St. Paul Garrett BL (2007) Structural reform prosecution. Va Law Rev 93:853 Garrett BL (2014) Too big to jail. How prosecutors compromise with corporations. Harvard University Press, Cambridge Goldstein M (2016) Goldman to pay up to $5 billion to settle claims of faulty mortgages, in NYT, January 14, 2016 Goode E (2012) Stronger hand for judges in the ‘Bazaar’ of plea deals, in NYT, March 22, 2012 Gravenwarter C (1997) Verfahrensgarantien in der Verwaltungsgerichtsbarkeit: eine Studie zu Artikel 6 EMRK auf der Grundlageeiner rechtsvergleichenden Untersuchung der Verwaltungs gerichtsbarkeit Frankreichs, Deutschlands und Österreichs. Springer, Heidelberg Groussot X, Pech L, Petursson G (2011) The scope of application of fundamental rights on member states’ action: in search of certainty in EU adjudication, Eric Stein Working Paper, No. 1: 13–14 Gruber SM (2013) Trust, identity, and disclosure: are bitcoin exchanges the next virtual havens for money laundering and tax evasion? Quinnipiac Law Rev 32(1):135–208 Haentjens M, De Gioia-Carabellese P (2015) European banking and financial law. Routledge, London, recently published in its 2nd edition (2018) Hamdami A, Klement A (2008) Corporate crime and deterrence. Stanford Law Rev 61(2):271 Hammond M (2005) United States v. Patterson: when does the Double Jeopardy clause protect defendants in Federal Court? Am J Trial Advoc 29:467–468 Hansen JL (2010) Insider dealing defined: the EU court’s decision in Spector photo group. Eur Company Law 7(3):98–105 Harris DJ, O’Boyle M, Beates EP, Buckley M (2014) Law of the European convention on human rights, 3rd edn. Oxford University Press, Oxford Hellmann KJ (1994) Note, The fallacy of dueling sovereignties: why the Supreme Court refuses to eliminate the dual sovereignty doctrine. J Law Policy 2:149. 153–155 Henning PJ (2012) In Goldman programmer case, a way around Double Jeopardy, in NYT, Oct. 1, 2012. https://dealbook.nytimes.com/2012/10/01/in-goldman-programmer-case-a–wayaround-double-jeopardy/. Accessed 18 July 2018 Hooghe L, Marks G (2001) Multi-level governance and European integration. Rowman & Littlefield, Lanham. XVI + 240 pp Hooghe L, Marks G (2010) Types of multilevel governance. In: Enderlein H, Wälti S, Zürn M (eds) Handbook on multilevel governance. Edward Elgar, Cheltenham, pp 17–31 Hooghe L, Marks G, Blank K (1996) European integration since the 1980s. State–centric versus multi-level governance. J Common Mark Stud 34(3):341–378 Hopt KJ (2012) Corporate governance of banks after the financial crisis. In: Wymeersch E, Hopt KJ, Ferrarini G (eds) Financial regulation and supervision. A post-crisis analysis. Oxford University Press, Oxford, p 337 Hyde H (1995) Forfeiting our property rights. Cato Institute, Washington DC Jagla SF (2007) Auf dem Weg zu einem zwischenstaatlichen ne bis in idem im Rahmen der Europäischen Union. Peter Lang, Frankfurt am Main Jones A, Sufrin B (2016) EU competition law. Text, cases, and materials, 6th edn. Oxford University Press, Oxford Kaal WA, Lacine TA (2014) The effect of deferred and non-prosecution agreements on corporate governance: evidence from 1993–2013. Bus Lawyer 70:61

References

79

Khanna VS (1996) Corporate criminal liability: what purpose does it serve? Harv Law Rev 109:1477 King JE (1979) Note, The problem of Double Jeopardy in successive federal-state prosecutions: a fifth amendment solution. Stanford Law Rev 31:477. 496–497 King M (2009) What went wrong? In: FSA, The Turner review. A regulatory response to the global banking crisis, March 2009. http://www.fsa.gov.uk/pubs/other/turner_review.pdf. Accessed 12 Apr 2019. Kleiman JA (2013) Beyond the silk road: unregulated decentralized virtual currencies continue to endanger U.S. national security and welfare. National Secur Law Brief 4(1):59–78 Klein SR (2000) Double Jeopardy’s demise. Calif Law Rev 88(3):1001 Klip A (2016) European criminal law: an integrative approach, 3rd edn. Intersentia, Cambridge Klip A, Vervaele JAE (2002) European cooperation between tax, customs and judicial authorities: The Netherlands, England, and Wales, France and Germany. Kluwer Law International, The Hague Koering-Joulin R (1995) (Protocolle additionnel No 7) Article 4. In: Pettiti L, Decaux E, Imbert P (eds) La Convention Européenne des Droits de l’Homme: Commentaire article par article. Economica, Paris, p 1093 et seq Kostoris RE (2017) Diritto europeo e giustizia penale. In: Id. (ed) Manuale di procedura penale europea, 3rd edn. Giuffrè, Milano, p 68 et seq Kuhl L (2017) Cooperation between administrative authorities in transnational multi-agency investigations in the EU: still a long road ahead to mutual recognition? In: Franssen V, Ligeti K (eds) Challenges in the field of economic and financial crime in Europe and the US. Hart Publishing, Oxford, p 135 et seq Labianca D (2017) La nuova dimensione del ne bis in idem: dal caso Grande Stevens a C. Cost. n. 102/2016. In: Cadoppi A, Canestrari S, Manna A, Papa M (eds) Diritto penale dell’economia, vol I. UTET, Torino, p 115 et seq Lamberigts S (2016a) The directive on the presumption of innocence. A missed opportunity for legal persons? EUCRIM 1:36 Lamberigts S (2016b) The presumption of innocence (and the Right to be Present at Trial) Directive, in European Law Blog, 3 May 2016. https://europeanlawblog.eu/2016/05/03/the-presumptionof-innocence-and-the-right-to-be-present-at-trial-directive/. Accessed 17 July 2018 Lasagni G (2016) Profili critici sullo sviluppo della circolazione probatoria nell’Unione europea. Alcuni parametri di valutazione dei sistemi di cooperazione europei alla luce della Direttiva oei. In: Caianiello M, Di Pietro A (eds) Indagini penali e amministrative in materia di frodi IVA e doganali. L’impatto dell’European Investigation Order sulla cooperazione transnazionale. Cacucci, Bari, p 341 et seq Legros R (1964) L’avenir du droit pénal international. In: Mélanges offerts à Henri Rolin. A. Pedone, Paris Lenaertes K (2011) The Court of Justice of the European Union and the protection of fundamental rights. Polish Yearb Eur Union Law 31:88 et seq Ligeti K (2018) Toward a prosecutor for the European Union–draft rules of procedure, vol 2. Hart Publishing, Oxford Ligeti K, Simonato M (2013) The European Public prosecutor’s office: towards a truly European Prosecution service? New J Eur Crim Law 4(1–2):7–21 Liikanen E (chaired by) High-level Expert Group on reforming the structure of the EU banking sector, Final Report, Brussels, 2 October 2012. http://ec.europa.eu/internal_market/bank/docs/ high-level_expert_group/report_en.pdf. Accessed 18 July 2018 Lopez DE (2000) Note, Not twice for the same: how the dual sovereignty doctrine is used to circumvent Non Bis in Idem. Vanderbilt J Transnational Law 33:1263. 1300–02 Luchtman M (ed) (2013) Choice of forum in cooperation against EU financial crime. Eleven International Publishing, The Hague

80

2  Finding the Way in a Complex Multi-Level Legal Framework

Luchtman M (2017) Transnational multi-disciplinary investigations and the quest for compatible procedural safeguards. In: Franssen V, Ligeti K (eds) Challenges in the field of economic and financial crime in Europe and the US. Hart Publishing, Oxford, p 191 Luchtman M, Vervaele JAE (2014a) Enforcing the market abuse regime: towards an integrated model of criminal and administrative law enforcement in the European Union? New J Eur Crim Law 5(2):192–220 Luchtman M, Vervaele JAE (2014b) European agencies for criminal justice and shared enforcement (Eurojust and the European Public Prosecutor’s Office). Utrecht Law Rev 10(5):132–150 Luchtman M, Vervaele JAE (2017) Report. Investigatory powers and procedural safeguards: Improving OLAF’s legislative framework through a comparison with other EU law enforcement authorities (ECN/ESMA/ECB). https://dspace.library.uu.nl/..../Report_Investigatory_ powers_and_procedural_safeguards. Accessed 15 July 2018 Lupária L (2010) Processo Penale e Reati Societari: fisionomia di un modello “invisibile”, in Riv. dottori comm., fasc. 4:801–808 Lupária L (2017) Commento all’art. 48. In: Mastroianni R, Pollicino O, Allegrezza S, Pappalardo F, Razzolini O (eds) Carta dei diritti fondamentali dell’Unione europea. Giuffrè, Milano, p 913 et seq Lupo E (2014) Competenza dell’Ufficio del Procuratore europeo: esclusiva, primaria o concorrente?, Relazione alla 12ma Conferenza OLAF dei Procuratori Antifrode “Le indagini dell’Ufficio del Procuratore Europeo: cosa pensano gli addetti ai lavori?”, Roma, 27 ottobre 2014 Malone A (2014) Bitcoin and other virtual currencies for the 21st century. CreateSpace Independent Publishing Platform, Scotts Valley Manes V (2012) sub art. 7 CEDU. In: Bartole S, De Sena P, Zagrebelsky V (eds) Commentario breve alla Convenzione europea per la salvaguardia dei diritti dell’uomo e delle libertà fondamentali. CEDAM, Padova, p 258 et seq Mangiaracina A (2014) A new and controversial scenario in the gathering of evidence at the European level: the proposal for a directive on the European investigation order. Utrecht Law Rev 10(1):113 Marian O (2015) A conceptual framework for the regulation of cryptocurrencies. Univ Chicago Law Rev 82:53–68 Marletta A (2013) Il principio di proporzionalità nella disciplina del mandato d‘arresto europeo. PhD Dissertation thesis, Alma Mater Studiorum (unpublished). http://amsdottorato.unibo. it/6133/. Accessed 15 July 2018 Marletta A (2017) A new course for mutual trust in the AFSJ? Transnational ne bis in idem and the determination of the merits of the case in Kossowski. New J Eur Crim Law 8(2):108–115 Matz R (1997) Note, Dual sovereignty and the double jeopardy clause: if at first you don’t convict, try, try again. Fordham Urban Law J 24:353. 354–355 Mazzacuva F (2013) La materia penale e il “doppio binario” della Corte europea: le garanzie al di là delle apparenze, in Riv. it. dir. proc. pen., 4:1899 Mitsilegas V, Giuffrida F (2018) The European public prosecutor’s office and human rights. In: Geelhoed W, Erkelens LH, Meij AWH (eds) Shifting perspectives on the European public prosecutor’s office. Springer, The Hague, p 59, 78 Mongillo V (2012) The nature of corporate liability for criminal offences: theoretical models and EU member state laws. In: Fiorella A (ed) Corporate criminal liability and compliance programs. Volume II, Towards a common model in the European Union. Jovene Editore, Napoli, pp 75–95 Montedoro G, Supino I (2018) sub Articolo 7. In: Capriglione F (ed) Commentarioi al Testo Unico delle leggi in materia bancaria e creditizia Tomo I, IV edn. Wolters Kluwer-CEDAM, Alphen aan den Rijn Moore M (2010) Placing blame: a general theory of the criminal law. Oxford University Press, Oxford Myers RE II (2011) Complex time don’t call for complex crimes. NCL Rev 89:1849

References

81

Nascimbene B (2018) Ne bis in idem, diritto internazionale e diritto europeo, in Dir. pen. cont., 2 May 2018 Neagu N (2012) The Ne Bis in Idem principle in the interpretation of European Courts: towards uniform interpretation. Leiden J Int Law 25:955 et seq Oliver J (2014) Civil Forfeiture, in Last Week Tonight, HBO, Season 1, Ep. 20, October 5, 2014. https://www.youtube.com/watch?v=3kEpZWGgJks. Accessed 18 July 2018 Packer HL (1964) Two models of the criminal process. Univ Pa Law Rev 113:1. 10–11 Padoa Schioppa A (2009) La veduta corta. Il Mulino, Bologna Paliero E (1980) Il “diritto penale-amministrativo”: profili comparatistici, in Riv. trim. dir. pubbl., p 1254 Panzavolta M (2009) Humanitarian concerns within the EAW. In: Keijser N, Van Sliedregt E (eds) The European arrest warrant in practice. Springer, Heidelberg, p 179 Pflaum I, Hateley E (2014) A bit of a problem: national and extraterritorial regulation of virtual currency in the age of financial disintermediation. Georgetown J Int Law 45:1169–1215 Rafaraci T (2009) The principle of non bis in idem in the jurisprudence of the European Court of Justice. In: Braum A, Weyembergh S (eds) Le contrôle juridictionnel dans l’espace pénal européen. Éditions de l’Université de Bruxelles, Bruxelles, p 93 et seq Rakoff JS (2014) The financial crisis: why have no high-level executives been prosecuted?, in N.Y.  Rev. Books, January 9, 2014. http://www.nybooks.com/articles/2014/01/09/financialcrisis-why-no-executive-prosecutions/. Accessed 14 July 2018 Recchia N (2015) Il principio europeo del ne bis in idem tra dimensione interna e internazionale, in Riv. Trim. dir. pen. cont., 3:71 Renzetti S (2017) Il diritto di difesa dell’ente in fase cautelare. Giappichelli, Torino Robinson PH (2003) The virtues of restorative process, the Vices of “Restorative Justice”. Utah Law Rev 375:384–385 Roth J, Greenburg D, Wille S (2004) National Commission on terrorist attacks upon the United States: monograph on terrorist financing. Staff Report to the Commission, 82. https://govinfo. library.unt.edu/911/staff_statements/911_TerrFin_Monograph.pdf. Accessed 18 July 2018 Ruggeri S (2013) Horizontal cooperation, obtaining evidence overseas and the respect for fundamental rights in the EU. From the European Commission’s proposals to the proposal for a directive on a European investigation order: towards a single tool of evidence gathering. In: Id. (ed) Transnational inquiries and the protection of fundamental rights in criminal proceedings. A study in memory of Vittorio Grevi and Giovanni Tranchina, Springer, Heidelberg, p  279 et seq Ruggiero RA (2015) Non Prosecution Agreements e criminalità d’impresa negli USA: il paradosso del liberismo economico, in Dir. pen. cont., 12 October 2015 Ruggeri A (2019) Ancora un passo avanti della Consulta lungo la via del “dialogo” con le Corti europee e i giudici nazionali (a margine di Corte cost. n. 117 del 2019) in Consulta Online, Studi 2019/II, 242 Safjan M (2012) Areas of application of the Charter of Fundamental Rights of the European Union: fields of conflict, in EUI Working Paper, 22: 3–6 Salazar L (2017) Habemus EPPO! La lunga marcia della Procura europea, in Arch. pen., 2017, fasc. n. 3 Sarmiento D (2013) Who’s afraid of the charter? Common Mark Law Rev 50:1267–1304 Schomburg W (2012) Criminal matters: transnational ne bis in idem in Europe—conflict of jurisdictions —transfer of proceedings, in ERA Forum, p 311 et seq Scoletta M (2019) Il ne bis in idem “preso sul serio”: la corte EDU sulla illegittimità del doppio binario francese in materia di abusi di mercato (e i possibili riflessi nell’ordinamento italiano), in Dir. pen. cont., 17.06.2019 Simonato M (2011) The spontaneous exchange of information between European judicial authorities from the Italian perspective. New J Eur Crim Law 2(2):220 Simonato M (2017) Two instruments but a difficult relationship? Some upcoming decisions of The CJEU On The Ne Bis In Idem, in European Law Blog, November 15, 2017. https://euro-

82

2  Finding the Way in a Complex Multi-Level Legal Framework

peanlawblog.eu/2017/11/15/two-instruments-but-a-difficult-relationship-some-upcoming-decisions-of-the-cjeu-on-the-ne-bis-in-idem/. Accessed 18 July 2018 Singh D (2015) The centralisation of European financial regulation and supervision: is there a need for a single enforcement handbook? Eur Bus Org Law Rev 16:439–465 Slater D, Thomas S, Waelbroeck D (2008) Proceedings before the European Commission and the right to a fair trial: no need for reform?, in Research Papers in Law, Cahiers juridiques, No 5. https://www.coleurope.eu/system/files_force/research-paper/researchpaper5_2008. pdf?download=1. Accessed 17 July 2018 Stokes R (2012) Virtual money laundering: the case of Bitcoin and the Linden Dollar. Inf Commun Technol Law 21(3):221–236 Story J (1991) Commentaries on the constitution of the United States, 1833. Fred B. Rothman & Co., Littleton Strader JK (2011) Understanding White Collar crime, 3rd edn. Lexis Nexis, New York Tapscott A, Tapscott D (2017) Blockchain revolution: how the technology behind bitcoin is changing money, Unabridged edition Tesoriero S (2016) Processo penale e prova multidisciplinare europea in materia di illeciti finanziari, in Riv. dir. proc., Novembre-Dicembre 2016, Anno LXXI (Seconda Serie) - N. 6:1540 Tison M, Vandendriessche E (2010) The ECJ decision in Spector photo group and the presumption of use of inside information: a blessing for the administrative enforcement of market abuse in the EU?, in Financial Law Institute Working Paper, No. 17 Tomkin J (2014) sub Article 50. In: Peers S, Hervey TK, Kenner J, Ward A (eds) The EU charter of fundamental rights. Hart Publishing, Oxford, p 1373 et seq Trechsel S (2005) Human rights in criminal proceedings. Oxford University Press, Oxford Tricot J, Martìn AN (forthcoming) Monitoring of banking transactions and traffic data. In: Ligeti K (ed) Toward a prosecutor for the European Union-Draft Rules of procedure, vol 2. Hart Publishing, Oxford Tröger TH (2012–2013) Organizational choices of banks and the effective supervision of transnational financial institutions. Tex Int’I LJ 48:177, 178, 221 U.S. Senate Permanent Subcommittee on Investigations (2010) Wall Street and the financial crisis: role of the regulators, S.Hrg. 111–672, April 16, 2010. https://www.gpo.gov/fdsys/pkg/CHRG111shrg57320/html/CHRG-111shrg57320.htm. Accessed 16 July 2018 U.S. Senate Permanent Subcommittee on Investigations (2011) Wall Street and the financial crisis: anatomy of a financial collapse, April 13, 2011. https://www.gpo.gov/fdsys/pkg/CHRG112shrg66051/html/CHRG-112shrg66051.htm. Accessed 16 July 2018 U.S.  Sentencing Commission (2016) 2016 Sourcebook of federal sentencing statistics. Organisational sentencing practice. https://www.ussc.gov/research/sourcebook-2016. Accessed 22 May 2018. Accessed 16 July 2018 Ubertis G (2009) Principi di procedura penale europea. Le regole del giusto processo, 2nd edn. Raffaello Cortina Editore, Milano Uhlmann DM (2013) Prosecution deferred, justice denied, in NYT, December 13, 2013 Van Bockel WB (2010) The Ne Bis in Idem Principle in EU law. Kluwer Law International, Leiden Van Dijk P (2006) Right to a fair trial and public hearing (article 6). In: van Dijk P, van Hoof F, van Rijn A, Zwaak L (eds) Theory and practice of the European convention on human rights, 4th edn. Intersentia, Cambridge, pp 513–577 Veenbrink M (2015) The Privilege against self-incrimination in EU competition law: a deafening silence? Leg Issues Econ Integrat 42(2):119–142 Vervaele JAE (2005) The transnational Ne Bis In Idem principle in the EU mutual recognition and equivalent protection of human rights. Utrecht Law Rev 1(2):100 Vervaele JAE (2013a) European territoriality and jurisdiction: the protection of the EU’s financial interests in its horizontal and vertical (EPPO) dimension. In: Luchtman M (ed) Choice of forum in cooperation against EU financial crime. Eleven International Publishing, The Hague, p 173 Vervaele JAE (2013b) Ne Bis In Idem: towards a transnational constitutional principle in the EU? Utrecht Law Rev 9(4):211

References

83

Vervaele JAE (2014) European criminal justice in the Post-Lisbon area of freedom, security and justice, with a prologue by G.  Fornasari and D.  Sartori (eds) Quaderni della Facoltà di Giurisprudenza, Trento Vervaele JAE (2015) Schengen and Charter-related ne bis in idem protection in the Area of Freedom, Security and Justice: M and Zoran Spasic. Common Mark Law Rev 52:1339–1360 Vervaele JAE (2017) Jurisdictional issues in transnational multi-agency and multi-disciplinary investigations of economic and financial crimes. In: Franssen V, Ligeti K (eds) Challenges in the field of economic and financial crime in Europe and the US. Hart Publishing, Oxford, p 167 Viganò F (2014) Doppio binario sanzionatorio e ne bis in idem: verso una diretta applicazione dell’art. 50 della Carta? (a margine della sentenza Grande Stevens della Corte EDU) in Dir. pen. cont., 30 giugno 2014 Viganò F (2016a) Ne bis in idem e doppio binario sanzionatorio in materia di abusi di mercato: dalla sentenza della Consulta un assist ai giudici comuni, in Dir. pen. cont., 16 May 2016 Viganò F (2016b) La Grande Camera della Corte di Strasburgo su ne bis in idem e doppio binario sanzionatorio. Corte EDU (grande Camera) sent. 15 novembre 2016, A e B c. Norvegia, ric. n. 24130/11 e 29758/11, in Dir. pen. cont., 18 November 2016 Viganò F (2017) Una nuova sentenza di Strasburgo su ne bis in idem e reati tributari, in Dir. pen. cont., fasc. 5:394 Waelbroeck M, Frignani A (1997) “Concurrence”, in Commentaire Mégret, vol 4. ULB, Bruxelles Ward A (2017) sub Article 51. In: Peers S, Hervey TK, Kenner J, Ward A (eds) The EU charter of fundamental rights. Hart Publishing, Oxford, p 1413 et seq Wasmeier M (2014) Ne Bis in Idem and the enforcement condition: balancing freedom, security and justice? New J Eur Crim Law 5(4):534–555 Weyembergh A (2013) La jurisprudence de la CJ relative au principe ne bis in idem: une contribution essentielle à la reconnaissance mutuelle en matière pénale. In: The Court of Justice and the construction of Europe: analyses and perspectives on sixty years of case–law. Springer, Heidelberg, p 556 Weyemberg A, Galli F (eds) (2014) Do labels still matter? Blurring boundaries between administrative and criminal law. The influence of the EU.  Editions de l’Université de Bruxelles, Bruxelles Wils W (2004) The combination of the investigative and prosecutorial function and the adjudicative function in EC antitrust enforcement: a legal and economic analysis. World Compet 27(2):208 Zagaris B (2017) Prosecutors and judges as corporate monitors? The US experience. In: Franssen V, Ligeti K (eds) Challenges in the field of economic and financial crime in Europe and the US. Hart Publishing, Oxford, pp 19–56 Zagrebelsky V (2014) Le sanzioni Consob, l’equo processo e il ne bis in idem nella Cedu, in Giur. It., p 1196 et seq Zou S (2014) Bitcoin Laundromats for Dirty Money: the Bank Secrecy Act’s (BSA) inadequacies in regulating and enforcing money laundering laws over virtual currencies and the internet. J Law Cyber Warfare 3(1):103–142

Chapter 3

Strengthening Financial Investigation and Supervision at the International Level

The financial matter is just one of the fields of law where issues traditionally dealt with at the domestic level, are increasingly influenced by supranational and international actors, due to the globalisation of large sectors of the financial economy. Before getting into the analysis of banking supervision and investigation in the EU and in the US, describing the international bodies active in this field, and especially their impact on domestic or regional systems, is necessary and useful for a twofold purpose. First, it gives reason of the international origin of most regulations (and obligations) concerning financial institutions and investigation that apply at the national level, and explains why it is relatively easier to find common standards in this field compared with other sectors of criminal law, also when it comes to procedural rules. The phenomenon is especially evident in the EU, where the first form of semi-­ federal (at least in the original intentions) criminal investigative body, the European Public Prosecutor Office, was launched precisely to fight against transnational financial crime.1 This “legal globalisation”, however, also implies that every kind of proposal to reform financial legislation (broadly meant, both administrative and criminal) cannot anymore be decided and developed exclusively at the national level, regardless of the formal persistency of national sovereignty on the matter. Recommendations and standards developed by international bodies, as will be illustrated, have indeed acquired in this field a much more relevant role than that formally attached to them.

 Or at least of some forms of financial crimes, and precisely those affecting the financial interests of the EU according to the PIF Directive (2017/1371), cit., participation in a criminal organisation with that purposes, and those crimes “inextricably linked” to the previous, cf. Article 22, EPPO Regulation (2017/1939), cit. See also above, Sect. 2.3.4. 1

© Springer International Publishing Switzerland and G. Giappichelli Editore 2019 G. Lasagni, Banking Supervision and Criminal Investigation, Comparative, European and International Criminal Justice 1, https://doi.org/10.1007/978-3-030-12161-7_3

85

86

3  Strengthening Financial Investigation and Supervision at the International Level

The consequence is, that adopting a transnational approach in the financial and banking matter has become basically unavoidable. This perspective shall be kept in due account also when the analysis proceeds from a criminal law point of view, since several substantial and procedural profiles that apply in daily investigations and supervision, such as the definition of investigative and sanctioning powers, or rules concerning the dissemination of information, are increasingly deriving from, or grounded on supranational legal bases. In order to provide the necessary background for the legal analysis that will be subsequently carried out, the Chapter proceeds as follows. Section 3.1 introduces the role of “self-regulatory bodies” in influencing the applicable financial legislation, both substantive (sanctions), and procedural (investigative measures), regardless of their lack of direct legislative or enforcing powers. Sections 3.2 and 3.3 deal with the Financial Action Task Force, the most influential international body in the field of financial investigations (especially in anti-money laundering and terrorist financing), as well as with its Recommendations, that have a relevant impact in banking inquiries. In this sense, the international network of cooperation represented by the Financial Intelligence Units and the Egmont Group will be also taken into account. Section 3.4 deals with MONEYVAL, a self-regulatory body of the Council of Europe with competence on money laundering, whose reports and evaluations represent a fundamental source in understanding which are the investigative powers currently applied at the national level (also) in banking investigations, and the main lacunas of national legal systems on the matter. Lastly, Sect. 3.5 deals with the Basel Committee on Banking Supervision, which plays a fundamental role in setting substantive and procedural standards for banking regulators in crucial profiles relevant also under a criminal law perspective, such as independence and sharing of information.

3.1  The Essential Role of Self-Regulatory Bodies The influence of international legal sources and bodies is a phenomenon that does not concerns only the financial matter, but which may be observed in several areas where the link between globalised economics (legal or illegal), and law is particularly tight. For instance, with specific regard to criminal law, a similar trend may be found in the fight against financial crimes such as money laundering, financing of terrorism, fraud or corruption, as well as in other subject matters, like smuggling, human trafficking and other crimes linked to migration flows, tax frauds, environmental crimes, terrorism, organised crime, and cybercrimes, just to mention a few. The financial matter, however, is especially emblematic in this sense, as in this field the interaction between economic and policy interests has brought not only to the issuing of several international legal acts, but also to the establishment of a sig-

3.1  The Essential Role of Self-Regulatory Bodies

87

nificant number of international bodies originated from, or belonging to different international organizations. Under the first profile, for the purpose of this work it is worth to briefly recall the Conventions elaborated within the United Nations (UN) or, at regional level, by the Council of Europe (COE) and the Organisation of American States (OAS). Even if mostly oriented towards specific forms of financial offences, like money laundering, financing of terrorism and corruption, these Conventions have a major impact on the general matter of banking investigation, providing both recommendations and rules concerning financial inquiries and supervisory proceedings. The reference especially goes to: The 1997 UN Declaration against Corruption and Bribery in International Commercial Transactions,2 and the 2003 Convention in the same field3; the 1988 UN Convention on Illicit Traffic of Narcotics, Drugs and Psychotropic Substances4; the 2001 Convention against Transnational Organised Crime,5 and the 2000 International Convention for the Suppression of the Financing of Terrorism.6 Within the jurisdiction of the COE, the more notable texts are: The 2015 Additional Protocol to the Council of Europe Convention on the Prevention of Terrorism7; the 2005 Convention on Laundering, Search, Seizure and Confiscation of the Proceeds from Crime and on the Financing of Terrorism,8 and its previous version of 19909; the 2001 Convention on Cybercrime10; the 1959 European Convention on Mutual Assistance in Criminal Matters,11 and, of course, the European Convention on Human Rights.12 Finally, the OAS contributed in approving the Inter-American Convention against Terrorism13; and Against Corruption14; the Inter-American Convention on Mutual Assistance in Criminal Matters,15 and its Optional Protocol.16

 Adopted by General Assembly Resolution 51/191 of 21.02.1997.  Adopted by General Assembly Resolution 58/4 of 31.10.2003. 4  Adopted by the UN Conference of Vienna (25.11–20.12.1988), convened pursuant to Resolution 1988/8 of 25.05.1988 of the Economic and Social Council acting on the basis of the General Assembly Resolutions 39/141 of 14.12.1984 and 42/111 of 7.12.1987. 5   Also known as Palermo Convention, adopted by General Assembly Resolution 55/25 of 15.11.2000. 6  Adopted by the General Assembly of the United Nations in Resolution 54/109 of 9.12.1999. 7  CETS 217, Riga, 22.10.2015. 8  CETS 198, Warsaw, 16.05.2005. 9  CETS 141, Strasbourg, 08.11.1990. 10  CETS 185, Budapest, 23.11.2001. 11  CETS 030, Strasbourg, 20.04.1959 and its Additional Protocol, CETS 099, Strasbourg, 1.3.1978. 12  CETS 005, Rome, 04.11.1950 and its numerous Protocols, see https://www.coe.int/en/web/conventions/full-list/-/conventions/webContent/en_GB/7435985. Accessed 18 July 2018. 13  A-66, adopted at the second Plenary Session, held on 3.06.2002. 14  B-58, adopted at the third Plenary Session, held on 29.03.1996. 15  A-55, adopted at: Nassau, Commonwealth of Bahamas, 23.05.1992. 16  A-59, adopted at: Managua, Nicaragua, 6.11.1993. 2 3

88

3  Strengthening Financial Investigation and Supervision at the International Level

While the amount of the sources produced by these bodies, and their complexity do not allow them to be examined in detail here, as each of them could constitute the subject of a separate dissertation,17 there is also another reason why Conventions do not represent the focus of the international legal framework reconstructed in this chapter: They are perhaps the most well-known sources of international law, whose form as legislative texts makes their impact on domestic legal orders relatively “easy” to foresee, and to identify.18 On the other hand, the influence of self-regulatory international bodies, also in its domestic dimension, is far sneakier to detect, although not less decisive in shaping national systems of financial supervision and investigation. That is first because these organizations scarcely constitute a homogeneous category, but, within the general label of “financial matter”, present different origins, powers, and internal structures, and operate in specific areas of expertise. The reference goes, at the international level, to the Financial Action Task Force, and the Egmont Group, with its national ramifications (the Financial Intelligence Units), as well as the to Basel Committee on Banking Supervision; while, at regional (European) level, to the Anti-Money Laundering and Anti-Corruption Committees of the Council of Europe. Secondly, the few common elements that characterize the action and impact of these bodies at the domestic level possibly make the identification of their specific influence in legal terms even more blurred. In general terms, the action of self-regulatory bodies consists mainly of three elements: (a) Setting of common rules, standards or guidelines; (b) monitoring over their implementation at the domestic or regional level; and (c) creating a cooperation platform for national operators. These actions are a circular mechanism: At the end of every monitoring cycle, these organizations tend to issue new or revised recommendations, which may have either general content, or being address towards single national problems in dealing with specific lacunas. To carry out these goals, and especially their monitoring tasks, self-regulatory bodies usually set reporting duties on their members, to receive data concerning their specific area of expertise, and establish oversight mechanisms that allow them to directly collect information. These bodies, therefore, own a certain legislative competence to produce legal texts relevant for their members, especially to promote cooperation at statutory and practical level; however, they lack any direct binding enforcing power. Nonetheless, and this is the main feature of self-regulatory bodies which distinguish them from being simple cooperation networks, their position and reputation, based on high

 For provisions relevant to real-time monitoring of banking records cf. Chap. 7.  And in this sense, they have since long been brought to the attention of the academic debate, see, among others, McClean (2007), Hauck and Peterke (2016), Unger et al. (2014), Calderoni (2010), and Commonwealth Secretariat (2006).

17 18

3.2  The Financial Action Task Force: Administrative Financial Supervision…

89

qualification and specialization at the international level, de facto confer them a quasi-binding weight in shaping domestic legal orders and/or their functioning.19 Dealing with such “soft-powers” hence requires to be aware of the prominently empirical nature of their impact on legal systems. Therefore where, as unfortunately in most cases, data are lacking or insufficient, drawing a precise picture of the actual influence exercised by these bodies becomes rather imprecise. This notwithstanding, such difficulties cannot lead to simply ignoring the existence of self-regulatory organizations. Even if tough to be exactly quantified, self-regulatory bodies are among the main producers of international legal sources in the financial matter. The compliance between the documents issued by these bodies, and domestic legislation and practice, especially concerning complex and technical matters like banking regulation, remains therefore of paramount importance. The methods applied by self-regulatory bodies, in fact, allow them to softly push their members towards a common implementation of rules and standards, whence the creation of a quasi-binding harmonisation effect carried out at the international level. Due to their capacity of gathering expert representatives from all over the world, self-regulatory bodies are often also privileged platforms for launching challenging proposals in the international debate, providing for solutions that may be later adopted at regional or national level. As it will be shortly described, that is for instance what happened in the last few decades for the development of banking prudential supervision regulations in the European Union.

3.2  T  he Financial Action Task Force: Administrative Financial Supervision and Criminal Investigative Measures The Financial Action Task Force (FATF) is an independent inter-governmental body representing the world major financial centres, that currently comprises 36 States (including the US, and 15 EU Member States),20 and two regional organizations (including the European Commission).21 Ruled by a Plenary, which meets three  Self-regulation has been defined as “The process by which an identifiable group of people, such as licensed lawyers, govern or direct their own activities by rules; specif., an organization’s or industry’s control, oversight, or direction of itself according to rules and standards that it establishes/Self-regulation is often subject to the oversight of various governmental agencies, such as the Securities Exchange Commission and the Commodities Futures Trading Commission”, cf. Garner (2014), p. 1475. See also Moloney (2012), p. 95. 20  BG, HR, CY, CZ, EE, HU, LV, LT, MT, PL, RO, SK, SI are not participating. 21  In addition, more than 20 international organisations participate with an observer status, including: the European Central Bank, Eurojust, Europol, the International Monetary Fund, the International Organisation of Securities Commissions, Interpol, the UN, the World Bank, the World Custom Organization, the Basel Committee, and the Egmont Group, for a complete list, see http://www.fatf-gafi.org/about/membersandobservers/. Through MONEYVAL, the FATF is also associated with the Council of Europe. 19

90

3  Strengthening Financial Investigation and Supervision at the International Level

times per year, the FATF operates under a fixed life span, requiring periodic political mandates by its Members to continue its activity.22 The Task Force has been established in 1989 with the goal of examining and developing measures to combat money laundering.23 After 9/11, the FATF scope has been extended also to protect the global financial system from phenomena such as the financing of terrorism, and the proliferation of weapons of mass destruction.24 The overall purpose of the Task Force is thus to improve the national resistance to these criminal activities, and through that, contributing to protect the international financial system as a whole. To achieve so, the body identifies the vulnerabilities of national systems in these fields of law, and promotes the implementation of international common guidelines to suggest an effective and coordinated response to financial crimes at the investigative level.25 The first FATF International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation, better known as the “Forty FATF Recommendations” were issued in 1990, and afterwards completed with the Special Recommendations against Terrorist Financing.26 These Standards, reviewed throughout the years (lately in October 2018, to include definitions of “Virtual assets”, and nowadays comprising a total of 49 Recommendations27), provide a legal framework of rules and operational measures that all the States under FATF jurisdiction shall adopt and implement. Interestingly, the Recommendations have a rather extended scope of application which, taking into account a realistic view of the criminal risks connected to financial transactions, is not limited to financial institutions,28 but addresses also Non-­Profit Organisations, and professionals with critical public profiles that place them both at risk of, and in a front line position to 22  The current mandate was adopted in 2012, cf. FATF (2012b), cf. also Interpol (2001), OECD (2013). 23  Cf. G-7/8 Summit, Economic Declaration, Paris, 16.07.1989, at (16): “Financial activities are being increasingly carried out with new techniques on a worldwide basis. As regards insider trading, which could hamper the credibility of financial markets, regulations vary greatly among our countries. These regulations have been recently, or are in the process of being, strengthened. International cooperation should be pursued and enhanced […] 53. Accordingly, we resolve to take the following measures within relevant fora: […] Convene a financial action task force from Summit participants and other countries interested in these problems. Its mandate is to assess the results of cooperation already undertaken in order to prevent the utilization of the banking system and financial institutions for the purpose of money laundering, and to consider additional preventive efforts in this field, including the adaptation of the legal and regulatory systems so as to enhance multilateral judicial assistance”. http://www.g8.utoronto.ca/summit/1989paris/communique/drug.html. Accessed 19 July 2018. Cf. also Bradley (2014), p. 275. 24  Cf. FATF (2002), at (16). 25  Cf. FATF (2015), p. 7 et seq. 26  The first Eight Special Recommendations against Terrorist Financing were issued in October 2001; after a review in 2003, in October 2004 the FATF published a Ninth Special Recommendation, for the last complete version of the Special Recommendations, see FATF (2001). 27  Cf. FATF (2012a). The Fifth MONEYVAL evaluation round is the first that takes into account the 2012 version of the FATF Recommendations. 28  Even in the widest interpretations previously illustrated, cf. Sect. 2.1.

3.2  The Financial Action Task Force: Administrative Financial Supervision…

91

fight financial crimes, such as lawyers, notaries, and other independent legal professionals and accountants (the so-called Designated Non-Financial Businesses and Professions-DNFBPs).29 In terms of content, the Recommendations cover both the administrative and the criminal systems of control over financial operators and transactions, providing in each case basic (but not necessarily minimum) standards to guarantee efficiency in the proceedings. Under the first profile, the Task Force requires all its Members to establish adequate and effective supervisory mechanisms over financial institutions, applying the substantive principles of prudential oversight established by the Basel Committee on Banking Supervision30 also for Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) purposes.31 To achieve so, the Standards require its members high-Customer Due Diligence (CDD), prohibiting financial institutions from keeping anonymous accounts, or accounts in obviously fictitious names, for both physical and legal beneficiaries, and requesting to maintain all necessary records for at least 5 years.32 The Recommendations also specify that, at minimum, national supervisors should be able to exercise the investigative powers of conducting inspections over financial institutions, and compelling the production of any relevant information from the latter.33 In case the controlled subjects are failing to comply with AML/ CFT requirements, Recommendation (35) requests regulating authorities to be granted the power to impose “effective, proportionate and dissuasive sanctions, whether criminal, civil or administrative” on financial institutions, DNFBPs, and natural persons with legally relevant positions, such as directors or senior management.34 The range of available sanctions should not be limited to pecuniary fees, but shall also include disciplinary measures, such as the power to withdraw, restrict or suspend the financial institution’s license. Evidently, the possibility for supervising administrative authorities to impose criminal sanctions, also towards natural persons, raises several issues concerning the legal basis for such powers, the need to respect the fundamental defence rights of the subjects under investigation, and the capability of administrative authorities to do so given their structural difference from the judiciary.  Cf. FATF (2012a), Recommendations (8), (22), (23), according to which DNFBPs are required to comply with customer due diligence and record-keeping obligations only when they engage in the relevant activities listed by the Recommendations (22) and (23), and involving the engagement in financial transactions. The DNFBPs’ category includes: “(a) Casinos; (b) Real estate agents; (c) Dealers in precious metals and dealers in precious stones; (d) Lawyers, notaries, other independent legal professionals and accountants […]; (f) Trust and company service providers[…]”, see Definitions, in FATF (2012a), p. 114–115. 30  See below, Sect. 3.5. 31  FATF (2012a), Recommendation (26). 32  FATF (2012a), Recommendations (10), (11) and (24), and their interpretive notes, p. 58 et seq. 33  FATF (2012a), Recommendations (27) and (35). 34  FATF (2012a), Recommendations (35) and (27). 29

92

3  Strengthening Financial Investigation and Supervision at the International Level

The FATF Standards are neither recognizing, nor providing solutions to these problems: Indeed, their purpose is not to draft a complete supervisory regulation, but only to furnish some leading bases for the effective protection of the financial market. Nonetheless, the theme of whether such investigative and sanctioning powers, either criminal or otherwise punitive in light of the Engel case-law,35 shall be conferred to administrative supervisory bodies, and possibly how they shall be exercised, represent most debated issues in banking investigations, and the very the core of the analysis on the recently-created Single Supervisory Mechanism in the Eurozone carried out in this work.36 In addition to financial supervision, the FATF Standards also identify measures, which should be available in all the State members when conducting AML/CFT criminal investigations. At least, competent authorities shall be able to obtain access to all relevant documents and information possessed by financial institutions, DNFBPs and other natural or legal persons, and to compel them to do so in case of refusal. The same authorities shall also be able to rely on measures allowing them to identify, in a timely manner, the actual subjects who are controlling accounts and assets without prior notification to the owner(s), and to trace the same for preventative purposes, and confiscation.37 Therefore, investigating authorities shall be able to exercise a “wide range of suitable” investigative techniques, both traditional (generally already present in most of legal orders), such as searching of persons and premises, and taking witness statements, and those whose availability and systemization is still highly varying from country to country, like monitoring of wire transfers and wire-­ tapping38; undercover operations; controlled delivery39; and cash couriers detection.40 Lastly, the Standards require that once suspicious accounts have been identified, competent authorities shall be able to seize, freeze, and confiscate criminal property and proceeds.41 These Recommendations exercise a relevant influence in several fields of procedural criminal law. First, their implementation called for a reduction, de facto a repeal, of secrecy law applied to financial institutions and DNFBPs, as business secrecy or confidentiality should not constitute a legal ground for refusing to execute a request for mutual legal assistance on these matters, “except where the relevant information that is sought is held in circumstances where legal professional privilege or legal  See Sect. 2.3, in general terms, and Sect. 6.3 with regard to the sanctioning powers applicable in banking supervision in the EU (Single Supervisory Mechanism, and CRD IV). 36  For the reasons at the basis of the Mechanism and its investigative and sanctioning powers, see Chap. 4; for its analysis in light of Basel Standards and fair trial rights, see Chap. 6 (Sects. 6.1.1 –6.1.3). 37  Cf. FATF (2012a), Recommendations (4), (16), (30) and (31). 38  FATF (2012a), Recommendations (30) and (31). Cf. also Chaps. 7 and 8. 39  FATF (2012a), Recommendation (31). 40  FATF (2012a), Recommendation (32) and Special Recommendation IX. 41  FATF (2012a), Recommendations (4), (6), (16) and (30). 35

3.3  Financial Intelligence Units and the Egmont Group

93

professional secrecy applies”–a distinguishing which is not always easy to outline, especially in case of internal organization legal service.42 Second, the action of the Task Force represents an influential incentive for the introduction of common investigative measures, where not already provided at domestic level; in this sense, however, the Standards are only exercising a “soft” binding effect, as they still require a political decision at national level to be implemented. Lastly, the FATF constant monitoring over the territories under its jurisdiction, where the Task Force actively pushes for strengthening cooperation networks among national competent authorities and achieving the free movement of the information so obtained, plays a substantial role also in the daily application of investigative measures already established at domestic level. Indeed, FATF reports are fundamental in providing an external and comprehensive view on current investigative legal frameworks and practice worldwide, and in highlighting limits and lacunas of the current implementation, both in a national and in a transnational perspective.

3.3  Financial Intelligence Units and the Egmont Group International cooperation is perhaps the field in which self-regulatory bodies reveal their utmost importance, and the Financial Action Task Force is no exception to that. To reinforce the transnational AML/CFT networking among State members, the FATF Standards require to establish specialized and multi-disciplinary joint investigative teams at the national level, and to provide “adequate legal basis” for the national competent authorities to apply all the recommended investigative measures not only in domestic inquiries, but also in responding to the “widest possible range” to mutual legal assistance requests.43 In realizing these cooperation practices, the Task Force’s action is deeply connected with another major international organization, in which the FATF holds an observer status: The Egmont Group of Financial Intelligence Units. Created in 1995, this network represents the meeting point of the national Financial Intelligence Units (FIUs). As defined by Recommendation (29), a FIU is an agency that “serves as a national centre for the receipt and analysis of: (a) suspicious transaction reports; and (b) other information relevant to money laundering, associated predicate offences and terrorist financing, and for the dissemination of the results of that analysis”.44 FIUs  Cf. FATF (2012a), Recommendations (9), and (37(d)). The critical problems arising from professional, and legal professional secrecy in the context of banking supervision in the Eurozone (Single Supervisory Mechanism), although not representing the focus of this work, are identified and briefly discussed in Sects. 6.1.3 (cooperation), and 6.3.5 (privilege against self-incrimination). For residual value of bank secrecy law cf. Sect. 7.1. 43  FATF (2012a), Recommendations (2), (29), (30), (36), (37), (38) and (40). 44  FATF (2012a), Recommendation (29) and its interpretive note, p. 95 et seq. 42

94

3  Strengthening Financial Investigation and Supervision at the International Level

may be established according to different models, often but not necessarily combining their functions to those of authorities already responsible for combating money laundering and terrorist financing under national or supranational legislation.45 Against this background, some States assigned FIU’s competence to administrative authorities. That is the case, for instance, of France (Traitement du renseignement et action contre les circuits financiers clandestins-TRACFIN); Spain (Servicio Ejecutivo de la Comisión de Prevención del Blanqueo de Capitales e Infracciones Monetarias-SEPBLAC); Italy (Unità di Informazione Finanziaria della Banca d’Italia-UIF), and the US (Financial Crimes Enforcement Network-FinCEN). An administrative nature usually allows FIUs to share the information collected with every other kind of Financial Intelligence Unit, without major legal issues for its dissemination. Administrative-type FIUs also are generally placed in optimal positions to get information from financial institutions, especially if the Unit is located within central banks or other regulatory agencies. Indeed, in this way, it is easier for FIUs to appear as a “neutral” and technical interlocutor for the reporting parties, facilitating financial institutions to put trust in their activity,46 although their proximity with the banking industry (from which is likely most of their personnel coming from), and the following potential conflicts of interest inherent to it, are not to be underestimated.47 This type of Units, moreover, are lacking judicial coercive powers of investigation. Their task is usually limited to the receipt, analysis and dissemination of suspicious information, without any possibility of directly adopting restrictive measures such as freezing of transactions.48 Accordingly, crimes discovered during regulatory activity cannot be dealt with directly by these FIUs, as criminal prosecution falls outside of their competence. After having substantiated a suspicion, they have to refer it to the authorities in charge of criminal investigations, and if the latter are not timely executed, that may result in a substantial delay of the prosecution. Lastly, rules applicable in administrative proceedings substantially vary from country to country: This may bring to very divergent outcomes even in analysing similar factual circumstances, and thus impair an effective transnational AML/CFT response.

 The designation of an AML authority has been required in the EU since the First AML Directive, see Council Directive 91/308/EEC on prevention of the use of the financial system for the purpose of money laundering of 10.06.1991. For the impact of such choices in real-time monitoring of banking records, see Sect. 8.3. For a complete analysis of the FIUs models and system, see also International Monetary Fund & World Bank (2004), p. 10 et seq. 46  International Monetary Fund & World Bank (2004), p. 11; FInCEN (2012). 47  The risk of such a proximity with the banking industry, for instance, has been proved dramatically concrete with regard to banking supervisors in the outbreak of the 2006–2008 financial crisis. For an analysis of this profile, see below, Sect. 6.1.1. 48  But this is not necessarily the case of all administrative-type of FIUs, see e.g. the Italian FIU, that is conferred the power to freeze suspicious operations (for AML or CFT purposes) for a maximum of five working days, cf. Article 6(7)(c) of Legislative Decree no. 231 of 21.11.2007 (implementing Directive 2005/60/EC). 45

3.3  Financial Intelligence Units and the Egmont Group

95

Other countries, such as Germany (Bundeszollverwaltung-ZOLL), and the UK (National Crime Agency-NCA), opted for a law-enforcement type of FIU. Also for this kind of agencies pro and cons are multiple. From one side, they are relatively easy to establish, since they may be based on existing and operational police infrastructures. Thanks to their position, these FIUs can also provide a quicker repressive reaction for serious crimes discovered in the course of the supervision, even if that requires the launching of a formal investigation. In addition, information collected by law-enforcement FIUs may be easily exchanged worldwide through already existing networks, such as Interpol, Europol, or other intelligence services. On the other side, however, these kind of FIUs naturally tend to be more effective in investigations than in preventive oversight. First, they are usually referred suspicious financial transactions only above a fixed threshold, and thus analyse just the more serious misconducts. Second, these FIUs are often lacking the technical skills necessary to effectively deal with highly specialized financial operations and data, or require relevant investments in terms of resources and time to achieve such goal. Lastly, not being originally part of the financial systems, law-­enforcement FIUs also need to build their reputation among financial institutions, to win their trust and establish effective cooperation: Another step which may require long time, and efforts before being achieved. Both administrative and law-enforcement type of FIUs share a common weak point: Being usually placed in the executive, the outcome of the activity of these agencies might be influenced by political considerations or convenience, rather than being guided by independent criteria. In order to avoid this problem, some States, such as Luxemburg (Cellule de Renseignement Financier-CRF), conferred FIU’s competence directly to a judicial authority. That allows FIUs to act independently from political interference, immediately start criminal investigations and, if needed, adopt coercive measures (such as searching and seizing funds; freezing of accounts; and issuing detention orders). In return, these judicial Units might run into legal difficulties in exchanging information with non-judicial FIUs, and share the same reputational and expertise disadvantages of the law-enforcement type. Lastly, some other countries, including Jersey (Jersey States of Jersey Police/ Joint Financial Crimes Unit-FCU) and Denmark (Hvidvasksekretariatet Stadsadvokaten for Særlig Økonomisk Kriminalitet/Hvidvasksekretariatet–SØK/ HVIDVASK), opted for the creation of hybrid models, whose specific characteristics depend on the combinations of the features selected among the paradigms illustrated above. Clearly, none of these models is per se exempt from criticism. For instance, judicial and law-enforcement FIUs may, in the first place, heavily suffer in terms of efficiency to get the information from the banking sector, and to timely analyse it, until they have built up a very technical expertise in financial prudential regulations for their personnel (which requires significant deployment of resources). On the other side, administrative or hybrid models leave fundamental issues without an answer, such as which should be the conditions under which it is possible to transfer potential evidence from a FIU to the judicial authorities,

96

3  Strengthening Financial Investigation and Supervision at the International Level

e­ specially (but not exclusively) with regard to the privilege against self-incrimination, when a FIU is requesting a subject to provide potentially incriminating information.49 The theme becomes pivotal considering that in many jurisdictions, as it will be further examined, it is precisely non-judicial FIUs which–within their competence–are entitled to apply particularly pervading investigative measures, such as real-time monitoring of financial records.50 The main asset of the FIUs’ system, however, relies on their capability of interacting with each other on a worldwide scenario within the structure given by the Egmont Group. Currently, the Group counts 158 members, including the FIUs of the United States, and of all the European Union Member States, but the number is expected to grow in the next years, since its subscription has become mandatory for all FIUs since 2012.51 Thanks to the Egmont Group, FIUs may reciprocally exchange financial information on a global dimension, stemming from suspicious or unusual transaction reports and other disclosures of the financial sector, to government administrative data, and public record information. Exchange of information among FIUs may happen spontaneously, or upon requests founded on appropriate legal basis (such as bi-and multilateral agreements, or Memoranda of Understanding).52 Through its activity, the Group’s aim is to promote the free movement of information, and the protection of confidentiality among the FIUs, irrespective of the existing differences among national legal systems.53 To strengthen and promote cooperation, the FATF Standards require financial institutions and DNFBPs to report to their national FIU any suspicion on potential relations of funds and criminal activities; granting them, at the same time, criminal and civil law immunity for the duly disclosure.54 In particular, these entities shall refer information such as: “The identity of the accountholder and of the other subjects authorized to operate the account; the beneficial owner and, in relation to legal persons and arrangements, the ownership and control structure; the type and amount  On the need to respect “core” procedural fair trial rights in the dissemination of evidence between administrative and criminal proceedings, see Sect. 6.1.3; for an analysis of the critical issues concerning the privilege in the sanctioning proceedings of the Eurozone banking supervisor (the Single Supervisory Mechanism), cf. Sect. 6.3.5.–6.3.6. 50  Cf. Sect. 7.5. 51  For a complete overview on the governance of the Group and its structure, see Egmont Group of Financial Intelligence Units (2013b). The list of members and observers (including organizations such as FATF, IMF, UN, World Bank, OCSE, MONEYVAL) may be found at: https://www. egmontgroup.org/en/membership/list. Accessed 16 June 2019. 52  See Egmont Group of Financial Intelligence Units (2013c; 2000; 2018). 53  Egmont Group (2013a), at (3) and (6); Egmont Group (2013b), at (3). Meetings are also used to encourage the exchange of practices and expertise, and to provide training to the FIUs’ officials for the specific tasks required by financial investigations. With the aim of facilitating continuous cooperation, the Egmont Group has also established a secure Internet encrypted system (the Egmont Secure Web-ESW), which permits its members to communicate with one another via secure e-mail, cf. Egmont Group (2013a), at (9); Egmont Group (2013b), at (3.3). On the importance of training and specialization in financial criminal law, see also Franssen and Ligeti (2017), p. 7. 54  FATF (2012a), Recommendations (20) and (21). 49

3.3  Financial Intelligence Units and the Egmont Group

97

of the transactions performed as well as the counterparts involved; for wire transfers, information on the payer and the beneficiary; the nature and purpose of the activities conducted by the customer; and any other information gathered in the Customer Due Diligence process”.55 As long as that is necessary to properly undertake their functions, FIUs shall also be able to obtain information from sources other than financial institutions, such as law-enforcement agencies.56 In order to nurture reciprocal trust, and to the extent possible, when a FIU is requesting information from a counterpart, it shall disclose the reasons for the request and the purpose for which the information will be used.57 Generally, to facilitate cooperation, the Egmont Group requires the FIUs to “grant prior consent to disseminate the information” to other competent authorities, but refusal is allowed as long as it is “appropriately explained”.58 While secrecy law cannot constitute a ground for refusal, a cooperation request may be denied in case the issuing FIU is not able to guarantee an adequate protection of confidentiality.59 A FIU may also refuse to provide information towards those national agencies which are lacking reciprocity, or where inadequate cooperation practices are recurring.60 In any case, according to the Standards, sharing of information shall not be impaired neither by the different nature of the FIUs, nor by the contemporary undergoing of criminal or administrative proceedings in the requested State, unless that would hinder the investigation–thus leaving some margin of appreciation to the authorities concerned.61 Cooperation could also be refused if granting the information would be in a clear disproportion to the “legitimate interests of a natural or legal person or the State of the providing FIU, or would otherwise not be in accordance with fundamental

 Egmont Group (2013a), at (48).  FATF (2012a), Recommendation (29) and its interpretive note, esp. p.  96 at (13) “countries should ensure that the FIU has regard to the Egmont Group statement of purpose and its Principles for Information Exchange Between Financial Intelligence Units for Money Laundering and Financing of Terrorism Cases (these documents set out important guidance concerning the role and functions of FIUs, and the mechanisms for exchanging information between FIUs)”. This objective has been implemented at EU level by Article 1, EC Council Decision 2000/642/JHA of 17.10.2000 concerning arrangements for cooperation between financial intelligence units of the Member States in respect of exchanging information, following the conclusions of the Tampere European Council Meeting of 15 and 16.10.1999: Creation of an Area of Freedom, Security, and Justice, Presidency Conclusions, at (54); European Council, The Prevention and Control of Organised Crime: a European Union Strategy for the beginning of the New Millennium (2000/C 124/01), at (54). 57  Egmont Group (2013c), at (20). For the requests, FIUs may use templates provided by the Egmont Group itself, see Annex A and B, Egmont Group (2013a). 58  Egmont Group (2013c), at (26). 59  Egmont Group (2013c), at (25) and (24), lett. b). For a brief analysis on professional secrecy in the cooperation in the Eurozone banking supervisory system, see Sect. 6.1.3. 60  Egmont Group (2013c), at (27). 61  Egmont Group (2013c) at (24), lett. c–d), and Egmont Group (2013a), at (30). 55 56

98

3  Strengthening Financial Investigation and Supervision at the International Level

p­ rinciples of its national law”.62 In any case, the use of the information received by a FIU is restricted to the scope of application of its AML/CFT provisions, and shall not exceed the purposes for which it was sought or provided. Dissemination for further purposes is not prohibited, but that requires the prior authorization of the requested FIU.63 All these rules have a direct impact only on the relation among national FIUs; however, their influence goes far beyond the scope of application of the Egmont Group. Indeed, enforcing forms of effective cooperation among different jurisdictions, which means creating a network in which parties may trust each other, indirectly requires national authorities to implement adequate, and at least partially harmonized, mechanisms to exchange information, rules, and guarantees, whose scope of application is not necessarily restricted to the fight against money laundering and financing of terrorism.

3.4  E  nsuring Common Standards Against Financial Crime at Regional Level: The Council of Europe At regional level, the contribution of the European Convention on Human Rights and the Court in Strasbourg to the development and the implementation of civil, political and social rights scarcely needs any presentation. The Convention, however, is not the only tool through which the Council of Europe (COE) is acting in the field of crime prevention and control. Oversight tasks, for instance, are allocated to several specialized subcommittees under the responsibility of the COE’s Committee of Ministers.64 In the field of criminal financial investigations, the most relevant self-­ regulatory body is the Committee of Experts on the Evaluation of Anti-Money Laundering Measures and the Financing of Terrorism (MONEYVAL), established in 1997. Within its scope of application, this Committee aims at enabling the Council to identify, and make up for areas of non-compliance with international and regional standards, gathering data, and elaborating comparative analyses on national legislation and investigative practices. Using relevant international and supranational legislation as parameters for its assessments, and its monitoring powers to urge  Egmont Group (2013c).  Egmont Group (2013c), at (26) and (32); Egmont Group (2013a), at (18); Egmont Group (2013b), at (3). 64  The Committee is the decision-making body of the COE, composed by the Ministers for Foreign Affairs of the member States and organized in several thematic subcommittees, such as the European Committee on Crime Problems (CDPC), competent on intergovernmental legal cooperation, and entrusted with the power to elaborate conventions, recommendations and reports; the European Committee on Legal Co-operation (CDCJ), whose mission is to draw up common standards, and foster legal cooperation among the 47 Members of the Council; the Justice and Legal Cooperation Department, which supports in the training of professionals; and the Group of States Against Corruption (GRECO). 62 63

3.4  Ensuring Common Standards Against Financial Crime at Regional Level…

99

Members in implementing the measures required, this body is promoting the dissemination of common rules and guarantees at transnational level. However, unlike the FATF or the Basel Committee, recommendations issued by MONEYVAL are always targeted to the legal system examined, and do not aim at establishing general rules and criteria. Currently MONEYVAL is responsible for 34 jurisdictions, and counts numerous participants with an observer status, such as the European Commission, the Secretariat General of the Council of the European Union, Interpol, the FATF Secretariat, the UN, the Egmont Group, the IMF, and the World Bank. The Committee exercises functions partially complementary to the FATF’s, since it has jurisdiction only over those Members of the Council of Europe which are not part of the Financial Action Task Force, or which nonetheless requested to continue to be evaluated by the Committee. MONEYVAL also extends its action to the three UK Crown Dependencies of Guernsey, Jersey, and the Isle of Man and Gibraltar—which possess a high relevance in the management of the financial market, all three being tax havens—and even to some States which are not members of the COE, such as the Holy See and Israel.65 Similarly to the FATF, with which it strictly cooperates, the Committee is entrusted with the monitoring of domestic legal systems, and in particular of mechanisms countering money laundering and terrorist financing: MONEYVAL assesses their compliance with the relevant international standards on the matter, namely the FATF Standards; the 1988 UN Convention on Illicit Traffic of Narcotics, Drugs and Psychotropic Substances; and the 2000 UN Convention Against Transnational Organised Crime. MONEYVAL also monitors the implementation of some legal sources issued by the same Council of Europe, such as the 1990 and the 2005 Conventions on Laundering, Search, Seizure and Confiscation of the Proceeds from Crime, as well as of the EU AML directives.66 Since 1998, the Committees’ assessment process is structured in mutual evaluation cycles,67 or rounds that are periodically launched. These records are carried out according to specific sets of Rules of Procedure, revised with the same frequency to keep up with the necessities of the inquiries, and the development of legislations.68  According to Article 2.2a, 2.2b, 2.2e of Resolution CM/Res (2010) 12 on the MONEYVAL Statute. See also Resolution CM/Res (2011) 5 for the Holy See; and Resolution CM/Res (2012) 6 for the UK Crown Dependencies. The complete list of members and observers may be found at: https://www.coe.int/en/web/moneyval/moneyval-brief/members. Accessed 16 June 2019. 66  So far the last EU parameter adopted during the evaluations of the Committee is the Third AML/ CFT Directive, cf. Directive 2005/60/EC of 26.10.2005 on the prevention of the use of the financial system for the purpose of money laundering and terrorist financing. The Fourth AML/CFT Directive has not yet been taken as a parameter in the action of MONEYVAL. 67  First round (1998–2000): evaluated 22 Member States; Second round (2001–2004): Evaluated 27 member States; Third round (2005–2009): Evaluated 28 member States, the Holy See and Israel; Fourth Round (2009–2015): Evaluation to be finalized; Fifth round (2015–2021): On-going. 68  See MONEYVAL (2017), last revised in September 2017. The evaluation takes also into account the Methodology for Assessing Compliance with the FATF Recommendations and the Effectiveness of AML/CFT Systems. 65

100

3  Strengthening Financial Investigation and Supervision at the International Level

At every cycle, the Committee is examining only part of the countries under its jurisdiction, sending them questionnaires about their legislative and regulatory contexts and related statistics. In addition, MONEYVAL is directly conducting part of the examination, through inspecting teams which are meeting with competent ­governmental and law-enforcement agencies, regulators, prosecutors, and representatives of the private sector and of non-governmental organisations. Notably, the Fifth round, currently underway, is the first evaluation for which is it provided a length of at least two weeks of on-site visits for each State, instead of the previous 8-days maximum length. When the evaluation is concluded, the teams draft a report, that is discussed with the affected State before its submission to the Committee for the official adoption. Even after this phase, MONEYVAL may require countries involved in the evaluation process to submit progress reports describing new measures that have been put in place to comply with the suggested remarks. If progress is not considered sufficient, the Committee may take further steps, including the imposition of Compliance Enhancing Procedures (CEPs),69 articulated in several progressive steps,70 which last until the actions taken by the State Member are judged as satisfactory.

3.5  E  nsuring Effective Banking Oversight: The Basel Committee on Banking Supervision In 1975, after the breakdown of the Bretton Woods system,71 central bank governors of the G10 countries founded the Basel Committee on Banking Supervision (BCBS), with the aim of enhancing financial stability worldwide, by improving supervisory knowhow and quality of banking regulation. Currently the BCBS membership covers 28 jurisdictions—including the EU and nine of its Member States, the US, Russia and Switzerland—all represented in the Committee by their central banks and, where different, also by the authority

 The CEPs process may be applied as a result of a plenary decision, in a meeting with delegates from State members, two FATF member States, representatives of observer States, organisations and institutions or bodies. MONEYVAL’s plenary meetings take place in Strasbourg thrice per year, cf. Resolution CM/Res (2010) 12. In 2014 Lithuania and Bosnia and Herzegovina were subject to the procedure, cf. MONEYVAL (2015), p. 32. For an updated overview of the measures adopted by the members, see Idem, Appendix 3, p. 53. MONEYVAL is also carrying out horizontal reviews, in which the countries are examined under a specific perspective, e.g. payment of ransoms, financing of terrorism, just to mention the more recent. 70  Cf. MONEYVAL (2017). 71  Created in 1944, the system established commercial and financial rules for the US, Canada, Western Europe, Australia and Japan, until its dismemberment in the early 1970s, when the US put an end to the link between dollar and gold. Bretton Woods was the first example of a negotiated monetary order among independent States, operating through the establishment of fixed exchange currency rates. 69

3.5  Ensuring Effective Banking Oversight: The Basel Committee on Banking…

101

r­esponsible for banking prudential supervision.72 Since its creation, the Basel Committee has been designed as a forum for regular cooperation on the matter of banking ­regulation, with the goal of closing the gaps in international supervisory coverage “so that (i) no foreign banking establishment would escape supervision; and (ii) supervision would be adequate and consistent across member jurisdictions”.73 In order to achieve so, the BCBS periodically sets minimum common standards for banking supervision, sharing approaches and techniques to improve cooperation, and helping identifying risks in the global financial market. To improve the resilience of the global banking system, since 2012 the Committee has also begun to actually monitoring the implementation of its standards and guidelines within its jurisdiction. As a self-regulatory body, the legal texts issued by BCBS do not possess legal binding value; nonetheless, they historically exercised a great influence in shaping banking supervisory regulations, both at national and at the supranational level, to the point that they are often literally “transposed” in domestic legislation. The Committee’s action mainly affects the areas of banking supervision, and banks’ capital requirements, where it plays a fundamental role in defining comprehensive approaches to control the risk of banking activity, above all concerning capital requirements. The first Basel Capital Accord, or Basel I, was approved by the G10 Governors, and released to banks in July 1988, followed by several revisions until 1997.74 By September 1993, the requirements provided in the Accord, and especially the minimum ratio of capital to risk-weighted assets were met by all G10 countries’ banks,75 and introduced in most other countries with active international banks. In what was then called the European Economic Community, the Accord was used as the basis for the amendment of the First and the issuing of the Second Banking Directive.76 In 1999, the Committee published a proposal for a new framework to replace the first agreement, which, in 2004, led to the release of the Revised Capital Framework or Basel II.77 The new standards were structured in three pillars, covering: Minimum capital requirements (an expansion of the 1988 version); supervisory review of the institutions’ compliance with the standards required (incentivizing cooperation among competent authorities); and effective disclosure of information to banking regulators. In 2006, with the cooperation of the International Organization of Securities Commissions (IOSCO), the text was integrated to encompass not only

 The EU Member States are: BE, DE, ES, FR, IT, LU, NL, SE, UK.  The European Banking Authority, the European Commission, and the International Monetary Fund are among BCBS observing members. For a complete list of the members, see http://www.bis.org/bcbs/membership. htm. Accessed 16 June 2019. 73  Cf. BCBS (2014c), p. 1. 74  BCBS (1988). 75  BE, DE, FR, DE, IT, NL, SE, UK, Canada, Japan, Switzerland, and the US. 76  Cf. First Council Directive 77/780/EEC, and Second Council Directive 89/646/EEC, cit. 77  BCBS (2004). 72

102

3  Strengthening Financial Investigation and Supervision at the International Level

banking books, but also banks’ trading books.78 In the same year, without relevant changes, Basel II was transposed at the EU level through Directive 2006/48/EC.79 In September 2008—the same month when the mispricing of credit and liquidity risk, and the engagement in junk securities burst into the collapse of Lehman Brothers, and the outbreak of financial crisis in the US—the Basel Committee issued again a new text, trying to address the dissemination of “deplorable” governance practices into the banking sector, such as disproportion between the banking leverage in the financial market, inappropriate structures and liquidity buffers, and poor risk management.80 At the end of 2010, a new comprehensive proposal to strengthen the previous regulatory framework, known as Basel III was issued. The Accord had to be fully implemented, respectively, by 2015 for the part concerning new capital requirements, and by 2017 for what regards compliance procedures.81 In 2013, the new agreement was introduced as part of the EU legislation, and made compulsory for all credit institutions licensed, or operational within the territory of the Union, through the already mentioned Fourth Capital Requirements Directive (CRD IV), and Regulation (CRR).82 For the scope of this work, however, even more relevant is the contribution provided by the BCBS in the field of banking oversight, where the Committee has also formulated a detailed set of rules and standards, to be implemented in the legislative systems of the participating jurisdictions. The 29 Core Principles for Effective Banking Supervision, first published in 1997, and then revised in 2012 deal with multiple profiles concerning banking supervision, from powers, responsibilities and functions of the supervisory agencies, to the set of requirements for assessing the compliance with the standards of prudential regulation.83 To this end, the document provides for both bare rules (Principles), and their interpretative criteria (Essential Criteria). As far as the internal structure of supervisors is concerned, Principle 2 requires national regulators to be independent and accountable, meaning both being granted adequate resources and budgetary autonomy, and lacking any governmental or industry interference in the decision-making process. In particular, to be granted “full discretion to take any supervisory actions or decisions on banks and banking groups under its supervision”, the governing body of a supervisor should be “structured to avoid any real or perceived conflicts of interest”, and furnished with specific rules on how to prevent those phenomena to happen.84  BCBS (2006).  Directive 2006/48/EC of 14.06.2006 relating to the taking up and pursuit of the business of credit institutions. 80  BCBS (2008). 81  See BCBS (2010), and BCBS (2013). For the implementation of Basel III see also BCBS (2014b). 82  Directive 2013/36/EU, and Regulation No. 575/2013, cit. Cf. also BCBS (2014a). 83  Cf. Principle 1 – Essential Criterion 1, and Principle 8, BCBS (2012). Cf. Tröger (2012–2013), p. 200 ff; Bradley (2014), p. 272. 84  Cf. Principle 2 – Essential Criteria 1, 4, 5, 6. Analysing the compliance with this Principle of the Single Supervisory Mechanism, and US banking regulators, Sect. 6.1.1. 78 79

3.5  Ensuring Effective Banking Oversight: The Basel Committee on Banking…

103

According to Principles 3, supervisory authorities should also be integrated in a fully operational and effective cooperation network, where to share information with other domestic authorities responsible for the safety and soundness of banks, other financial institutions and/or the stability of the financial system.85 Within this system, the need for confidentiality should be safeguarded through limitations in the use of the received information, that shall be restricted only to supervisory purposes, unless full disclosure is due to the law or to a court order.86 Finally, following Principle 11, banking supervisors shall be involved together with other relevant national authorities in the decision-making process concerning particularly critical phases for credit institutions, such as restructuring, mergers, and closure of banks.87 The Core Principles also outline the basic investigative power that should be available to banking supervisors in fulfilling their mandate. In particular Principles 1, 9 and 10 require supervisors to: Have full access to the bank files and records, also related to personnel at all levels (including internal management information); review of the banks’ overall activities, also with regard to those exercised abroad and/or by parent and affiliated companies; and perform onand off-site inspections.88 Banking supervisors shall also be granted access to a wide variety of data and information produced by third parties and concerning banking activity such as “prudential reports, statistical returns, information on a bank’s related entities, and publicly available information”, which may be used for oversight decisions if deemed sufficiently reliable. In any case, supervisors retain the power to request clarifications and additional information directly to credit institutions.89 If banks are not complying with laws or regulations, or are likely to be engaging in unsafe or unsound practices or actions for the banking system, or when the interests of depositors are otherwise threatened, banking supervisors should be granted an “adequate range” of sanctioning powers “to bring about timely corrective actions” both towards financial institutions, their organs and the individuals therein.90 In particular, according to Principle 11, they should be able to impose measures such as: Restricting the current activities of the bank; imposing more stringent prudential limits and requirements; withholding approval of new activities or acquisitions; restricting or suspending payments to shareholders or share repurchases; restricting asset transfers; ring-fencing91; barring individuals from the banking  Cf. Principle 3 – Essential Criterion 1. Analysing the compliance with this Principle in banking supervision Sects. 6.1.2 (US banking regulators) and 6.1.3 (Single Supervisory Mechanism). 86  Cf. Principle 3 – Essential Criterion 4. 87  Cf. Principle 11 – Essential Criterion 7. 88  Cf. Principle 1  – Essential Criteria 5,7; Principle 9  – Essential Criterion 1; Principle 10  – Essential Criteria 6,7. Analysing the Single Supervisory Mechanism investigative powers, Sect. 4.4.3.; for the US regulators, see Sects. 5.2 and 5.3. 89  Cf. Principle 9 – Essential Criterion 3. 90  Cf. Principle 1 – Essential Criterion 6; Principle 11 – Essential Criteria 2, 5. 91  Ring-fencing occurs when a portion of a company’s assets or profits are financially separated without necessarily being operated as a separate entity. This is done mainly to protect consumers from the risk of open market activities of the parent company. 85

104

3  Strengthening Financial Investigation and Supervision at the International Level

s­ ector; replacing or restricting the powers of managers, Board members or controlling owners; facilitating a takeover by or merger with a healthier institution; providing for the interim management of the bank; and revoking or recommending the revocation of the banking license.92 In the exercise of these prerogatives, supervisors should follow an assessing procedure, which provides for some guarantees to the interested subject(s), and allows them to participate to the proceeding. In particular, following Principle 9, the banks shall be “timely” communicated about the findings of supervisory on- and off-site analyses, in writings or orally. In this last case, “at an early stage” the supervisors should meet with the bank’s Board members or management, or “where appropriate”, with the independent Board members, to discuss and comment all the concerns raised.93 Restrictive measures may be imposed addressing a written document to the bank’s Board.94 After a sanctioning measure has been applied, the bank should be required to submit regular written progress reports, on which the supervisors shall monitor that the corrective actions undertaken have been “completed satisfactorily”.95 Also in this phase, supervisors should be able to cooperate with other competent authorities, such as national and supranational resolution authorities to ensure the smooth enforcement of the measures imposed.96 According to the Basel Committee, the implementation of all these parameters is crucial to ensure a sound prudential regulation and supervision of banks, and banking systems (and, indirectly, customers) at domestic level. Indeed, both in the EU and in the US, the Core Principles represent a fundamental term of comparison in any analysis of supervisory systems, and of their related investigative and sanctioning powers, especially to identify lacunas and areas for improvement within a certain legal system. This is especially relevant for the EU, where a centralised banking supervisory mechanism has recently entered force, whose powers and regulation have just started to be tested in litigations before the Court of Justice. Evidently, the Core Principles do not provide for a comprehensive legal framework of procedural rules and guarantees, but offer only a few basic features that should be implemented in national banking oversight. However, as will be further discussed,97 some of the profiles drawn by the Principles result extremely meaningful also under a criminal law perspective, since their violation may already undermine at the very bases the possibility for banking supervisors to comply, in light of the Engel case law, with fair trial guarantees.

 Cf. Principle 11 – Essential Criteria 4, 6. Analysing the Single Supervisory Mechanism sanctioning powers, Sect. 4.4.2.; for the US regulators, see Sects. 5.2 and 5.3. 93  Cf. Principle 9 – Essential Criterion 8. 94  Cf. Principle 11 – Essential Criterion 1. 95  Cf. Principle 11 – Essential Criterion 1. 96  Cf. Principle 1 – Essential Criterion 6. 97  See Sect. 6.1 et seq. 92

References

105

References BCBS (1988) International convergence of capital measurement and capital standards. https:// www.bis.org/publ/bcbs04a.pdf. Accessed 16 July 2018 BCBS (2004) International convergence of capital measurement and capital standards. A revised framework. http://www.bis.org/publ/bcbs107.pdf. Accessed 16 July 2018 BCBS (2006) Basel II: international convergence of capital measurement and capital standards. A revised framework. Comprehensive version, https://www.bis.org/publ/bcbs128.htm. Accessed 16 July 2018 BCBS (2008) Principles for sound liquidity risk management and supervision. https://www.bis. org/publ/bcbs144.htm. Accessed 16 July 2018 BCBS (2010) Basel III: A global regulatory framework for more resilient banks and banking systems (rev June 2011). https://www.bis.org/publ/bcbs189_dec2010.htm. Accessed 16 July 2018 BCBS (2012) Core principles for effective banking supervision, September 2012. https://www.bis. org/publ/bcbs230.htm. Accessed 16 July 2018. Accessed 16 July 2018 BCBS (2013) Basel III: the liquidity coverage ratio and liquidity risk monitoring tools, January 2013. https://www.bis.org/publ/bcbs238.htm. Accessed 16 July 2018 BCBS (2014a) Basel III: the net stable funding ratio, October 2014. https://www.bis.org/bcbs/ publ/d295.htm. Accessed 16 July 2018 BCBS (2014b) Progress report on implementation of the Basel regulatory framework, April 2014. https://www.bis.org/publ/bcbs281.htm. Accessed 16 July 2018 BCBS (2014c) A brief history of the Basel Committee, October 2014. http://www.spaeth.ru/ HS20152016/artikel_14.pdf. Accessed 16 July 2018 Bradley C (2014) Breaking up is hard to do: the interconnection problem in financial markets and financial regulation, a European (banking) union perspective. Tex Int’I LJ 49:271–295 Calderoni F (2010) Organized crime legislation in the European Union. Springer, Heidelberg Commonwealth Secretariat (2006) Combating money laundering and terrorist financing: a model of best practice for the financial sector, the professions and other designated businesses, 2nd edn Council of the EU, Conclusions on the EU Anti-Corruption Report, Luxembourg, 5–6 June 2014. https://www.consilium.europa.eu/media/28069/143117.pdf. Accessed 16 July 2018. Egmont Group of Financial Intelligence Units (2000) FIU’s in action, 100 cases from the Egmont Group. https://www.jfiu.gov.hk/info/doc/21-100casesgb.pdf. Accessed 16 July 2018 Egmont Group of Financial Intelligence Units (2013a) Operational guidance for FIU activities and the exchange of information, 28 October 2013. http://www.cbr.ru/statichtml/file/36881/ operational_guidance%202014.pdf. Accessed 16 July 2018 Egmont Group of Financial Intelligence Units (2013b) Charter, 30 October 2013. https://egmontgroup.org/en/filedepot_download/1658/36. Accessed 16 July 2018 Egmont Group of Financial Intelligence Units (2013c) Principles for Information Exchange between Financial Intelligence Units, 28 October 2013. https://egmontgroup.org/en/filedepot_ download/1658/37. Accessed 16 July 2018 Egmont Group of Financial Intelligence Units (2018) Annual Report 2016–2017. https://egmontgroup.org/en/document-library/10. Accessed 16 July 2018. FATF (2001) IX Special Recommendations, October 2001 (reviewed February 2008). http://www. fatf-gafi.org/media/fatf/documents/reports/FATF%20Standards%20-%20IX%20Special%20 Recommendations%20and%20IN%20rc.pdf. Accessed 16 July 2018 FATF (2002) Annual Report 2001–2002, June 21, 2002. http://www.fatf-gafi.org/documents/documents/fatfannualreport2001-2002.html. Accessed 16 July 2018 FATF (2012a) International standards on combating money laundering and the financing of terrorism & proliferation, February 2012. http://www.fatf-gafi.org/publications/fatfrecommendations/documents/fatf-recommendations.html. Accessed 16 July 2018 FATF (2012b) Mandate (2012–2020) Washington, DC. http://www.fatf-gafi.org/media/fatf/documents/FINAL%20FATF%20MANDATE%202012-2020.pdf. Accessed 16 July 2018

106

3  Strengthening Financial Investigation and Supervision at the International Level

FATF (2015) Annual Report 2014–2015. http://www.fatf-gafi.org/media/fatf/documents/reports/ Annual-report-2014-2015.pdf. Accessed 16 July 2018 FINCEN (2012) Annual Report fiscal year 2011. https://www.fincen.gov/annual-report. Accessed 16 July 2018 Franssen V, Ligeti K (eds) (2017) Challenges in the field of economic and financial crime in Europe and the US. Hart, Oxford Garner BA (ed. in Chief) (2014) Black’s law dictionary, 10th edn. Thomson Reuters, St. Paul Hauck P, Peterke S (eds) (2016) International law and transnational organised crime. Oxford University Press, Oxford International Monetary Fund & World Bank (2004) Financial intelligence units: an overview, Washington, D.C. https://www.imf.org/external/pubs/ft/FIU/fiu.pdf. Accessed 16 July 2018 Interpol (2001) Special Session of the Financial Action Task Force (FATF) 29 October 2001. https://www.interpol.int/content/download/6109/50081/version/2/file/SG20011029.pdf. Accessed 16 July 2018 McClean D (2007) Transnational organized crime. A commentary on the UN Convention and its protocols. Oxford University Press, Oxford Moloney N (2012) Supervision in the wake of the financial crisis: achieving effective “Law in Action”- A challenge for the EU. In: Wymeersch E, Hopt KJ, Ferrarini G (eds) Financial regulation and supervision. A post-crisis analysis. Oxford University Press, Oxford MONEYVAL (2015) Annual Report for 2014, July 2015. https://rm.coe.int/annual-report-for2014/1680714c14. Accessed 16 July 2018 MONEYVAL (2017) Rules of procedure for the 5th round of mutual evaluations, Strasbourg, 28 September 2017. https://rm.coe.int/rules-of-procedure-for-the-5th-round-of-mutual-evaluations-/1680760792. Accessed 16 July 2018 OECD (2013) Effective inter-agency co-operation in fighting tax crime and other financial crimes, 2nd edn. http://www.oecd.org/ctp/crime/effectiveinter-agencyco-operationinfightingtaxcrimesandotherfinancialcrimes.htm. Accessed 16 July 2018 Tröger TH (2012–2013) Organizational choices of banks and the effective supervision of transnational financial institutions. Tex Int’I LJ 48:177, 178, 221 Unger B, Ferwerda J, Van Den Broek M, Deleanu I (2014) The economic and legal effectiveness of the European Union s anti-moneylaundering policy. Edward Elgar, Cheltenham

Part II

Criminal Profiles in Banking Supervision

Chapter 4

The Institutional Design of EU Banking Supervision

In the European Union, the burst of the 2006–2008 financial crisis brought to a dramatic change in the organisation and supervision of the financial market. Among other innovative profiles, the establishment of new European Union authorities or, in case of banking oversight, of new tasks and functions within pre-­ existing institutions, led to the creation of new administrative procedures grounded almost completely on EU legal basis. In the field of banking supervision, the reference mainly goes to the attribution of essential supervisory functions within the European Central Bank, with the creation of the Single Supervisory Mechanism. Although administrative in their formal nature, many of the measures imposable by this supervisor have a direct and significant relevance also under a criminal law perspective. Before looking further into the substantial nature of supervisory sanctions and measures,1 however, it is necessary to understand what is the context in which the Single Supervisory Mechanism is exercising its activity; what powers have been conferred to it, especially with regard to the possibility of imposing punitive sanctions; and which procedural rules and safeguards apply in the investigations carried out by this new banking supervisor. To carry out this analysis, Chap. 4 proceeds as follow: Sect. 4.1 illustrates how the system of banking supervision in the EU (and in the Eurozone) changed in the aftermath of the financial crisis. Section 4.2 describes the three European Supervisory Authorities, and especially the European Banking Authority. The latter, created before the Single Supervisory Mechanism, constituted a fundamental step in the supranational integration of financial supervision, and still plays a central role in the Europeanisation of the financial market. Section 4.3 deals with the substantive law on the matter of banking supervision applicable in all the EU Member States after the so-called Banking  The theme is analysed in Chap. 6.

1

© Springer International Publishing Switzerland and G. Giappichelli Editore 2019 G. Lasagni, Banking Supervision and Criminal Investigation, Comparative, European and International Criminal Justice 1, https://doi.org/10.1007/978-3-030-12161-7_4

109

110

4  The Institutional Design of EU Banking Supervision

Union reform, with specific regard to the sanctioning powers there provided. Lastly, Sect. 4.4 deals with the Single Supervisory Mechanism, illustrating its positioning in the EU legal framework, and then focusing on its supervisory and sanctioning powers, and on the procedural rules applicable during its investigative proceedings.

4.1  From the Financial Crisis to the Banking Union Until recently, banking supervision in Europe was placed mainly at national level, operating within an extremely fragmented background composed of the 28 legal orders of the Member States, among which 19 have adopted the Euro as their currency (establishing the so-called Eurosystem, or Eurozone). The efficiency of such model thus heavily relied on National Competent Authorities (NCAs), generally represented by National Central Banks, and on the implementation of effective forms of cooperation among the latter, legally grounded on EU directives mostly transposing the content of Basel Accords.2 Increasingly in the last decades, however, and particularly after the burst of the 2006–2008 financial crisis, several reasons revealed the inadequacy of this paradigm—founded on a very minimum level of harmonization and centralised enforcement—in facing the challenges of a globalized financial market. The situation was rather peculiar under this perspective, since the Union economic market was already operating as a single legal area since the adoption of the Maastricht Treaty, and (for those countries who did) of the Euro; and also the leading principles founding the EU banking legislation—mutual recognition of services, and the home country control—have a clear transnational character.3 Against this background, recent financial scandals implicating important European banking groups (such as the already mentioned Libor/Eurobar case4) provided very concrete examples of how supranational freedoms in contexts of highly fragmented enforcement powers, limited to a domestic dimension, offer a perfect chance for a wide range of abuses. Finally made aware of the limitations of such nation-based supervisory mechanisms, in the last few years the European institutions brought about substantial reforms, which drastically changed the structure of banking oversight both in its theoretical and practical aspects.5

 Cf. Sect. 3.5. See also Haentjens and De Gioia-Carabellese (2015), p. 10 et seq.  At least since the 1980s, cf. Sect. 2.1. 4  Cf. Sect. 2.2. 5  Cf. European Commission, Reinforcing Sanctioning Regimes in the Financial Service Sector (COM(2010) 716). Highlighting the difficulties in addressing the interconnections of the financial markets not only rom a national perspective, but also from a sectorial one, Bradley (2014), p. 277 et seq. 2 3

4.1 From the Financial Crisis to the Banking Union

111

The first notable reform on the matter dealt with the need of increasing the efficiency of the legislative process in the area of financial regulation. In 2000, the Council of the European Union assigned the task of carrying out an in-depth analysis and elaborate a proposal to a group of experts, the so-called Lamfalussy Group. Following the experts’ conclusions, starting from 2001 the Union legislative process in financial matters has been re-structured in a four-step procedure that should better ensure coherence among regulatory texts, emphasising the Commission’s role in the enforcement phase.6 The most evident reform in the financial regulation, however, emerged in the juncture of the last financial crisis. In 2009, following the recommendation of another group of experts appointed by the Commission (known as the de Larosière Group), the European System of Financial Supervision (ESFS) was created.7 Since its full establishment in 2011, the System was conferred the task of improving the functioning of the internal market by ensuring appropriate, efficient and harmonized European regulation and supervisory practices. To achieve this purpose, the ESFS was structured into three European Supervisory Authorities (ESAs) with jurisdiction over different financial sectors—banks, insurance, and securities—in addition to the European Systemic Risk Board, entrusted with macro-prudential supervisory tasks. This reform represented also a first attempt to strengthen the powers of the European Central Bank (ECB) towards the integration of national supervisory systems, notably increasing the ECB’s consultative role in the decisionmaking proceedings regarding any draft legislation in its fields of competence.8 Undoubtedly, though, the massive qualitative leap with regard to banking supervision was carried out starting from 2012, when the European Commission officially presented A Roadmap towards a Banking Union, launching a proposal to ensure policy on prudential supervision, and rules for financial services to be implemented throughout the participating Member States in a coherent and effective manner.9 This reform, in fact, directly affected the prerogatives of the ECB and, for the first time, established a level of centralized banking supervision in the Eurozone. 6  Lamfalussy (2001). A summary of four steps may be found at: http://europa.eu/rapid/pressrelease_IP-02-195_en.htm?locale=en. Accessed 20 July 2018; Antonucci (2004). 7  De Larosière (2009). On the fundamental role of this reform proposal in the aftermath of the financial crisis, see Ferran (2012), p. 62–63; Moloney (2012b), p. 78 et seq. Reconstructing the steps that brought to the creation of the ESFS and of the ESAs, see Antoniazzi (2013), p. 176 et seq; cf. also Bradley (2016), p. 1264 et seq. 8  Such as being consulted for “any proposed Community act and by national authorities regarding any draft legislation in its fields of competence. In addition, the ECB may submit opinions to the appropriate Community institutions or bodies or to national authorities on matters within its fields of competence. In the field of prudential supervision (Article 25 of the Statute of the ESCB), the ECB may offer advice to and be consulted by the Council […] The action of the ECB is also channelled through its participation in a number of EU committees whose missions encompass a contribution to financial integration […] the ECB also acts in partnership with the private sector to foster collective action”, cf. ECB Monthly Bulletin (2003), p. 58 et seq. 9  European Commission, A Roadmap towards a Banking Union (COM (2012)510), 12.09.2012.

112

4  The Institutional Design of EU Banking Supervision

The idea at the basis of the Banking Union (BU) relied on the awareness that “mere coordination is not enough, in particular in the context of a single currency”, as clearly shown during the last financial crisis.10 The BU project was then s­ tructured on several progressive steps, aiming first at the creation of a shared legal framework, and then at the establishment of new European institutions or tasks for the management of the whole banking system in the Eurozone, including supervisory functions. Under the first perspective, it was necessary to create a set of common rules and principles for all interested financial institutions to comply with, especially concerning prudential standards, like capital requirements, and risk management. In this sense, the Commission first proposed the adoption of a new directive and regulation on bank capital requirements, which became known as the Fourth Capital Requirements Directive (CRD V shall be transposed by Member States by December 2020), and Regulation (CRR II, partially already into force, will apply completely from 28 July 2021).11 Together with the 2014 Directives on the protection for Depositor Guarantees,12 and on Bank Recovery and Resolution,13 these legislative texts compose a corpus of common rules better known as “Single Rulebook”, which applies in all EU Member States.14 Under the second profile, the Banking Union reform brought to the creation of new Union bodies with competence over three main legal areas, representing the three BU structural “pillars”: Banking supervision (with the Single Supervisory Mechanism or “SSM”, internal to the ECB); the management of bank crises and failure (with the Single Resolution Mechanism, and the Single Resolution Fund); and the protection of depositors (with the European Deposit Insurance Scheme). While the latter two have jurisdiction over all EU Member States, the new supervisory regulator is exercising its activity only within the Eurosystem. Against this background, to date two partially overlapping systems of financial oversight are in force in the EU, characterized by similar supervisory goals, but different enforcing methods: One for the whole Union (European Supervisory  Recital (5), EU Council Regulation No 1024/2013 of 15.10.2013 conferring specific tasks on the European Central Bank concerning policies relating to the prudential supervision of credit institutions (SSM Regulation). On the recalibration of the EU financial system after the crisis, see also Castañeda et al. (2016); Mayes (2014), p. 743; Dinov (2016), p. 159; Epstein and Rhodes (2016), pp. 90–103; Hanten and Heljula (2015); Nieto (2015), pp. 539–546; Eijffinger and Masciandaro (2013), Hill and Moloney (2012), Boccuzzi (2016), and Hinojosa and Beneyto (2015); Bradley (2016), p. 1245 et seq.; Bradley (2014), p. 288 ff.; Tröger (2012–2013), pp. 210–213; Ferran (2012), p. 1 et seq.; Lo Schiavo (2019); Bonelli (2006); Gortsos (2015b). 11  Cf. above, Sect. 2.1. 12  Directive 2014/49/EU of 16.04.2014 on deposit guarantee schemes. 13  Cf. the Bank Recovery and Resolution Directive (BRRD), Directive 2014/59/EU of 15.05.2014 establishing a framework for the recovery and resolution of credit institutions and investment firms and amending Council Directive 82/891/EEC, and Directives 2001/24/EC, 2002/47/EC, 2004/25/ EC, 2005/56/EC, 2007/36/EC, 2011/35/EU, 2012/30/EU and 2013/36/EU, and Regulations (EU) No 1093/2010 and (EU) No 648/2012, cf. Bradley (2014), p. 281 et seq. 14  On the need to harmonise financial regulations, already before the launching of the Banking Union, see e.g. Andenæs (2012).

10

4.1 From the Financial Crisis to the Banking Union

113

Authorities; Single Rulebook; Single Resolution Mechanism, and the European Deposit Insurance Scheme), and one limited to the Eurozone (Single Supervisory Mechanism), whose investigative and sanctioning powers are analysed in the course of this analysis. Although not directly operating in the field of banking supervision, which represents the core of this work, drafting a quick picture of the last two pillars of the Banking Union is useful to understand the context in which the SSM is operating. Gradually entered into force during 2014–2015, the Single Resolution Mechanism (SRM) and Fund (SRF) have become fully operation in all Member States starting from January 1st 2016.15 The purpose of the SRM is to guarantee an efficient management of bank crises and resolution, in case credit institutions covered by the SSM are failing despite centralized supervision, especially to reduce negative effects on depositors and taxpayers, and put the burden of bank crisis rather on shareholders and creditors.16 To achieve so, the EU has both adopted common rules on the management of banking crises—with the Banking Recovery and Resolution Directive (BRRD)—and required Member States to establish ex ante a Single Resolution Fund (SRF), paid for by fixed premiums charged upon credit institutions.17 The SRF could be used to financially support resolution measures, following the rules agreed at Community level through an Inter-Governmental Agreement (IGA), which entered into force after having been ratified by most EU countries, and will have to be built up over a period of 8 years.18 The fund is managed by the central decision-making body of the SRM: The Single Resolution Board (SRB), which is responsible to ensure that cases are processed with minimal costs for taxpayers and to the real economy.19 The Board is composed of 28 members, one for each participating Member State, plus a Chair, a vice-chair and other four full-time members, appointed by the European Council on  The SRM and SRF’s implementation relies on several legislative acts: the Bank Recovery and Resolution Directive (BRRD); Regulation (EU) No 806/2014 of 15.07.2014 establishing uniform rules and a uniform procedure for the resolution of credit institutions and certain investment firms in the framework of a Single Resolution Mechanism and a Single Resolution Fund and amending regulation (EU) No 1093/2010; and Council Implementing Regulation (EU) 2015/81 of 19.12.2014 specifying uniform conditions of application of Regulation (EU) No 806/2014 with regard to ex ante contributions to the Single Resolution Fund. On the creation of the SRM, Lo Schiavo (2014), pp. 689–704; Antoniazzi (2014b), p. 717. 16  Before the entry into force of the BRRD, a similar goal was pursued by the Communication from the Commission on the application of State aid rules to support measures in favour of banks in the context of the financial crisis, better known as “Banking Communication”, revised several times (lastly on August 1st 2013). The application of the Communication also in the new legal framework is currently debated. 17  Recital (2), Council Implementing Regulation (EU) 2015/81. On the limits of the legal basis funding the SRM, see Kern (2015), p. 175 et seq. 18  Cf. EC, Press release 30.11.2015. http://europa.eu/rapid/press-release_STATEMENT-15-6200_ en.htm. Accessed 20 July 2018. 19  Decision of the Plenary Session of the Single Resolution Board on adopting the Financial Regulation of the Single Resolution Board (Board), Brussels, March 25th 2015. 15

114

4  The Institutional Design of EU Banking Supervision

the basis of an open selection procedure, after the European Parliament had approved a shortlist proposed by the Commission.20 Granted with investigating powers similar to the SSM to fulfil its tasks (which could likely be the subject of a separate dissertation, as they might possibly cause critical issues similar to the SSM’s), the Board is entrusted to decide whether a bank is failing or likely to fail, whether it is necessary to place it into resolution, and whether and how to use the SRF—which, in any case, can contribute to the resolution only if at least 8% of the total liabilities of the failed bank have been already bailed-in. The resolution scheme prepared by the Board shall then be approved or rejected by the Commission or, in certain circumstances, by the Council within 24 h.21 Under the SRB supervision, the execution of the resolution scheme in a specific country will be left in charge of the designed National Resolution Authority (NRA).22 To preserve the sensitivity of the matter, the SRM Regulation requires that the decisions concerning the use of those funds shall be carried out independently from the European Central Bank.23 To safeguard depositors whose bank is failed, the Banking Union project provided for Deposit Guarantee Schemes (DGS), which may be used to reimburse limited amounts of deposits.24 Since national DGSs may remain vulnerable to large local shocks, a European Deposit Insurance Scheme (EDIS) has also been established, to ensure equal protection of deposits, regardless of the State where they are located. Within this framework, the coverage of national deposit guarantee has been harmonized at the EU level on the sum of € 100,000 per depositor, per institution. As soon as the EDIS will be fully operational, if a bank is placed into insolvency or resolution, and it is necessary to pay out deposits under that threshold, the national Deposit Guarantee Schemes and the EDIS will intervene. DGS however, are not aiming only at protecting depositors: They may be also useful to maintain the financial stability of the market in case of bank failures. In particular, they should avoid depositors from making panic withdrawals, and thus prevent such a behaviour to bring on a wide dimension its tragic economic consequences.

 Recital (31) and Article 43 Regulation No 806/2014.  Article 18(7) Regulation No 806/2014. 22  To be identified at national level, in most cases it corresponds to the national authority competent for banking supervision. 23  For this purpose, the SRM is supported by a budget which is separated from the ECB, cf. Article 47 Regulation No 806/2014. 24  Directive 2014/49/EU of the European Parliament and of the Council of 16.04.2014 on Deposit Guarantee Schemes, recently reviewed. 20 21

4.2 The European Supervisory Authorities

115

4.2  The European Supervisory Authorities As anticipated, three are the agencies composing the European System of Financial Supervision, whose role is still fundamental in the EU also after the creation of the Single Supervisory Mechanism and the Single Resolution Fund (even though their regulations are currently under revision to adjust to the new legal framework25): The European Banking Authority, the European Insurance and Occupational Pensions Authority, and the European Securities and Markets Authorities. The purpose of the European Banking Authority (EBA) is to maintain the safety and soundness of the banking system and its financial stability across the EU, ensuring effective and consistent prudential regulation, and supervision. To achieve so, the EBA was granted an extremely relevant role in the context of financial supervision, where it substantially contributes to the creation of prudential rules for financial institutions to be applied in all Member States, as well as to the promotion of supervisory practices and risk-assessment evaluations of the banking sector. Two bodies govern the Authority: The Board of Supervisors (BoS) and the Management Board. While the latter has essentially proposing powers, the BoS represents the real decision-making body when it comes to the approval of standards and supervisory guidelines. The Board is composed by the 28 heads of the Member States’ supervisory authorities, and by several members with observer status, including the Board’s Chair.26 The Chair is appointed by the Board itself, but the European Parliament has the authority to object the designation before she takes up

 The reform should aim at make the ESAs acting more independently from national interests, cf. European Commission, Proposal for a Regulation Amending Regulations (EU) No 1093/2010 (European Banking Authority); No 1094/2010 (European Insurance and Occupational Pensions Authority); No 1095/2010 (European Securities and Markets Authority); No 345/2013 on European venture capital funds; No 346/2013 on European social entrepreneurship funds; No 600/2014 on markets in financial instruments; No 2015/760 on European long-term investment funds; No 2016/1011 on indices used as benchmarks in financial instruments and financial contracts or to measure the performance of investment funds; and No 2017/1129 on the prospectus to be published when securities are offered to the public or admitted to trading on a regulated market, Brussels, 20.9.2017 COM(2017) 536 final, 2017/0230 (COD) (hereinafter, “European Commission, Proposal”). On the creation and original powers of the EBA see Antoniazzi (2013), pp. 176–186. In September 2018, as a reaction to the Danske Bank scandals related to money laundering violations, and as part of a broader strategy to strengthen the EU framework for prudential and antimoney laundering supervision for financial institutions, the 2017 proposals were amended (among other reasons) to give EBA tools, governance and resources to ensure effective cooperation and convergence of supervisory standards in the area of anti-money laundering (Cf. Brussels, 1.09.2018, 12111/18, Interinstitutional File 2017/0230(COD)). The proposed reform, however, to date does not address the critical issue of creating also an adequate investigating structure within the EBA (which, instead, could be now found in the European Central Bank). 26  Article 40, Regulation (EU) No 1093/2010 of 24.11.2010 establishing a European Supervisory Authority (European Banking Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/78/EC. 25

116

4  The Institutional Design of EU Banking Supervision

her duties.27 The BoS is also entitled to approve the EBA’s budget; under this profile, the Authority is mainly funded by a subsidy from the European Union, which is then integrated by mandatory contributions from the national supervisory authorities.28 Also after the establishment of the Single Supervisory Mechanism, and the following re-distribution of competences, the EBA maintains a significant position in the EU. Specifically, the Authority is still entrusted with ensuring the consistency of supervisory outcomes throughout the Union, monitoring and promoting the implementation of the Basel III Accord, which is now part of the so-­called Single Rulebook. In addition, the EBA has been mandated to produce secondary legislation (Binding Technical Standards, or “BTS”29), guidelines, and reports for the implementation of the CRD IV/CRR package in the European Union. The results of the EBA’s drafting activity, as incorporated in EU legal acts by the Commission, are binding also for the action of the European Central Bank which, under the current legal framework, has been conferred the power to directly adopt regulations in the field of capital requirements and supervision.30 The role of European Banking Authority remains crucial especially towards those Member States outside the Eurozone, to which the new ECB’s powers cannot be applied, unless they specifically issue a notification in this sense.31 There, the EBA represents the only form of EU banking oversight, capable–if not to directly intervene in the concrete management of banks—at least to affect the parameters according to which national supervisions shall be enforced. Potentially, it is in this capacity that the Commission proposed, in 2018, to confer to EBA also specific powers against money laundering and financing of terrorism.32 A fundamental role in the EU financial market is played also by the European Insurance and Occupational Pensions Authority (EIOPA), and the European Securities and Markets Authority (ESMA).33  Article 48(2), Reg. 1093/2010.  Article 62, Reg. 1093/2010. In the proposal of reform of 2017, the contribution from the national supervisors will be substituted by contributions from the financial sector, cf. European Commission, Proposal-Explanatory Memorandum, p. 279 et seq. 29  BTS are “legal acts which specify particular aspects of an EU legislative text (Directive or Regulation) and aim at ensuring consistent harmonisation in specific areas. BTS are always finally adopted by the European Commission by means of Regulations or Decisions. According to EU law, Regulations are legally binding and directly applicable in all Member States. This means that, on the date of their entry into force, they become part of the national law of the Member States and their implementation into national law is not only unnecessary but also prohibited”, cf. http://www. eba.europa.eu/regulation-and-policy/single-rulebook. Accessed 20 July 2018. 30  Cf. Article 132 TFEU, and Recitals (7)–(32), Council Regulation (EU) No 1024/2013 of 15.10.2013 conferring specific tasks on the European Central Bank concerning policies relating to the prudential supervision of credit institutions (hereinafter “SSM Regulation”-SSM R). 31  Cf. Article 7 SSM R. This option so far remained unapplied. 32  Cf. supra, note 25. 33  ESMA is particularly touched by the Proposal of reform issued by the Commission, according to which it should get direct supervision over certain sectors of capital markets across the EU, like capital market data; capital market entry; capital market actors; and market abuse cases, see EC, 27 28

4.2 The European Supervisory Authorities

117

These authorities, governed by a Board of Supervisors and by a Management Board with a composition equivalent to those of the Banking Authority, and characterized by a similar funding system,34 are not illustrated here in their detailed ­prerogatives and tasks, since their fields of competence do not strictly concern banking investigations. Nonetheless, in the remit of this work, their presence in the ESFS shall be taken in due account when assessing the overall efficiency of financial supervision in the EU. Against the most relevant decisions taken by the ESAs, a special Joint Board of Appeal has been set up, which results a fundamental term of comparison with the form of internal administrative review established for the Single Supervisory Mechanism.35 Specifically, the decisions which may be appealed are those concerning: Breach of EU law by a supervisor; actions in emergency situations; disagreements between competent authorities in cross-border situations; and decision of direct and individual concern to natural or legal persons.36 In order to ensure its independence, the Board of Appeal is composed of six members and six alternates, appointed by the ESAs among individuals who are not part of the staff of any national competent authority or EU institution “involved in the activities of the Authority”, and equipped with “a proven track record of professional experience in the fields of banking, insurance, occupational pensions and securities markets or other financial services, and with the necessary legal expertise to provide expert legal advice in relation to the activities of the Authorities”.37 The decisions of the Board of Appeal can themselves be further appealed before the Court of Justice of the European Union.38

Creating a stronger and more integrated European financial supervision for the Capital Markets Union, Press release, Brussels, 20.09.2017. http://europa.eu/rapid/press-release_IP-17-3308_en. htm. Accessed 20 July 2018. 34  Cf. Article 62 Regulation (EU) No 1094/2010 of 24.11.2010 establishing a European Supervisory Authority (European Insurance and Occupational Pensions Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/79/EC; Article 62, Regulation (EU) No 1095/2010 of 24.11.2010 establishing a European Supervisory Authority (European Securities and Markets Authority). 35  Cf. Section II, ESAs Regulations; see below, Sect. 4.4.3. For an analysis of the Joint Board of Appeal, see, e.g., Looseveld (2013a), pp. 9–13; Magliari (2017), pp. 101–111; Moloney (2012a), p. 136. 36  Cf. Article 60(1) ESAs Regulations. In addition, also decisions adopted in accordance with the applicable EU banking and financial legislations ex Article 1(2) ESAs Regulations. 37  Cf. Articles 58 and 59 ESAs Regulations. 38  Cf. Article 61, ESAs Regulations. See also Looseveld (2013a), pp. 12–13.

118

4  The Institutional Design of EU Banking Supervision

4.3  S  anctioning Powers in the Single Rulebook: Relevant Provisions of the IV and V Capital Requirement Directive At the EU level, the most relevant step in the reorganization of banking supervision (and soon CRR II) was the adoption of the CRD IV-CRR package in 2013. While the CRR mainly provides for “quantitative” prudential rules (such as minimum capital buffers, or liquidity requirement), in light of the following analysis—that is carried out with a criminal law perspective—extremely relevant are the sanctioning powers recognized by the IV and (from the end of 2020), the V Capital Requirement Directive (CRD IV/V). The breaches of prudential requirements that justify the application of these penalties under CRD IV and CRD V are listed in Articles 66 and 67 of the Directive, and mainly concern: The violation of the requirements necessary to obtain the licence for exercising credit activity, and the use of false statements or other irregular means to obtain it39; the violation of the requirements to acquire qualifying holdings and dispose of them, as well as the failure to inform the competent authorities about the acquisition, or to report other relevant information40; the violation to implement due governance arrangements and capital requirements,41 and (according to CRD V) failure to apply for approval in case of financial holding companies and mixed financial holding companies.42 In those cases, CRD IV/V recognizes sanctioning powers to the National Competent Authorities (NCAs) established in each EU Member State for the purposes of banking supervision (mainly, but not necessarily, coinciding with national central banks).43 Member States are bound to sanction at least the illicit behaviours listed in Articles 66 and 67 CRD IV/V; which lets them free to provide for additional irregularities and penalties at national level. According to Article 65(1) CRD IV, moreover, States also retain discretion in deciding whether to punish such conducts under criminal or administrative law. In the first case, the latter are under the obligation to “communicate to the Commission the relevant criminal law provisions”.44 Irrespective of domestic qualifications, however, the Directive requires Member States to confer sanctioning powers to the NCAs, so as to make them able to impose “effective, proportionate and dissuasive” administrative pecuniary penalties or other administrative measures, “sufficiently high to offset the benefits that can be expected and to be dissuasive even to larger institutions and their managers […] to ensure the

 Article 66(1) lett. a, b; Article 67(1) lett. a. CRD IV/V.  Article 66(1) lett. c, d; Article 67(1) lett. b, c, f, g, h, i, m. CRD IV/V. 41  Article 67(1) lett. d, j, k, l, n, o, p. CRD IV/V. 42  Cf. Article 21a and 66(1)(e), introduced by CRD V (Directive (EU) 2019(878 of 20.05.2019). 43  On the coexistence, in the Eurozone, of NCAs and the SSM, see below, Sect. 4.4. 44  Cf. also Recital (41) CRD IV/V.  About the potential problems of this provision for the SSM sanctioning procedures, see below, Sect. 4.4.2. 39 40

4.3 Sanctioning Powers in the Single Rulebook: Relevant Provision of the IV and V…

119

greatest possible scope for action following a breach and to help prevent further breaches”.45 At Articles 66 and 67, the Directive lists the minimum administrative sanctions that should be applicable in case such breaches are ascertained. Due to the use of a directive as legal basis, to become enforceable such penalties need to be transposed at national level, both through State legislation and, where so allowed, specific regulations issued by National Competent Authorities. Targets of the sanctions include a broad category of subjects, consisting of controlled financial institutions, subjects who effectively rule the business of an institution, and members of its management body.46 The type of sanctions varies too. They range from the suspension of the voting rights of the liable shareholders; to the temporary ban against responsible members of the institution’s management body; the withdrawal of the banking authorization; the issue of a public statement which identifies the nature of the breach and the subject responsible, and orders requiring ceasing the conduct and to desist from any repetitions.47 CRD IV/V also requires NCAs to apply notable pecuniary penalties. Specifically, financial institutions may be fined up to 10% of the total annual net turnover or of up to twice the amount of the benefit derived from the breach where that benefit can be determined. In the case of a natural person, administrative pecuniary penalties may range up to EUR 5 million.48 As will be discussed further below, the potential severity of such penalties, despite their statutory classification as administrative, assumes a pivotal role in determining their substantive nature in light of the Engel criteria, as applied by the European Courts.49 To enhance the dissuasive effect of the sanctions provided for by the Directive, all decisions applying such penalties shall be published; a measure which results especially relevant for the reputational issues involved.50 In particular, according to Article 68 CRD IV/V, publication duties cover administrative penalties for all breaches of CRD IV/V and CRR and CRR II, against which there is no appeal, and shall include the information about the type and nature of the breach, and the identity of the natural or legal person on whom the penalty is imposed (from which the label of “naming and shaming”51). The publication, which  Recitals (35)-(36)-(41) CRD IV/V.  Cf. also Recital (35) CRD IV/V. 47  Article 66(2), let. a, b, f; Article 67(2), let. a, b, c, d. CRD IV/V. 48  Article 66(2), let. c, d, e; Article 67(2), let. e, f, g. CRD IV/V. 49  Cf. Sect. 6.2. 50  Cf. Recital (38) CRD IV/V. For the implication upon the presumption of innocence, see Sects. 6.3.5 and 6.3.6. 51  The expression, known since the late nineteenth century, is reported to had begun to be used as a verbal phrase in the 1990s, following an initiative by the UK Government. “On Oct 8, 1996 The Independent (London) reported that: “The Home Secretary [Conservative minister Michael Howard] is also expected to suggest a scheme to ‘name and shame’ young offenders by giving courts the power to remove the automatic anonymity for under-18s””, source: https://www.phrases. org.uk. Accessed 20 July 2018. According to Garner (2014), p. 1542, with “shame sanction” is 45 46

120

4  The Institutional Design of EU Banking Supervision

shall be done in the website of the authorities competent to impose the sanctions, and remain there for at least 5 years, may be performed on an anonymous basis in circumstances as exceptional, as unfortunately vague, in which it: (a) Would represent a disproportionate measure of the privacy of the sanctioned natural persons; (b) it could jeopardise the stability of financial markets or an ongoing criminal investigation; or (c) where it would cause a disproportionate damage to the institutions or natural persons involved. In case the sanctions imposed may still be appealed, CRD IV/V does not require Member States to publish the news that a penalty has been applied; however, if that is the case, the publication shall also include information on the appeal status and outcome thereof. The Directive also provides for a minimum level of harmonisation in the procedure that NCAs should follow in investigating potential breaches, requiring that national authorities should be entitled all “necessary investigative powers” towards natural and legal persons, which should be exercised without prejudice to the rights of the defence of anyone who has been charged.52 More specifically according to Article 65(3), let. a) and b), CRD IV/V, and in line with Basel Core Principles 1, 9 and 10,53 NCAs should be able to request the submission of documents, and to obtain all information necessary to carry out their tasks, orally or in writing, from the subjects under investigation, and to interview any other person who consents to do so, for the purpose of collecting information relating to the subject matter of an investigation.54 Let. c) of the same Article also recognizes that national authorities shall enjoy the power to conduct inspections at the business premises of the legal persons under investigations, and to examine their books and records, as well as to take copies or extracts of the latter.55 Judicial authorization to perform those measures shall be requested if so provided at national level.56 According to Article 72 CRD IV/V, National Competent Authorities should take into account all relevant circumstances during the decision-making phase, state reasons, and guarantee the right of appeal against decisions that impose sanctions.57 According to Article 69 CRD IV/V, the evaluation processes at national level shall be supported by a central database containing details of the administrative penalties imposed, including any appeals in relation thereto. The database, accessible only to competent authorities, shall be maintained by the European Banking

indicated “A criminal sanction designed to stigmatize or disgrace a convicted offender, and often to alert the public about the offender’s conviction. A shame sanction usually publicly associates the offender with the crime that he or she committed” [italics added]. 52  Recital (40) CRD IV/V. 53  Cf. above, Sect. 3.5. 54  Cf. also Article 52 CRD IV/V. 55  Cf. also Recital (26), and Articles 52, and 122 CRD IV/V. 56  Cf. Sect. 4.4.3 below; critical analysis in Sect. 6.3.3. 57  Cf. also Recital (37) CRD IV/V. The explicit duty to state reasons has been introduced in Article 64(3) by CRD V.

4.4 Banking Supervision in the Eurozone: The Single Supervisory Mechanism

121

Authority, also for the purpose of ensuring an efficient system of exchange of information in the field of banking supervision.58

4.4  B  anking Supervision in the Eurozone: The Single Supervisory Mechanism With the establishment of the Single Supervisory Mechanism (SSM), the Eurosystem finally provided itself with a centralised banking supervisory authority, placed within the European Central Bank (ECB), which was already the single entity responsible for the monetary policy in the Eurozone.59 The action of this new body founds its legal bases on two fundamental texts: The 2013 EU Council Regulation No. 1024, better known as the SSM Regulation (or “SSM R”), and the 2014 Regulation No. 468 of the European Central Bank, the so-­ called SSM Framework Regulation (or “SSM FR”).60 The new Mechanism officially entered into force in November 2014, even if the ECB was already conferred some of its supervisory powers since the previous year.61 The SSM supervisory system, however, does not completely substitute national oversight and control over all credit institutions, but centralised only some (although rather broad) functions and tasks. In the current legal framework, therefore, banking supervisory tasks are shared between the ECB and National Competent Authorities, (NCAs).62 Starting from November 2014, the SSM substituted national authorities in supervising all “significant” credit institutions, financial holding companies, mixed financial holding companies, or branches of the above. According to the criteria established in Article 6 SSM R, an institution shall be assessed as “significant” based on parameters such as: The institution’s size; its importance for the economy of the Union or of any participating Member State; and the relevance of its cross-­ border activities.63 Irrespective of their absolute size, the SSM always supervises the three most significant credit institutions in each of the participating Member States.  Recital (39) CRD IV/V.  Cf. Recital (13) SSM R. For the economic and political background at the basis of the ECB banking supervisory powers, Antoniazzi (2013), p. 159 et seq.; Antoniazzi (2014a), p. 359. 60  See EU Council Regulation No 1024/2013 of 15.10.2013, cit., and Regulation (EU) No 468/2014 of the European Central Bank of 16.04.2014 establishing the framework for cooperation within the Single Supervisory Mechanism between the European Central Bank and national competent authorities and with national designated authorities (hereinafter “SSM Framework Regulation— SSM FR”). 61  “From 3 November 2013, the ECB may start carrying out the tasks conferred on it by this Regulation other than adopting supervisory decisions”, cf. Article 33(3), SSM R. See also ECBSSM Quarterly Report (2014). 62  On the analysis of the relationships between ECB and NCAs, in terms of supervisors’ liability, see D’Ambrosio (2015), especially p. 124 et seq.; Andenæs (2015), pp. 3–6; Barbagallo (2014). 63  The institution shall not generally be considered less significant if: the total value of its assets exceeds EUR 30 billion; the ratio of its total assets over the GDP of the participating Member State 58 59

122

4  The Institutional Design of EU Banking Supervision

The ECB may also, on its own initiative, consider an institution to be of significant relevance whether the latter has established banking subsidiaries in more than one participating Member State, and its cross-border assets or liabilities represent a significant part of its total assets; or when it is necessary to ensure consistent application of high supervisory standards.64 According to those criteria, currently the SSM exercises its supervision on 116 significant banking groups, representing almost 82% of the total banking assets in the Eurozone.65 “Less significant” credit institutions remain instead under the oversight of national authorities,66 which are also competent for all macro-prudential tasks not explicitly assigned to the EBC (such as the provision of investment and payment services, or the issuance of electronic money67). Within this competence, National Competent Authorities may begin a supervisory proceeding on their own initiative; may be requested by the ECB to start a proceeding; or even ask the ECB to be requested to start a proceeding within their jurisdictions.68 NCAs remain also in charge of certain sensitive tasks, such as verifying the compliance of financial institutions with AML/CFT Programs; referring rel-

of establishment exceeds 20%, unless the total value of its assets is below EUR 5 billion; the ECB takes a decision confirming such significance following a comprehensive assessment by the ECB, following a notification by its national competent; and for those for which public financial assistance has been requested or received directly from the EFSF or the ESM, cf. Article 6(4) et seq. SSM R, and Article 57 et seq. SSM FR. 64  Article 6(4) SSM R, as specified by Articles 1-2-39-40-43-44-50-51-52-57-58-59 SSM FR. On the separation of competences found on this criterion, see also Gortsos (2015a), pp. 401– 420. On the interpretation of the notion of “significance” in the context of the SSM, cf. recently CJEU, Landeskreditbank v ECB, Case T-122/15, 16.05.2017, ECLI:EU:T:2017:337 (confirmed in appeal in Case C-450/17 P), § 63 et seq., as confirmed by Credit Mutuel Arkea v ECB, Case T-52/16, 13.12.2017, ECLI:EU:T:2017:902, § 61 (appeal currently pending before the ECJ in Case C-153/18 P), and in cases T-768/16 (BNP Paribas) ECLI:EU:T:2018:471; T-758/16 (Crédit agricole SA), ECLI:EU:T:2018:472; T-757/16 (Société generale), ECLI:EU:T:2018:473; T-751/16 (Confédération nationale du Crédit mutuel), ECLI:EU:T:2018:475; T-745/16 (BPCE), ECLI:EU:T:2018:476; T-733/16 (La Banque postale), ECLI:EU:T:2018:477, all of 13.07.2018. 65  Cf. https://www.bankingsupervision.europa.eu/ecb/pub/pdf/ssm.listofsupervisedentities20190502.en.pdf. Accessed 16 June 2019, periodically updated (last update: May 2019). 66  Article 5 SSM R; and Recital (5) and Article 7 SSM FR. 67  Cf. Article 1 and Recital (28) SSM R according to which: “Supervisory tasks not conferred on the ECB should remain with national authorities. Those tasks should include the power to receive notifications from credit institutions in relation to the right of establishment and the free provision of services, to supervise bodies which are not covered by the definition of credit institutions under Union law but which are supervised as credit institutions under national law, to supervise credit institutions from third countries establishing a branch or providing cross-border services in the Union, to supervise payment services, to carry out day-to-day verifications of credit institutions, to carry out the function of competent authorities over credit institutions in relation to markets in financial instruments, the prevention of the use of the financial system for the purpose of money laundering and terrorist financing and consumer protection”. 68  Article 134(2) SSM FR. These options will be further analysed below in paras 4.1, and 4.2.

4.4 Banking Supervision in the Eurozone: The Single Supervisory Mechanism

123

evant information to judicial authorities; and enforcing consumer protection policy.69 The new system of banking supervision in the Eurozone is thus characterized by a peculiar combination of centralized and peripheral oversight, in which most daily operations need to be coordinated between National Competent Authorities and the European Central Bank, who retains the responsibility for the overall supervisory performances. Aware of this context, effective cooperation is strongly supported in the new SSM Regulations, which require NCAs to assist the Central Bank and to follow its instructions within its sphere of competence.70 Recognizing the importance of the long-established supervisory expertise reached by NCAs with regard to their own national contexts, the SSM Regulations allow national and EU experts to operate together through the creation of Joint Supervisory Teams (JSTs), which, as it will be further illustrated, have a fundamental role in the daily supervision of credit institution—and accordingly, in case of breaches, in the first phases of the ­ investigation.71 In addition to these supervisory functions, Articles 4(1)(a)(c) and 6 SSM R provide for certain tasks for which—since November 2014—the SSM is the competent authority in relation to all credit institutions of participating Member States, regardless for any classification on the “significance” of the bank. These are the cases of the so-called “common procedures”, listed in Articles 14 and 15 SSM R, which concern granting and withdrawing of banking authorizations; and approval of the acquisitions of qualifying holdings.72 Interestingly, to perform such tasks, Article 4(3) SSM R grants the SSM with the possibility of applying “all relevant Union law, and where this Union law is composed of Directives, the national legislation transposing those Directives. Where the relevant Union law is composed of Regulations and where currently those Regulations explicitly grant options for Member States, the ECB shall apply also the national legislation exercising those options” (italics added). The faculty for the ECB to apply national legislation transposing directives represents a peculiar feature not only in banking supervision, but for the whole distribution of powers within the EU, since, at least in principle, institutions, organs, agencies and bodies of the Union apply EU and not national law. This feature, as will be discussed further below, poses moreover relevant issues when it comes to define before which court such acts may be challenged, and in

 Recital (28) SSM R.  Article 6(3) SSM R. 71  Articles 3 to 5, and 115 SSM FR. Cf. below, Sect. 4.4.3. 72  As defined by Article 2(3) SSM FR. For an analysis of these measures in the context of the Engel case-law, see Sect. 6.2. Qualifying holding are defined by Article 4(1)(36) CRR as “means a direct or indirect holding in an undertaking which represents 10% or more of the capital or of the voting rights or which makes it possible to exercise a significant influence over the management of that undertaking”. 69 70

124

4  The Institutional Design of EU Banking Supervision

particular which scope of review the Court of Justice may exercise in such cases (on which the CJEU has already started to issue decisions73). The fact that the SSM, as part of an EU institution, may apply national law, however, does not strictly represent an unicum in the EU legal framework. As underlined by legal scholars, the Commission for instance, both in the infringement proceedings, and in competition law, already enjoys some competence related to national law.74 In the first case, the Commission may need to interpret national law to assess whether a Member State is in breach of EU law, in order to decide on the initiation of the infringement procedure.75 Under antitrust law, on the other side, national competition authority within the European Competition Network have the responsible to ensure the compliance of domestic legal systems with the relevant TFEU provisions, in accordance with the primacy of EU law.76 In case Member States introduce measures contrary to the EU competition rules, such authorities are naturally competent to disapply national law in the course of their investigations. However, where the anti-­competitive behaviour based on national law is such as to require the intervention of the Commission, the latter would be entitled to interpret national law, for instance to verify whether undertakings may invoke any exemption. The same vertical application of national law may occur in case of appeals before sanctions applied in these contexts.77 In both cases, however, contrary to the SSM, the Commission competence towards national law does not extend also to its direct application, being limited in the first case to its interpretation, and in the latter to its disapplication or to consider it a factor precluding the imposition of a sanction.78 More relevant to the SSM prerogatives seems instead the area of EU trade mark protection, where indeed the European Union Intellectual Property Office (EUIPO), a decentralised agency of the European Union which deals with IP rights protection, may declare invalid a trade mark (also) on the basis of national law. In this case, in fact, the EUIPO may directly interpret and apply national law during EU proceedings.79

 Cf. Caisse régionale de crédit agricole mutuel Alpes Provence and Others v European Central Bank, Joined Cases T-133/16 to T-136/16, 24.04.2018, ECLI:EU:T:2018:219; for an analysis of the CJEU jurisdiction in these cases, see Sect. 6.3.3. 74  Cf. Magliari (2015), pp. 1355–1357. 75  On the matter see, e.g., Gil Ibáňez (1999). 76  Consorzio Industrie Fiammiferi (CIF) v Autorità Garante della Concorrenza e del Mercato, Case C-198/01, 9.09.2003, ECLI:EU:C:2003:430, §§ 48–50, cf. also Cassese (2003), p. 1129 et seq. 77  Cf. Marchetti (2014), p. 32, although the case-law on the matter is not especially developed yet. 78  In this sense, Magliari (2015), pp. 1356–1357. 79  Cf. Article 53(2) Council Regulation (EC) No 207/2009 of 26.02.2009 on the Community trade mark. Until 23 March 2016, EUIPO was known as Office for Harmonisation in the Internal Market-OHIM. See also Magliari (2015), pp. 1357–1358. 73

4.4 Banking Supervision in the Eurozone: The Single Supervisory Mechanism

125

Last but not least, in the criminal matter, a power to directly apply national law may be found in the EPPO Regulation80: A parallelism which is perhaps indicative of the common idea of “federal” Europe, shared by both this and the Banking Union project.81 In banking supervision, in particular, the faculty of directly applying national law has been grounded on the fact that a large part of supervisory legislation remains governed by national law, that is highly fragmented even when transposing EU directives. Having a single European institution being able to apply all these different statutes could then be an indirect vehicle of harmonization.82 Similarly to the EUIPO, the national law which the ECB may currently apply according to Article 4(3) SSM R seems to be only of substantial nature, since (at least so far) administrative procedural law at the national level is mostly not deriving from the transposition of EU directives.83 The SSM powers in this case, therefore, appear analogous to those of the Intellectual Property Office, even though their concrete impact—also concerning the review of the acts so adopted before the CJEU—may be more extensive, given the broad scope of application of the ECB supervisory powers.84 Coming to the organization of the Single Supervisory Mechanism, being located within the European Central Bank, the SSM falls under the general management of the Governing Council, the highest decision-making body of the ECB, although the SSM Regulation requires supervisory tasks to be exercised “in full independence”.85 The Governing Council is composed of the six members of the ECB Executive Board, and of the 19 Governors of the National Central Banks of the Member States whose currency is the Euro. The ECB Executive Board is composed of the ECB President, a vice-president and four other members, all appointed by the European Council acting by a qualified majority. These members are responsible for the current business of the ECB,

 Cf. Article 5(3), EPPO Regulation (2017/1939), cit., see also Sect. 2.3.4. Contrary to the SSM, however, all the measures grounded on national law issued by the EPPO fall under the jurisdiction of national courts. Cf. also Sect. 6.3.3. 81  This new feature may be read as a relevant step in the European integration project towards the acknowledgement of a single integrated legal system, composed indifferently of European and national law; in this sense, cf., e.g., Witte (2014), p. 109. Such an interpretation may be confirmed considering that also the EPPO, which has been proposed precisely with the idea of strengthening the European integration under a criminal procedure point of view (like the SSM in its field) will, if the project will be approved, have to apply not only European, but also and above all national relevant law. 82  See Senkovic (2015), p. 100, according to which that would imply that national law cannot (any longer) “be applied in a way that would undermine the effectiveness and the uniformity of EU law or serve as a tool for protectionist purposes”. 83  Different is the case of Article 9(1) SSM R, see below Sect. 4.4.1. Arguing that the reference contained in Article 4(3) refers only to “organizational matters”, Lamandini (2015), pp. 122–123. 84  This issue is further analysed in Sect. 6.3.3. 85  Recital (66) and (75) SSM R. 80

126

4  The Institutional Design of EU Banking Supervision

and hold permanent voting rights in the Governing Council for all their mandate.86 The attribution of voting rights among national Governors is quite complicated. According to the Treaties, as soon as the number of Euro-area countries exceeded 18, a rotation voting system shall be implemented; a situation which occurred in 2015, when Lithuania acceded to the Euro.87 Consequently, participating States are divided into two groups depending on their economies and financial sectors’ size. Following such ranking, which shall be reviewed at least every 5 years, Governors have been grouped: A first group of five (currently representing DE, FR, IT, ES and NL) share four voting rights; all the other Governors share 11 voting rights. Within each group votes are exercised in monthly turns. Daily management of the SSM is then exercised by a special body, internal to the ECB, called Supervisory Board (SB).88 The Board is composed of a Chair, with a non-renewable mandate of 5 years, a vice-chair, chosen from among the members of the Executive Board, four ECB representatives and one NCA representative for each participating Member State.89 SSM supervisory tasks are paid through annual fees charged upon the controlled credit institutions established in the participating Member States.90 The new supervisory functions shall be exercised independently from the monetary functions of the ECB. However, having chosen for a model in which banking supervision and monetary policy are reunited in the same institution, and, above all, since the TFEU was not modified for the establishment of the Single Supervisory Mechanism, the latter has not been equipped with its own decision-making body. This led to the current situation, in which supervisory legally binding decisions can be issued only by the ECB decision-making bodies, and in particular, according to the SSM Regulations, by the Governing Council.91 The relation between the Supervisory Board and the Governing Council is regulated by what goes under the name of “non-objection procedure”, provided for by Article 26(8) SSM R. In this model, it is only the Supervisory Board (SB) which drafts the content of supervisory decisions. Once notified to the Governing Council, SB drafts are to be considered approved, unless the Council opposes in writing within a period not exceeding a maximum of ten working days. The Governing Council may oppose the draft decision on its own initiative, or following an objection presented by a Member State which is participating to the SSM but whose cur Article 11, Statute of the European System of Central Banks (ESCB) and of the European Central Bank, to date Protocol No 4 to the TFEU. 87  Article 10(2), Statute of the ESCB and of the ECB. The original decision provided for the mechanism to be enforced when there were more than 15 Euro area countries, but the option to postpone that until they reach the number of 18 has been used. 88  On the relationship between the SB and the Governing Council due to the (not-amended) Treaty legal basis, see Ter Kuile et al. (2015), p. 174 et seq. 89  The Board is operational since the approval of the Decision of the European Central Bank of 6.02.2014 on the appointment of representatives of the European Central Bank to the Supervisory Board (ECB/2014/4). From April 2014, the activity of the Board is also regulated by the Rules of procedure of the Supervisory Board of the European Central Bank of 31.03.2014. 90  Cf. Recitals (77)-(78) SSM R. 91  For a critical evaluation of this structure in terms of independence, see Sects. 6.1 and 6.1.1. 86

4.4 Banking Supervision in the Eurozone: The Single Supervisory Mechanism

127

rency is not the euro.92 In both cases, where there is a contrast between the positions of the Governing Council and the Supervisory Board, another newly established body, called Mediation Panel, takes the final decision, possibly achieving a balance.93 The Panel, especially entrusted with the task of preserving the independence of the supervision from the influence of the financial policy, and preventing conflicts of interests within the same ECB, is composed of one member per participating Member State, appointed at national level.94

4.4.1  SSM Supervisory Powers Several are the prerogatives which the Single Supervisory Mechanism may exercise in carrying out its functions, a first relevant set of which goes under the name of “supervisory powers”. In the intention of the SSM Regulations, these powers shall aim at ensuring the compliance of credit institutions, financial holding companies or mixed financial holding companies with the prudential requirements established in CRR/CRR II and CRD IV/V. To achieve so, supervisory powers allow the SSM to intervene in the management of a bank and address specific critical circumstances, provided for by Article 4(1) and (2) SSM R: For instance, if the bank is found in breach, or is likely to breach, prudential requirements; during the assessment over management’s fit and proper, or while conducting stress tests; and in cases where early intervention might be needed.95 “Common procedures” under Articles 14 and 15, as illustrated above,96 also represent special circumstances in which such oversight powers may be exercised. If the SSM, and especially the Joint Supervisory Team in charge for the daily supervision of a specific credit institutions, reckons one or more of these situations emerge, supervisory measures may be applied following the non-objection procedure.

 The option of participating to the SSM even without having accessed to the Euro is provided for by Articles 7(8) and 26 SSM R, but has not been implemented by any EU Member State yet, on the issue see, e.g., Dumitrescu (2017), p. 1. 93  Recital (76) SSM R, and Article 25§ 5 SSM FR. From June 2014, the Panel’s composition and powers are provided for by Articles 3–4, Regulation (EU) No 673/2014 of the European Central Bank of 2.06.2014 concerning the establishment of a Mediation Panel and its Rules of Procedure (ECB/2014/26). 94  Cf. also Decision of the European Central Bank of 17.09.2014 on the implementation of separation between the monetary policy and supervision functions of the European Central Bank (ECB/2014/39). 95  Article 4(2) extends the SSM competence for the same cases also to branches of credit institutions belonging to non-participating Member States, located in participating Member States. 96  Cf. above Sect. 4.4. 92

128

4  The Institutional Design of EU Banking Supervision

In particular, Article 16(2) SSM R recognizes the ECB a number of supervisory powers, including requiring credit institutions to: Hold own fund in excess of the capital requirements and strengthen own funds (let. a, h); strengthen internal processes and strategies (e.g. governance, variable remuneration, let. b, c, g); and restrict or limit business and risk activities (let. d, e, f). The SSM may also restrict or prohibit distributions to shareholders (let. i); impose specific liquidity and reporting requirements (let. k, j); impose higher requirements for capital buffers, and apply more stringent measures aimed at addressing systemic or macroprudential risks97; require additional disclosures (let. l); and remove at any time unsuitable members from the management bodies in case of non-compliance with the due requirements set out by CRD IV–V (let. m). While most of these supervisory powers were already available in the EU legal framework thanks to Article 104 CRD IV, the discretion of removing of management bodies represents a newness of the SSM Regulation, and a power especially relevant in the assessment of the substantial nature of the measures applicable by the Mechanism, as will be discussed further.98 In its structure, Article 16 SSM R reveals the lack of clear distinguishing criteria between “supervisory” and “sanctioning” powers under Article 18 SSM R (as will be further illustrated in the following paragraph). Breaches of prudential CRR requirements, for instance, may in principle trigger the application of both measures, with the only difference that powers established by Article 16 refer to measures to be taken by credit institutions «at an early stage», while no such a specification may be found in Article 18 SSM R. In this sense, it could be argued a fortiori, by means of interpretation, that sanctions shall be imposed in case of breaches at an “advanced” (i.e. basically irrecoverable) stage. It clearly appears, however, that the margin of discretion conferred to the bodies in charge of daily supervisions (Joint Supervisory Teams) in concrete assessments remains scarcely controllable by the affected parties in lack of specific statutory parameters, with potentially adverse consequences in terms of fair trial safeguards.99 Moreover, in accordance with Article 9(1) SSM R, to carry out its supervisory functions the SSM may also exercise all the other powers conferred to national authorities at the national level by relevant Union law (such as early intervention measures). To apply this option, the SSM may send instructions to the NCAs, requiring them to make use of their powers, in accordance with the conditions set out in national law. The use of the wording “instruction”—that is not present as it will be illustrated hereinafter, in Article 18(5) SSM R100—suggests that NCAs do not enjoy discretion in executing the request of the SSM to make use of such powers, even though such

 This power is provided by Article 5(2) SSM R.  Cf. Sect. 6.2. 99  Cf., if you wish, Lasagni (2019). 100  Cf. below, Sect. 4.4.2. 97 98

4.4 Banking Supervision in the Eurozone: The Single Supervisory Mechanism

129

acts are adopted under national law.101 Therefore, according to Article 9(1) SSM R the ECB is “indirectly” entitled to apply national law. This hypothesis might result even more critical, in the general balance of powers within the EU, than that established by Article 4(3) mentioned above, according to which the ECB is entitled to directly apply national law,102 especially, as will be further debated, with regard to the definition of the standing before the Court of Justice.103 Indeed, have, the “national law” that the ECB is (indirectly, but with binding effects) instructing the competent national authorities to apply is not limited only to substantive law, but seems to cover—given the reference in Article 9(1) SSM R to the “powers” available to the latter “under and in accordance with the conditions set out in national law”—procedural law as well. This case represents therefore an example of the so-called “composite procedures”, in which EU and national authorities both participate, in different but complementary phases, to the same proceeding, and contribute to the decision issued as its result.104 Such procedures are rather common in the EU legal framework, where “harmonization of procedural law is undertaken not systematically but in bits and pieces throughout the regulation of various substantive law provisions”,105 and result particularly challenging to analyse, especially (for what is relevant to this work) with regard to the definition of clear standards for judicial review (i.e. who is the authority competent for judicial review, what is the scope of the review). These cases, which involve several stages before the institution arrives to a final decision, include also those where national authorities contribute to an EU administrative procedure. In these contexts, according to the applicable CJEU case-law, while intermediate, merely interlocutory steps cannot be separately reviewed,106 measures that defi Comparing it to the same binding force of close cooperation, Lackhoff (2017), p. 37.  Cf. above, Sect. 4.4. 103  Cf. Sect. 6.3.3. 104  Composite procedures are “multiple-step procedures with input from administrative actors from different jurisdictions, cooperating either vertically between EU institutions and bodies and Member States’ institutions and bodies, or horizontally between various Member State institutions and bodies or in triangular procedures with different Member State and EU institutions and bodies involved. The final acts or decisions will then be issued by a Member State or an EU institution or body but are based on procedures with more or less formalized input from different levels. Procedural integration of administrations in the EU creates a network structure. These networks jointly generate and share information. Such joint generation and exchange of information is the backbone of cooperation within integrated administration”, cf. Hofmann (2009), p. 136. 105  Hofmann (2009), p. 137, and 139: “Composite procedural elements exist for example in the area of technical safety, product safety, and standardization and technical norms, the procedures leading to the admission of medical products and genetically modified organisms, regulation of telecommunication, public procurement, asylum procedures, and the fight against money laundering”. 106  Unless in cases where the preliminary acts were “themselves the culmination of a special procedure distinct” from the main one and “which produce a binding legal effect, such as to affect the interests of an applicant by bringing about a distinct change in his legal position”, cf. Akzo Nobel Chemicals et o. v Commission, Joined cases T-125/03 and T-253/03, 17.09.2007, ECLI:EU:T:2007: 287, § 45. 101 102

130

4  The Institutional Design of EU Banking Supervision

nitely lay down the position of the EU decision-making body in the conclusion of that procedure are considered reviewable acts before the Court in Luxembourg.107 In such cases, moreover, following the jurisprudence set by Foto-Frost, the validity of EU acts shall be assessed exclusively by the Court of Justice, which is in the best position to decide so, due to the fact that national courts could not directly annul EU acts (like ECB decisions), even when EU institutions apply national law (for achieving this result, it would be necessary for national courts to make a preliminary reference to the Court of Justice).108 On the other side, in those cases where the EU merely takes notice of a decision, that produces legal effects (also) at the EU level, but is substantially assessed by a national authority, such decision could be reviewed only before the national courts.109 Against this general background, procedures like that of Article 9(1) SSM R, in which (at least apparently) national competent authorities lack of discretion in enforcing the ECB instructions, seem to fall under the scope of review of the Court of Justice.110 In such cases, however, the decisions at stake are not formally issued by the ECB, but by a national authority. Granting a review before the Court of Justice, therefore, would imply extending the scope of review of the CJEU not only upon national law, but also upon legal acts adopted by national authorities: A step which, as it will be further argued, might even jeopardise the very mechanism of preliminary ruling.111

4.4.2  SSM Sanctioning Powers In addition to supervisory measures, the SSM enjoys also proper administrative (at leas on paper) sanctioning powers which, according to Article 18(3) SSM R and in line with the CJEU jurisprudence since the renowned Greek Maize case,112 shall enable the ECB to impose effective, proportionate and dissuasive penalties.113  International Business Machines Corporation v Commission of the European Communities, Case 60/81, 11.11.1981, ECLI:EU:C:1981:264, § 10; Carl Kühne GmbH & Co. KG and Others v Jütro Konservenfabrik GmbH & Co. KG, Case C-269/99, 6.12.2001, ECLI:EU:C:2001: 659, § 58. 108  Foto-Frost v Hauptzollamt Lübeck-Ost., Case 314/85, 22.10.1987, ECLI:EU:C:1987:452, §§ 17–20. 109  Cf., e.g., Oleificio Borelli SpA v Commission of the European Communities, Case C-97/91, 3.12.1992, ECLI:EU:C:1992:491, §§ 9–13; Jean-Marie Le Pen v European Parliament, Case C-208/03 P, 7.07.2005, ECLI:EU:C:2005:429, § 50; Emerald Meats Ltd v Commission of the European Communities, Joined cases C-106/90, C-317/90 and C-129/91, 20.01.1993, ECLI:EU:C:1993:19, § 40. For an analysis of judicial review (also) in composite procedures, see Türk (2009), pp. 223–224. 110  Even though doubts may arise in light of the Plaumann admissibility test cf. Sect. 6.3.2. 111  Cf. Sect. 6.3.3. 112  Commission of the European Communities v Hellenic Republic, § 24. 113  Following a 2010 Commission’s Communication on the issue, sanctions are effective whether they are “capable of ensuring compliance with EU law, proportionate when they adequately reflect 107

4.4 Banking Supervision in the Eurozone: The Single Supervisory Mechanism

131

As recalled by Recital (53) SSM R, however, the SSM may impose penalties only upon legal entities (credit institutions, financial holding companies or mixed financial holding companies); natural persons, which might also be implicated in breaches of banking regulations, may be held liable for their conducts only at the domestic level, following the applicable national law. According to Article 18 SSM R, there are three broad categories of breaches which the SSM may spot during its supervisory activity; for two of which, the Mechanism may directly impose penalties114 upon credit institutions. A first area in which the SSM exercises direct sanctioning powers is provided for by Article 18(1) SSM R, that refers to the cases in which banks breach “a requirement under relevant directly applicable acts of Union law in relation to which administrative pecuniary penalties shall be made available to competent authorities under the relevant Union law”. Within this provision, the expression “directly applicable acts of Union law” has been interpreted as a reference to the EU Regulations, and in particular, at least so far, to Regulation 575/2013 (CRR). This hypothesis contains however also an indirect reference to national legislation. Indeed, according to Article 4(3) SSM R, where regulations, as it is the case of many provisions of the CRR, grant “options and discretions” to Member States, the SSM may also apply national legislation exercising those options.115 More controversial appears instead the reference (only) to penalties that “shall be made available to competent authorities under the relevant Union law”. A first way to interpret this expression would be that of limiting the ECB sanctioning powers only to those effectively provided for by national legislation while transposing EU law (mainly, CRD IV–V). This option, however, seems to leave too much discretion to Member States, that could impair the functioning of the supranational regulator the gravity of the violation and do not go beyond what is necessary for the objectives pursued, and dissuasive when they are sufficiently serious to deter the authors of violations from repeating the same offence, and other potential offenders from committing such violations”, cf. Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, Reinforcing sanctioning regimes in the financial services sector, Brussels, 8 December 2010 COM(2010) 716 final. Within these general parameters, the concrete assessment over the “gravity of the violation” and the consistency of the penalty with the “objective pursued” is then referred to the discretion of the competent authority. 114  Cf., e.g., ECB, Explanatory Memorandum, Recommendation for a Council Regulation (EC) No 2532/98 concerning the powers of the European Central Bank to impose sanctions, ECB/2014/19, Frankfurt, 16.04.2014. https://www.ecb.europa.eu/ecb/legal/pdf/celex_52014hb0019_en_txt.pdf. Accessed 20 July 2018. 115  Options refer to situations where competent authorities or Member States may choose how to comply with a certain provision selecting from a range of alternatives established in the legislation; Discretions indicates the situation in which competent authorities or Member States may choose whether to apply or not a given EU provision. Examples of O&D may be found in Articles 7, 8 and 89(3) CRR. On the extension of the possibility to apply national law in these circumstances, see Lamandini (2015), p. 122, reporting how, according to a certain line of reasoning, “if the ECB were empowered to exercise NCAs’ options, it is argued that this would be done for significant credit institutions only and “this would jeopardize the level playing field” in each Member State because the ECB and the NCA could exercise the options and discretions differently for significant and less significant credit institutions””.

132

4  The Institutional Design of EU Banking Supervision

simply not transposing or incorrectly transposing EU law (also taking into account the timing and political discretion in triggering the infringement procedure). Excluded this hypothesis, it still remains controversial, even after the approval of CRD V, whether Article 18 SSM R refers only to the measures indicated by Article 66 and 67 CRD IV–V, that include a broad, but still selected list of the potential breaches of CRR, or whether Member States should be bound by this Directive to sanction every possible violation of CRR and CRD IV. This last option could be supported by the wording of Article 65 CRD IV–V (according to which “Member States shall lay down rules on administrative penalties and other administrative measures in respect of breaches of national provisions transposing this Directive and of Regulation (EU) No 575/2013 and shall take all measures necessary to ensure that they are implemented”). However, it appears dubious that this rather vague provision could represent an adequate legal basis to ground a sanctioning power able to directly affect private individuals, especially in light of the rule of law principle.116 In case a breach under Article 18(1) SSM R is assessed, the SSM may impose pecuniary penalties on credit institutions “of up to twice the amount of the profits gained or losses avoided because of the breach where those can be determined, or up to 10% of the total annual turnover […] of a legal person in the preceding business year”.117 Where the sanctioned entity is a subsidiary of a parent undertaking, the percentage is going to be calculated on a consolidated basis.118 SSM Regulations do not define precisely whether the ECB may impose sanctions over all banking institutions, or only upon those which are under its direct supervision, and the scholars are divided on the matter.119 Due to a discrepancy between the wordings of Article 6 and Article 18 SSM R, on this point the Regulations may be interpreted in two different, opposite ways, both theoretically in compliance with the text, and with BCBS Core Principles 1 and 11.120 According to Article 6 SSM R,121 ECB’s competence is circumscribed to “significant” supervised entities; this approach is also in line with Article 124(1)(a) SSM FR which, regarding to Article 18(1), specifies that the SSM shall be referred breaches committed by “significant” supervised entities. Nonetheless, the “significance” criterion is not mentioned in Article 18 SSM R, which refers to all credit  Cf. Allegrezza (2019), p. 32.  Recitals (36)-(53) and Article 18(1), SSM R; Recital (24) and Articles 120, 122, 129, 130–132 SSM FR. 118  “The relevant gross income shall be the gross income resulting from the consolidated account of the ultimate parent undertaking in the preceding business year” cf. Article 67(2), let. g, CRD IV, and Article 18(2) SSM R. 119  On these aspects cf. Lackhoff (2013), p. 454. In favour of an extended application of Article 18, see Looseveld (2013b), p. 423; contrary Allegrezza and Voordeckers (2015), p. 156. For the Basel Core Principles, see above, Sect. 3.5. 120  On these interpretations, see D’Ambrosio (2013), pp. 31–32. 121  See above, Sect. 4.4. 116 117

4.4 Banking Supervision in the Eurozone: The Single Supervisory Mechanism

133

institutions, financial holding companies, or mixed financial holding companies which “intentionally or negligently, breach a requirement” of relevant EU law.122 To solve this ambiguity, it can be useful to rely on a systematic interpretation of the ECB new supervisory powers, in light of the provisions of the TFEU which identifies the main objectives of the European Central Bank. Indeed, it is worth reminding that, due to political reasons, the establishment of the SSM was not accompanied by a reform of the Treaties: Therefore, the new Mechanism had to (struggle to) find proper legal basis in the pre-existing legal framework. Such legal basis was identified in Article 127(6) TFEU, which contemplates the possibility for the Council to unanimously “confer specific tasks upon the European Central Bank concerning policies relating to the prudential supervision of credit institutions and other financial institutions with the exception of insurance undertakings” [italics added]. Literally interpreted, this provision could even challenge the very legitimacy of the SSM creation123: Realistically the Mechanism could hardly be described as a mere addition of specific tasks to the ECB, considering that banking supervision brought to the development of a whole new legal framework, and to the establishment from scratch of a proper “institution” equipped with its own budget, building and personnel, which shall exercise its tasks independently from the ECB monetary functions.124 Even without embracing such an extreme approach, whose analysis goes beyond the remit of this work what can be inferred from Article 127(6) TFUE is a clear preference in adopting a cautious (not to say restrictive) interpretation when it comes to define the scope of newly established ECB functions, at least where the statutes leave rooms for ambiguity.125 Hence, the option that limits the SSM sanctioning powers only to “significant” credit institutions appears more grounded from a systematic point of view; from  Cf. Article 18(1) SSM R.  Raising the issues, among others, Wolfers and Voland (2014), p. 1486. 124  On this point see, e.g., Randell (2013), pp. 39–67. 125  Supporting a restrictive approach in the interpretation see e.g., Kern (2015), pp.  167–168, according to “The limited competence of the ECB to act as a bank supervisor under art. 127(6) therefore would preclude it from engaging in any supervisory activities directed at the broader financial system, including, for instance, the wholesale debt securities markets or bank resolution and restructuring. This means that the ECB would not have the competence to oversee the shadow banking market, which was a source of systemic risk that caused the global banking crisis of 200709. Moreover, it would not have the competence to put a credit institution (which it had the competence to supervise) into resolution, nor could it exercise resolution powers, such as transferring the assets of a distressed bank to a private purchaser, or transfer a distressed bank’s assets to a bridge bank, nor even take legal measures to co-ordinate with resolution authorities. The narrow supervisory competence allocated to the ECB under art.127(6) suggests that the ECB would be acting ultra vires if it took broader macro-prudential supervisory measures that go beyond the micro-prudential supervision of individual credit institutions and financial institutions”. Highlighting the limits of Article 127(5) and (6) TFEU also Antoniazzi (2013), p. 145 et seq., and especially pp. 148–151 and 171. Supporting a broader interpretation of Article 127(6) TFEU see Ter Kuile et al. (2015), p. 162. 122 123

134

4  The Institutional Design of EU Banking Supervision

which it follows that sanctions addressing “less significant” credit institutions, also for violations of directly applicable EU law, should be imposed only at national level (by NCAs). Different consideration shall be drawn instead for the second case in which the SSM enjoys direct sanctioning powers. Established by Article 18(7) SSM R, this provision refers to the situation in which banks fail to fulfil an obligation arising from ECB regulations or supervisory decisions, or otherwise obstruct the performance of SSM investigations.126 In particular, when the breaching is “continuing”, the ECB may impose a periodic penalty payment with a view to compelling the persons concerned to comply with the infringed regulation or supervisory decision. This case founds its legal basis in Regulation (EC) No 2532/98 (recalled by Article 18(7) SSM R), a piece of legislation pre-existing to the establishment of the SSM, and adopted in the context of the ECB’s monetary policy.127 Two are the type of sanctions imposable under this statute: Fines and, when the breaching is “continuing”, periodic penalty payments aiming at compelling the persons concerned to comply with the infringed regulation or supervisory decision. In determining whether and which sanction to impose, the ECB shall be guided by the principle of proportionality. Circumstances of the specific case shall be taken into account, including: (a) good faith and degree of openness of the credit institution in the interpretation and fulfilment of its obligations; (b) degree of diligence and cooperation shown by the credit institution; (c) any evidence of willful deceit on the part of officials of the bank; (d) the seriousness of the effects of the infringement; (e) the repetition, frequency or duration of the infringement; (f) the profits obtained by reason of the infringement; (g) the economic size of the credit institution; and (h) prior sanctions imposed by other authorities on the same credit institution and based on the same facts.128 Moreover, in light of Articles 129 SSM FR, periodic penalty payments shall be effective, proportionate, and calculated for each day of infringement until the person concerned complies (starting from the date stipulated in the decision imposing the periodic penalty payment, and for a period no longer than 6 months). Upper limits for such payments are established in Regulation 2532/98 (as amended in 2015). Article 4a in particular of this Regulation (as amended in 2015) allows the ECB to impose fines of up to twice the amount of the profits gained or losses avoided because of the infringement, or 10% of the total annual turnover of the undertaking; or to apply periodic penalty payments of 5% of the average daily turnover per day of infringement to obtain the cease and desist of the obstructing conduct.129  Cf. Article 129 and 143(2)(b) SSM FR.  Council Regulation (EC) No 2532/98 of 23.11.1998 concerning the powers of the European Central Bank to impose sanctions, as amended by Council Regulation (EU) 2015/159 of 27.01.2015. 128  Cf. Article 2(3) Regulation (EC) No 2532/98. 129  Cf. Article 4(a), Council Regulation (EU) 2015/159. Cf. also Looseveld (2013b), pp. 423–425. 126 127

4.4 Banking Supervision in the Eurozone: The Single Supervisory Mechanism

135

In these cases, it does not matter whether the bank is “significant” or “less significant”: As soon as a credit institution is the addressee of an ECB regulation or decision, it becomes liable before the Central Bank for any infringement of the obligations there prescribed. Besides for direct sanctioning powers, the SSM enjoys indirect sanctioning powers as provided for by Article 18(5) SSM R. This is the case in which, carrying out its supervisory tasks according to the SSM Regulation, the ECB believes credit institutions, financial holding companies or mixed financial holding companies to be in violation of requirements which fall out of its direct scope of supervision. Article 18(5) SSM R, therefore, covers the cases of: (i) Breaches of CRR/CRR II requirements or other EU directly applicable law, that are attributed to a natural person (members of the management board, as well as by “any other individuals who under national law are responsible for a breach by a credit institution, financial holding company or mixed financial holding company”); (ii) breaches of CRR requirements or other EU directly applicable law, that are sanctioned with a non-­ pecuniary penalties; (iii) breaches deriving from the violation of national legislation implementing EU directives, or of national legislation conferring specific powers to the NCAs which are not deriving from EU law.130 In all these situations, the ECB cannot directly impose sanctions, but may ask to the NCAs to do so. When it comes to significant credit institutions, NCAs shall open proceedings only at the ECB’s request; but they may also ask the ECB to be requested to do so. Contrary to Article 9 SSM R examined above,131 since Article 18(5) SSM R does not contain any reference to the power of the ECB to issue “instruction” (“the ECB may require”), it can be argued that here NCAs enjoy full discretion in carrying out investigations on the alleged breaches, and in deciding if and which sanctions to apply. Such discretion may be confirmed also by Article 134(3) SSM FR, according to which NCAs are only subject to the obligation of starting a proceeding, and to “notify the ECB of the completion of a penalty procedure initiated at the request of the ECB pursuant to paragraph” and “of the penalties imposed, if any” (italics added).132 If NCAs opt for the application of a sanction, the latter, either pecuniary and nonpecuniary, shall be effective, proportionate and dissuasive, in compliance with the standards applicable in all EU punitive law. Ensuring proportionality in the sanctioning throughout the Eurozone, however, may result especially critical with respect to cases in which the substantial legal basis of the breach is represented by a directive. The dependency of these SSM indirect sanctioning powers on national transpositions of EU law, in fact, opens the floor to high risks of variable inefficiency. Member States, for instance, may not timely transpose a directive, or as, in case of CRD IV—already implemented at national level in all EU.

 See Article 134 SSM FR.  See above, Sect. 4.4.1. 132  Cf. Allegrezza and Voordeckers (2015), p. 157. 130 131

136

4  The Institutional Design of EU Banking Supervision

Member States—transpose it incorrectly, for instance not including in national legislation all the violation cases provided for by Articles 66 and 67 CRD IV, or limiting the maximum amount of sanctions for certain breaches (as in IE).133 In these cases, the SSM could be impaired in enforcing its single supervisory oversight, as for the same breach, sanctioning powers could be not equally available in all the euro zone countries. It should also be underlined that according to Article 65 CRD IV/V, rather than introducing in their national systems the administrative penalties listed in Articles 66 and 67 CRD IV/V Member States may also decide to criminalize the violation of prudential requirements, with the only obligation to “communicate to the Commission the relevant criminal law provisions”134 (this option is possible, of course, only in those countries where legal persons are subject to some form of criminal liability135). Lastly, among the SSM sanctioning powers it should be recalled the provision of Article 18(6) SSM R, that, similarly to Article 68 CRD IV/V, establishes a “naming and shaming” sanction, according to which the ECB shall publish any penalty imposed under Article 18(1). The same regime applies, thanks to Article 1a(3), Regulation No 2532/98, also to sanctions imposed under Article 18(7) SSM R136. Differently from CRD IV/V,137 the latter publication duty concerns sanctions irrespective of whether they have been appealed or not. However as will be further analysed, those sanctioning powers still have to respect “the conditions set out in relevant Union law” as well as the duty to anonymize publications in the cases indicated in the same Regulation.138 Under this profile, however, it is worth recalling that, to date, none of the penalties imposed upon credit institutions has been entirely disclosed on the SSM website yet, and summaries of the decisions imposing a sanction had been published only at the conclusion of the procedure of internal control before the Administrative Board of Review.139 The imposition of administrative penalties is subject to a limitation period of 5 years, running from the day in which the breach has been committed, or, in case of on-going or repeated breaches, from when it ceases. According to Article 130 SSM FR and Article 4c Regulation 2532/98, such limitation period may be inter Lasagni and Rodopoulos (2019), § 2.2. The same principle of proportionality, in this context, seems to apply in the meaning giving to it at the national level, cf. Allegrezza and Rodopoulos (2017). 134  See above, Sect. 4.3. 135  Cf. Sect. 2.2. Although so far this profile presents more a theoretical than a practical impact, as none of the Member States has made this choice during the transposition of the Directive. Cf. Lasagni and Rodopoulos (2019). 136  Cf. Lamandini et al. (2015), 78, noting how nothing is said in the SSM legal framework concerning the publication of other, still relevant decisions, e.g. investigative measure, leaving—in lack of guidelines on the matter—full discretion to the ECB on whether to publish such decisions or not. 137  See above, Sect. 4.3. 138  For implications in view of the presumption of innocence, see Sect. 6.3.5. 139  For a list of the penalties already imposed by the SSM, cf. Sect. 6.3.3. 133

4.4 Banking Supervision in the Eurozone: The Single Supervisory Mechanism

137

rupted by investigative or other procedural actions undertaken by the ECB, every time running afresh. However, as a maximum limit, the limitation period shall not exceed a term equal to twice its duration—taking into account in such calculation also the period(s) of time in which the limitation period shall be suspended due to the pending of criminal proceedings against the supervised entity in connection with the same facts investigated by the ECB.  The limitation period shall also be suspended for any period during which the ECB decision is subject to review before the ABoR or the CJEU.  However, the possibility to extend the maximum limit (10 years) taking into account also these suspensions has been explicitly envisaged in the current legal framework only with regard to Regulation 2532/98, that is to say with regard to penalties imposed under Article 18(7) SSM R.140 In this sense, it is not clear, also in light of the coordination criteria indicated by Article 6 of the same Regulation (which refers only to “Council Regulation” and ECB regulation to specify sanctions that “may be imposed in accordance with” Regulation 2532) which regime should apply to the penalties imposed under Article 18(7) SSM R. According to Articles 131 SSM FR and 4c(4)-(5) Regulation 2532/98, a similar limitation period of 5 years applies for the ECB right to enforce a decision imposing an administrative sanction.

4.4.3  SSM Investigations and Procedures In case suspicious breaches emerge while carrying out the SSM supervisory tasks, the ECB shall allocate the investigation to an internal Investigating Unit, which “shall perform its function independently”.141 According to the SSM Framework Regulation, the procedure involving the Investigating Unit applies with regard to direct sanctions under Article 18(1) and fines under 18(7) SSM R, as well as indirect sanctions under Article 18(5) SSM R, but not to periodic penalty payments ex Article 18(7) SSM R.142 The reporting of breaches may come from different sources: From one side, it could originate within the ECB itself, and in particular from the Joint Supervisory Teams,143 which, carrying out the daily supervision of significant financial institutions, are in an optimal position to notice the existence of irregularities in the management of banks. On the other side, the SSM reporting system also provides for a whistle-blower program, to allow potentially relevant information to get to the ECB also from third parties (presumably, credit institutions’ employees). This program  As Article 130(3) SSM FR refers only to the suspensions due to pending criminal proceedings (para 5) and not to the appeal proceedings before the ABoR or CJEU (para 4); cf. on the contrary Article 4c(3) Reg. 2532/98. 141  Article 123 and 124 SSM FR. 142  Cf. Title 2 and Title 3 of Part X SSM FR. 143  See also above, paras 4 and 4.1. 140

138

4  The Institutional Design of EU Banking Supervision

guarantees the protection of the identities of persons providing information, unless such disclosure is required by a court order in the context of further investigations or subsequent judicial proceedings.144 The powers of the Investigating Unit are those typical of banking supervisors, also in light of the Basel Core Principles, and include the faculty to request credit institution for information and for the submission of documents; to examine and copy books and records; and the right to obtain written or oral explanations from informed subjects.145 On-site inspections are also coming under the prerogatives of the Unit, but the SSM investigators may be required to previously obtain a judicial authorization, if so requested by the national applicable law (which is not the case in most of the Eurozone Member States).146 These inspections shall be carried out by a designated team established on purpose.147 While in principle the ECB has to previously notify the competent NCA and the interested legal person of the upcoming on-site inspection, the Central Bank may also proceed without informing the legal entity involved if “the proper conduct and efficiency of the inspection so require”.148 According to Article 22 SSM R, the ECB “should be bound in its decision-­ making procedures by Union rules and general principles on due process and transparency”.149 Besides the theoretical affirmation of this principle however, as will be further discussed, the adequacy of the SSM procedural rules in safeguarding the fundamental rights of the parties involved, and guaranteeing fairness in the ­proceedings, represents a very critical issue in the analysis of the powers of the Single Supervisory Mechanism.150 If evidence of facts potentially relevant to criminal offences emerges during supervisory investigations, the SSM cannot refer it directly to the judicial authorities, but, according to Article 136 SSM FR, it shall request the competent NCA to do so in accordance with national law.151 If a breach is assessed after the investigation has been completed, Article 126 SSM FR requires the Investigating Unit to notify a Statement of Objections to the supervised entity, containing the factual result of the investigations, and the objections raised against the entity as set out therein, including the individual provisions  Article 36–38 SSM FR.  Articles 10, 11 SSM R; Article 125 SSM FR. Analysing the rights of the parties in light of the ECtHR case-law, Sects. 6.3.4 and 6.3.5. For the Basel Core Principles, Sect. 3.5. 146  Articles 12–13 SSM R; Articles 143 to 146 SSM FR. The analysis of the role of national court in granting such authorisation is carried out in Sect. 6.3.3. Cf. Lasagni and Rodopoulos (2019, forthcoming). 147  Articles 12(1) SSM R and 144(1) SSM FR. 148  Article 145(2) SSM FR. 149  Cf. Recitals (52)-(54)-(58)-(86) and Article 22 SSM R; Articles 22 to 32 SSM FR. 150  Cf. below Chap. 6. 151  Article 136 SSM FR. According to the ECB (2017), p. 40, in 2016 “one request was submitted […] to the relevant NCA and four other sets of facts were under consideration at year-end 2016”; according to the ECB (2018), p. 79, “Five such requests were submitted to the relevant NCAs in 2017”. This reporting mechanism is further analysed in Sect. 6.1.3. 144 145

4.4 Banking Supervision in the Eurozone: The Single Supervisory Mechanism

139

which have been allegedly infringed, and, if the Unit deems it necessary, an invitation to attend an oral hearing. The credit institution shall also be informed that, within a “reasonable time limit” established in the same Statement, parties have the right to make submissions in writing against the Statement.152 If, regardless of the credit institution’s submission, the Unit still considers that a breach has been committed, it can trigger the sanctioning mechanism. The SSM may impose sanctions upon credit institutions through a complex proceeding, which starts with the Investigating Unit submitting a draft decision to the Supervisory Board, together with the file of the investigation.153 Following that submission, the Board may discretionally decide to request further investigation, to close the case, or, if it agrees with the conclusions reported, to further submit the decision to the Governing Council through the “non-objection procedure”. This non-objection procedure applies also in case the ECB wants to apply a period penalty payment according to Article 18(7) SSM R.154 Once a sanction is approved by the Governing Council, SSM Regulations allow the affected credit institutions to challenge the decision before an internal “independent” body, the Administrative Board of Review (ABoR).155 The same possibility to bring action before the ABoR applies also against decisions imposing periodic penalty payments under Article 18(7) SSM R, which do not require the intervention of the Investigating Unit (but that nonetheless recognizes the general due process rights established by Articles 25–35 SSM FR for supervisory decisions). According to Article 24(6) SSM R, requests for review shall be lodged within 1 month of the date of notification of the decision, or in its absence, of the day of its effective knowledge. Unless differently disposed for the single case,156 the request does not have a suspensory effect. Being applicable only by the ECB, the sanctions imposed under the SSM direct competence (Article 18(1) and (7) SSM R) may be challenged only before the ABoR and/or the European Court of Justice, but not before national courts. On the contrary, when the sanction is not imposed directly by the SSM but, according to Article 18(5) SSM R, by NCAs which do enjoy discretion in such proceedings, the jurisdiction for review falls before national courts.157  The relevance of this provision under the right to an oral hearing and to be heard provided for by Article 6 ECHR is analysed in Sect. 6.3.2. 153  Even if the Regulation does not define which documents shall be contained in the “file of the investigation”. 154  Article 127 SSM FR; see above Sect. 4.4. 155  Cf. Article 24 SSM R. See also Decision of the European Central Bank of 14.04.2014 concerning the establishment of an Administrative Board of Review and its Operating Rules (ECB/2014/16). 156  Depending on the discretion of the ABoR, which shall made a proposal to the Governing Council, which decides after having heard the opinion of the Supervisory Board, cf. Article 9(2) of Decision ECB/2014/16 concerning the establishment of an Administrative Board of Review and its Operating Rules (“ABoR Decision”). Underlining how the conditions permitting the suspension of the contested decision seem to be less strict compared to those set by the ECJ under Articles 278 and 279 TFEU, Magliari (2017), p. 116. 157  Cf. Hans-Martin Tillack v Commission of the European Communities, Case T-193/04, 4.10.2006, 152

140

4  The Institutional Design of EU Banking Supervision

Similarly to the Joint Board of Appeal of the ESAs, also the ABoR is part of the non-judicial or quasi-judicial remedies provided for in the European financial system.158 The development of alternative forms of dispute resolution is a trend that increasingly characterizes several sectors of EU law,159 as well as of the US regulatory system,160 with the aim of deflating the workload of the courts, and enhancing fast, specialised, non-public (especially relevant in case of sensitive interests at stake), and more flexible tools of protection.161 The analysis of quasi-judicial bodies poses several challenges under a procedural point of view, as they represent peculiar combinations of features typical of advisory administrative authorities, and of judicial ones; but they do not represent a uniform category, since such combinations vary depending on the single body at stake. In this sense, most of EU quasi-judicial authorities are granted only with functional independence and impartiality, that do not extend to the appointment of their members, generally selected for their legal and technical expertise by the same authorities whose decisions they are called to review. Again in very general terms, the decisions of these bodies are usually binding for the parties involved, and may cover both the merit and the legitimacy of the decision appealed; asking for such reviews usually also represents a condition of admissibility for the appal before the CJEU.162 The ABoR is only partially in line with this paradigm. According to Article 24 SSM R, the Board is formed by five individuals (with a mandate of 5 years, renewable only once) with “sufficient experience in the fields of banking and other financial services”, and that are not part of the ECB personnel.163 Regardless of this ECLI:EU:T:2006:292. The link between discretion and judicial review is further analysed in Sect. 6.3.3; Voordeckers (2019, forthcoming publication). 158  After the Banking Union reform, the system comprises also the SRM Appeal Panel; for an analysis of its powers, which goes beyond the remit of this work, see Magliari (2017), p. 121; cf. also Sciascia (2015), p. 381. 159  Such as the Board of appeal of the Office for Harmonization in the internal market; the Boards of Appeal within the European Patent Office (Disciplinary Board of Appeal; 28 Technical boards of appeal; Enlarged Board of Appeal; Legal Board of Appeal); the Board of Appeal of the European Chemical Agency; the European Aviation Safety Authority (EASA) 14, the European Union Intellectual Property Office (EUIPO), and the Community Plant Variety Office (CPVO)—European Data Protection Supervisor. Contrary to other fields of law, however, it has been underlined how quasi-judicial bodies in the EU financial system cannot “adopt a determination that directly annul or modify the contested decision”, cf. Magliari (2017), p. 129. 160  For a general analysis see Parona (2017), p. 267 et seq. 161  For a broader analysis of administrative remedies in the EU cf. Marchetti (2017), p. 6: “In particular, if one considers the last 20 years of the institutional history of the Union, there are no agencies or authorities authorised to adopt binding individual acts without a board of appeal also being instituted to examine appeals against their decisions”, and AA.VV. (2018). 162  Cf. e.g. Article 61 of ESAs Regulation, with regard to the Joint Board of Appeal. 163  Currently the members of the ABoR reflect also the above mentioned mixed expertise composition, as they include five members with legal and economic expertise, even though at the moment with a clear predominance of the second: Jean-Paul Redouin (Chair), Concetta Brescia Morra

4.4 Banking Supervision in the Eurozone: The Single Supervisory Mechanism

141

independence requirements, the appointment procedure occurs internally to the ECB, and depends on the Executive Board, which submits a list of nominations following a public call for interest, and on the Governing Council, that can accept the list (but not modify it) and thus formally appoints the members. However, contrary to most of quasi-judicial bodies, and most peculiarly in the EU legal framework, the opinions expressed by the Administrative Board of Review do not possess any external binding value. They shall (only) be taken into account by the Supervisory Board to promptly to submit a new draft decision replacing the initial one to the Governing Council. Their effect is then rather to reopen the decision-making procedure, triggering again the non-­objection procedure. In the new draft, however, the Supervisory Board is not bound to adopt the content of the opinion (although the reasons why it decides to follow it or not must be stated). Contrary to the ESAs’ Joint Board of Appeal or the SRB Board of Appeal,164 moreover, bringing action before this body is not a preliminary condition for introducing an appeal to the Court of Justice. According to Article 24(11) SSM R, in fact, individuals affected by an ECB decision may freely decide to appeal it only to the Board, contemporary before the ABoR and the CJEU, or directly (and exclusively) to the CJEU.165 Due to its not binding external value, ABoR opinions are not published, nor can be directly appealed before the Court of Justice. However, where a new ECB decision is issued following the internal administrative review, the latter may be appealed for annulment before the CJEU within the ordinary 2-month time as established by Article 263 TFEU.166 In this case, as recently affirmed by the Court in a preliminary order with specific regard to the ECB supervisory powers, only the last ECB decision may be challenged before the CJEU, since in this mechanism, the first act is entirely replaced after the internal administrative review (even if the content might unchanged).167

(Vice-Chair), Javier Arístegui Yáñez, André Camilleri and Edgar Meister; and two alternates: René Smits and, since 3 February 2016, Ivan Šramko. 164  Cf. Article 85(8) of Regulation (EU) No 806/2014 of 15.07.2014 establishing uniform rules and a uniform procedure for the resolution of credit institutions and certain investment firms in the framework of a Single Resolution Mechanism and a Single Resolution Fund. 165  See also Looseveld (2013a), p. 13. 166  So far, however, out of the 20 proceedings the ABoR dealt with, only few have been reported to have been brought before the European Court of Justice too, cf. Brescia Morra et al. (2017), p. 574. 167  Order of the General Court of 12.09.2017, ECLI:EU:T:2017:623, in Fursin and Others [former Trasta Komercbanka and Others] v ECB, T-247/16 (Application of 08/07/2016) and T-698/16 (Application of 11/11/2016), §§ 19–23. The case is also analysed in Sect. 6.3.3.

142

4  The Institutional Design of EU Banking Supervision

Mirroring judicial review models,168 the ABoR scope of review is limited to the examination of the grounds presented by the applicant(s).169 Also similarly to judicial bodies, the standing for the Board’s administrative review is rather broad, as it allows requests from any natural or legal person which is addressed by an ECB supervisory decision, or has from it a direct and individual concern.170 Due to its similarity to Article 263 TFEU, the interpretation of these admissibility requirements (like for those of the ESA’s Joint Board of Appeal) follows the jurisprudence developed for appeals before the CJEU.171 Along the same argument, also the definition of the term “decision” should be read in light of the CJEU case-law according to which a “challengeable act” is any measure that definitively determines the position of its author upon the conclusion of an administrative procedure, and has binding legal effects capable of affecting the interests of the applicant.172 According to 24(1) SSM R, however, the review may concern only the procedural and substantive conformity of the decision adopted with the Regulations.173 The ABoR, thus, may exclusively express an opinion on the legitimacy of the draft decision adopted by the Governing Council, without any competence to question its merit. In this, the ABoR appears in line with that CJEU case-law, according to which the possibility to review “complex economic assessments” is precluded to judicial bodies, unless the decision appears manifestly wrong, disproportionate or 168  According to “continuity in terms of functions” criterion developed by the CJEU case-law, internal non-judicial reviewing bodies in principle shall examine the appeal in light of all relevant information (cf. e.g. Procter & Gamble v European Union Intellectual Property Office, Case T-163/98, 8.07.1999, ECLI:EU:T:1999:145, §§ 36–38; Procter & Gamble v European Union Intellectual Property Office, Case T-63/01, 12.12.2002, ECLI:EU:T:2002:317, §§ 20–23; Henkel KGaA v Office for Harmonisation in the Internal Market (Trade Marks and Designs), Case T-308/01, 23.09.2003, ECLI:EU:T:2003:241, § 29). 169  According to Article 10 ABoR Decision. 170  Cf. Article 24(5) SSM R. 171  Supporting this opinion, so far followed by the ABoR, also Magliari (2017), p.  113; Witte (2015), p. 228; Brescia Morra (2016), pp. 117–118. The issues arising from the current interpretation of such admissibility standards are illustrated, with regard to the ECJ, in Sect. 6.3.3. 172  Cf. United Kingdom v ECB, Case T-496/11, 4.03.2015, ECLI:EU:T:2015:133, § 51 distinguishing “measures which definitively determine the position of their author upon the conclusion of an administrative procedure, and which are intended to have binding legal effects capable of affecting the interests of the applicant, that are open to challenge” and those “intermediate measures whose purpose is to prepare for the final decision, which do not have those effects, or measures which are mere confirmation of an earlier measure which was not challenged within the prescribed period” which are not challengeable; French Republic v Commission of the European Communities, Case C-57/95, 20.03.1997, ECLI:EU:C:1997:164, § 7; Commission of the European Communities v Council of the European Union, Case C-370/07, 1.01.2009, ECLI:EU:C:2009:590, § 42; Internationaler Hilfsfonds v Commission, Case C-362/08 P, 26.10.2010, ECLI:EU:C:2010:40, § 52; Athinaïki Techniki v Commission, Case C-521/06 P, 17.07.2008, ECLI:EU:C:2008:422, §§ 43–45. From this definition are therefore excluded claims against the ECB’s failure to act, ECB regulatory acts, and non-binding acts, such as guidelines and recommendations, and merely internal and preparatory acts, cf. Magliari (2017), pp. 114–115.For standing requirement in the ECB supervisory proceedings, see Sect. 6.3.2 (Trasta case). 173  Cf. Article 24(1) and Recital (64) SSM R.

References

143

vitiated by misuse of powers.174 Besides for these exceptional cases, therefore, the Board’s review is therefore limited to the assessment over the compliance with due process requirements (e.g. whether the statement of reasons was sufficient, or the facts were correctly reproduced).175 In doing so, due to the “innovative” character of Article 4(3) SSM R, also the ABoR may be confronted with the need to interpret national law, when the latter is applied by the ECB, and with all the following critical issues illustrated above with regard to the CJEU.176

References AA.VV. (2018) Judicial review in the Banking Union and in the EU financial architecture. Quad Ricerca Giuridica della Consulenza Legale, Banca d’Italia, 84, June 2018 Allegrezza S (2019) Introduction. In: Allegrezza S (ed) The enforcement dimension of the Single Supervisory Mechanism (SSM). The interplay between administrative and criminal law. CEDAM, Milano Allegrezza S, Rodopoulos I (2017) Interactions between administrative and criminal law in the context of the enforcement of bank prudential regulations. In: Franssen V, Ligeti K (eds) Challenges in the field of economic and financial crime in Europe and the US. Hart, Oxford, pp 233–264 Allegrezza S, Voordeckers O (2015) Investigative and sanctioning powers of the ECB in the framework of the single supervisory mechanism. Mapping the complexity of a new enforcement model. Eucrim 4:151 Andenæs M (2012) Harmonising and regulating financial markets. In: Andenæs M (ed) Theory and practice of harmonisation. Edward Elgar, Cheltenham, pp 1–29 Andenæs M (2015b) The ECB and NCA liability within the Single Supervisory Mechanism: foreword. Quad Ricerca Giuridica della Consulenza Legale, Banca d’Italia 78:3–6 Antoniazzi S (2013) La Banca centrale europea tra politica monetaria e vigilanza bancaria. Giappichelli, Torino

 Cf. Henri de Compte v European Parliament, Case T-26/89, 17.10.1991, ECLI:EU:T:1991:54, § 220; Henri de Compte v European Parliament, C-326/91 P, 2.06.1994, ECLI:EU:C:1994:218, § 115; although the doctrine was partially revised in Chalkor v. Commission, C-386/10 P, 8.12.2011, ECLI:EU:C:2011:815, § 51; Europese Gemeenschap v Otis NV and Others, Case C-199/11, 6.11. 2012, ECLI:EU:C:2012:684, § 47, for further analysis on this point, see Sect. 6.3.3. As underlined by Magliari (2017), p. 120, “Neither the SSM Regulation nor the ABoR Decision solve the issue of the simultaneous filing of a claim before the administrative body and the court. Hence the necessity to further examine whether the judicial remedy would prevail, or whether the judicial review would be considered inadmissible due to the reopening of the administrative procedure, following the ABoR opinion. This latest solution appears more appropriate, as the proposition of the administrative remedy leads to the adoption of a new decision substituting the former one”. 175  As reported by some of its members, the ABoR has therefore mainly dealt with issues such concerning (on the subject matter) the determination of the ‘significance’ of a supervised entity; corporate governance; the outcome of the Supervisory Review & Evaluation Process (SREP); fit and proper assessment of members of the management body; and withdrawals of the authorization, cf. also Brescia Morra et al. (2017), pp. 581–582. 176  See below Sect. 6.3.3. 174

144

4  The Institutional Design of EU Banking Supervision

Antoniazzi S (2014a) L’Unione bancaria europea: i nuovi compiti della BCE di vigilanza prudenziale degli enti creditizi e il meccanismo unico di risoluzione delle crisi bancarie (parte I). Riv It Dir Publ Com fasc 2: 359 Antoniazzi S (2014b) L’Unione bancaria europea: i nuovi compiti della BCE di vigilanza prudenziale degli enti creditizi e il meccanismo unico di risoluzione delle crisi bancarie (parte II). Riv It Dir Publ Com fasc 3–4:717 Antonucci A (2004) La vigilanza bancaria nell'Unione europea fra cooperazione e “Metodo Lamfalussy”, Studi in onore di Piero Schlesinger, Giuffrè, Milano, tomo V, 3185 Barbagallo C (2014) Il rapporto tra BCE e autorità nazionali nell’esercizio della vigilanza, Convegno Unione Bancaria: istituti, poteri ed impatti economici. Università Luiss Guido Carli, Roma, 26 febbraio 2014 Boccuzzi G (2016) The European Banking Union. Supervision and resolution. Palgrave MacMillan, Basingstoke Bonelli E (2006) La gestione finanziaria comunitaria tra crisi e rilancio del processo di integrazione europea. Riv it dir pubbl comunit 02:301–344 Bradley C (2014) Breaking up is hard to do: the interconnection problem in financial markets and financial regulation, a European (banking) union perspective. Tex Int’I LJ 49:271–295 Bradley C (2016) Financial stability, financial services, and the single market. Fordham Int Law J 39(5):1245–1272 Brescia Morra C (2016) The administrative and judicial review of decisions of the ECB in the supervisory field. In: AA.VV., Scritti sull’Unione Bancaria. Quad. Ricerca Giuridica, Banca d’Italia, 81:109 Brescia Morra C, Smits R, Magliari A (2017) The administrative board of review of the European Central Bank: experience after 2 years. Eur Bus Org Law Rev 18:567–589 Cassese S (2003) La prevalenza del diritto comunitario sul diritto nazionale in materia di concorrenza. Giorn dir amm. p 1129 Castañeda J, Mayes D, Wood G (eds) (2016) European Banking Union: prospects and challenges. Routledge, London D’Ambrosio R (2013) Due process and safeguards of the persons subject to SSM supervisory and sanctioning proceedings. Quad Ricerca Giuridica, Banca d’Italia, 74, dicembre 2013 D’Ambrosio R (2015) The ECB and NCA liability within the Single Supervisory Mechanism. Quad. Ricerca Giuridica, Banca d’Italia, 74, January 2015 De Larosière J (chaired by) (2009) Report: The High-Level Group on Financial Supervision in the EU, Brussels, 25 February 2009. http://ec.europa.eu/internal_market/finances/docs/de_larosiere_report_en.pdf. Accessed 16 July 2018 Dinov S (2016) Proposals of the European Commission after the financial and debt crisis. Eur Bus Law Rev 27(1):159–176 Dumitrescu AD (2017) Banking union: doctrinal considerations on the legal nature of the ECB’s close co-operation with non-euro area Member States. J Int Bank Law Regul 32(1):1 ECB (2017) Annual Report on supervisory activities 2016, March 2017. https://www.bankingsupervision.europa.eu/press/publications/annual-report/pdf/ssm.ar2016.en.pdf?a679777c56323e d778fc4734ee3667fb. Accessed 16 July 2018 ECB (2018) Annual Report on supervisory activities 2017, March 2018. https://www.bankingsupervision.europa.eu/press/publications/annual-report/pdf/ssm.ar2017.en.pdf?63a120afab30be 18171c083089709229. Accessed 16 July 2018 ECB Monthly Bulletin (2003) The integration of Europe’s financial markets, October 2003. https://www.ecb.europa.eu/pub/pdf/other/pp53_66_mb200310en.pdf?c784fb2e8feac1e7 b1a9823867979094. Accessed 16 July 2018 ECB-SSM Quarterly Report (2014) Progress in the operational implementation of the Single Supervisory Mechanism Regulation n. 4/2014, November 3, 2014. https://www.bankingsupervision.europa.eu/ecb/pub/pdf/ssmqr20144.en.pdf. Accessed 16 July 2018 Eijffinger S, Masciandaro A (eds) (2013) Handbook of Central Banking, Financial regulation and supervision. After the financial crisis. Edward Elgar, Cheltenham

References

145

Epstein RA, Rhodes M (2016) States ceding control: Explaining the shift to centralized bank supervision in the Eurozone. J Bank Regul 17:90–103 Ferran E (2012) Crisis-driven regulatory reform: where in the world is the EU going? In: Ferran E, Moloney N, Hill JG, Coffee JC Jr (eds) The regulatory aftermath of the global financial crisis. Cambridge University Press, New York, p 1 Garner BA (ed in Chief) (2014) Black’s law dictionary, 10th edn. Thomson Reuters, St. Paul Gil Ibáňez A (1999) The administrative supervision and enforcement of EC law, powers, procedures and limits. Hart, Oxford Gortsos CV (2015a) Competence sharing between the ECB and the national competent supervisory authorities within the Single Supervisory Mechanism (SSM). Eur Bus Org Law Rev 16:401–420 Gortsos CV (2015b) The Single Supervisory Mechanism (SSM) - legal aspects of the first pillar of the European Banking Union. EPLO, Athens Haentjens M, De Gioia-Carabellese P (2015) European banking and financial law. Routledge, London, recently published in its 2nd edition (2018) Hanten M, Heljula K (2015) The ECB as the new regulator: a lawyer’s perspective. Butterworths J Int Bank Financ Law, April 2015 Hill JG, Moloney N (2012) The regulatory aftermath of the global financial crisis. Cambridge University Press, Cambridge Hinojosa L, Beneyto J (2015) European Banking Union. The New Regime. Wolters Kluwer, The Netherlands Hofmann HCH (2009) Composite decision-making procedures in EU administrative law. In: Hofmann HCH, Türk A (eds) Legal challenges in EU administrative law. Towards an integrated administration. Edward Elgar, Cheltenham, p 136 Kern A (2015) European Banking Union: a legal and institutional analysis of the Single Supervisory Mechanism and the Single Resolution Mechanism. Eur Law Rev 40:154 Lackhoff K (2013) Which credit institutions will be supervised by the Single Supervisory Mechanism? J Int Bank Law Regul 28:454 Lackhoff K (2017) Single Supervisory Mechanism: a practitioner’s guide. Hart, Oxford Lamandini M (2015) Limitations on supervisory powers based upon fundamental rights and SSM distribution of enforcement competences. In: ECB Legal Conference 2015. From Monetary Union to Banking Union, on the way to Capital Markets Union. New opportunities for European integration, 1-2 September 2015, p 121. https://publications.europa.eu/en/publication-detail/-/ publication/5b46b780-3703-11e7-a08e-01aa75ed71a1/language-en. Accessed 16 July 2018 Lamandini M, Ramos Muñoz D, Solana Alvarez J (2015) Depicting the limits to the SSM’s supervisory powers: the role of constitutional mandates and of fundamental rights’s protection, in Quad. Ricerca Giuridica, Banca d’Italia, p 79 Lamfalussy A (chaired by) (2001) Final Report of the Committee of Wise Men on the Regulation of European Securities Markets, Brussels, 15 February 2001. http://ec.europa.eu/internal_market/securities/docs/lamfalussy/wisemen/final-report-wise-men_en.pdf. Accessed 16 July 2018 Lasagni G (2019) Investigatory, supervisory and sanctioning powers within the SSM. In: Allegrezza S (ed) The enforcement dimension of the single supervisory mechanism (SSM). The interplay between administrative and criminal law. CEDAM, Milano Lasagni G, Rodopoulos I (2019) Comparative study. In: Allegrezza S (ed) The enforcement dimension of the single supervisory mechanism (SSM). The interplay between administrative and criminal law. CEDAM, Milano Lo Schiavo G (2014) The development of a new bank resolution regime in Europe: fit for purpose? J Int Bank Law Regul 29(11):689–704 Lo Schiavo G (ed) (2019) The European banking union and the rule of law. Edward Elgar, Cheltenham Looseveld S (2013a) Appeals against decisions of the European supervisory authorities. J Int Bank Law Regul 1:9–13

146

4  The Institutional Design of EU Banking Supervision

Looseveld S (2013b) The ECB’s investigatory and sanctioning powers under the future Single Supervisory Mechanism. J Int Bank Law Regul 1:422–425 Magliari A (2015) Il Single Supervisory Mechanism e l’applicazione dei diritti nazionali da parte della banca centrale europea. Riv Ital Dir Pubbl Comunitario, Anno XXV Fasc. 5:1349–1379 Magliari A (2017) Administrative remedies in European financial governance. Comparing different models. In: Marchetti B (ed) Administrative remedies in the European Union. The emergence of a Quasi-Judicial administration. Giappichelli, Torino Marchetti B (2014) Le garanzie procedurali e processuali delle imprese nella rete europea della concorrenza. Riv della regolazione dei mercati 1:32 Marchetti B (2017) Administrative justice beyond the courts: internal reviews in EU administration. In: Marchetti B (ed) Administrative remedies in the European Union. The emergence of a Quasi-Judicial administration. Giappichelli, Torino, p 6 et seq Mayes D (2014) Bank structure and resolution. Butterworths J Int Bank Financ Law 11:743 Moloney N (2012a) The legal effects of the financial crisis on regulatory design in the EU. In: Ferran E, Moloney N, Hill JG, Coffee JC Jr (eds) The regulatory aftermath of the global financial crisis. Cambridge University Press, New York, p 1 Moloney N (2012b) Supervision in the wake of the financial crisis: achieving effective “Law in Action” – a challenge for the EU. In: Wymeersch E, Hopt KJ, Ferrarini G (eds) Financial regulation and supervision. A post-crisis analysis. Oxford University Press, Oxford Nieto M (2015) Banking on single supervision in the Eurozone: scepticism and a reform proposal. Eur Bus Org Law Rev 16:539–546 Parona L (2017) The appeal system within the U.S. federal agencies. In: Marchetti B (ed) Administrative remedies in the European Union. The emergence of a Quasi-Judicial administration. Giappichelli, Torino, p 267 et seq Randell C (2013) Group resolution under the EU resolution directive. In: Kenadian PS, Dombret AR (eds) The bank recovery and resolution directive: Europe’s solution for “Too Big Too Fail”?, De Gruyter-ILFS, Berlin, pp 39–67 Sciascia G (2015) Administrative review mechanisms within the ECB. Ital J Public Law 2:381 Senkovic P (2015) Introduction to Panel 3, The Coexistence of National and EU Law and The Ne Bis In Idem Principle with a Focus on the Supervisory Powers of The European Central Bank. In: ECB Legal Conference 2015. From Monetary Union to Banking Union, on the way to Capital Markets Union. New opportunities for European integration, 1-2 September 2015, p  100. https://publications.europa.eu/en/publication-detail/-/publication/5b46b780-370311e7-a08e-01aa75ed71a1/language-en. Accessed 16 July 2018 Ter Kuile G, Wissink L, Bovenschen W (2015) Tailor-made accountability within the single supervisory mechanism. Common Mark Law Rev 52:155–190 Tröger TH (2012–2013) Organizational choices of banks and the effective supervision of transnational financial institutions. Tex Int’I LJ 48:177, 178, 221 Türk A (2009) Judicial review of integrated administration in the EU. In: Hofmann HCH, Türk A (eds) Legal challenges in EU administrative law. Towards an integrated administration, Edward Elgar, Cheltenham, p 218 Voordeckers O (2019) Administrative and judicial review of supervisory acts and decisions under the SSM. In: Allegrezza S (ed) The enforcement dimension of the single supervisory mechanism (SSM). The interplay between administrative and criminal law. CEDAM, Milano Witte A (2014) The application of national banking supervision law by the ECB: three parallel modes of executing EU law? Maastricht J 21(1):109 Witte A (2015) Standing and judicial review in the New EU financial markets architecture. J Financ Regul 1:226–262 Wolfers B, Voland T (2014) Level the playing field: the new supervision of credit institutions by the European Central Bank. Common Mark Law Rev 51:1463–1496

Chapter 5

The US Regulatory Framework of Banking Supervision

To provide the basis to carry out the comparative analysis between the banking regulators in the EU and in the US in light of the Basel Core Principles which have a relevance also under a criminal law perspective, this Chapter delineates the main traits of the US banking supervisory system after the last financial crisis (Sect. 5.1), indicating relevant competent authorities, as well as their investigative and sanctioning powers (Sects. 5.2 and 5.3). In Sect. 5.4, a special focus is put on the changes produced in this field by the Dodd-Frank Act, the reform intervened in 2010 as a response to the distortions that brought to the crisis.1

5.1  C  ollapse of a System: Deregulation and Financial Crisis in a Complex Supervisory Framework In the last few decades, also the model of banking supervision in the United States changed quite drastically, even if mostly with goals quite opposite to the strengthening and increasing pursued in the EU with the Banking Union. Indeed, since the early 1980s, the US banking system headed for a progressive and increasing deregulation, which has not found significant obstacles until the burst of the last financial crisis (and, as it will be further illustrated, not really even after that). In particular, as already mentioned, for a long time the main legislative text regulating banking supervision was represented by the Glass-Steagall Act, which provided for a clear separation of the activities that may be exercised by financial

 U.S. Senate Permanent Subcommittee on Investigations (2010a, b).

1

© Springer International Publishing Switzerland and G. Giappichelli Editore 2019 G. Lasagni, Banking Supervision and Criminal Investigation, Comparative, European and International Criminal Justice 1, https://doi.org/10.1007/978-3-030-12161-7_5

147

148

5  The US Regulatory Framework of Banking Supervision

institutions, and prohibited banks from engaging in proprietary trading or in the securities market.2 In the 1980s, under the Reagan administration, a Secretariat of Treasury ruled from 1981 to 1985 by the former Chairman and CEO of Merrill Lynch, and the Federal Reserve chaired from 1987 to 2006 by Alan Greenspan, involved at the beginning of his career in the notorious Keating Five corruption case,3 the government opted for a series of deregulating measures which materially weakened the public control over private companies. That was the context in which, in 1998, two of the main global financial institutions, Citicorp and Travelers Group, merged together, giving birth to the colossus Citigroup. In the following year, the operation, that was not allowed under the then applicable legal framework, was legitimized with the repeal of the statute by the Gramm-Leach-Bliley Act. According to it banks, investment banks, securities firms, and insurance companies were allowed to cooperate and trade together, and investment banks’ holding companies were exempted from direct federal regulation. The deregulation trend did not change under the Clinton administration, which in 2000 enacted the Commodity Futures Modernization Act (CFMA), authorizing banks to trade in financial products like swaps—which too, with the same law, were barred from federal regulation.4 In 2002, under the first Bush administration, the Treasury Department allowed banks to hold less capital in reserve when trading securitized mortgages with high investment grade in credit ratings.5 As happened with the Citigroup case, such a legal framework led to the growth and the reinforcement of a number of “Too-Big-Too-Fail” financial institutions, whose most notorious US representatives include (besides for Citigroup) Bank of America, Goldman Sachs, JP Morgan Chase, Morgan Stanley, Wells Fargo, and, until 2008, Bearn Sterns and Lehmann Brothers.

 Cf. Sect. 2.1.  “In 1984, Mr. Keating, then a 61-year-old Phoenix real estate millionaire, bought Lincoln Savings & Loan, of Irvine, Calif., for $51 million, double its net worth. Lincoln, with 26 branches, made small profits on home loans, but under new state and federal rules it could make riskier investments […] The Federal Home Loan Bank Board, fearing wide collapses in a shaky industry, finally imposed a 10% limit on risky S.&L. investments. By 1987, its investigators found that Lincoln had $135 million in unreported losses and was more than $600 million over the risky-investment ceiling. Soon, the F.B.I., the Securities and Exchange Commission and other agencies were homing in. Mr. Keating hired Alan Greenspan, soon to be chairman of the Federal Reserve, who compiled a report saying Lincoln’s depositors faced “no foreseeable risk” and praising a “seasoned and expert” management. Mr. Keating soon called on five senators who had been recipients of his campaign largess […] to pressure the bank board to relax its rules and kill its investigation […] Bond buyers were not told the condition of American Continental, or that its bonds were uninsured, prosecutors said […] American Continental went bankrupt in 1989, and an insolvent Lincoln was seized by the government. Some 23,000 customers were left holding $250 million in worthless bonds, the life savings of many, and taxpayers paid $3.4 billion to cover Lincoln’s losses. It was the largest of 1043 S.&L. failures from 1986 to 1995 […] The government sued Mr. Keating for $1.1 billion, but he said he was broke”, cf. Mc Fadden (2014). 4  Enacted as a title of the Consolidated Appropriations Act of 2001, P.L. 106–554. 5  See, e.g., Department of Treasury (2001). 2 3

5.1  Collapse of a System: Deregulation and Financial Crisis in a Complex Supervisory… 149

The impact of those policy choices needs to be assessed also taking into account the development, in the same years, of the derivative financial products,6 the market of which was de facto not regulated by any federal agency, notwithstanding the Commodity Futures Trading Commission’s concerns and proposal in that sense.7 Federal supervisory agencies also played their role in the deregulation process. For instance, in 2004 the Securities and Exchange Commission weakened the capital requirements for large broker-dealers8; the Federal Reserve, on the other hand, notwithstanding its competence in supervising the mortgage loans market, did not adopt the regulations that would have allowed the agency to enforce its own powers until July 2008.9 In 2010, facing the dramatic consequences of the crisis, the Obama administration tried to bring part of banking activities back under a stricter and more efficient public oversight, restricting securities trading through the Dodd Frank Act, and in particularly the “Volcker Rule”,10 removing the CFMA prohibition for all federal 6  “A financial instrument whose value depends on or is derived from the performance of a secondary source such as an underlying bond, currency, or commodity” cf. Garner (2014), p. 538. 7  “The CFTC’s last major regulatory actions involving OTC derivatives […] were regulatory exemptions from most provisions of the Commodity Exchange Act for certain swaps and hybrid instruments. Since that time, the OTC derivatives market has experienced significant changesdramatic growth in both volume and variety of products offered, participation of many new endusers of varying degrees of sophistication, standardization of some products, and proposals for central execution or clearing operations. While OTC derivatives serve important economic functions, these products, like any complex financial instrument, can present significant risks if misused or misunderstood. A number of large, well-publicized financial losses over the last few years have focused the attention of the financial services industry, its regulators, derivatives end-users and the general public on potential problems and abuses in the OTC derivatives market. Many of these losses have come to light since the CFTC’s last major OTC derivatives regulatory actions in 1993”, CFTC (1998). 8  SEC (2004), 17 C.F.R. Parts 200 and 240. When the same agency tried to strengthen again the controls over hedge funds, that was impeded by a Federal Court of Appeal, see Goldstein v. SEC, 451 F.3d 873 (D.C. Cir. 2006). 9  Regulation Z (Truth in Lending) was adopted under the 1994 Home Ownership and Equity Protection Act, Title I, Subtitle B of the Riegle Community Development and Regulatory Improvement Act of 1994, P.L. 103–325 §§ 151–158 (1994), codified in 12 CFR 226.32, cf. https:// www.federalreserve.gov/newsevents/press/bcreg/20080714a.htm. Accessed 20 July 2018. The delay of the adoption was in line with the view of the Fed. Chairman, Mr. Greenspan, who in the years before the burst of the crisis, affirmed several times that “It is, of course, possible for home prices to fall as they did in a couple of quarters in 1990. But any analogy to stock market pricing behaviour and bubbles is a rather large stretch. […] Thus, any bubbles that might emerge would tend to be local, not national, in scope […] A sharp decline, the consequences of a bursting bubble, however, seems most unlikely […] the five-year old home building and mortgage finance boom is less likely to be defused by declining home prices than by rising mortgage interest rates”, cf. Greenspan (2003); and also “In recent years, banks and thrifts have been experiencing low delinquency rates on home mortgage and credit card debt, a situation suggesting that the vast majority of households are managing their debt well […] Some homeowners drawn by large capital gains do sell and rent. And certainly in recent years some homebuyers fearful of losing a purchase have bid through sellers’ offering prices. But these market participants have probably contributed only modestly to overall house price speculation” cf. Greenspan (2004). 10  Section 619 of the Dodd-Frank Act. See above, Sect. 2.1. Cf. Bradley (2014), p. 294, comparing it to the Liikanen report.

150

5  The US Regulatory Framework of Banking Supervision

supervisors to regulate or ask financial institutions for the registration (and subsequent disclosure) of any type of swap,11 and partially modifying the wide panorama of financial regulators. This being the background in which banking supervision is carried out in the US, it is necessary also to consider that a main feature of this oversight system is given by a plurality of regulators and regulations, both at state and at federal level, which (should) constantly interaction with each other.12 Financial institutions are then assigned to the supervision of a specific regulator taking into account the type of activities they exercised; and which (State or federal) authority, commonly referred to as a “Charter”,13 granted them the permission to commence business. At federal level, nowadays US regulatory agencies include: The Federal Reserve (Fed. Res.), the Office of the Comptroller of the Currency (OCC), the Federal Deposit Insurance Corporation (FDIC), the Securities Exchange Commission (SEC), the Bureau of Consumer Financial Protection (BCFP), and, until 2010, the Office of Thrift Supervision (OTS). In general terms, all banks are supervised either by the Federal Reserve or by the Federal Deposit Insurance Corporation. In addition to the Fed. Res./FDIC oversight, State banks are also supervised by their chartering State, while national banks are regulated by the OCC.14 Normally, federal supervisory tasks are organized around a set of shared parameters, which is used by all bank regulators to rate the safety and soundness of financial institutions, since its introduction in 1979 by the Federal Financial Institutions Examination Council (FFIEC). The Uniform Financial Institutions Rating System (UFIRS), which has been periodically revised, concerns in particular the areas of: Capital adequacy, Asset quality, Management, Earnings, Liquidity, and Sensitivity to market risk (from which the acronym CAMELS under which the system is also commonly known). CAMELS examinations produce ratings on a scale of 1 to 5, in which 1 represents no cause for supervisory concern, 3 signifies an institution with supervisory concerns in one or more areas, and 5 shows an unsafe and unsound bank with severe supervisory concerns. In assessing potential violations committed by their controlled entities, supervisory agencies are granted a high degree of discretion, and can generally enjoy an extensive range of investigative sanctioning powers, as detailed in the regulations of each agency.15

 Title VII of the Dodd-Frank Act.  On the peculiar complex and sectorial nature of the US regulatory system, see Agarwal et al. (2014), p. 4 ff; Weber et al. (2014), p. 181; Wymeersch (2007), p. 53. 13  Banks that are chartered by a State government are referred to as “State banks”; those which are chartered at federal level, by the Department of the Treasury (through the Office of the Comptroller of the Currency), are referred to as “national banks”. 14  Cf. Fed. Res. (2005), p. 5. Supervision and Regulation, p. 60. 15  Cf. Agarwal et al. (2014), p. 4 ff. 11 12

5.2  The Federal Reserve

151

5.2  The Federal Reserve The Federal Reserve (Fed. Res.) is the agency competent for the supervision over the safety and soundness of State-chartered banks that are part of the Fed. Res. System (“State-chartered member banks”), national banks, all Bank Holding Companies (BHC), and US branches and agencies of foreign banks. With regard to State-chartered member banks and foreign banks’ branches, the Federal Reserve also operates as a supervisor for the financial institutions’ compliance with the AML Program prescribed by the Bank Secrecy Act, especially as modified after the 2001 USA PATRIOT ACT.16 Indeed, even if theoretically the Department of the Treasury maintains primary responsibility for issuing and enforcing regulations to implement the AML/CFT statutes, in practice most of supervisory responsibility has been delegated to the federal financial regulatory agencies. Moreover, the Fed. Res., in coordination with the Securities Exchange Commission and the State insurance authorities, also serves as an “umbrella supervisor” for BHCs subsidiary broker-dealer or insurance activities. That is to say that in all cases in which banks trade in securities and own subsidiary broker-dealer or insurance companies, the agency is responsible for the review and the assessment over the consolidated structure of the holding company, while the exercise of the single activities by controlled companies falls under the supervision of the other specialized regulators.17 Lastly, while the Federal Reserve shares its supervisory tasks with other agencies, it also represents the single US authority responsible for the issuing and the retirement of notes, thus combining—like the ECB—typical supervisory powers with the monetary functions of traditional central banks.18 The Board of Governors and its Chair represent the ruling bodies of this agency, and are both appointed by the President of the United States.19 The Board is composed of seven members that have to be confirmed by the Senate for a non-­renewable mandate of 14 years, during which they cannot be removed for the opinions expressed within their functions.20  Federal Crime of Money Laundering and Federal Crime of Operating an Unlicensed or Unregistered Money Transmitting Business-Title 18, U.S.C., Crimes and Criminal Procedure, Part I, Chapter 95, as modified by the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001, better known as “USA PATRIOT Act”, P. L. 107–56, Oct. 26, 2001. See also Fed. Res. (2005), p. 66; Board of Federal Reserve System et al. (2010). 17  Fed. Res. (2005), p. 65. 18  Fed. Res. (2005), p. 11. Powers of Board of Governors of the Federal Reserve System, Issue and retirement of Federal Reserve notes (d): “To supervise and regulate through the Secretary of the Treasury the issue and retirement of Federal reserve notes”, Federal Reserve Act of 1913, P.L. 63-43, codified at: 12 U.S.C. Ch. 3, as modified by the 1933 Banking Act, cit., and by the Banking Act of 1935, P.L. 74–305. 19  Cf. Banking Act of 1935, Title II, Sec. 201. 20  While if a Governor was appointed to complete the balance of an unexpired term, she may be reappointed to a full 14-year term, cf. the Banking Act of 1935, Title II, Sec. 203. 16

152

5  The US Regulatory Framework of Banking Supervision

Among the members of the Board, the Chair and her deputy serve term of 4 years, which may be prolonged until their term as Governors has expired, with the Senate confirmation. The Chair is the public spokesperson of the Board and its representative; she also has to report twice a year to the Congress on the Fed. Res. policy, and, on demand, to the Treasury Secretariat.21 The Fed. Res. is mainly financed by public funding, and in particular from the interest on US government securities acquired through open market operations, as well as from the interest of the Federal Reserve System’s investments on foreign currency. Net of its expenses, the rest of the Fed. Res. earnings is turned over to the US Treasury.22 The agency has a broad range of investigative powers. As all regulators, the Fed. Board is entitled to examine accounts, books and affairs of the overseen institutions at its discretion, as well as to organize off-site surveillance and monitoring. The Fed. Res. possesses also the prerogative to issue a subpoena in order to force a bank to conform to its requests.23 The Board may also examine any other depository institution and any affiliates in connection with any institution under its jurisdiction. In case of major banks, the examination results of on-site inspections and examinations have to be presented at least each year, while for the smaller banks the deadline is every eighteen months.24 According to the Fed. Res. Act, once a proceeding is established, the hearings are generally public, and so it is all the used evidentiary material. Coming to the sanctioning powers, if the results of a Federal Reserve’s examination reveal critical situations or breaches of applicable regulations, the Board may apply a range of informal and formal corrective measures to make the bank comply with the given recommendations, including cease and desist orders, written agreements, suspensions, non-bank activity termination, civil money penalties and criminal fines.25 If the measures imposed by the Board are not accomplished, the latter may apply to a US District Court in order to have them enforced; a similar prerogative is conferred also to the affected institution, which may appeal against the measures before a Federal Court of Appeal.26

 Federal Reserve Act, Sec. 10–11.  Fed. Res. (2005), p. 1. Overview of the Federal Reserve System, p. 11. 23  See 12 U.S.C. 1818 (n), and Section 2110.0.2.8.3 “Subpoena Power”, Board of Governor of Fed. Res., Board of Governor of Federal Reserve (2017). 24  Federal Reserve Act, Section 11. Powers of Board of Governors of the Federal Reserve System. 25  See Section 2110.01, Board of Governor of Federal Reserve (2017); see also Board of Governor of Federal Reserve (2018), Section 5040. 26  Cf. Section 2110.0.2.6 “Violations of Final Orders and Written Agreements”, and Section 2110.0.2.1 “Cease and Desist Orders”, Board of Governor of Federal Reserve (2017). 21 22

5.3  Other US Regulatory Agencies (FDIC, OCC, SEC)

153

5.3  Other US Regulatory Agencies (FDIC, OCC, SEC) As initially mentioned, the Federal Reserve is not the only banking supervisor in the US federal system, as it shares overseeing powers with other agencies, giving origin to a complex network in which cooperation does not always work as smoothly as it should.27 The other main US federal banking regulators are represented by the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC). Established by the 1933 Banking Act, and then reformed in 1935, the FDIC is the federal agency that insures the deposits of State-chartered banks which are not part of the Fed. Res. System, in order to guarantee both the safety and soundness of the market and the protection of consumers. In particular, the FDIC examines compliance of banks with consumer protection laws,28 and the Community Reinvestment Act (CRA) which requires banks to help meet the credit needs of the communities they were chartered to serve.29 The Corporation is also the back-up supervisor for the remaining insured banks and thrift (or savings) institutions, up to certain limits fixed by the law.30 In this sense, the agency has the authority to determine the conditions for insurance purposes to be applied on insured banks and saving associations. The FDIC is led by a Board of Directors, composed of five members, all of whom are appointed by the President of the United States, and confirmed by the Senate for a mandate lasting 6 years. Among the Directors, no more than three may belong to the same political party; one shall be the Comptroller of the Currency, and another the Director of the newly-established Consumer Financial Protection Bureau.31 The Chair of the Board is appointed by the President, with the Senate’s confirmation, for a term of 5 years. FDIC possess investigative powers comparable to the Fed. Res.’ and has the discretion to apply sanctions to its controlled entities in case of violations of the requested parameters.32 For institutions with assets starting from $10 billion, in addition to the CAMELS standards the FDIC is also providing a further rating evaluation of quarterly risk, using a scale of A to E, with A being the best rating and E the worst.33

 Analysing efficiency in cooperation networks, Sects. 6.1.2 (US), and 6.1.3 (Eurozone).  Such as the Fair Credit Billing Act, the Fair Credit Reporting Act, the Truth-In-Lending Act, and the Fair Debt Collection Practices Act. 29  The CRA Regulation has been codified in the US Code, title 12 Chapter 30. 30  “The FDIC directly examines and supervises about 4,000 banks and savings banks for operational safety and soundness, more than half of the institutions in the banking system”, cf. FDIC (2017b, 2018a). 31  Cf. Banking Act of 1935, Title II, Sec. 12B. 32  Sec. 8(i), Federal Deposit Insurance Act of 1950, P.L. 81-797, 64 Stat. 873. 33  Under the Large Insured Depository Institutions (LIDI) Program, cf. FDIC (2018b). 27 28

154

5  The US Regulatory Framework of Banking Supervision

The Corporation’s funding is partially public, since it receives both earnings from investments in the US Treasury securities, and premiums from the banks and thrift institutions under its oversight. Contrary to the Fed. Res., the FDIC decisions may be appealed within 30 calendar days from the date of the determination only before an internal Board of Review, called the Supervision Appeals Review Committee.34 The Office of the Comptroller of the Currency, on the other side, has the task to charter, regulate and supervise national banks and federal savings associations, making sure that they are operating in safety and soundness. Within its jurisdiction, the OCC is also entitled to oversee the implementation of the BSA requirements, with the prerogative of instructing a bank to file a Suspicious Activity Report (SAR) in case of unreported suspected criminal violations.35 Similarly to the other federal agencies, it is the President of the United States, with the confirmation of the Senate, that appoints the Comptroller of the Currency, for a 5-year term. The OCC is an independent bureau of the US Department of Treasury, but it does not receive federal grant from the Congress; on the contrary, its funding derives entirely from fees paid by the financial institutions under its control. The Office possesses incisive investigative powers: the agency can examine all of the affairs of the institutions in its jurisdiction, and interview their officers and agents under oath. If the information requested are denied, the OCC may forfeit all the rights, privileges, and franchises of the bank, as well as impose a penalty of no more than $5000 for each day that such refusal shall continue.36 In performing its tasks, the OCC examination model is organized with a flexible and decentralized structure that, in case of large banks, provides for a full-time ongoing program, with periodically rotated personnel.37 Contrary to the Fed. Res. and the FDIC, the Office’s administrative proceedings are not public; this secrecy, however, does not imply that the information obtained during the investigations cannot be shared with other authorities. Indeed, especially if it may be relevant to criminal investigations, there are basically no legal constraints to disseminate information towards any interested agency.38 Lastly, the Comptroller has the power to impose corrective measures, including civil money penalties, if supervised entities are not complying with the requirements established in its statute. These sanctions may be appealed, within 30 calendar days, only before the OCC Ombudsman, a body which is formally acting

 Sections B and G, FDIC (2017a).  OCC (2018a), p. 51 et seq. 36  In accordance with Sections 2 and 21.1-2 “Banking examination”, Federal Reserve Act (U.S.C., title 12, and Secs. 141, 222–225, 281–286, and 502); OCC (2008); Office of the Comptroller of the Currency et al (2001). 37  OCC (2018b). 38  See, e.g., OCC (1993), p. 1 et seq., stating that examination materials “may be sent to the directors of other entities that have a need for the information”. 34 35

5.3  Other US Regulatory Agencies (FDIC, OCC, SEC)

155

independently from the Office’s bank supervisory functions, but which reports directly to the Comptroller of the Currency.39 Even though not directly related to banking supervision, it is important to take into account the role played in financial supervision by the Securities Exchange Commission (SEC), which operates with the purpose of protecting the investors and the fairness of the market. Mentioning the Commission is relevant for a twofold reason. First, the action of the SEC is extremely relevant in the US also in the banking market, taking into account the model of universal banking and the relevance hold in the last financial crisis by the possibility for credit institutions to engage in securities trading. Second, and above all for the purposes of this work, some organizational features of the SEC may represent a useful reference also for model of banking supervision under the profile of independence and accountability, as it will be further analysed.40 Established after the Great Depression of 1933–1934 to restore the investors’ confidence in the financial market,41 the SEC is governed by five Commissioners, appointed by the President of the United States for a term of 5 years, among which no more than three may belong to the same political party. In that number, the President also designates the Chair of the Commission, who acts as Chief and representative for the agency. Contrary to all the agencies already described, the Commission and its Divisions are funded exclusively by public money, granted with the authorization of the Congress. Correspondingly to the ESMA, this agency has competence over all broker-­dealer and financial intermediation activities, upon which it can impose several disclosure duties and regulations, enforcing several legislative Acts.42 The SEC has also the task to enforce brokers and dealers compliance with the BSA requirements.43 In exercising both tasks, the SEC enjoys investigative powers equal to those possessed by the Federal Reserve. Similar to the other supervisory agencies, the SEC may impose sanctions, both through civil proceedings, with a possibility to appeal before a US District Court, and through administrative proceedings, which may be reviewed before an internal administrative judge.44

 OCC (2018a), p. 51 et seq.  Cf. Sect. 6.1.1. 41  Cf. Securities Act of 1933, as amended through P.L. 112-106, approved on April 5th 2012, and Securities Exchange Act of 1934 (“Exchange Act”), as amended through P.L. 112-158, approved on August 10th 2012, codified as 15 U.S.C. § 78d. 42  Such as the Securities Act of 1933, the Trust Indenture Act of 1939, the Investment Company Act and the Investment Advisers Act of 1940, the Sarbanes-Oxley Act of 2002, and the Dodd-Frank Act of 2010, cf. Sec.17(a) of the Exchange Act and Rule 17a-8. 43  SEC (2017), p. 9 et seq. 44  Cf. Section 19(c) of the Securities Act; Section 21(b) of the Exchange Act; Section 209(b) of the Advisers Act, and Section 42(b) of the Investment Company Act. 39 40

156

5  The US Regulatory Framework of Banking Supervision

5.4  T  he 2010 Dodd-Frank Act: Impact and Waves of Counter-Reform Following the 2010 reform, some changes have been made in the panorama of federal regulators, with the aim of strengthening the position of consumers within the financial system and the control over high-risk and potentially criminal behaviours perpetrated by financial institutions. Firstly, the Dodd-Frank reform brought to the abolition of the Office for Thrift Supervision, a bureau of the Department of Treasury entrusted for charting and overseeing federal savings associations and corporations owing or controlling the latter (Thrift Holding Companies). Established in 1989 as a response to the saving and loan crisis, and governed by a presidentially-appointed Director, the OTS was financed with a premium mechanism at the expense of its controlled entities. Together with most of federal regulators, the Office was criticized during the last financial crisis for its failure in carrying out its tasks, and preventing the deterioration of the financial market.45 Notably, however, in the following years the OTS was the only agency to be actually shut down by the Dodd Frank Act, inasmuch as from July 2011 its functions are exercised by the Office of the Comptroller of the Currency.46 The 2010 reform also introduced two new supervising authorities at federal level. The Consumer Financial Protection Bureau’s (CFPB) goal is to ensure that consumers get all the information needed for their financial decisions, especially as far as prices and risks are concerned. To achieve so, under the lead of a presidentially-­ appointed Director, the CFPB has been granted multiple competences, such as regulating and supervising companies, enforcing federal consumer financial protection laws, restricting unfair, deceptive, or abusive acts or practices, and promoting financial education among consumers.47 The Dodd-Frank Act also promoted the creation of the Financial Stability Oversight Council (FSOC), a new body operational from 2011, and charged with the task of identifying and responding to systematic emerging financial risks.48 The Council put together most of the Chairs and Directors of the above-mentioned federal agencies, and an independent insurance expert, also appointed by the President; it is chaired by the Secretary of the Treasury, for a total of ten voting and five

45  Cf. U.S.  Senate Permanent Subcommittee on investigations (2011), Regulatory Failure: Case Study of the Office of Thrift Supervision, p. 164. On the independence issue, cf. Sect. 6.1.1. 46  See Dodd-Frank Act, Title III. 47  Cf. CFBP (2017). 48  See Dodd-Frank Act, Title I, Subtitle A; FSOC (2011).

References

157

n­ on-­voting members,49 and it is the first institution whose competence covers comprehensively the whole US federal financial system.50 In the aftermath of the financial crisis, the limited changes brought by the Dodd-­ Frank Act raised several critics, as it did not touch very sensitive issues, such as the concept of “universal banking” which allows banks in dealing with different business other than the collection of deposits (such as securities trading). To date, under the new US administration, the enforcement of even these limited amendments appears uncertain, due to the approval of the so-called Financial CHOICE Act before the Congress.51 The bill, explicitly aims at “eliminating red tape to increase access to capital and credit, and repealing the provisions of the Dodd-Frank Act that make America less prosperous, less stable, and less free, and for other purposes”. Among its declared effects, can be counted bringing the CFPB under the control of the US President, and the repeal of the Volcker Rule. And if it is true that sometimes history repeats itself, critical commentators may be right that the first approval of the bill in the House of Representatives in mid-2017 resembles the beginning of the last financial crises under “the George W. Bush administration, which went on to bail out the financial sector. It will happen again without these protections”.52

References Agarwal S, Lucca D, Seru A, Trebbi F (2014) Inconsistent regulators: evidence from banking. Q J Econ Adv Access 129(2):889–938 Board of Governor of Federal Reserve (2017) Bank Holding Supervision Manual. https://www. federalreserve.gov/publications/supervision_bhc.htm. Accessed 16 July 2018 Board of Governor of Federal Reserve (2018) Commercial Banks Examination Manual. https:// www.federalreserve.gov/publications/files/cbem.pdf. Accessed 16 July 2018 Board of Governors of the Federal Reserve System et al (2010) Interagency Statement, The 2010 Version of the Bank Secrecy Act/Anti-Money Laundering Examination Manual. https://www. ffiec.gov/bsa_aml_infobase/documents/bsa_aml_man_2010.pdf. Accessed 16 July 2018 Bradley C (2014) Breaking up is hard to do: the interconnection problem in financial markets and financial regulation, a European (banking) union perspective. Tex Int’I LJ 49:271–295 CFBP (2017) Consumer Response Annual Report January 1 – December 31, 2016. https://files. consumerfinance.gov/f/documents/201703_cfpb_Consumer-Response-Annual-Report-2016. PDF. Accessed 16 July 2018 CFTC (1998) Issues Concept Release Concerning Over-The-Counter Derivatives Market. https:// www.cftc.gov/sites/default/files/opa/press98/opa4142-98.htm. Accessed 16 July 2018 Department of Treasury (2001) Risk-Based Capital Guidelines; Capital Adequacy Guidelines; Capital Maintenance: Capital Treatment of Recourse, Direct Credit Substitutes and Residual  The other regulators are: The Fed. Res., the OCC, the CFPB, the SEC, the FDIC, together with the CFTC, the Federal Housing Finance Agency, and the National Credit Union Administration. 50  See FSOC (2015). 51  H.R. 10, Financial CHOICE (“Creating Hope and Optimism for Investors, Corporations, and Entrepreneurs”) Act, of April 26th 2017. 52  Konczal (2017). Critical on the reform proposal also Wallison (2017). 49

158

5  The US Regulatory Framework of Banking Supervision

Interests in Asset Securitizations; Final Rules, in Federal Register, Vol. 66, No. 230. https:// www.gpo.gov/fdsys/granule/FR-2001-11-29/01-29179. Accessed 16 July 2018 FDIC (2017a) Guidelines for Appeals of Material Supervisory Determinations. https://www.fdic. gov/regulations/laws/sarc/sarcguidelines.html. Accessed 16 July 2018 FDIC (2017b) Who is the FDIC?, March 2017. https://www.fdic.gov/about/learn/symbol/index. html. Accessed 16 July 2018 FDIC (2018a) Mission, vision, and values. January 2018. https://www.fdic.gov/about/strategic/ strategic/mission.html. Accessed 16 July 2018 FDIC (2018b) Large Insured Depository Institutions (LIDI) Program, last update January 2018. https://www.fdic.gov/regulations/resources/largebankdim/large-bank.html. Accessed 16 July 2018 Fed. Res. (2005) The Federal Reserve System: Purposes and Functions, Library of Congress, Washington D.C., IX Ed. https://www.federalreserve.gov/aboutthefed/files/pf_1.pdf. Accessed 16 July 2018 FSOC (2011) 2011 Annual Report, October 2012. https://www.treasury.gov/initiatives/fsoc/ Documents/2012%20Annual%20Report.pdf. Accessed 16 July 2018 FSOC (2015) 2015, Annual Report, May 2015. https://www.treasury.gov/initiatives/fsoc/studiesreports/Documents/2015%20FSOC%20Annual%20Report.pdf. Accessed 16 July 2018 Garner BA (ed. in Chief) (2014) Black’s Law Dictionary, X edn. Thomson Reuters, St. Paul Greenspan A (2003) Home Mortgage Market, Remarks by Chairman Alan Greenspan at the Annual Convention of the Independent Community Bankers of America, Orlando, Florida, March 4, 2003. https://www.federalreserve.gov/boarddocs/speeches/2003/20030304/default. htm. Accessed 16 July 2018 Greenspan A (2004) The mortgage market and consumer debt, Remarks by Chairman Alan Greenspan at America’s Community Bankers Annual Convention, Washington, D.C., October 19, 2004. https://www.federalreserve.gov/boarddocs/speeches/2004/20041019/default.htm. Accessed 16 July 2018 Konczal M (2017) The G.O.P. Plan to Unleash Wall Street. NYT, June 9, 2017 Mc Fadden RD (2014) Charles Keating, 90, Key Figure in ’80s Savings and Loan Crisis, Dies. NYT, April 2, 2014 OCC (1993) Interagency Examination Coordination Guidelines. Banking Bulletin, pp 93–38 OCC (2008) A Guide to the National Banking System, April 2008. https://www.occ.treas.gov/publications/publications-by-type/other-publications-reports/nbguide.pdf. Accessed 16 July 2018 OCC (2018a) Bank Supervision Process, Comptroller’s Handbook, June 2018. https://www.occ. treas.gov/publications/publications-by-type/comptrollers-handbook/bank-supervision-process/index-ch-bank-supervision-process.html. Accessed 16 July 2018 OCC (2018b) Large Bank Supervision, Comptroller’s Handbook, June 2018. https://www.occ. gov/publications/publications-by-type/comptrollers-handbook/large-bank-supervision/pubch-large-bank-supervision.pdf. Accessed 16 July 2018 Office of the Comptroller of the Currency et al (2001) Risk- Based Capital Guidelines; Capital Adequacy Guidelines; Capital Maintenance: Capital Treatment of Recourse, Direct Credit Substitutes and Residual Interests in Asset Securitizations- Final Rule. https://www.federalregister.gov/documents/2001/11/29/01-29179/risk-based-capital-guidelines-capital-adequacyguidelines-capital-maintenance-capital-treatment-of. Accessed 16 July 2018 SEC (2004) Alternative Net Capital Requirements for Broker-Dealers That Are Part of Consolidated Supervised Entities, RIN 3235-AI96, August 20, 2004 SEC (2017) Division of Enforcement, Enforcement Manual, Office of Chief Counsel. https:// www.sec.gov/divisions/enforce/enforcementmanual.pdf. Accessed 16 July 2018 U.S.  Senate Permanent Subcommittee on Investigations (2010a) Wall Street and the Financial Crisis: The Role of High Risk Home Loan, S.Hrg. 111-671, April 13, 2010. https://catalog. princeton.edu/catalog/6432027. Accessed 16 July 2018

References

159

U.S.  Senate Permanent Subcommittee on Investigations (2010b) Wall Street and the Financial Crisis: Role of the Regulators, S.Hrg. 111-672, April 16, 2010. https://catalog.princeton.edu/ catalog/6432020. Accessed 16 July 2018 U.S.  Senate Permanent Subcommittee on investigations (2011) Wall Street and the Financial Crisis: Anatomy of a Financial Collapse, April 13, 2011. https://www.gpo.gov/fdsys/pkg/ CHRG-112shrg66051/html/CHRG-112shrg66051.htm. Accessed 16 July 2018 Wallison P (2017) Statement before the House Committee on Financial Service on the CHOICE Act, April 26, 2107 Weber RH, Arner DW, Gibson EC, Baumann S (2014) Addressing systemic risk: financial regulatory design. Tex Int’I LJ 49:149 Wymeersch E (2007) The structure of financial supervision in Europe. About single, twin peaks and multiple financial supervisors. Eur Bus Organ Law Rev 8(2):237–306

Chapter 6

The Hybrid Nature of Banking Supervision

Independence and accountability, standards in information sharing, nature of supervisory sanctions, compliance with fair trial rights: Several are the profiles relevant under a criminal law perspective, that emerge as critical from the analysis carried out so far on the US and, above all, on the EU banking supervisory systems. In order to investigate over these aspects, the Chapter proceeds as follow. In Sect. 6.1, the status and organization of the US and EU supervisory authorities are analysed in light of the Basel Committee’s Core Principles, with special attention to the rules requiring independence and accountability, as well as effectiveness in cooperation and exchange of information. While examining such issues is per se relevant, given the high public interest in an efficient and fair administration of the banking industry, these profiles result extremely meaningful also under a criminal law perspective, since their violation may already undermine at the very bases the possibility for banking supervisors to comply with fair trial guarantees. This profile is especially critical in the EU, where specific considerations may be drawn about the substantive nature of banking supervisory sanctions. In Sect. 6.2, it is argued that a significant part of the penalties imposable by the Single Supervisory Mechanism (SSM) within the European Central Bank shall be recognized a punitive nature in light of the Engel case-law developed by the Court in Strasbourg, as applied by the Court of Justice. Following this assumption, Sect. 6.3 examines the fairness of the SSM sanctioning proceedings not only in light of the procedural rights already applicable to administrative proceedings due to Article 41 CFREU, but also of the fair trial rights required for la matière a coloration pénale by Article 6 ECHR and Article 4, Protocol no. 7 to the Convention, as well as by their equivalents in the Charter of the Fundamental Rights of the EU.  Against this background, critical issues of non-­ compliance of the SSM sanctioning procedures are identified, which pose serious risks to undermine not only the fairness, but also the efficiency of this new European enforcement model. © Springer International Publishing Switzerland and G. Giappichelli Editore 2019 G. Lasagni, Banking Supervision and Criminal Investigation, Comparative, European and International Criminal Justice 1, https://doi.org/10.1007/978-3-030-12161-7_6

161

162

6  The Hybrid Nature of Banking Supervision

6.1  B  anking Supervision and the BCBS Core Principles: Defining Effective Supervisory Models? Through the Core Principles for Effective Banking Supervision, the Basel Committee pursues the safety and soundness of banks and of the banking system as such, both directly, with the establishment of minimum prudential capital requirements, and indirectly, with the strengthening of banking supervisory practices.1 To achieve so, the Principles tackle specific profiles of supervisory activities. Before examining those more relevant to the present analysis, however, it is worth recalling that these standards and recommendations do not provide clear indication as to whether a certain supervisory model shall be considered preferable than others. The Core Principles, in particular, remain silent with regard to a series of basic structural choices, like as whether effectiveness is better guaranteed by a single entity, or by multiple supervisory authorities; whether central banks should be responsible for banking supervision (with subsequent concentration of monetary and supervisory functions) or not; and whether it is advisable to have a consolidated supervision of all financial services (such as banking, securities, and insurance).2 On one side, it is true that, to date, no empirical evidence has shown that these profiles actually represent a main factor in determining the efficiency of the banking industry3: These lacunas should not, therefore, be given an undue weight in determining the possibility to carry out meaningful comparative analyses on banking supervisory models, and to achieve the very goal pursued by the Principles. It could also be argued that defining an optimal level of controls in the banking and financial field seems hard to be solved in abstracto by a single paradigm applicable to all legal systems.4 Political, legal, economic and social contexts do matter, when it comes to measure the effectiveness of regulatory models (but perhaps of any legal order, including criminal justice systems).5

1  Cf. BCBS (2012), p. 4, at 16, that clearly indicates how the safety and soundness of banks represents the “primary objective for banking supervision”. For the role of the Committee and the content and structure of the Core Principles, see Sect. 3.5. 2  Profiles identified as basic organizational issues for banking supervisors by Barth et al. (2002). Cf. however also Wymeersch (2007), p. 40 et seq., who notices that the very structure of the Core Principles seems to meet the 3 pillars or institutional supervisory model. 3  Cf. Barth et al. (2002), p. 1; Goodhart (2000), p. 43; Masciandaro and Nieto (2014), p. 7 et seq.; Onado (1997); Meister (2019). 4  Moloney (2012a), pp. 81 and 94, highlighting how not even the last financial crisis has made it clear which supervisory models are correlated with strong financial markets; Jackson (2007); Moloney (2012b), p. 138. 5  Moloney (2012a), p. 82 et seq., and Agarwal et al. (2014), referring also to the supervisory style and approaches, including the extent to which supervisors outsource their job to self-regulation); Black (2002), p. 22 et seq.; Black (2005), p. 101–108 et seq., and especially p. 117 et seq. in which the author drafts a parallel between democratization of financial regulation and models of restorative justice; Colliard (2014).

6.1 Banking Supervision and the BCBS Core Principles: Defining Effective…

163

Also the definition of the preferable regularoty governance model (principle, rule or risk-based) still remains a matter for open debate.6 Banking regulation is indeed «a complex and multidimensional activity», in which the failure of any single dimension may have important but sometimes not easily predictable repercussions on the functioning of the whole system.7 Such basic structural choices moreover do touch sensitive public interests, which appear especially interesting also under a criminal law perspective. Concerning the first profile, having a single supervisory authority may seem appropriate—among other reasons8—to prevent gaps in coordination, which inevitably arise in case of multiple regulators (especially at the transnational level, where having just a single contact point is more efficient)9; and to provide centralized and consistent identifications of supervisory priorities, avoiding conflicts between regulatory goals—which are more likely to emerge if supervisory tasks are allocated to different authorities. A single supervisor may also be considered as more transparent and accountable, since responsibility in policy choices (and changes in the latter) could be attributed more clearly than in case of a plethora of supervisors. This option could allow for a simpler and less fragmented regulatory framework, more capable to concentrate the necessary organizational resources (e.g. personnel, training), and to avoid duplications in the proceedings. Lastly, the action of a single supervisor may better adapt to the changes of the financial market, being a single institution characterized by more flexibility than a complex network of authorities.10 On the other side, however, multiple regulators may appear preferable to avoid excessive concentration of powers in the same entity11; and to prevent the growing of supervisors into massive bureaucratic, and thus inefficient, apparatus.12 Competition among regulators may also serve as an incentive to be more responsive to the innovation in the banking industry,13 and to favour a pluralistic and democratic raising of different, and potentially valuable approaches to supervision.14 Pro and cons may be found also as far as the role of central banks is concerned. Assigning some supervisory tasks to a central bank, for instance, may allow for an efficient collection of information, as these authorities already receive huge amounts of supervisory relevant data for monetary policy purposes, and may be 6  On which see, for a detailed analysis, Black (2010); Black (2008); Moloney (2012a), p. 88 et seq.; Castellano et al. (2012). 7  Black (2012), p. 1038; see also Sarkany (2012). 8  Analytically examining pro and cons in relation to safety and soundness of the banking systems, and costs to supervisory authorities, and market participants, Barth et al. (2002), p. 6 et seq. 9  Cf. Llewellyn (1999), pp. xi–xix; Goodhart (2002); Abrams and Taylor (2001); Briault (1999); Wall and Eisenbeis (2000). 10  Briault (1999), Llewellyn (1999) and Abrams and Taylor (2001). 11  Cf. Briault (1999); Llewellyn (1999); Kane (1996), p. 28; Taylor (1995). 12  Cf. Llewellyn (1999) and Abrams and Taylor (2001). 13  Kane (1984) and Romano (2001); Moloney (2012a), p. 98 et seq. 14  Cf. Llewellyn (1999).

164

6  The Hybrid Nature of Banking Supervision

well positioned to gather organizational resources—which might be especially important for the timely management of banking crisis.15 Central banks, moreover, are often supported by independence requirements, which guarantee a certain level of safeguard to the parties involved in supervisory proceedings.16 On the other side, a timely flew of information does not necessarily require the involvement of central banks, as long as effective information sharing agreements are into place.17 Joining monetary policy and banking supervision may also exacerbate conflicts of interest18 and expose such authorities to both stronger political pressure, that may hinder their independence, and higher reputational risks (since failure in one of the two areas may have a direct impact also on the other).19 Finally, uncertainty remains also about the opportunity of establishing consolidated models of financial supervision, to face the increasing “blurring of d­ istinctions between different types of financial activities, the growing complexity and size of financial services firms, and the increasing globalization of financial services”.20 Under this perspective, it is possible to distinguish among supervisory models based on 3 separate pillars (banks, insurance and securities, the so-called institutional model), on 2 pillars (a supervisor for banks and insurance, and another one for securities (functional or twin-peaks model), or on a single integrated supervisor.21 From one side, a fragmented supervision may appear less effective to face global financial conglomerates, while a consolidated supervision would be better placed to under In this sense, for instance, cf. Goodhart and Schoenmaker (1995) (as reported by Barth et al. (2002), p. 12) which analyzed the data «for 104 bank failures in 24 countries during the 1980s and find that there were fewer bank failures in countries in which banking supervision and monetary policy were combined in the central bank»; cf. also Ioannidou (2002); Wymeersch (2007), p. 36 et seq.; and Ferran (2012a), p. 114 et seq., highlighting how before the financial crisis, many EU Member States located frontline responsibility for microprudential supervision of all sectors of financial market activity with a single regulatory authority that operated autonomously from the central bank (BE, DE, FI, DE, PL, SE, UK), others employed an integrated supervisor model in which all functions were performed by the central bank (CZ, SK), others, finally, divided responsibility between the central bank (banking supervision), securities market supervisory authority and one or more other authorities responsible for insurance and pensions (EL, IT, PT, ES). In some countries (such as FR, IE and UK), however, the financial crisis triggered in many counties a rearrangements and reappraisal of the role of central banks in financial supervision. 16  Cf. Giddy (1994) and Abrams and Taylor (2001); Goodhart (2000), p. 43, according to whom central banks have better «better fund, more independent and hence more expert and more reliable». 17  In this sense, for instance, cf. Goodhart and Schoenmaker (1995) (as reported by Barth et al. (2002), p. 12) which analyzed the data “for 104 bank failures in 24 countries during the 1980s and find that there were fewer bank failures in countries in which banking supervision and monetary policy were combined in the central bank”; cf. also Ioannidou (2002). 18  Cf. Haubrich (1996); Briault (1999); Abrams and Taylor (2001); Goodhart and Schoenmaker (1993, 1995); Antoniazzi (2013), pp. 156 and 159; Vella (2002), p. 163 et seq. 19  Cf. Briault (1999), Haubrich (1996) and Abrams and Taylor (2001). 20  Cf. Barth et al. (2002), p. 12. 21  Wymeersch (2007), p. 3 et seq.; Padoa Schioppa (2002); Moloney (2012b), p. 119; Goodhart (2000), p. 11 et seq.; Weber et al. (2014), and p. 179 et seq. 15

6.1 Banking Supervision and the BCBS Core Principles: Defining Effective…

165

stand market systemic risks, and to save costs in terms of information sharing and internal resources.22 On the other side, however, consolidated supervision would imply a very high concentration of powers, possibly not always justifiable in democratic societies. That might moreover originate relevant conflict of interests; a general lower level of expertise to address specific financial sectors, and a higher risk of adverse consequences in case of mismanagement.23 In lack of specific criteria established by the Core Principles, all these organizational choices remain in the discretion of national (or supranational, as in case of the EU) legislators to be taken, which will have to take into account the specificities of the single contexts to define their own optimal level of supervision. And indeed, models of banking supervision adopted by EU Member States and in the US highly vary from each other in their structural design.24 The following analysis of the EU and US supervisory systems builds on this basis.

6.1.1  I ndependence and Accountability of Banking Supervisors According to the standards developed by the Basel Committee, independence and accountability represent fundamental features for effective banking supervisors, even if their practical coexistence may lead to tensions within the regulator. In this sense, these principles have effectively been described as “communicating vessels” which, although not ruling out each other, do “imply a delicate balance”.25 Both parameters are established in Core Principle 2, which establishes that banking supervisors shall not be subject of any interference from the government or the industry—such an independence being provided by law, and publicly disclosed— but, at the same time, shall be accountable for the discharge of their duties and use of their resources. Essential Criteria to Core Principle 2 further prescribe how such standards should be guaranteed.26 First, within the applicable national legal framework, supervisors shall enjoy discretion in setting their objectives, allocating resources, and taking any supervisory actions on controlled entities; for which choices, adequately published, they should be held responsible.  Abrams and Taylor (2000); Whalen (2001); Briault (1999); Llewellyn (1999); International Monetary Fund (2001), pp. 36–38; Goodhart (2000), p. 24 ff. 23  Cf. Barth et al. (2002), p. 15; Whalen (2001); Goodhart (2000), p. 20 et seq. 24  For instance, ES, PT, IT, FR, EL, CY, LT and RO adopted an institutional model, NL, LU, SK and BG adopted a twin-peaks model, and PL, UK, SE, DK, FI, DE, AT, BE, IE, CZ, EE, HR, LV and MT opted for an integrated model, see Wymeersch (2007), p. 42 et seq. Cf. also Ferran (2012a), p. 111 et seq. 25  Cf. Ter Kuile et al. (2015), p. 166. 26  Cf. BCBS (2012), Principle 2 - Essential Criteria 1,2,3,4,5,6,9.

22

166

6  The Hybrid Nature of Banking Supervision

Concerning the structure of the regulators, appointment and removal of the heads of these authorities shall follow transparent rules established by law (and not referred to the discretion of the appointing body); in particular, the governing body of a supervisor shall be structured in a way that avoids “any real or perceived conflicts of interest”. To discourage bypassing, rules on how to avoid conflicts of interest shall be supported by sanctions.27 A supervisory regulator should also be able to rely on an independent budget, adequately financed “in a manner that does not undermine its autonomy or operational independence”, taking into account operational needs such as travelling for on-site inspections, recruiting external experts with specific professional skills, and providing regular training and necessary tools to their personnel. Finally, supervisors shall be supported by qualified “staff in sufficient numbers and with skills commensurate with the risk profile and systemic importance of the banks and banking groups supervised”, granted with adequate salary scales to attract and retain it, and legally protected from lawsuits and costs caused by actions and/or omissions made while discharging their duties in good faith. Against this background, the paradigms of banking supervision applied in the EU and in the US present substantial weaknesses, notably common to both systems, which are relevant not only to assess their compliance with the Core Principles, but also—under a criminal law perspective—their capability of carrying out reasonably fair proceedings. At theoretical level, in fact, explicit statements that conflicts of interests shall be avoided, and supervisory decision-making bodies and staff shall be preserved from undue influence may be found in basically every system. In daily oversight, however, good intents risk to be substantially downgraded by bad practices, supported by somewhat ambiguous structural rules shaping the organization of most regulatory authorities. A first weakness concerns the recruitment procedure of the heads of the supervisory agencies, which in most cases also means of their decision-making bodies. At first glance, in fact, Core Principle 2 hinders with political intrusion in the action of banking supervisors.28 Nonetheless, assessments of these models shall not be made only in light of independence, but also of accountability requirements. In this sense, a political appointment, problematic under the parameter of independence, is generally unavoidable and even desirable to confer democratic coverage over technical bodies granted with enormous powers to interfere with the rights and private life of citizens. To comply with both principles, therefore, it becomes pivotal the choice of which political body is entitled to make such appointments. Supervisory models which favour a primary role of the Executive rather than of the Parliament may in fact rise concerns not only for the compliance with the BCBS Principles, which clearly require independence from governmental influence. That 27  The importance of independence and absence of conflict of interests has been reaffirmed also in the 2011 Financial Stability Oversight Council Annual Report, cf. FSOC (2011), p. 118. 28  Cf. BCBS (2012), Core Principle 2, Essential Criterion 1.

6.1 Banking Supervision and the BCBS Core Principles: Defining Effective…

167

is for instance the case of the US where, as previously illustrated, all supervisory chairpersons are directly appointed by the President with the confirmation of the Senate. Since chairpersons have substantial powers in appointing the boards responsible to lead regulators, the connection of supervisors with the US Government is rather straightforward.29 In the EU, on the contrary, the link between national government and supervisors is not so direct, even if at least part of the reasons for this difference lays on the politically fragmented structure of the Union. Indeed, as far as the EU institutions are involved, while the European Parliament has a voice in the choice of most Chairpersons of EU authorities, it is the European Council that determines the composition of the SSM and SRM’s Executive Boards.30 The majority of the components of the Governing Council, however, are appointed at national level.31 Since these appointments follow 28 (or 19 for the Eurozone) different sets of rules, potentially diverging in relevant aspects, such as fit and proper evaluations, or length of mandates, the precise relationship between governmental powers and a fair part of banking supervisor’s managements is at least not so easy to reconstruct. This situation could therefore result even more critical than in the US: Indeed where centralised governmental bodies are not supported by a clear and direct democratic mandate, as it is the case of the EU,32 governmental appointment may result critical not only for independence reasons, but also with regard to the rule of law. In the current legal framework, however independence of supervisory tasks is guaranteed by Article 19 SSM R, according to which the “ECB and the national competent authorities acting within the SSM shall act independently. The members of the Supervisory Board and the steering committee shall act independently and objectively in the interest of the Union as a whole and shall neither seek nor take instructions from the institutions or bodies of the Union, from any government of a Member State or from any other public or private body”.33 Accountability is instead addressed by Article 20 SSM R, which states that the ECB shall be responsible to both the European Parliament and the Council for the implementation of supervisory tasks, and shall provide information to the European Parliament, national parliaments, the Commission, the euro Group, the Council, and national parliaments,34 through annual reports or through oral or written hearings.  Cf. above, Chap. 5.  Analysing the degree of independence of the SSM against the European Parliament, Masciandaro and Nieto (2014, p. 18 et seq. 31  Cf. above, Sect. 4.4. 32  On the limits to the delegation of administrative powers to EU agencies in light of the Meroni doctrine, see Wolfers and Voland (2014), p. 1490 et seq. On the judicial and political accountability of the SSM, see also Duijkersloot et al. (2017). 33  Cf. also Recital (75) SSM R. 34  In light of the impact of the SSM decisions (also) at domestic level, national parliaments may address to the ECB reasoned observations on the annual report; request the ECB to reply in writing to their observations; invite the Chair of the Supervisory Board to participate in an exchange of views in relation to the supervision of banks in that Member State together with an NCA representative, cf. Article 21 SSM R. 29 30

168

6  The Hybrid Nature of Banking Supervision

To establish good relationships, and exchange of information with the other EU institutions, the SSM has also concluded an Inter-Institutional Agreement with the European Parliament35 and a Memorandum of Understanding with the Council.36 In the context of the SSM, however, there are no formal sanctions in case the principles of independence and accountability are breached (unless they could be classified as potential frauds to the budget of the Union, which fall under the competence of the European anti-fraud office OLAF).37 The SSM results critical under Core Principle 2 under two other profiles: The prominent role of Member States (and national law), and the relationship with the ECB monetary policy tasks.38 First, as anticipated, according to Article 10 of the ECB Statute, most of the Governing Council’s members are appointed at national level (and the same goes for most of the Boards of the ESAs39), following diverging national regulation: Such members are thus subject to different regimes of (also) accountability, a feature which does not appear in compliance with the clarity requirements prescribed by the Basel Committee. Identifying which is the liable authority (e.g. for damages towards supervised entities) is not straightforward also in proceedings characterized by the cooperation between the ECB and national authorities. It could however be argued that where the first is requesting the (compulsory) assistance of the NCAs ex Article 6(3) SSM R national supervisors have no choice but to assist the ECB, so it is the latter which shall be held responsible for the whole supervisory activity.40 The excessive reliance of the SSM on national resources is also problematic for determining who is the ultimate responsible for the supervisory decisions adopted. This issue is especially relevant in daily supervision carried out by Joint Supervisory Teams, which, in the  Cf. Interinstitutional Agreement between the European Parliament and the European Central Bank on the practical modalities of the exercise of democratic accountability and oversight over the exercise of the tasks conferred on the ECB within the framework of the Single Supervisory Mechanism, (2013/694/EU), O.J. 2013, L 320/1, based on Article 20(8) SSM R. Cf. also Masciandaro and Nieto (2014, p. 21 et seq, highlighting also the fundamental role played by the Court of Justice in reviewing the ECB decisions. 36  Memorandum of Understanding between the Council of the EU and the European Central Bank on the cooperation on procedures related to the Single Supervisory Mechanism (SSM) of 11.12.2013. https://www.ecb.europa.eu/ecb/legal/pdf/mou_between_eucouncil_ecb.pdf. Accessed 20 July 2018. 37  Cf. Recital (82) SSM R. OLAF’s competence over the ECB has been affirmed by the ECJ in the notorious Commission v. European Central Bank, Case C-11/00, 10.07.2003, ECLI:EU:C:2003:395. On the issue see Elderson and Weenink (2003), pp.  273–301, contra see Zilioli and Selmayr (2001), p. 213. See above Sect. 2.3.4. 38  Affirming the overall compliance of the SSM legal framework with the principle of accountability is Ter Kuile et al. (2015), pp. 187–188, according to “It is submitted that, in establishing banking supervision at EU level and in constructing this new task of the ECB, the legislature has duly paid respect to the requirement of accountability”. On the same line, but more cautious, Wolfers and Voland (2014), pp. 1488–1489. 39  Cf. Article 40 ESAs Regulation. 40  On the point, see Ter Kuile et al. (2015), p. 185. Cf. Sect. 4.4. And anyway, the ECB maintains responsibility for the overall performances of banking supervision with regard to the tasks assigned to it by the SSM Regulations. 35

6.1 Banking Supervision and the BCBS Core Principles: Defining Effective…

169

words of the 2016 Special Report of the European Court of Auditors, are “heavily” composed by “staff appointed by national authorities. Thus, despite its overall responsibility, the ECB has insufficient control over the composition and skills of supervision and inspection team”.41 Second, as anticipated, the SSM is part of the European Central Bank, which (in this being similar to the Federal Reserve) is now responsible both for banking supervision and the monetary policy in the Eurozone. According to the SSM Regulations, the SSM shall act independently from the ECB monetary tasks, but again, the only decision-making body for both areas is the Governing Council (due to the lack of amendments to the Treaty).42 Even if the Mediation Panel has been established precisely to reduce potential conflicts between the two areas, several are the critical issues which might affect the day-by-day independent management of banking supervision. As again underlined by the European Court of Auditors, in fact, “within the ECB the SSM Supervisory Board does not exercise control over the supervisory budget or human resources. This raises concerns about the independence of the two areas of the ECB’s work, as does the fact that some ECB departments provide services to both functions without clear rules and reporting lines that would minimise possible conflicts of objectives”.43 When it comes to banking regulators, however, the hotbed of conflict of ­interests—which had been proved substantial in increasing the tragic consequences of the 2006–2008 financial crisis both in the EU and in the US, showing serious concerns for the independence of financial supervisors—regards the relation with the relevant industry. For instance, US credit rating agencies helped build an active market for securities related to home loans, and continued to do so despite signs of a deteriorating mortgage market, providing top rating (AAA) for most of those financial products. Unsurprisingly then, a vast majority of RMBS and CDO securities with AAA ratings incurred substantial losses and was downgraded to junk securities starting from mid-2008.44 The severe consequences of such conducts were highly exacerbated by  Cf. European Court of Auditors (2016), p. 11. Highlighting the need to face SSM issues of democratic legitimacy, transparency and accountability, also Antoniazzi (2015), pp. 318–369. 42  Cf. Sect. 5.2 for the Fed. Res., and Sect. 4.4 for the legal basis of the SSM in the TFEU. On the issue of the ECB multiple functions, and of the consequences in terms of the supervisor’s liability, see D’Ambrosio (2015), especially p. 124 et seq.; D’Ambrosio (2016), p. 299 et seq.; also with respect to the NCAs Andenæs (2015), pp. 3–6. 43  Cf. European Court of Auditors (2016), Executive Summary No. VII and VIII, and table at p. 31. Internal audit, IT resources and (the high-management of) the legal service are some of these shared service. 44  “Mortgage-backed securities (MBS) are debt obligations that represent claims to the cash flows from pools of mortgage loans, most commonly on residential property” (https://www.sec.gov/fastanswers/answersmortgagesecuritieshtm.html). They might result especially risky if interest rate on home loans decline, causing homeowners to refinance their mortgages and deprive the holder of the security from future interest payments. Collateralized Debt Obligation (CDO) are instead pooled assets—such as mortgages, bonds and loans (cf. https://www.nasdaq.com/investing/ glossary/c/collateral-trust-bonds) that serve as collateral for the CDO—that their level of risk varies substantially, depending on their priority in the event of default. 41

170

6  The Hybrid Nature of Banking Supervision

the fact that, since the AAA score generally implies a less than 1% probability of incurring defaults, these are also the only investments allowed to certain entities with high public relevance, like pension funds, and insurance companies. The causes of these gross inaccuracies in rating have been carefully analysed in the years following the financial collapse. The most significant was identified precisely in the “inherent conflict of interest arising from the system used to pay for credit ratings. Credit rating agencies were paid by the Wall Street firms that sought their ratings and profited from the financial products being rated. The rating companies were dependent upon those Wall Street firms to bring them business and were vulnerable to threats that the firms would take their business elsewhere if they did not get the ratings they wanted. Rating standards weakened as each credit rating agency competed to provide the most favourable rating to win business and greater market share. The result was a race to the bottom”.45 Regardless of these considerations, however, in the US, no significant structural changes have been implemented by the 2010 Dodd-Frank Act to avoid similar phenomena to occur again in the future.46 At theoretical level, the activity of credit rating agencies seems to be institutionally more controlled in Europe, where it falls under the specific jurisdiction of ESMA47—even though the latter does not extend its jurisdiction on rating agencies established abroad, but with influence of the European financial market such as those placed in the US. With specific regard to the banking industry, however, an extremely critical issue for the independence of supervisors is the relation between their decision-making bodies and credit institutions. Indeed, the duty of banking supervisors to perform their tasks independently from the supervised entities, stands at the very core of the concept of effective supervision both in the EU and in the US (distinguishing it from self-regulation) Nonetheless, the lack of effective provisions to avoid conflict of interests between supervisors and credit institutions was revealed as one of the main causes of the 2006–2008 financial crisis.48  “Additional factors responsible for the inaccurate ratings include rating models that failed to include relevant mortgage performance data, unclear and subjective criteria used to produce ratings, a failure to apply updated rating models to existing rated transactions, and a failure to provide adequate staffing to perform rating and surveillance services, despite record revenues. Compounding these problems were federal regulations that required the purchase of investment grade securities by banks and others, thereby creating pressure on the credit rating agencies to issue investment grade ratings. Still another factor were the […] (SEC) regulations which required use of credit ratings by Nationally Recognized Statistical Rating Organizations (NRSRO) for various purposes but, until recently, resulted in only three NRSROs, thereby limiting competition”, cf. U.S. Senate Permanent Subcommittee on Investigations (2011), p. 244 et seq. On the role played by credit rating agencies during the crisis, see also Black (2012), p. 1049 et seq. 46  Cf. Sect. 5.4. 47  For the role of ESMA in the European financial market, see Sect. 4.2. For technical standards in force, see: https://www.esma.europa.eu/convergence/guidelines-and-technical-standards. Accessed 20 July 2018. 48  While provisions on the avoidance of conflict of interest are rather common at staff level, cf. Barth et al. (2004), pp. 43–45. 45

6.1 Banking Supervision and the BCBS Core Principles: Defining Effective…

171

Several are the structural and contingent reasons that led to this result; among the first, especially problematic is the way supervisors’ funding systems have been set up. The Core Principles do not provide clear indications on this profile, to which usually relatively little attention is paid by the public opinion as well as by academics, so that supranational standards establishing how banking supervisors should be funded, ensuring at the same time their independence, are currently lacking, and models differ from authority to authority. In most of the regulators here examined, for instance, incomes derive from periodical fees paid by the supervised entities.49 While this model does not automatically cause problems in all legal contexts, criticisms has been raised under various perspectives. On one side, it has been highlighted that it may put at risk the efficiency of supervisors «when the banks are under strain (prociclicality)». The use of such model in the eurozone, where no harmonization of funding schemes has been established, may also increase discrepancies in funding fee structures and impair effective coordination with national supervisors.50 Lastly, private premiums have tangibly proved critical in backgrounds characterized by the concentration of financial power in the hands of relatively few big financial groups. The already-mentioned short sales realized by Goldman Sachs in 2006 are perhaps quintessential examples of this phenomenon, but they are far from representing an isolated case.51 Underlying conflicts of interest have actually been recognized as one of the main reasons for a “culture of deference to bank management”, and a lighthanded approach by supervisors that—(at least) in the period preceding the last financial crisis—did not efficiently oppose (or even explicitly authorized) an uncontrolled growth of high-risk operations, and financial institutions’ speculations to the detriment of the investors and the market. For instance, in the less renowned case of Washington Mutual Bank (WaMu), the heads of the former Office for the Thrift Supervision (OTS)52 did not take any significant action against the risks undertaken by the bank in over a 5-year period, regardless of the frequent, numerous and substantial red flags pointed out by its own examiners.53 Among some minor collateral structural deficiencies, post-crisis inquiries found out that the main cause for the OTS lax and obstructive conduct towards WaMu relied on its dependence on a system of “semi-annual fees assessed on the institutions it regulated, with the fee amount based on the size, condition, and complexity of each institution’s portfolio. Washington Mutual was the largest thrift overseen by OTS and, from 2003 to 2008, paid at least $30 million in fees annually to the agency, which comprised 12–15% of all OTS revenue”.54 As summarized by  Cf. Sects. 4.2 and 4.4, and Chap. 5.  Masciandaro and Nieto (2014, p. 20. 51  Cf. supra, Sect. 2.2. 52  Cf. Sect. 5.4. 53  Cf. U.S. Senate Permanent Subcommittee on Investigations (2011), p. 162. 54  Cf. U.S.  Senate Permanent Subcommittee on Investigations (2011), pp.  164 and 230 et seq.: “When asked why OTS senior officials were not tougher on Washington Mutual Bank, several 49 50

172

6  The Hybrid Nature of Banking Supervision

the WaMu’s former Chief Risk Officer, “Washington Mutual made up a substantial portion of the assets of the OTS, and one wonders if the continuation of the agency would have existed had Washington Mutual failed”.55 The OTS “unusually deferential” performances over the mortgage market in the years preceding the burst of the crisis, authoritatively labelled as “a regulatory approach with disastrous results”,56 and ““by far the softest” oversight of any federal bank regulator”57 eventually led to the abolition of the Office. The 2010 reform however (even without taking into account the potential counter-effects of the 2017 Financial CHIOICE Act), left open the very core problem related to the OTS disastrous performances, as the Office was not the only federal banking regulator to be in a high-risk position of conflict of interests with its own controlled subjects.58 For instance, also the Comptroller of the Currency (OCC)’s funding structure relies on fees paid by its regulated entities, and appears to share a “self-restrictive” policy quite similar to that applied by the OTS.59 Interestingly, it was precisely the OCC the regulator selected to take over OTS’ tasks. An equally careful approach needs to be adopted also when looking at the EU context, where not only poor and fragmented regulatory supervision, but also hidden conflicts of interest have been at the basis of recent notorious financial scandals, such as Libor/Euribor and Fortis Bank’s.60 In particular, it would be wise not to ease down on the idea that after the last financial crisis all structural deficiencies have been effectively and promptly reformed with the Banking Union project: Even in the new financial supervisory system, in fact, conflicts of interest maintain a high potential in affecting the efficiency of banking regulators.61 This being the context, the adoption for the Single Supervisory Mechanism and for the Single Resolution Fund of the same premium fee system used by the OTS

persons brought up the issue of fees—that WaMu supplied $30 million or nearly 15% of the fees per year that paid for OTS’ operating expenses”. 55  James Vanasek testimony before the U.S. Senate, cf. U.S. Senate Permanent Subcommittee on Investigations (2010a), p. 10. 56  Cf. U.S.  Senate Permanent Subcommittee on Investigations (2011), p.  162 et seq. See also U.S. Senate Permanent Subcommittee on Investigations (2010b). 57  U.S. Senate Permanent Subcommittee on Investigations (2011), p. 209 et seq.: “It seemed as if the regulator was prepared to allow the bank to work through its problems and had a higher degree of tolerance that I had… seen with the other two regulators.… I would say that the OTS did believe in self- regulation […]”. 58  Cf. Sect. 5.4. 59  “Because banking is essentially a business of managing risk, supervision is centred on the accurate evaluation and management of risks. The OCC believes that bankers, and not regulators, should manage their banks”, in OCC (2008), p. 17. For OCC structure, see also Sect. 5.3. 60  For Libor/Euribor scandals, cf. above Sect. 2.2. Analysing the Fortis Bank case, see Vervaele (2014), p. 61 et seq., more recently, also on Libor/Euribor and BNP Paribas (the latter concerning however an embargo violation), Vervaele (2017), pp. 170–174. 61  See, e.g., ECB Monthly Bulletin (2012), p. 95.

6.1 Banking Supervision and the BCBS Core Principles: Defining Effective…

173

and the OCC, apparently without any serious publicly disclosed reservation, may be considered as rather worrisome in light of the American experience.62 Completeness demands to recall, on the other side, that in the US also the SEC, the only regulator exclusively paid by public funding, had not proven particularly efficient before the burst of the crisis—as shown by its notorious failure to intercept the faults in J.P. Morgan’s anti-money laundering structure, which allowed Bernard Madoff’s fraudulent operations to be carried out for almost 20 years beginning in the mid-1980s.63 Part of these serious deficiencies may be ascribed to the funding model of the Commission, that repeatedly suffered from drastic cuts in its budget, which certainly and substantially affected its action—raising also some doubts about the willingness of the political parties then holding the majority in the Congress to really ensure a proper functioning of the SEC.64 In light of the above, mixed funding models, which combine both public investments and premium fees from supervised entities, like those adopted in the US by the Federal Reserve, and in the EU by the three European Supervisory Authorities, appear to be a more balanced option in a hedging bets perspective.65 At least in theory, in fact, this paradigm seems to avoid excessively burdening public finances (de facto, linking the efficiency of banking supervisors exclusively to the political will of the government in charge) and, at the same time, make super-

 Cf. Recitals (77)-(78) SSM R: “The costs of supervision should be borne by the entities subject to it. Therefore, the exercise of supervisory tasks by the ECB should be financed by annual fees charged to credit institutions established in the participating Member States”, and Recital (19) Regulation 806/2014, “The Fund should be financed by bank contributions raised at national level and should be pooled at Union level in accordance with an intergovernmental agreement on the transfer and progressive mutualisation of those contributions”. 63  The case did not end up with a decision on the criminal liability of the financial institution thanks to an out-of-court agreement before the competent supervisory authority, where J.P. Morgan consented to a settlement of overall $ 2.05 billion for wilful violations of the Bank Security Act, see U.S. Department of the Treasury (2014) and FinCEN (2014). On the structure and powers of the SEC, see also Sect. 5.3. Highlighting the SEC’s failure during the crisis also Moloney (2012b), p. 125 et seq. 64  The extent of the budget cuts is clearly exemplified by the Senate interview of Lynn E. Turner, former Chief accountant of the SEC, which took place on 7.10.2008, reported in Ferguson (2010), p. 27: “Rep. Peter Welch: A hundred and forty six people were cut from the enforcement division of the e-, SEC; is that what you also testified to? Lynn E. Turner: Yes. Yeah, I, I think there has been a, a, a systematic gutting, or whatever you want to call it, of the agency and its capability, through cutting back of staff. […] Rep. Peter Welch: The SEC Office of, uh, Risk Management was reduced to a staff, did you say, of one? Lynn E. Turner: Yeah. When that gentleman would go home at night, he could turn the lights out”. On this topic, see also Stewart (2011). 65  Cf. however Ferran (2012b), p. 78, highlighting the risk of undue influence on ESAs by the EU Commission. 62

174

6  The Hybrid Nature of Banking Supervision

visors less likely to be unduly influenced by industry or governmental interests, in line with the independence requirements expressed by Core Principle 2.66

6.1.2  D  issemination of Collected Information and Investigative Overlapping in the US Regulatory Framework According to Basel Core Principle 3, both at domestic and at the international level, banking regulators shall possess the capacity of operating within an “effective network of cooperation” established through “laws, regulations or other arrangements”, while taking in due account the need to protect confidential information.67 May be shared within such networks, but “only for bank-specific or system-wide supervisory purposes and will be treated as confidential by the receiving party”.68 Confidential information, moreover, shall not be shared with third parties, unless the request comes from a court order or mandate from a legislative body. If a supervisor is legally compelled to disclose confidential information received from another regulator, it shall promptly notify the latter indicating the information to be disclosed and the circumstances surrounding the release. In case consent to passing on confidential information is not given, the requested supervisor “uses all reasonable means to resist such a demand or protect the confidentiality of the information”.69 Essential Criteria to Core Principle 3 explicitly requires that, where needed, there shall be “evidence” that cooperation agreements, both formal or informal, “work in practice”.70 Such cooperation agreements shall be in place not only with other banking regulators, but also with all authorities “with responsibility for the safety and soundness of […] other financial institutions and/or the stability of the financial system”.71 Against this background, supervisory systems characterized by a high number of regulators—all equipped with investigative and sanctioning powers, and granted with jurisdictions not clearly separated one from the other—may pose substantive issues of (non-) compliance with the parameters established by the Basel Committee.72 At first glance, Core Principle 3 appears to set standards more critical for the US supervisory system than for the European one.

 Concluding on an overall sufficient level of independence and accountability for the SSM, Masciandro et al. (2014), p. 24 et seq. 67  Cf. also Core Principle 3 – Essential Criterion 3. 68  Cf. Core Principle 3 – Essential Criteria 3-4. 69  Cf. Core Principle 3 – Essential Criterion 4. 70  Cf. Core Principle 3 – Essential Criteria 1-2. 71  Cf. Core Principle 3 – Essential Criterion 1. 72  For an overview on main critical issues in multi-disciplinary (administrative and criminal law) cooperation in the US and in the EU, see above Sect. 2.3.4. 66

6.1 Banking Supervision and the BCBS Core Principles: Defining Effective…

175

Indeed, the regulatory model overseas presents not only a distinction—and sometimes a duplication—between local and federal level, but also an organization that distributes competences among different agencies73 according to the type of the activities exercised by the controlled entity (deposit funds, bank holding companies, credit unions, commercial and investment banks, and so on), perhaps without taking in due account that, following the deregulatory reforms of the 1980s and 1990s, several concerns may be raised as to whether this criterion is still capable to adequately classify financial institutions. At the academic level, the multiplicity of supervisory authorities has been differently interpreted, giving rise to opposite orientations. Some scholars consider the overlapping of regulatory agencies as a detrimental fragmentation that is weakening the public oversight on matters that require a sharper and coordinated response; others believe it to be a fruitful abundance, necessary and needing to be further developed to encourage virtuous competition and make regulators more responsive to the proliferation of financial malpractices and crimes.74 While in theory both arguments may be sustained, in practice the option in favour of competition among regulators may have lost some of its charm in the last decade. The issue is again well showed by the OTS misfunctioning example. As discovered in the course of the Senate Committee investigations, in fact, the policy of this Office was not limited to a guilty indulgence towards its controlled entities: It but resulted also in such a positive obstructive behaviour against the fellow “competitors” (FDIC examiners), with whom the OTS was sharing its oversight task, that the relationship between the two agencies has been formally targeted as a “turf war” ended with a “hasty seizure and sale”.75  Cf. Wymeersch (2007), p. 53; for an overview of all main federal US financial regulators, cf. Chap. 5. 74  In favour of a reduction of the number of regulators see, e.g., U.S. Senate Permanent Subcommittee on Investigations (2011), p. 36; Myers (2011); on the opposite view a consistent part of the US scholars: Romano (2001), Kane (1984) and Kupiec and White (1996); also to avoid that a single regulator monopoly may be affected by excessive power, cf. Llewellyn (1999) and Briault (1999). 75  Cf. U.S.  Senate Permanent Subcommittee on Investigations (2011), pp.  177 and 198 et seq.: “Beginning in 2006, OTS management expressed increasing reluctance to allow FDIC examiners to participate in WaMu […] OTS officials employed a variety of tactics to limit the FDIC oversight of the bank, including restricting its physical access to office space at the bank, its participation in bank examinations, and its access to loan files. In July 2008, tensions between the FDIC and OTS flared after the FDIC sent a letter to OTS urging it to take additional enforcement action […] OTS not only rejected that advice, but also expressed the hope that the FDIC would refrain from future unexpected letter exchanges. In a separate email, Scott Polakoff, a senior OTS official called the FDIC letter inappropriate and disingenuous […] OTS even went so far as to limit the FDIC’s physical access to office space, as well as to needed information, at WaMu’s new headquarters. […] OTS also restricted the FDIC’s access to an important database that all examiners used to review WaMu documents […] from July until November 2006, a period of about four months, the FDIC examiners were denied access to both office space on the bank’s premises and the examiner’s library. At the same time OTS was withholding office space and database access from the FDIC examination team, it also, for the first time, refused an FDIC request to participate in an OTS examination of WaMu”; see also p. 208: “The WaMu case history demonstrates how important it is for our federal regulators to view each other as partners rather than adversaries in the effort to ensure the safety and soundness of U.S. financial institutions”. 73

176

6  The Hybrid Nature of Banking Supervision

The picture under this profile was not really significantly improved by the fact that several Memoranda of Understanding to enforce the efficiency of the system and regulate the dissemination of information among supervisory agencies, have been agreed upon among US banking regulators. These Memoranda play a particularly relevant role in financial investigations, for instance requiring that, when reasonable suspicions of a crime are raised, all related information may freely circulate among administrative and criminal agencies, without any possibility to oppose effective restraints, for instance related to privacy protection.76 Most of financial institutions active in the market of subprime mortgages and their derivate financial products in the early 2000s, such as banks (e.g Bank of America, Citigroup, J.P.  Morgan-Chase, Wells Fargo), thrifts (for instance Countrywide Financial Corporation, IndyMac Bank, Washington Mutual Bank) and security firms (like Bear Stearns, Goldman Sachs, Lehman Brothers, Merrill Lynch, Morgan Stanley, but also asset management arms of large banks, as Citigroup, Deutsche Bank, and again J.P. Morgan-Chase), were actually operating under the constant oversight of federal supervisory regulators while engaging in increasingly high risk financial operations, and potentially criminal conducts, that led to the burst of the financial crisis. As reported by the US Senate, in fact, “in the area of high risk mortgage lending, for example, bank regulators allowed banks to issue high risk mortgages as long as it was profitable and the banks quickly sold the high risk loans to get them off their books. Securities regulators allowed investment banks to underwrite, buy, and sell mortgage backed securities relying on high risk mortgages, as long as the securities received high ratings from the credit rating agencies and so were deemed “safe” investments. No regulatory agency focused on what would happen when poor quality mortgages were allowed to saturate U.S. financial markets and contaminate RMBS and CDO securities with high-risk loans. In addition, none of the regulators focused on the impact derivatives like credit default swaps might have in exacerbating risk exposures, since they were barred by federal law from regulating or even gathering data about these financial instruments”.77 The situation in the US does seem significantly improved in the aftermath of the post-crisis reforms. Similarly to other critical profiles mentioned above, in fact, also the criticism arising from agencies overlapping was not satisfactorily tackled in the 2010 Dodd-­Frank Act, which on the point appears quite inconclusive. Indeed, whilst the Act, from one side, abolished an ineffective regulator as the OTS, on the other side, it also increased the number of competent federal supervisory agencies, potentially boosting rather than reducing, the overlapping phenomenon.78  Cf. Lambrakopoulos et al. (2017), p. 11.  All references may be checked in the result of the investigations carried on by U.S.  Senate Permanent Subcommittee on Investigations (2011), p. 41. 78  Cf. Sect. 5.4. 76 77

6.1 Banking Supervision and the BCBS Core Principles: Defining Effective…

177

6.1.3  D  issemination of Collected Information Within the Single Supervisory Mechanism: Overview of Main Critical Issues Against the complexity of the US regulatory model, the European Union supervisory system resulting from the 2011–2015 reforms and based on the Single Supervisory Mechanism may appear quite straightforward, finally seeking for a more effective centralized oversight, and certainly achieving an improvement if compared to the previous highly fragmented national supervisory practice and regulations.79 Nonetheless, also within the Banking Union, several are the lacunas and discrepancies, which are raising the very same critical questions described in the US supervisory model. First, while the European System of Financial Supervision (ESFS) and the whole apparatus for bank crises management (SRM, SRF, EDIS and DGS80) apply to all 28 EU Member States, the Single Supervisory Mechanism is in principle operational only in 19 States (the Eurozone),81 and thus has to cooperate with both the ESFS and national supervisory authorities for what exceeds its direct competences (for instance, if on-site inspections need to be carried out on a branch of a supervised credit institution located outside the participating Member States). Moreover, even within its limited jurisdiction, the SSM is not providing for a form of supervision completely alternative to banking national regulators. The latter indeed retain relevant competences towards all less significant institutions (which operate in the same financial market of significant ones), in the exercise of the (indirect) sanctioning powers ex Article 18(5) SSM R, and in fundamental areas such as AML/CFT and consumer protection policies (not to mention in the relationships with domestic judicial authorities). The ECB has therefore to heavily rely on the cooperation with national supervisors; good relationships with the NCAs are necessary also in the aforementioned case of Article 9(1) SSM R, where the SSM sends binding instructions to national authorities.82 In such a composite framework, it is then understandable why a significant part of the SSM Regulations aims at reinforcing forms of cooperation among and towards national authorities, and also why, even if the Banking Union system inaugurated a model grounded on the action of the Single Supervisory and Resolution Mechanisms, the (pre-existing) European Banking Authority maintains a relevant role in facilitating inter-agency relations.83  Cf. above Chap. 4; cf. Shapiro (1997); Brodowski (2011).  Cf. above Sect. 4.1. 81  Besides for the possibility for States externals to the Eurozone to participate in the ECB centralized supervision, cf. Article 7 SSM R. Cf. above, Sect. 4.2. 82  Cf. Sect. 4.4.1. 83  Cf. Chapter II SSM R, and from Part V on of the SSM FR. On the role of EBA in the Banking Union, see also Cappiello (2015); Gortsos (2016), p. 277 et seq. Cf. also Sect. 4.2. 79 80

178

6  The Hybrid Nature of Banking Supervision

Against this background, compliance with Core Principle 3 requiring effective cooperation networks represents a main challenge for banking regulators in Europe too, and especially for the Single Supervisory Mechanism. Indeed, critical issues on cooperation for this authority do not exclusively derive from the BCBS Core Principles, but arise also within the same scope and mandate of the SSM, and in particular from the provisions in the SSM Regulations concerning information sharing. A thorough analysis of these problems—mostly due to the uncertainties related in EU law to the protection of professional secrecy, and the recognition of privileges and immunities to the ECB members of staff, still in lack of specific case-law on the matter84—exceeds the remit of this work.85 Even from a necessarily synthetic overview, however, it can be noticed how the complex relationships surrounding the activity of the SSM raise serious questions as to whether the cooperation network in which the Mechanism operates may be considered “effective”.86 Indeed, according to Article 20 SSM FR, the ECB and the NCAs shall cooperate in good faith, and be subject to an obligation to share information among each other on an on-going basis.87 The exchange of confidential information is regulated by Articles 53–62 CRD IV/V, according to which the latter could be used only for a limited list of purposes related to supervisory activities.88 In general, however, the obligation to provide information to, or to exchange information within the SSM, prevails over professional secrecy. In case of third parties, protection of confidentiality follows the rules established by Articles 431 and 432 CRR, which allow banking supervisors to partially omit the disclosure of such information to the public. Dissemination of confidential information with supervisory authorities or with other authorities or bodies located in third countries is instead regulated by specific bilateral cooperation agreements (Memoranda of Understanding—MOUs) with the SSM or the NCAs.89  Even though cases already occurred in practice. The reference goes to the seizure of ECB documents and computer hardware, carried out by Slovenian authorities on July 6th 2016, as part of a national investigation against central bank officials, while the ECB had not given prior authorization for it. For that, in May 2017 the Commission has started an infringement procedure against Slovenia, cf. https://www.reuters.com/article/us-eu-slovenia-ecb/eu-executive-acts-against-slovenia-over-ecb-data-incident-idUSKBN18117A. Accessed 20 July 2018. 85  The issue of professional secrecy however is dealt with, in the analysis of the privilege against self-incrimination in SSM supervisory proceedings applying punitive administrative sanctions cf Sects. 6.3.5 and 6.3.6. Both the issues of professional secrecy and ECB staff immunity have been raised by Allegrezza and Rodopoulos (2017). On this issue, see also Athanassiou (2011); D’Ambrosio (2015); Arons (2015), p. 469 et seq. For the role of confidentiality in the exchange of information between FIUs, see above, Sect. 3.3. 86  See, e.g., Chiu (2016), p. 67 et seq.; Kern (2016), p. 253 et seq. 87  Cf. also Article 21 SSM R. 88  Cf. Article 54 CRD IV. 89  Cf. Article 55 CRD IV/V and Article 3(6) SSM R. The ECB has signed MOUs with several thirdparties, such as Banco Central do Brasil, or the Central Bank of the Republic of Turkey. 84

6.1 Banking Supervision and the BCBS Core Principles: Defining Effective…

179

Such Memoranda, to be reviewed on a regular basis, shall assure that disclosure of confidential information may occur only subject to a guarantee that professional secrecy requirements in that third country are at least equivalent to those established by CRD IV/V. In any case, information may be shared only to perform the supervisory tasks of those authorities or bodies. Where the information originates in another Member State, the dissemination also requires the express agreement of the authorities which have originally disclosed it.90 Lastly, following Article 57 CRD IV/V, in case of breaches of company law, and to strengthen the stability and integrity of the financial system, relevant information may be shared also with authorities or bodies responsible for the detection and investigation of such breaches. In particular, according to Article 71 CRD IV/V, banking supervisors shall establish “effective and reliable mechanisms to encourage reporting of potential or actual breaches” to the competent authorities. Under this profile, if, carrying out its tasks under the SSM Regulation, the ECB has reason to suspect that a criminal offence may have been committed, the latter is subject to internal and external reporting obligations. At the internal level (i.e. within the EU institutional framework), the ECB has to report suspicions of illegal activity to the European Anti-fraud Office (OLAF), whose competence extends also on the European Central Bank.91 Such reporting duty has been detailed in ECB Decision 2016/456 of 4 March 2016, which at Article 3 requires the ECB to report to OLAF, without delay, any information which gives rise to a suspicion about the existence of possible cases of fraud, corruption or any other illegal activity affecting the Union’s financial interests.92 Normally, any member of the ECB staff who becomes aware of the suspicions (including temporary personnel, or members of staff of national competent authorities who are part of joint supervisory teams and on-site inspection teams, in matters related to their work for the ECB) shall hierarchically made such report to either the Director Internal Audit, the senior manager in charge, or the member of the Executive Board who is primarily responsible for his/her business area. The ­latter persons shall then “without delay transmit the information to the Director-­ General Secretariat”, that shall, again without delay, transmit it to OLAF.93 In case there are “justified reasons” to consider that in practice the hierarchical referral mechanism would not work properly, and there is “concrete information supporting the possible existence” of illegal activities internal to the ECB, the report may be done directly to OLAF, skipping internal controls.94  Cf. Article 55 CRD IV/V.  Cf. note 29. 92  Decision (EU) 2016/456 of the European Central Bank of 4.03.2016 concerning the terms and conditions for European Anti-Fraud Office investigations of the European Central Bank, in relation to the prevention of fraud, corruption and any other illegal activities affecting the financial interests of the Union (ECB/2016/3). 93  Cf. Decision (EU) 2016/456, Article 3(1) and (3). 94  Cf. Decision (EU) 2016/456, Article 3(4). 90 91

180

6  The Hybrid Nature of Banking Supervision

Deviations from this standard procedure may be found only in exceptional cases, (but rather broad) where the sensitivity of the information “could seriously undermine the ECB’s functioning”, such as when the information concerns: Supervisory tasks; the stability of the financial system or individual credit institutions; monetary policy decisions; operations related to the management of foreign reserves and interventions on foreign exchange markets; or the euro banknotes’ security features and technical specifications.95 In these cases, the decision to exchange relevant information with OLAF shall be taken by the Executive Board. On the other side, on an external, or vertical dimension (ECB-Member States), if reason to suspect that a criminal offence may have been committed emerges, the SSM is subject only to an indirect duty to refer the matter to judicial authorities. According to the already mentioned Article 136 SSM FR,96 the SSM is not subject to direct referral duties before to national judicial authorities, but it “shall” request the competent NCA to do so, in accordance with national law. In particular, from the wording of this provision, it seems that the ECB is under the obligation to make a referral to the NCA (“shall”), while whether the latter enjoys discretion or not in reporting suspicious information to judicial authorities remains a matter subject to the rules in the applicable national regulation.97 The opposite case in which disclosure of information is requested by national judicial investigating authorities, is instead dealt with by ECB Decision 2016/1162 of 30 June 2016 on disclosure of confidential information in the context of criminal investigations.98 According to it, ECB, NCAs and judicial authorities shall act in respect of the general principles of sincere cooperation and good faith, which represent a corner stone of the EU legal framework.99 Against this background, Article 2 of the Decision specifies that, when requests concerning supervisory or other ECB tasks are received by the ECB, the response shall be provided by the competent NCA on behalf of the ECB. Information may be disclosed if that is due to an expressed obligation under Union or national law, or if that is admissible under the relevant legal framework and “there are no overriding reasons for refusing” to do so, such as “the need to safeguard the interests of the Union or to avoid any interference with the functioning and independence of the ECB, in particular by jeopardising the accomplishment of its tasks”.

 Cf. Decision (EU) 2016/456, Article 4, and Recital (9).  Cf. Sect. 4.4.3; and below, Sect. 6.3.5–6.3.6. 97  Comparative analysis shows that in a majority of Eurozone countries, NCAs are under an obligation to report suspicions of a crime emerged during their supervisory activity to the competent judicial authorities (AT, BE, DE, FR, IE, LU, and de facto IT), while in a minority of countries NCAs retain margin of discretion in whether to inform the judicial authorities (EL, NL). Cf. Lasagni and Rodopoulos (2019). 98  Decision (EU) 2016/1162 of the European Central Bank of 30.06.2016 on disclosure of confidential information in the context of criminal investigations (ECB/2016/19). 99  Cf. Decision (EU) 2016/1162, Recitals (3) and (8). 95 96

6.1 Banking Supervision and the BCBS Core Principles: Defining Effective…

181

In this regard, it has been underlined that reporting obligations deriving from Decision 2016/1162 appear inconsistent with the ECB reporting obligations deriving from Article 9(1) SSM R, according to which the SSM “shall have all the powers and obligations, which competent and designated authorities shall have under the relevant Union law, unless otherwise provided for by this Regulation”.100 Indeed, while the SSM Regulation seems to equalize the position of the SSM with that of NCAs (including a duty to report suspicions of crime to judicial authorities, where so provided at national level), Decision 2016/1162 leaves much more discretion to the ECB. This discretion, moreover, does not find its legal bases in the SSM Regulation, requested under Article 9 SSM R, but by a subsequent ECB Decision. Both in this case, and when reporting duties apply at the internal level (OLAF), critical issues arise also with regard to the immunity recognized to the ECB/SSM members of staff. The scope of such immunity shall be measured with regard to EU law101 as interpreted by the Court of Justice, and (especially until a solid SSMrelated case-­law will be developed by the CJEU) taking into account the jurisprudence provided for by the ECtHR and national courts on the matter.102 At present, useful indication about the SSM scope of the discretion in refusing the production of documents to judicial authorities may be found in the 1990 CJEU Order in Zwartveld, concerning the request of a Dutch prosecutor to disclose both inspection results gathered by the Commission in the field of fish market, and the identity of the inspectors.103 In that case, the Court recognized to the Commission the discretion to refuse documents production “to a national judicial authority on legitimate grounds connected with the protection of the rights of third parties or where the disclosure of this information would be capable of interfering with the functioning and independence of the Community, in particular by jeopardizing the accomplishment of the  Cf. Allegrezza and Rodopoulos (2017), p.  246, according to which “it is noteworthy that no limitations of liability or immunities of the ECB and the SRB are provided for by the texts, despite similar provisions that are found in national legal systems with regard to national supervisory authorities. However, according to opinions expressed in the doctrine, limitations can be justified, either on the legal basis of ‘the general principles common to the laws of the Member States’, or the criterion of ‘sufficiently serious violation’, as this has been formed by the CJEU case law”. 101  Including Articles 274 and 343 TFEU; Article 39 of the ECB Statute (Protocol no. 4 to the TFEU); Protocol No. 7 to the TFEU On the Privileges and Immunities of The European Union; Regulation (EU, Euratom) No 883/2013 (OLAF Regulation); and the Headquarters Agreement between the Government of the Federal Republic of Germany and the European Central Bank concerning the seat of the European Central Bank, of 18.09.1998 [SEC/GovC/4/98/07]. 102  See, e.g., ECtHR, Waite and Kennedy v. Germany, 18.02.1999, Application No. 26083/94, § 63; and Greenpeace Nederland and Procurator General at the Supreme Court of the Netherlands (intervening) v Euratom, Judgment on Appeal in Cassation, Decision No LJN: BA9173, RvdW (2007) No 992, NJ 2008, 147, ILDC 838 (NL 2007), 13.11.2007, (Netherlands Supreme Court), where the immunity was refused on the basis that functional immunity test requires it to assess “whether or not the acts in question are immediately connected to the tasks entrusted to the organisation”. 103  J.J.  Zwartveld and Others, Case C-2/88 Imm., Order of the Court of 6.12.1990, ECLI:EU:C:1990:440. 100

182

6  The Hybrid Nature of Banking Supervision

tasks entrusted to it”,104 only as long as the Commission was able to provide concrete, reasoned and specific evidence of these risks.105 On the other side, according to Decision 2016/1162, when the request is received by an NCA and when the information required “is material, or that disclosure thereof has the potential to adversely affect the reputation of the SSM”, the NCA is under the obligation to seek the ECB advice on whether it is appropriate to comply with the request, informing it in a timely manner, and “in any event, before providing a final response” to the judicial authorities.106 Here, it is the position of NCAs that appears particularly critical: In fact, on one side, the NCA shall presumably follow the advice of the ECB on whether to comply or not with the request, but on the other side, refusal to provide the information may be considered as a crime by national legislation.107 A last relevant issue which shall be highlighted with regard to cooperation networks in SSM supervisory proceedings concerns the uncertainties about the standards of admissibility within administrative proceedings for information collected under criminal procedural rules, and vice versa.108 The first hypothesis results less critical under a strict criminal law perspective, since guarantees for defendants in criminal investigations are usually higher than those established in administrative proceedings. This situation has been considered by the Court of Justice in its 2015 decision WebMindLicence, concerning the use of information collected through wiretapping, and the seizure of e-mails (this latter lacking the necessary judicial authorization) during criminal investigations in a tax administrative proceeding.109 In this case, the Court indicated that not only the proportionality of investigative measures shall be assessed to determine the legitimacy of limitations to a fundamental right enshrined in the Charter (Article 7, in the specific case). Moreover the same test shall be applied also to assess the “use” of the evidence so obtained at trial.110  Id., § 11.  Id., §§ 11-13. 106  Cf. Decision (EU) 2016/1162, Article 3. 107  As it is, for instance, the case of Banca d’Italia, according to Article 7(1)(2) of Legislative Decree no. 385, of 1.09.1993 (“Testo Unico Bancario”-TUB). 108  For a general framework of critical issues on the matter, see above, Sect. 2.3.4. 109  WebMindLicenses kft v Nemzeti Adó- és Vámhivatal Kiemelt Adó- és Vám Főigazgatóság, Case C-419/14, 17.12.2015, ECLI:EU:C:2015:832. 110  Id., § 80, as highlighted by Tesoriero (2016), p. 1542 et seq. While the Court affirms this principle with regard to transversal cooperation (administrative and criminal trial), it remains open the question whether the same test shall be applied also within the same (administrative or criminal proceeding). In case of a positive answer, it should then be necessary to examine separately not only whether the investigative measure is in itself within the limits of Article 52(1) CFREU, but also if the admission of that evidence at trial is in compliance with the same parameters. Among the authors highlighting also the critical issues emerging from the lack of shared standards of defence rights see, e.g., Gless (2013), p. 90; Klip and Vervaele (2002); Ruggeri (2015), p. 147 et seq.; Caianiello and Di Pietro (2016); Mangiaracina (2004), p. 2194; Di Federico and Di Chiara (1994); Traverso (1997); Allegrezza (2008a); Kostoris (2017). 104 105

6.1 Banking Supervision and the BCBS Core Principles: Defining Effective…

183

The CJEU concluded that the administrative court receiving such information “must be able to verify whether the evidence on which that decision is founded has been obtained and used in breach of the rights guaranteed by EU law and, especially, by the Charter. That requirement is satisfied if the court hearing an action challenging the decision […] is empowered to check that the evidence upon which that decision is founded”.111 The receiving court, therefore, shall proceed with a double proportionality test: First to verify whether the measures adopted to obtain the information did not go beyond what is necessary to pursue the objective of general interests protected by criminal proceeding; and afterwards, to verify whether its admissibility is proportionate with the aim of the administrative proceeding, in the sense that the information could not have been obtained by means of investigation that interfere less with the rights at stake.112 This double-proportionality test, as it has been underlined, may be applied also in the opposite case, much more critical in terms of fair trial rights protection, that is when the information is transmitted from an administrative authority, e.g. a banking supervisor, to judicial ones.113 In this case, in fact, effective dissemination of information could be impaired by criminal procedure rules on the admission of evidence, according to which (in principle) information cannot be used in criminal proceedings if it has been collected at administrative level in violation of “core” procedural fair trial rights.114 Even besides for any consideration on the substantive nature of certain supervisory sanctions,115 this is therefore a first reason why administrative authorities, including the ECB in its supervisory capacity, shall take fundamental criminal pro Id., §§ 86-89.  Id., §§ 75 and 82. 113  Cf. Tesoriero (2016), p. 1540. 114  In this sense, while all procedural rights provided for by Articles 6 ECHR and 47-48 CFREU are fundamental fair trial rights, “core” procedural fair trial rights are considered only those whose violation is never tolerated by the case-law of the European Courts (for the time being, especially by the ECtHR—although without that necessarily meaning the application of exclusionary rule, since the Court in Strasbourg has never recognized automatic exclusions besides for violations of Article 3 ECHR—on this see below Sect. 6.3.5). Lacking a shared notion of what exactly this “core” is composed of, in this work this expression is used to refer to those procedural rights which apply to every proceeding, regardless of its nature (Article 41 CFREU), plus those of Article 6 ECHR (and their correspondents in Articles 47-48 CFREU) that the ECtHR has selected as essential to be complied with also in case of administrative proceedings with substantive criminal nature according to the Engel criteria. This definition allows a general identification of the “core” rights, but critical issues still remain open concerning then the precise identification, within each of these rights, of the procedural rules that identify the “core” of each of these rights (e.g., in the privilege against self-incrimination, is it enough to be able to exercise the right, or also being informed of the possibility to remain silent is indispensable not to violate the “core” of this right?). This highly critical problem is not solved in general terms in this work, but a proposal of which are the “core” procedural rights, also in their more detailed application, shall be complied with in the sanctioning proceedings of the Single Supervisory Mechanism, is carried out below, in Sect. 6.3. 115  Cf. below, Sect. 6.2. 111 112

184

6  The Hybrid Nature of Banking Supervision

cedural rights into account: Not doing so, could not only prevent the supervisor from operating within an “effective network of cooperation”, as required by Basel Core Principle 3. It could also affect the efficiency of information exchange precisely in the most serious cases, where violations are so severe to require the intervention of judicial authorities. Lastly, and contrary to the US, in the EU, the relatively recent establishment of a single supervisor may also present critical issues concerning cooperation under a rather peculiar point of view. A short-term perspective, in fact, sees an oversight on major European banking groups that is no more exercised by NCAs, while the SSM—already operative—is still struggling on several fronts to get effective. Integrating its internal legal framework to cover all (or at least most) aspects of a complex system of banking supervision; gathering the adequate resources to perform its tasks (especially in terms of personnel); trying to establish effective forms of cooperation with the NCAs, that have to acquire a “secondary” role where they first had exclusive competence, and establish relations with third countries supervisory authorities (such as the US), and with the supervised credit institutions themselves (which in some cases challenged the ECB before the Court of Justice to precisely to avoid its supervision116): These are all challenges that still engage the ECB after almost five years from the establishment of the SSM. Taking into account the necessary time frame to achieve so, the EU, and especially the Eurozone shall not therefore underestimate the risk of temporary lacunas or blind spots in banking supervision, to avoid the whole SSM system to be torn to shreds from its very outset.

6.2  B  anking Supervisory Sanctions in the EU: A New Field of Criminal Law? Both in the EU and in the US, banking supervision is a matter clearly regulated under the label of administrative law. Supervisory sanctions, therefore, formally have an administrative nature. This choice finds confirmation also in the Regulations of the Single Supervisory Mechanism, which entitles the ECB to impose only administrative penalties117).  Cf., recently, Landeskreditbank Baden-Württemberg  - Förderbank v European Central Bank, Case T-122/15, 16.05.2017, ECLI:EU:T:2017:337 and also, although on different grounds, Crédit mutuel Arkéa v European Central Bank, Case T-712/15, 13.12.2017, ECLI:EU:T:2017:900 currently appealed before the ECJ, see Crédit mutuel Arkéa v ECB, Case C-152/18 P, 20.04.2018; and Crédit mutuel Arkéa v European Central Bank, Case T-52/16, 13.12.2017, ECLI:EU:T:2017:902, currently appealed before the ECJ, see Crédit Mutuel Arkéa v ECB, Case C-153/18 P, 23.02.2018. Interestingly, however, the number of credit institutions subject to direct ECB supervision has decreased since the Mechanism entered into force in 2014. 117  This option is provided for by Article 65 CRD IV, as described above in Sect. 4.3–4.4. This limitation that, as previously discussed, may become critical in case Member States would decide to 116

6.2 Banking Supervisory Sanctions in the EU: A New Field of Criminal Law?

185

As renowned however, at least in Europe the classification made at statutory level represents only a residual criterion to determine the nature of a sanction, due to the substantial interpretation of matière pénale, developed by the Court in Strasbourg with the Engel doctrine.118 This case-law results particularly relevant for the system(s) of European banking supervision as, thanks to its adoption by the Court of Justice in the landmark cases Hüls AG, Spector, Bonda and Fransson discussed above,119 this doctrine is today applicable not only under before the ECtHR, and toward sanctions imposed at national level, but also to penalties imposed by European institutions, bodies and agencies, even in lack of any formal accession of the Union to the Convention (although until then, the CJEU remains the only court with jurisdiction on the matter). Examining the penalties contained in CRD IV/V120 as well as the SSM supervisory and sanctioning powers121 in light of the second (nature of the offence) and the third (severity of the penalty) Engel criteria, several hints emerge which lead to conclude that, besides for their formal classifications, some of the sanctions imposable in this supervisory legal framework de facto possess a criminal nature.122 In this sense, it is worth reminding that the Court in Strasbourg and the Court of Justice do not distinguish between natural and legal persons in the application of the Engel doctrine, and, especially for Strasbourg, several are the cases in which fair trial rights deriving from a substantial approach to the definition of criminal matter have already been recognized to legal persons.123 Under the first Engel criterion, SSM and CRD IV/V supervisory sanctions seem to well fit in the parameters, previously described, developed by the ECtHR to describe a substantially criminal “nature of the offence”.124 First, CRR and CRD IV/V request all banks in the EU to adopt certain prudential conducts in the management of their activities; breaches of such standards may then transpose the sanctioning provisions of CRD IV through criminal law provisions, as allowed by the Directive. 118  As already analysed in Sect. 2.3. On the impact and relevance of the Engel case-law in banking matters, see D’Ambrosio (2016), p. 1031 et seq. In general terms, see Trechsel (2005), pp. 14–30; Ubertis (2009), p. 25 et seq.; van Dijk (2006), pp. 543–554; Lupária (2017), p. 940. 119  Hüls AG, Case C-199/92, § 150; Spector, Case C-45/08, § 42; Bonda, Case C-489/10, §§ 36; Fransson, Case C-617/10, §§ 35-37, as analysed in Sect. 2.3. 120  As described in Sect. 4.3. 121  As described in Sects. 4.4.1 and 4.4.2. 122  On the general classification of supervisory sanctions in light of the Engel case-law, see De Moor Van Vugt (2012), p. 5; D’Ambrosio (2013), p. 9. 123  Cf. for the CJEU, Spector, Case C-45/08, § 42; for the ECtHR see, e.g., Société Stenuit v. France, 27.02.1992, Application no. 11598/85, § 7, with regard to the Commission report of 30.05.1991; Menarini Diagnostics S.r.l., § 44; Lilly France S.A. v. France; Didier v. France (dec.), 27.08.2002, Application no. 58188/00; Dubus SA, § 36. See also Jones and Sufrin (2016), p. 895; Andreangeli (2008), pp. 17–18. For more on locus standi of legal persons under the Convention see Zwaak (2006), pp. 52–55 and with regard to the application of the Engel criteria, p. 552. See also Slater et al. (2008), p. 18. Analysing the privilege against self-incrimination for legal persons, Sect. 6.3.5. 124  Cf. Sect. 2.3.

186

6  The Hybrid Nature of Banking Supervision

be sanctioned by Member States or, within its competence, by the ECB, applying the national transpositions of CRD IV/V. Second, such supervisory sanctions are undoubtedly also the result of supervisory IV/V proceedings “instituted by a public body with statutory powers of enforcement”, and in particular as established by CRD IV/V or in the SSM Regulation.125 Moreover, in the wording of the Court, these provisions enjoy a “generally binding character” within their field of application,126 and prescribe “conduct of a certain kind” which seek “to punish as well as to deter”, making “the resultant requirement subject to a sanction that is punitive”.127 Lastly, the imposition of any sanction by the SSM is “dependent upon a finding of guilt”, another clue identified by the ECtHR as symptom of the substantive criminal nature of a provision.128 Against this background, substantial criminal nature may hence be recognized to the sanctions provided for by Article 18(1) and, indirectly, by Article 18(5) SSM R, which clearly state that penalties may be imposed upon credit institutions which “intentionally or negligently, breach a requirement”.129 A similar deduction may be drawn also for the sanctions consisting in the publication of the penalties imposed, provided for by Articles 18(6) SSM R and 68 CRD IV/V, as well as to the other “naming and shaming” provisions of Articles 66(2)(a), 1a, Regulation 2532/98, and 67(2)(a) CRD IV/V.130 In all these cases, in fact, the negative reputational effects pursued by the sanctions appear to serve punitive and deterrent, rather than restorative aims,131 which extend its effects (reputational, but also financial) directly towards the offender and indirectly towards other credit institutions, influencing their future behaviours. This conclusion is further supported by those who highlighted how the publication is inextricably linked with the administrative fine imposed, of which it represents a mere “corollary”.132 Following this interpretation, at least in those cases where the administrative fine is recognized substantial criminal nature, the same should apply also for its publication.133  Benham v. the United Kingdom, § 56.  Bendenoun v. France, § 47. 127  Öztürk v Germany, § 53; Grande Stevens, § 96. 128  Cf. Sect. 2.3. 129  Cf. Sect. 4.4.2. 130  Consisting of “a public statement which identifies the natural person, institution, financial holding company or mixed financial holding company responsible and the nature of the breach”, cf. also above, Sects. 4.3 and 4.4.2. 131  Cf. D’Ambrosio (2013), p. 25. 132  In this sense, Opinion of Advocate General Mengozzi in Case C-203/12, Billerud Karlsborg AB, Billerud Skärblacka AB v. Naturvårdsverket, delivered on 16.05.2013, ECLI:EU:C:2013:320, § 31. 133  Cf. Id., Opinion in Case C-407/14, María Auxiliadora Arjona Camacho v. Securitas Seguridad España, SA, delivered on 3.09. 2015, ECLI:EU:C:2015:534, note 40, which includes “naming and shaming” provisions among the “range of penalties” available to Member States; at academic level, see, e.g., Doorenbos (2007), p. 88, referring to ECtHR decisions: O. v. Norway, 11.02.2003, Application no. 29327/95; Ringvold V. Norway, 11.02.2003, Application no. 34964/97; Hammern 125 126

6.2 Banking Supervisory Sanctions in the EU: A New Field of Criminal Law?

187

Even more evident hints that some supervisory sanctions present a substantial punitive nature raise in the application of the third Engel criterion, concerning the severity of the penalty that the person concerned risks incurring. In this sense, reference shall be made to the amounts and potential impact of supervisory penalties upon the budget of supervised entities,134 alone or in combination with other disciplinary (or, as called in the SSM Regulations, “supervisory”) sanctioning powers. In Öztürk v. Germany, in fact, the ECtHR clearly stated that the criminal nature of a sanction is not automatically excluded by the fact that an offence is not punishable by imprisonment,135 and indeed both the ECtHR and the CJEU have repeatedly recognized criminal nature to pecuniary administrative sanctions imposed by administrative authorities with jurisdiction in tax law,136 as well as in economic and financial law, such as the Italian regulatory authority for market and competition137; and, in France, the sanctions committee of the financial market supervisory ­authorities138; the Competition Commission139; the Financial Markets Board,140 and the Disciplinary Offences (Budget and Finance) Court.141 In some cases, the assessment of the Court in Strasbourg referred to sanctioning proceedings especially comparable to the one carried out by the SSM. That is, for instance, what happened in the case of the then existing French Commission bancaire in Dubus S.A. v France.142 According to former Articles L. v. Norway, 11.02.2003, Application no. 30287/96; Pfaeltzer (2014), pp.  144–145, according to which “After all, in its decision to impose an administrative fine, the supervisor indicates that the sanction will be published. This indication implies that the decision to publish has been made together with the decision to impose the fine. As a result, the administrative fine and its publication each have a punitive character”. 134  On the possibility of considering the sanction pénale depending on the “nature, as significant or less significant, of the bank concerned”, see D’Ambrosio (2013), p. 27; on the same line, in general terms, Trechsel (2005), p. 24, but see also p. 26. For a more detailed analysis of the third Engel criterion, see above, Sect. 2.3. 135  Öztürk v. Germany, § 53; Nicoleta Gheorghe v. Romania, § 26, according to which “la requérante n’encourait plus une peine d’emprisonnement à l’époque des faits. Cela n’est toutefois pas déterminant en soi aux fins de l’applicabilité du volet pénal de l’article 6 de la Convention car, comme la Cour l’a souligné à maintes reprises, la faiblesse relative de l’enjeu ne saurait ôter à une infraction son caractère pénal intrinsèque”. 136  Cf., recently, for the ECtHR, A and B v. Norway, and Jóhannesson and others v Iceland; for the ECJ see e.g. Fransson, Case C-617/10, §§ 35-37; Bonda, Case C-489/10, §§ 36-46. 137  Menarini Diagnostics S.r.l., § 44. 138  Messier v. France (dec.), 19.05.2009, Application no. 25041/07, § 35. 139  Lilly France S.A. v. France. 140  Didier v. France. 141  Guisset v. France, 26.09.2000, Application no. 33933/96, §59. For a more detailed recollection of cases on the matter, see, e.g., Trechsel (2005), pp. 23–24; van Dijk (2006), pp. 548–554. 142  Since 2010 joined with the Autorité de contrôle des assurances et des mutuelles, the Comité des établissements de crédit et des entreprises d’investissement, and the Comité des entreprises d’assurances in the new Autorité de contrôle prudentiel et de résolution (ACPR), cf. Ordonnance n° 2010-76 du 21.01.2010 portant fusion des autorités d’agrément et de contrôle de la banque et de l’assurance, NOR: ECEX0929065R, Version consolidée au 04 juillet 2017.

188

6  The Hybrid Nature of Banking Supervision

613-3 and L. 613-21 of the Code monétaire et financier, the Commission, an administrative authority performing supervisory tasks and directly related with the French national central bank,143 was entitled to impose upon its controlled entities disciplinary sanctions144 and/or pecuniary penalties amounting up to the minimum capital required of the legal entity. The substantive nature of these powers was recognized as a coloration pénale by the ECtHR (in line with what previously already acknowledged by the French Conseil d’Etat145), taking into account the notable financial consequences of the applicable sanctions (“De telles sanctions entraînent des conséquences financières importantes, et partant, peuvent être qualifiées de sanctions pénales”146). Similar conclusions were drawn in the 2014 decision Grande Stevens and others v Italy concerning the Italian authority for securities supervision (CONSOB).147 Also in this case, the Court adopted a reasoning which seems to fit rather well also to the case of banking supervision. First, the Court recognized that the general interests pursued by CONSOB—protecting investors and ensuring the effectiveness, transparency and development of the stock markets—are usually protected by criminal law. The Court also noticed that the fines had both deterrent and punitive purposes, and that they were imposed “on the basis of the gravity of the impugned conduct, and not of the harm caused to investors”.148 The ECtHR then examined the nature and severity of the penalty which was “likely to be imposed” on the applicants, taking into account that CONSOB sanctioning powers ranged from disciplinary measures—such as temporary loss of their honour for the representatives of the companies involved; temporary prohibition from administering, managing or supervising listed companies; prohibition from engaging the services of the offender; and temporary ban of the individual’s right to carry out his or her professional activity—to pecuniary fines—which “could go up to EUR 5,000,000 […], and this ordinary maximum amount could, in certain cir Cf. former Article L. 613-3 “La Commission bancaire comprend le gouverneur de la Banque de France ou son représentant, président, le directeur du Trésor ou son représentant le président de l’Autorité de contrôle des assurances et des mutuelles ou son représentant et quatre membres ou leurs suppléants nommés par arrêté du ministre chargé de l’économie pour une durée de cinq ans dont le mandat est renouvelable une fois: 1. Un conseiller d’Etat proposé par le vice-président du Conseil d’Etat; 2. Un conseiller à la Cour de cassation proposé par le premier président de la Cour de cassation; 3. Deux membres choisis en raison de leur compétence en matière bancaire et financière (…)”. 144  Such as “1. L’avertissement; 2. Le blâme; 3. L’interdiction d’effectuer certaines opérations et toutes autres limitations dans l’exercice de l’activité; (…) 6. La radiation (…) de l’entreprise d’investissement de la liste des (…) entreprises d’investissement [agréées] (…). Il en va de même s’il n’a pas été déféré à l’injonction prévue à l’article L. 613-16”, cf. former Article L. 613-21. 145  CE, 29.11.1999, no 194721, Société Rivoli Exchange. 146  Dubus S.A. v France, §§ 36-38: “La Cour est d’avis que la Commission bancaire, lorsqu’elle a infligé à la requérante la sanction du blâme, devait être regardée comme un “tribunal” au sens de l’article 6 § 1 de la Convention”. 147  On the issues, see D’Ambrosio (2017), pp. 1031–1036. Cf. also above, Sect. 2.3.2. 148  Grande Stevens, § 96, and the cases there mentioned. 143

6.2 Banking Supervisory Sanctions in the EU: A New Field of Criminal Law?

189

cumstances, be tripled or fixed at ten times the proceeds or profit obtained through the unlawful conduct”.149 Against this background, the Court considered such penalties of undeniable severity and significant financial implications, capable of compromising the integrity of the persons concerned, and therefore, criminal in nature.150 This case-law was then confirmed by the CJEU in the three 2018 aforementioned decisions, both with regard to the tax matter (Menci) and to the very same CONSOB (Garlsson Real Estate SA, Di Puma-Zecca).151 In light of such case-law, a substantial criminal nature to banking supervisory sanctions may therefore be recognized to Article 18(1) and to the fines imposable under Article 18(7) SSM R,152 where they confer the Single Supervisory Mechanism the power to impose administrative pecuniary penalties of up to twice the amount of the profits gained or losses avoided because of the breach where those can be determined, or up to 10% of the total annual turnover of a legal person in the preceding business year. This conclusion holds true also taking into account that the concrete fines imposed by the ECB might be lower than the maximum amount provided for by the Regulation. Indeed, according to the ECtHR case-law, the severity of the penalty that shall be considered purposes of the Engel test refers to the “maximum penalties which could have been imposed” in abstracto, that is the “degree of severity of the penalty that the person concerned risks incurring”, and the importance of the interests at stake in the proceeding.153 Similar conclusion might be also drawn for Article 66(2), let. c), d) and e), and Article 67(2), let. e), f) and g) CRD IV/V, according to which breaches may be sanctioned by penalties of up to 10% of the total annual net turnover (for legal persons) or up to EUR 5.000.000 (for natural persons), or of up to twice the amount of the benefit derived from the breach where that benefit can be determined (in both cases). In these situations, however, the substantial criminal nature of such provisions needs to be examined also in light of the transposition of CRD IV. While no issue arises in case they are transposed with criminal law provisions, a case-by-case analysis (which goes beyond the remit of this work) at the national level may be required where they have been implemented as administrative sanctions. 154

 Grande Stevens, § 97.  Grande Stevens, §§ 98-99. 151  Menci, Case C-524/15; Garlsson Real Estate SA, Case C-537/16; and Joined cases Di Puma (C-596/16) and Zecca (C-597/16), previously analysed in Sects. 2.3 and 2.3.3. 152  Whose classification as substantially criminal has been so far accepted also at academic level, cf. Allegrezza and Rodopoulos (2017), p. 245; D’Ambrosio (2017), p. 1031 et seq.; D’Ambrosio (2013), p. 26 et seq. 153  Cf., e.g., Campbell and Fell v the United Kingdom, § 72; Demicoli v Malta, § 34; see also Trechsel (2005), p. 24; Harris et al. (2014), p. 376 and case-law there mentioned. 154  for a comparative analysis of banking supervisory enforcement systems in 10 of the 19 Eurozone Member States, see Allegrezza (2019). 149 150

190

6  The Hybrid Nature of Banking Supervision

Lacking still any specific case-law on the matter, however, the substantive nature of the measures applicable at the end of supervisory proceedings is not always easily recognizable. This is especially true when they are different from pecuniary penalties, and no subjective requirement has been established yet, so that they are applicable regardless of any evaluation upon the “negligence” or “intention” of the supervised entity.155 This is, for instance, the case of cease and desist orders (Articles 66(2), let. b) and 67(2) let. b) CRD IV/V); suspension of the voting rights for the responsible shareholder(s) (Article 66(2), let. f); the withdrawal of the banking authorisation (Article 67(2) let. c); and the temporary ban from exercising functions in institutions against a member of the institution’s management body or any other natural person, who is held responsible (Article 67(2), let. d).156 An even more careful approach shall be adopted in examining the supervisory measures provided for by Article 16 SSM R, which, at least in the intention of the European legislator, do not have a punitive but rather a preventative purpose.157 In all these cases, in fact, the possibility to recognize a substantive criminal nature applying only just one of the three Engel criteria, channels the assessment especially towards the third Engel criterion, whose boundaries are however not always easily foreseeable. In this sense, it is worth recalling that the Engel criteria have not been applied by the ECtHR only with regard to penalties such as detention or fines, but also to other kind of measures, such as community services or, more relevant to the ECB legal framework, the withdrawal of rights.158 In these cases, where the assessment over the severity of the penalty appears much more blurring, the Court based its assessment on parameters that resemble those used for disciplinary sanctions,159 such as the fact that the disqualifying effects are limited to a period of time or not, or, similarly to publication penalties, linking the substantial nature of a sanction to that of the ““principal” penalty to which it attaches”.160

 Cf., e.g., Joseph Kaplan v the UK, Report of 17.07.1980, Application no. 7598/76, §§ 168-170, contra Garyfallou, § 34, as reported by van Dijk (2006), p. 552. 156  As described in Sect. 4.3. 157  Cf. Sect. 4.4.1. Cf. however, Allegrezza and Voordeckers (2015), p.  155, according to “The wording of Art. 16(1) SSMR already suggests that these measures are not of a punitive, but rather of a preventive nature, since the purpose is to intervene at an early stage, to avoid that there will be a breach in the near future, or to ensure a sound management and risk coverage”. 158   Mostly with regard to driving licence, see, e.g., Pierre-Bloch v. France, 21.10.1997, 120/1996/732/938, §§ 55-57; Malige v France, 23.09.1998, 68/1997/852/1059, § 39. Cf. Trechsel (2005), pp. 25–26; van Dijk (2006), p. 553. 159  On the assessment of the Court over disciplinary charges, see, e.g., Trechsel (2005), pp. 20–21; Harris et al. (2014), p. 345. 160  Pierre-Bloch v. France, § 56; Escoubet v Belgium, 28.10.1999, Application no. 26780/95, § 37. 155

6.2 Banking Supervisory Sanctions in the EU: A New Field of Criminal Law?

191

In light of this jurisprudence, and especially taking into account the notable consequences that such measures cause upon both direct addressees and third parties (e.g. shareholders, customers, employees), it could be argued that only the most severe supervisory measures, that is the suspension of the voting rights of the shareholder(s) held responsible for the breaches, and the withdrawal of the banking authorization, respectively provided for by Article 66(2), let. (f) and Article 67(2) let. (c) CRD IV/V (again, net of national transposition), may be considered punitive in their content.161 Similar conclusions may be reached also with regard to the supervisory powers under Articles 14(5) and 16(2) SSM R, characterized by a particularly serious punitive content, since, as it has been highlighted, Article 6 ECHR should cover also “restrictions of economic or professional freedom of a punitive character”.162 The reference hence goes to the power to withdraw a banking licence (Article 14(5) SSM R), for which the reasoning illustrated above should apply “broader” “sanction package” whereby, at the end of the sanctioning process, the addressee is not only fined but also declared ceased from office because of the loss of the fit and proper qualifications “something that, once characterized as a criminal sanction”.163 Similar considerations could be drawn for the power to remove “at any time members from the management body of credit institutions who do not fulfil the requirements set out in the acts referred to in the first subparagraph of Article 4(3)” (Article 16(2) let. m) SSM R). In the other cases, instead—such as the opposition to qualified holding acquisitions (Article 15 SSM R), the prohibition of distributions to shareholders, members or holders of Additional Tier 1 instruments (Article 16(2), let. i, SSM R); or the request to divest activities that pose excessive risks to the soundness of the institution (let. e) —the severity of the measure seems to depend more on the concrete circumstances in which it is applied, than on a potential assessment in abstracto. A criminal nature in these cases should therefore be excluded, unless proven differently in a case-by-case approach. Lastly, purely administrative should also be considered the so-called periodic penalty payment or “enforcement measures” provided for by Article 2 Regulation 2532/98, as recalled by Article 18(7) SSM R, which allows the ECB to impose periodic penalty payments that amount up to 5% of the average daily turnover per day of infringement.164 These measures neither present a particularly relevant degree of severity, at least in principle,165 nor possess a punitive purpose, since they pursue a  In the same sense, also D’Ambrosio (2013), pp. 25–26.  Cf. van Dijk (2006), p. 556. 163  Cf. Lamandini et al (2015), p. 97, noting however also how “the prospect that a single set of measures can receive different treatments, and be subject to different guarantees, depending on the use of it that is intended used by administrative authorities (and whether it is possible to prove such intention) is a bit disquieting”. 164  Cf. Article 4(a), Council Regulation (EU) 2015/159; see Sect. 4.4.2. On this point see also Looseveld (2013b), pp. 423–425. 165  Cf. D’Ambrosio (2013), p. 27 according to whom the severity of those measures shall be measured in proportion to the financial capacity of the credit institution, in particular considering whether it has been classified as significant or less significant. See also Riso (2014), pp. 32–35. 161 162

192

6  The Hybrid Nature of Banking Supervision

restorative goal, that is to force a supervised entity that is obstructing an ECB decision to comply with the latter.166 Naturally, these conclusions over the criminal nature of some supervisory sanctions and measures need to be put in the perspective of the working method applied by the Court in Strasbourg, that proceeds with a case-by-case approach, without formulating general principles regardless of the context. Officially, therefore, such supervisory sanctions and measures cannot be labelled as substantially criminal until a judicial decision will affirm so in a specific case; a decision which—until the EU does not access to the ECHR—could only come from the Court of Justice. De facto, however, the arguments illustrated above show that, at least as long as the Engel criteria will subsist, and continued to be applied by the CJEU,167 a relevant part of the sanctioning powers in the field of banking supervision presents all the requirements to be considered a coloration pénale. The recognition of a criminal nature to the penalties mentioned above has fundamental practical and theoretical consequences: It introduces also in an administrative proceeding the need to comply with fair trial guarantees provided for by Article 6 ECHR, and with the prohibition of bis in idem established by Article 4, Protocol No. 7 to the Convention.168 This obligation binds both the ECB and the NCAs in all proceedings which may lead to the application of punitive sanctions. However due to the different supervisory powers enforced from country to country, and the potentially highly varying transposition of CRD IV at national level, the analysis on domestic supervisory models of each Eurozone Member States falls out of the scope of the present work.169 The latter focuses instead on the compliance of the SSM investigating and adjudicating model with the procedural rights required for the criminal matter by the Convention, as well as with their correspondents in the EU Charter of Fundamental Rights,170 and, where relevant, with the rules contained in the Directives safeguarding the defendant’s procedural rights in criminal proceedings.171 To this aim, it is worth reminding that most of the rights contained in the Charter have been shaped on the basis of the Convention, a link that is further enhanced by the equivalence clause of Article 6 TEU and Article 52(3) CFREU according to which “In so far as this Charter contains rights which correspond to rights guaranteed by the Convention  Recently, on the non-punitive nature of pecuniary penalty payments (in environmental protection law), see Order of the Vice-President of the Court of 27.07.2017, in European Commission v Republic of Poland, Case C-441/17 R, ECLI:EU:C:2017:877, § 102. 167  In this sense, it is worth to recall the attempt of several Member States, rejected by the Court in Strasbourg, to reduce the application of Engel criteria to the administrative (tax) matter in relation to the principle of ne bis in idem, carried out in A and B v. Norway, cf. Sect. 2.3.3. 168  Cf., with regard to the ECB banking supervision, D’Ambrosio (2013), p. 85. 169  For a first comparative analysis in this sense, see Allegrezza (2019). 170  Articles 47-50 CFREU. 171  Cf. especially to Directive 2016/343 on the presumption of innocence, cit.; see below, Sect. 6.3.5. 166

6.2 Banking Supervisory Sanctions in the EU: A New Field of Criminal Law?

193

for the Protection of Human Rights and Fundamental Freedoms, the meaning and scope of those rights shall be the same as those laid down by the said Convention”. In the following analysis, therefore, the case-law of the Court of Justice, which has so far analysed only very few of the critical profiles concerning the activity of the SSM, none of which (yet) directly dealing with punitive sanctions, will be taken into account especially to understand whether relevant fundamental rights are interpreted in the same way by the two European Courts and, where that is not the case, to assess potential consequences of this discrepancy. It is important to clarify that fair trial rights as such are not a prerogative of criminal proceedings. In Convention, in fact, some of the principles contained in Article 6 ECHR are applicable also to the civil matter, that although does not usually include administrative proceedings (from which the “necessity” of the Court to develop the Engel doctrine). Administrative proceedings are instead directly addressed, in the post-Lisbon EU legal framework, by Article 41 CFREU, which establishes the right to a good administration,172 and are affected also by Article 47 CFREU, that explicitly provides the need to comply with some fair trial rights in all cases in which “rights and freedoms guaranteed by the law of the Union are violated” Article 47 indeed does not pose any distinction on the subject matter.173 As affirmed by established case-law of the Court of Justice, procedural rights listed in Article 47 found therefore application in all proceedings “initiated against a person which are liable to culminate in a measure adversely affecting that person”, irrespective of its administrative or criminal nature.174 Evidence of the influence of these legal bases may be found in the same SSM Regulations, where the need to comply with “due process” and defence rights in the adoption of supervisory decisions is explicitly stated in Recital (54) and Article 22 SSM R.175 Rights provided for by Articles 41 and 47 CFREU (and by Article 6 ECHR, in its civil limb interpretation) which are especially relevant for the analysis of the SSM sanctioning proceedings include: The right to an independent and impartial tribunal;  Recognized by the Court of Justice also as one of the general principles of EU law see, e.g., Detlef Nölle v Council of the European Union and Commission of the European Communities, Case T-167/94, 18.09.1995, ECLI:EU:T:1995:169. 173  In light of Article 51 CFREU. For the debate on the Charter scope of application, cf. Sect. 2.3.3. Cf. also Thomas Pringle v Government of Ireland and Others, Case C-370/12, 27.11.2012, ECLI:EU:C:2012:756, §§ 178–182, commented by Adams and Parras (2013), pp. 848–865. 174  Cf., e.g., G.J.  Dokter, Maatschap Van den Top and W.  Boekhout v Minister van Landbouw, Natuur en Voedselkwaliteit, Case C-28/05, 15.06.2006, ECLI:EU:C:2006:408, § 74. On this issue, see also De Moor Van Vugt (2012), pp. 40–41, according to which “the adoption of the Charter as part of the Lisbon Treaty has stimulated the further clarification and specification of safeguards in administrative sanctioning procedures for both measures (of a reparatory nature) and penalties (of a punishing nature). The difference in approach” between the two types of sanctions “is gradual, which makes the reluctance of the CJ to qualify a sanction as criminal even more questionable. Most procedural safeguards that have been implemented apply to both categories. The penalties demand a more restrictive approach in the sense that the authorities need to respect the guarantees that have been set by the ECHR and the Charter, when it comes to a criminal charge”. 175  Requiring that “defence rights of the parties concerned shall be fully respected”, cf. also Article 32(1) SSM FR. 172

194

6  The Hybrid Nature of Banking Supervision

the principle of equality of arms (particularly with regard to the right to be heard, and the right of access to files); the right to a public hearing; and the right of assistance. The right to a reasonable length of the proceedings, the obligation to state reasons, the right to be present at trial, and the right to a legal aid, also fundamental principles established both in the same articles of the Charter (and sometimes by EU Directives), and at the Conventional level,176 will not be specifically dealt with in this work: The first two do not seem to raise specific problems in the context of banking supervision; and the latter seems to have limited application there, since the only targets of the SSM sanctioning proceedings are credit institutions.177 The extensive or multi-disciplinary scope of application of Article 41 and 47 CFREU, however, does not imply that these procedural rights (as well as the very concept of “due process”) always bear the same content regardless of the field of law where they are applied. Indeed, as it will be illustrated in the following paragraphs, fair trial rights are interpreted more strictly when they apply to a criminal (formally or substantially) matter, as in this case they also overlap with the defence rights provided for by Articles 6 ECHR and 48 CFREU.178 To this end, it is here shared the opinion of those legal scholars according to which the scope of Article 48 CFREU—concerning the presumption of innocence and the right of defence—like Article 6 ECHR in its criminal limb shall be given a broad interpretation, including also administrative punitive proceedings, and not only to criminal proceedings stricto sensu.179 Also the moment from which the protection of Article 48 CFREU attaches shall be read in light of the ECtHR case-law. Developing its own autonomous notion of criminal “charge”, the Court established that Article 6 attaches from the moment in  Cf. Articles 41(1) and 47(2) CFREU, and Article 6(1) ECHR (reasonable length)—for a detailed analysis of the case-law of the ECtHR on the matter, see Trechsel (2005), p. 134 et seq.; Harris et al. (2014), pp. 439–446; Sayers (2014), p. 1258 et seq.; Article 296 TFEU, Article 41(2), third point CFREU, and Article 6(1) ECHR (obligation to state reason)—for a detailed analysis of the case-law of the ECtHR on the matter, see Trechsel (2005), p.  102 et seq.; Harris et  al. (2014), p. 430; Craig (2014), p. 1084 et seq.; Article 6 ECHR, 48 CFREU and Articles 8 and 9 Directive 2016/343 (right to be present at trial)—for a detailed analysis of the case-law of the ECtHR on the matter, and a comment on the directive, see, e.g., Trechsel (2005), pp.  252–261; Harris et  al. (2014), p. 410 et seq.; Mosna (2017), p. 969 et seq.; Rafaraci (2007), p. 5 et seq. (especially with regard to Stefano Melloni v. Ministerio Fiscal, Case C-399/11, 26.02.2013, ECLI:EU:C:2013:107); Mangiaracina (2010), p. 135 et seq.; Negri (2015), p. 202 et seq.; and Article 47(3) CFREU, Article 6(3)(c) ECHR, and Directive 2016/1919 (legal aid)-for a detailed analysis of the case-law of the ECtHR see Trechsel (2005), pp.  270–277; Harris et  al. (2014), p.  478 et seq.; Sayers (2014), p. 1315. 177  Which presumably should be able to afford legal expenses of defence. A residual hypothesis may be that of natural persons indirectly involved in supervisory proceedings (e.g. shareholders), where in any case Article 47 CRFEU shall apply. 178  See Nehl (2014), p. 1290; Sayers (2014), p. 1309, recalling that breaches of Article 48(2) may also constitute a breach of Article 47(2) CFREU. 179  See Nehl (2014), p. 1290, and Sayers (2014), p. 1309, recalling that breaches of Article 48(2) may also constitute a breach of Article 47(2) CFREU. 176

6.2 Banking Supervisory Sanctions in the EU: A New Field of Criminal Law?

195

which the person under investigation is given a notification in this sense, therefore covering also the pre-trial phase of the proceeding.180 In the analysis of the SSM investigating and sanctioning powers, however, it shall be reminded that the SSM regulations do not provide for a clear distinction between “ordinary” supervisory activities and “investigations!, besides for the intervention of the Investigating Unit. In this sense, it is often not clear when the more safeguarding rights of punitive proceedings should attach.181 This interpretation appears justified in light of the equivalence clause linking the Charter to the ECtHR case-law, and by the explicit adoption of the Engel criteria by the CJEU in its previous case-law.182 The latter is also coherent with the scope of the EU directives on procedural rights, that cover both accused and defendants,183 and with the jurisprudence of the Court of Justice, according to which parties enjoy defence rights also before they are notified a statement of objections.184 In this context, defence rights provided for by Article 41 CFREU have been reasonably interpreted as a lex specialis of Article 48(2) CFREU, applicable to European administrative proceedings.185 Against this background, the compliance of the SSM sanctioning procedures with fair trial principles is carried out in light of the (usually) more safeguarding approach used by the Court in Strasbourg in interpreting such rights. Special attention, in particular, will be put to that ECtHR case-law introducing the right to a judicial review before a body with unlimited jurisdiction as a necessary compensative measure to save the fairness of the proceeding, in case some fair trial rights are not fully complied with in the administrative punitive matter.186 Other fair trial rights are originally typical of criminal proceedings, and find application in administrative contexts only if they are recognized as punitive under

180  Cf., e.g., Deweer v. Belgium, 27.02.1980, Application no. 6903/75, §§ 42–46; Eckle v Germany, 15.07.1982, Application no. 8130/78, § 73; McFarlane v Ireland, 10.09.2010, Application no. 31333/06, § 143; Foti and others v Italy, 10.12.1982, Applications nos. 7604/76, 7719/76, 7781/77 and 7913/77, § 52; Imbrioscia v. Switzerland, 24.11.1993, Application no. 13972/88, § 36; Dvorski v Croatia, 20.10.2015, Application no. 25703/11, § 76. See Allegrezza (2017), p. 948; Nehl (2014), pp. 1282–1283. 181  Cf. above Sect. 4.4.3 and, if you wish, Lasagni (2019). 182  See above, Sect. 6.2; Regardless of what affirmed more recently by the CJEU in decision WebMindLicenses Case C-419/14, § 83. On this line see, e.g., Allegrezza (2017), p. 947; Manes (2012); D’Ambrosio (2013), p. 19 et seq.; Sayers (2014), p. 1306. 183  Although the directives do not identify always the same moment from which their rights attach, see Allegrezza (2017), p.  949; on the definition of the notion of suspect, see, e.g., Quattrocolo (2015), p. 85 et seq.; Flore (2014), p. 389 et seq. 184  Cf. CEF City Electrical Factors BV and CEF Holdings Ltd v. Nederlandse Federatieve Vereniging, Case C-105/04 P, 21.09.2006, ECLI:EU:C:2006:592, § 50. The issue has been analysed by Covolo (2015), p. 435 et seq.; Nehl (2014), pp. 1282–1283. 185  Cf. Nehl (2014), p. 1290 et seq. 186  Cf. below, Sect. 6.3.3. The reference here goes to the right to an independent and impartial tribunal (cf. below Sects. 6.3 and 6.3.1), the principle of equality of arms (cf. below Sect. 6.3.2), and the right to a public hearing (cf. below Sect. 6.3.4).

196

6  The Hybrid Nature of Banking Supervision

the Engel doctrine; their implementation in this field, hence, requires special consideration, and needs to be carefully assessed. This is the case, in particular, of the privilege against self-incrimination, provided for by Article 6(1) ECHR in its criminal limb interpretation, and by Article 48(1) CFREU, (which results especially problematic in its application outside the criminal matter stricto sensu187); and of the protection from double jeopardy.188 On the other side, the right to translation and interpretation, although explicitly required for criminal proceedings under Article 6 ECHR and by Directive 2010/64/ EU will not be examined in this research, since all ECB proceedings, as those of EU institutions, shall be carried out in any of the EU official languages.189 The right to information, also provided for as a separate right by Article 6 ECHR, but which is a right “preparatory” for the exercise of other defence rights,190 for the purpose of this work is dealt with together with the principle of equality of arms, as in banking supervisory proceedings, its relevance is absorbed in the scope of the rights to be heard, and of access to files.191 Lastly, it shall be reminded that the analysis of fair trial rights in the context of the SSM sanctioning procedures requires sometimes a special calibration, since—as already mentioned—the ECB is entitled to impose sanctions only upon legal entities.192 Indeed, despite the application of the Engel doctrine also to proceedings involving legal persons, rights recognized to these subjects (and especially, the privilege against self-incrimination) are not completely equalized to those of natural persons, especially in the Union legal framework.193 In assessing the compliance of the SSM procedural rights with fair trial principles, therefore, this asymmetry shall also be taken into account.

 The issue is examined below, in Sect. 6.3.5.  The issue is examined below, Sect. 6.3.7. 189  Cf. Articles 23-24 SSM FR, according to which “The ECB and NCAs shall adopt arrangements for their communications within the SSM, including the language(s) to be used”, and that “Any document which a supervised entity or any other legal or natural person individually subject to ECB supervisory procedures sends to the ECB may be drafted in any one of the official languages of the Union, chosen by the supervised entity or person”. On the critical issues deriving from language rights in the EU legal framework regardless of Directive 2010/64/EU of 20.10.2010 on the right to interpretation and translation in criminal proceedings, see, e.g., Vogler (2015), p.  95; Sayers (2014), p. 1325 et seq.; Gialuz (2014), p. 84 et seq. 190  Cf. Mosna (2017), p. 958; Sayers (2014), p. 1329 et seq. 191  Also the protection against entrapment, provided for by Article 6(1) ECHR, will not be dealt with in this work, as it does not appear relevant in SSM sanctioning procedures. On the topic see, e.g., Trechsel (2005), p. 111; Harris et al. (2014), pp. 427–428. 192  Cf. Sect. 4.4.2. 193  The issue, especially critical with regard to the privilege against self-incrimination, is analysed below, in Sects. 6.3.5 and 6.3.6, and with regard to privacy protection, in Sect. 8.2.2. 187 188

6.3 Fair Trial Guarantees and Banking Supervision: The Right to an Independent…

197

6.3  F  air Trial Guarantees and Banking Supervision: The Right to an Independent Tribunal A major issue concerning the compliance of the SSM sanctioning proceedings with Article 6 ECHR, and Article 47 CFREU is whether the supervisor’s structure, and in particular its decision-making body, possess the requirements to be defined an “independent and impartial tribunal established by law”. The first step in this assessment is to determine when a decision-making body can be named a “tribunal”194; a point upon which, as repeatedly underlined by legal scholars, both European Courts have not developed a homogeneous and comprehensive definition yet.195 The ECtHR, on its side, considers as a primary criterion the acknowledgement of a “judicial function” to the adjudicating authority, defined as the capability of “determining matters within its competence on the basis of rules of law and after proceedings conducted in a prescribed manner”,196 and the “power to give a binding decision which may not be altered by a non-judicial authority”.197 Putting the attention on “teleological” parameters, rather than on structural features typical of judicial bodies, such as internal independence, the Court in Strasbourg therefore interprets rather extensively the concept of “tribunal”, It follows that, under certain circumstances, also administrative bodies may fall under this definition. As renowed, in fact, this broad interpretation was developed by the ECtHR to extend—when the sanctions imposable present a substantive punitive nature—the fundamental safeguards of the criminal matter also to proceedings carried out by administrative authorities, which usually provide for far lower standards of protection to the parties involved. This jurisprudence certainly brought to an

 Cf. Consolo (2017), p. 895 (civil matter), and Caianiello (2017), pp. 910–911 (criminal matter); Panzavolta (2013), pp. 145–146; Trechsel (2005), p. 47 et seq.; Pech (2014), p. 1250 et seq.; Harris et al. (2014), p. 446 et seq.; Viering (2006), pp. 612–613; Balsamo (2015), pp. 119–121. 195  Cf. Caianiello (2017), p. 47; according to Trechsel (2005), pp. 47–48, “It is thus quite obvious that the “definition” is to some extent superfluous in that properties which, according to the text of Article 6 § 1 are attached to the term, are here referred to as elements of its definition. The essential point is that the Court does not give much importance to the label which is attached to the institutions that function as a court”, on the same line, also Pech (2014), p. 1252. In any case, the features of “impartiality”, “independence”, and “established by law” are rather overlapping, and “can hardly be distinguished in a clear way”, Trechsel (2005), p. 49; Viering (2006), p. 612. According to the Court in Findlay v the United Kingdom, 25.02.1997, Application no. 22107/93, § 73, “The concepts of independence and objective impartiality are closely linked and the Court will consider them together as they relate to the present case”. 196  Belilos v Switzerland, 29.04.1988, Application no. 10328/83, § 64, recognizing judicial functions to a Swiss Police Board; see also H v Belgium, 30.11.1987, Application no. 8950/80, p. 34, § 50. 197  Findlay v the United Kingdom, § 77; Van de Hurk v. the Netherlands, 19.04.1994, Application no. 16034/90, § 45. 194

198

6  The Hybrid Nature of Banking Supervision

improvement for the position of the subjects of punitive administrative investigations, it may also be criticized for several reasons.198 First, such jurisprudential notion of tribunal lacks of foreseeability and thus of legal certainty, inasmuch as the assessment on the substantial nature of sanctions and therefore over the possibility to consider an administrative authority a tribunal under Article 6 is made on a case by case basis. The consistency of the case-law may of course provide for some hints of predictability as to whether a certain system may be considered so, but no legal certainty can be reached before a specific decision is issued.199 Moreover, this jurisprudence seems somehow to undermine at its basis the very notion of “tribunal” in its more traditional, and “constitutional” interpretation. Tribunals, indeed, are undoubtedly characterized, even more than by their function, by their independence both from external powers, and from internal pressures. The parameter of “external” independence has been taken in due account by the case-law of the ECtHR, which repeatedly affirmed that, mostly in cases concerning administrative or disciplinary tribunals, imposing punitive sanctions, the fact that the decision-making body exercises “judicial functions” does not suffice to make it a proper tribunal under Article 6 ECHR.200 To do so, these bodies shall indeed fulfil a series of further requirements concerning the principles of independence and impartiality, which represent the basis on which fair trial guarantees can be built upon. Specifically, a “tribunal” shall be considered independent from the legislator,201 the executive and other third parties, if guarantees exist “against outside pressures”, with specific regard to the “duration of its members’ term of office”, and the “manner of appointment of its members”.202 While the ECtHR appears to have adopted a rather self-restrictive approach in questioning the independence of bodies already defined as tribunal at the national level,203 the Court generally leaves a much lower margin of appreciation to States when it comes to examine, administrative a­ uthorities with substantially criminal sanctioning powers. The ECtHR, on the contrary, has not taken yet an explicit stand on which standards shall define the internal independence of a tribunal. The reason for that appears  Cf. Caianiello (2017), pp. 910–11, persuaded of the prevalence of the negative impact of this case-law. 199  In this sense, see also Vervaele (2017), p. 169. 200  Le Compte, Van Leuven and De Meyere v. Belgium, 23.06.1981, Application nos. 6878/75; 7238/75, § 55, and the case-law there mentioned. See also Harris et al. (2014), p. 447. 201  Cf., e.g., Crociani and others v Italy, 18.12.1980, Applications nos. 8603/79, 8722/79, 8723/79, and 8729/79, p. 180 et seq.; Demicoli v Malta, cit., § 40 et seq. For more details on the independence from the legislator, see Trechsel (2005), p. 53 et seq. 202  Cf., e.g., Le Compte, § 55; Belilos, § 64; Campbell and Fell v UK, § 78; Kleyn and Others v The Netherlands, 6.05.2003, nos. 39343/98, 39651/98, 43147/98 and 46664/99, § 190; Coëme and Others v Belgium, 22.06.2000, Applications nos. 32492/96, 32547/96, 32548/96, 33209/96 and 33210/96, § 99; Richert v Poland, 25.10.2011, Application no. 54809/07, § 43. See also Harris et al. (2014), p. 448 et seq. 203  For case-law referred to stricto sensu judicial systems, see Trechsel (2005), pp. 54–55. 198

6.3 Fair Trial Guarantees and Banking Supervision: The Right to an Independent…

199

rather evident: Indeed, extending also to administrative bodies the application of characteristics such as irremovability of members, limited internal hierarchical controls, and existence of an autonomous system of disciplinary liability and ascertainment, would, de facto, require a complete assimilation of these bodies to judicial authorities. The Court of Justice, on the other side, has developed its own set of criteria to define the notion of “tribunal”, which only partially overlap with those indicated by the ECtHR, at least in their practical application. Already in decisions preceding the entry into force of the Charter, the CJEU adopted a substantive and autonomous approach to the matter, that disregarded domestic classification and was based exclusively on Community law.204 In Vaassen-Göbbels (1966), for instance, the Court recognized as “tribunal” the Dutch Arbitration authority for the Fund for non-manual workers employed in the mining industry, based on the fact that it was a “permanent body charged with the settlement of the disputes defined in general terms’ and “bound by rules of adversary procedure similar to those used by the ordinary courts of law”.205 Subsequently in Dorsch (1997), the CJEU better clarified the list of minimum elements necessary to define a body as “tribunal”, requiring it to be: (i) Permanent; (ii) established by law; (iii) independent; (iv) granted with compulsory jurisdiction and (v) inter partes procedures; and (vi) applying rules of law.206 Independence (iii), in particular, has been recognized by the Court as a key factor to distinguish “between national courts and administrative authorities”.207 In its 2006 decision Wilson, and in the following case-law, the CJEU affirmed that the concept of independence, strictly linked to that of impartiality,208 is inherent in the task of adjudication, requiring for instance guarantees to protect the persons taking a decision, against removal from office.209  Pierre Corbiau v Administration des contributions, Case C-24/92, 30.03.1993, ECLI:EU:C:1993:118, § 15; see also Incal v Turkey, 9.06.1998, 41/1997/825/1031, § 65; François De Coster v Collège des bourgmestre et échevins de Watermael-Boitsfort, Case C-17/00, 29.11.2001, ECLI:EU:C:2001:651, § 10. 205  G.  Vaassen-Göbbels v Management of the Beambtenfonds voor het Mijnbedrijf, Case 61/65, 30.06.1966, ECLI:EU:C:1966:39, p. 273. 206  Dorsch Consult Ingenieurgesellschaft mbH v Bundesbaugesellschaft Berlin mbH, Case C-54/96, 17.09.1997, ECLI:EU:C:1997:413, § 23; for a more recent application of this case-law, cf., e.g., Camera di Commercio, Industria, Artigianato e Agricoltura (CCIAA) di Cosenza v Grillo Star Srl, Case C-443/09, 19.04.2012, ECLI:EU:C:2012:213, § 20, and case-law mentioned there (which, even if post-Lisbon Treaty, does not refer to Article 47 of the Charter). For an analysis of the parameters developed by the Court see, e.g., Pech (2014), p. 1253 et seq. 207  Cf. Graham J.  Wilson v Ordre des avocats du barreau de Luxembourg, Case C-506/04, 19.09.2006, ECLI:EU:C:2006:587, § 49; Opinion of Advocate General Stix-Hackl, delivered on 11.05.2006, in Wilson, Case C- C-506/04, § 45. See also the Opinion of Advocate General RuizJarabo Colomer in Case C-17/00 De Coster, § 17; and Pech (2014), p. 12563 et seq. 208  Cf. Graham J.  Wilson v Ordre des avocats du barreau de Luxembourg, Case C-506/04, §§ 51-52; Katarina Abrahamsson and Leif Anderson v Elisabet Fogelqvist, Case C-407/98, 6.07.2000, ECLI:EU:C:2000:367, § 32. 209  Cf., e.g., Katarina Abrahamsson and Leif Anderson v Elisabet Fogelqvist, Case C-407/98, § 36; 204

200

6  The Hybrid Nature of Banking Supervision

In 2007, still before the entry into force of the Lisbon Treaty, the Court explicitly recognized in a competition law case, that the notion of “tribunal” shall be read in light of Article 6(1) ECHR, even though, again showing a preferential treatment for the antitrust matter,210 it avoided to take a clear position concerning the Commission.211 Actually, since its 1980 decision Van Landewyck the Court has always refused to consider the Commission as a tribunal under the meaning of Article 6 ECHR, without however never fully explaining the legal reasoning behind such interpretation212: An exceptionalism which, despite the increasing criticism, has been maintained to date.213 Whether also the Single Supervisory Mechanism may be eligible to receive a similar treatment by the Court of Justice seems uncertain. From one side, it is true that the SSM presents analogies with the Commission acting as an antitrust authority, being both European institutions with investigative and sanctioning powers towards national and transnational undertakings. On the other side, however, these institutions significantly differ in the way information is gathered. The SSM, contrary to the Commission, can in fact rely on huge amounts of information already gathered in daily supervisory activity, well before the startKöllensperger and Atzwanger, Case C-103/97, 4.02.1999, ECLI:EU:C:1999:52, § 21. 210  As already discussed in the application of the Engel criteria, see above Sect. 2.3. 211  Schneider Electric v Commission, Case T-351/03, 11.07.2007, ECLI:EU:T:2007:212, §§ 181–184. 212  Cf. Van Landewyck v Commission, Case C-209/78 (Joined Cases C-209/78, C-210/78, C-211/78, C-212/78, C-213/78, C-214/78, C-215/78, C-218/78), 29.10.1980, ECLI:EU:C:1980:248, § 81; Musique Diffusion française v Commission, Case C-100/80 (Joined Cases C-100/80, C-101/80, C-102/80, C-103/80), 7.07.1983, ECLI:EU:C:1983:158, § 7, where the Court, briefly dismissed as “irrelevant” the arguments of the applicant, concluded that the Commission “cannot be classified as a tribunal within the meaning of Article 6 of the European Convention for the Protection of Human Rights”. 213  Cf. Opinion of Advocate General Vesterdorf, Case T-L/89, Rhône-Poulenc v Commission, delivered on 10.07.1991, II-885; Shell v Commission, § 39; Enso Española v Commission, Case T-348/94, 14.05.1998, ECLI:EU:T:1998:102, § 56; Cimenteries Cbr and Others v Commission, § 717; HFB and others v Commission, § 377; Dansk Rørindustri v Commission, Case T-21/99, 20.03.2002, ECLI:EU:T:2002:74, §144; Bolloré and others v Commission, Joined Cases T-109/02, T-118/02, T-122/02, T-125/02, T-126/02, T-128/02, T-129/02, T-132/02 and T-136/02, 26.04.2007, ECLI:EU:T:2007:115, § 86; Lafarge SA v Commission, Case T-54/03, 8.07.2008, ECLI:EU:T:2008:255, § 38; Opinion of Advocate General Bot, Joined Cases C-322/07 P, C-327/07 P and C-338/07 P, Papierfabrik August Koehler AG (C-322/07 P), Bolloré SA (C-327/07 P), Distribuidora Vizcaína de Papeles, SL (C-338/07 P) v Commission, delivered on 2.04.2009, note 51; Opinion of Advocate General Bot, Joined Cases C-201/09 P and C-216/09 P, ArcelorMittal Luxembourg SA and others v European Commission, ECLI:EU:C:2010:634, delivered on 26.10.2010, § 44; Schindler Holding Ltd and others, Case T-138/07, § 54; Bolloré v European Commission, §§55-57; Coats Holdings Ltd v European Commission, § 169; Opinion of Advocate General Kokott, Case C-439/11 P, Ziegler SA v European Commission, delivered on 13.12.2012, ECLI:EU:C:2012:800, § 140; Schindler Holding Ltd and others, Case C-501/11 P, 18.07.2013, ECLI:EU:C:2013:522, § 30 (also quoting the ECHR decision Minarini); Saint-Gobain Glass France SA and others v European Commission, Cases T-56/09 and T-73/09, 27.03.2014, ECLI:EU:T:2014:160, §§75-79; Crown Equipment and others v Council of the European Union, Case T-643/11, 12.12.2014, ECLI:EU:T:2014:1076, § 45.

6.3 Fair Trial Guarantees and Banking Supervision: The Right to an Independent…

201

ing of the investigating procedures. Moreover, causes for such an exceptionalism in competition law seem to rely rather on historical reasons than on structural ones. Under a pragmatic point of view, in fact, it could be argued that this field of law still retains a sui generis treatment due to its well-established practice since the origin of the European Communities and well before the Court of Justice started to act as a court of fundamental rights. The SSM, on the contrary, has been introduced in the EU legal framework well afterwards the Lisbon reform, and thus bears much more expectations to act in compliance with fundamental rights, and the principles of fair trial expressed by the Charter (directly), and by the Convention (indirectly).214 Against this background, applying the ECtHR and the CJEU case-law (not referred to the Commission) to the Single Supervisory Mechanism, a “judicial function” may be recognized to the Governing Council. The latter, indeed, is the ultimate decision-making body of the European Central Bank; it is granted with compulsory competence; is established by law as permanent and independent, and its action is subject to the rule of law.215 A more uncertain position is instead that of the Supervisory Board (SB). Indeed, the SB is the body which determines the merit of the supervisory operations, since it drafts (on the basis of the results brought by the Investigating Unit, when the latter is involved) complete decisions which the Governing Council may only approve or reject.216 On the other side, though, according to Article 283 TFEU, and Articles 10 to 12 of the ECB Statute, the Governing Council and the Executive Board are the only ECB decision-making bodies, since the Treaty was not amended for the establishment of the Single Supervisory Mechanism.217 Therefore, although the Supervisory Board certainly possesses a “judicial function” with regard to the merit, it lacks the power to issue legally binding decisions. In light of the above, the only body which could be recognized as “tribunal” within the SSM sanctioning procedures is the Governing Council.

 The process will certainly be accelerated in case the EU will access to the European Convention. Moreover, as discussed in Sect. 2.3.3, it appears that the CJEU is starting to overrrule part of the special treatment reserved to competition law, at least with regard to the ne bis in idem. 215  Cf. Article 7, Statute of the European System of Central Banks and of The European Central Bank: “when exercising the powers and carrying out the tasks and duties conferred upon them by the Treaties and this Statute, neither the ECB, nor a national central bank, nor any member of their decision-making bodies shall seek or take instructions from Union institutions, bodies, offices or agencies, from any government of a Member State or from any other body. The Union institutions, bodies, offices or agencies and the governments of the Member States undertake to respect this principle and not to seek to influence the members of the decision-making bodies of the ECB or of the national central banks in the performance of their tasks”; cf. also Sect. 4.4. 216  Cf. above, Sect. 4.4. 217  Cf. above Sect. 4.4.2. 214

202

6  The Hybrid Nature of Banking Supervision

6.3.1  The Right to an Impartial Tribunal Tribunals do not only need to be independent; they also have to be impartial, meaning both that they shall be established by law before the commission of the alleged breach,218 and that they shall be free from any prejudice in carrying out their tasks.219 In order to verify the absence of bias within adjudicating bodies, the ECtHR has developed a subjective and an objective test, first formulated in the 1982 decision Piersack v Belgium, and then resumed by the following case-law.220 Under the subjective test, it is necessary to show that the members of the decision-­ making body did not act with personal bias against the applicant; personal impartiality shall be presumed until there is proof of the contrary.221 Under the objective test, it shall be assessed whether there are ascertainable facts which may raise doubts as to the tribunal’s conduct, which shall not offer any legitimate chance to doubt, even just in the appearances, of its impartiality.222 To assess whether the tribunal complies with these parameters, a fundamental criterion considered by the Court—with major implications for non-judicial entities—concerns the separation between the body in charge for the investigations and that responsible for the judgement and the imposition of sanctions. This feature indeed is not frequently found in administrative decision-making bodies.223 218  In this sense, the ECtHR seems to have adopted a more restrictive notion of “law”, where normally it refers “to any norm of general application” as “the Court does not usually examine whether it was passed by Parliament or whether it was adopted by the Government or any other body […] Still, not every detail must be regulated by the law in the formal sense, i.e. Acts of Parliament— details may be set out in delegated legislation […] However, these texts will have to satisfy the general requirements of precision and foreseeability”. These elements should include at least: The whole organizational set-up of the courts, jurisdiction, establishment of individual courts, determination of local jurisdiction, competence ratione loci and materiae, and the proceeding the tribunal is to follow, although the case-law of the Court is not clear on the matter, cf. Trechsel (2005), pp. 50–51, referring to Zand v. Austria, 16.05.1977, Application no. 7360/76, § 80; see also Harris et al. (2014), p. 458. 219  See, e.g., Jorgic v Germany, 12.07.2007, Application no. 74613/01, § 64; Richert v Poland, § 41. As underlined by Trechsel, indeed, the notion is therefore defined in negative terms, cf. Trechsel (2005), p. 61 et seq. 220  Piersack v Belgium, 10.10.1982, Application no. 8692/76, § 30. As underlined, the separation between these two tests is “quite convincing although the labels are not”, as it is “practically impossible to determine or not” whether judges have an impartial state of mind, cf. Trechsel (2005), p. 62; Harris et al. (2014), pp. 450–451. 221  Cf., e.g., Hauschildt v Denmark, 24.05.1989, Application no. 10486/83, §§ 47-48, according to which “appearances may be of a certain importance”. The Court, however, has revealed itself reluctant to find deficits of impartiality under the subjective test, as shown in cases Remli v France, 23.04.1996, Application no. 16839/90; Gregory v the UK, 25.02.1997, Application no. 22299/93; Ferrantelli and Santangelo v Italy, 7.08.1996, Application no. 19874/92; Sander v The UK, 9.05.2000, Application no. 34129/96; cf. also Trechsel (2005), p. 64. 222  Id. § 48; Sramek v Austria, 22.10.1984, Application no. 8790/79, § 42. It is not clear, however, whether the test should take into account the potential bias as perceivable “in the eyes of a reasonable person or an “ordinary citizen””, cf. Trechsel (2005), p. 62. 223  Other criteria, less relevant for the analysis at stake, may concern the prior involvement of the judge in the same case, or to affiliation to one of the parties, for a more detailed recollection of the case-law on the matter, see e.g. Trechsel (2005), pp. 62–79; Harris et al. (2014), pp. 452–457.

6.3 Fair Trial Guarantees and Banking Supervision: The Right to an Independent…

203

At first glance, this requirement could basically make void any attempt of the ECtHR to bring some administrative decision-making bodies back under the umbrella of Article 6. To counterbalance this risk, in its case-law the Court repeatedly affirmed that a proceeding, even when the adjudicating body does not possess the impartiality and independence typical of a judicial authority, may still be considered in compliance with these requirements if the issued decisions are subject to subsequent review by a “judicial body that has full jurisdiction”, meaning an authority entitled with the power to quash in all respects, on questions of fact and law, the decisions of the body below.224 Impartiality is also a fundamental part of the notion of “tribunal” under Article 47(1) CFREU, as interpreted by the Court of Justice. First examined in De Coster (2001), the CJEU better defined the concept in Wilson (2006), where impartiality was considered an essential element “to ensure a level playing field for the parties to the proceedings and their respective interests with regard to the subject-matter of those proceedings”, which “requires objectivity and the absence of any interest in the outcome of the proceedings apart from the strict application of the rule of law”.225 In particular, as it has been underlined, impartiality in the jurisprudence of the Court represents an “internal component of the broader notion of independence”,226 given its “functional connection between independence and impartiality, the former being a necessary condition of the latter”.227 The case-law of both European Courts results especially relevant for the SSM, whose sanctioning system, as most administrative bodies, shows some relevant weaknesses under the profile of separation of phases between investigation and adjudication. Indeed, the SSM Regulations only provide for a few general statements on the independency of the investigations. Article 123 SSM FR appreciably requires that the members of the Investigating Unit (IU) “shall not be involved and shall not for the two years before taking up the position of investigating officer, have been involved in the direct or indirect supervision or authorisation of the relevant supervised entity”.228

 Cf. Umlauft v Austria, 23.10.1995, Application no. 15527/89, § 37; Öztürk v Germany, § 56; A. Menarini Diagnostics S.R.L. v Italy, §§ 59-63-67; see also Schmautzer v Austria, 23.10.1995, Application no 15523/89, §36; Gradinger v Austria, 23.10.1995, Application no 15963/90, §44. The issue of judicial review is dealt with below in Sect 6.3.3. 225  Graham J. Wilson v Ordre des avocats du barreau de Luxembourg, Case C-506/04, §§ 52–53. 226  Pech (2014), p. 1256; cf. Graham J. Wilson v Ordre des avocats du barreau de Luxembourg, Case C-506/04, § 52. See also François De Coster v Collège des bourgmestre et échevins de Watermael-Boitsfort, Case C-17/00, 29.11.2001, ECLI:EU:C:2001:651, §§ 17–22; while the first ECJ case where impartiality has been mentioned was Katarina Abrahamsson and Leif Anderson v Elisabet Fogelqvist, Case C-407/98, § 32. 227  Opinion of Advocate General Stix-Hackl, delivered on 11.05.2006, in Case C- C-506/04, Wilson, § 75. 228  Article 123(2) SSM FR. 224

204

6  The Hybrid Nature of Banking Supervision

The Regulation further mandates that investigating officers perform their functions “independently of the Supervisory Board and Governing Council and shall not take part in the deliberations of the Supervisory Board and Governing Council”.229 Things become more critical when considering that the Investigating Units are not structurally independent, but remain internal investigating bodies, whose officers are “designated by the ECB”,230 even if the Framework Regulation does not identify which body of the Central Bank is specifically entrusted with this task.231 Actually, a similar gap could originally be found also with regard to the composition of the Administrative Board of Review, whose members shall also “be appointed by the ECB”.232 In this case, however, the lacuna was filled by a subsequent ECB Decision that assigned that competence to the Governing Council and detailed powers and procedures applicable to the ABoR.233 While it is of course desirable that such gap will be filled for the Investigating Unit too, adopting a solution similar to that chosen for the ABoR might bring to even more critical issues, considering that the Governing Council is the body entrusted with the final decision power over the adoption of the sanctions for the breaches investigated by the Unit. The SSM sanctioning procedure appears also critical if the requirement of separation of phases is examined in its dynamic dimension. Indeed, as previously described, whether any reason to suspect a breach emerges, the ECB (often the Joint Supervisory Teams—JSTs) refers it to the Investigating Unit; the Unit undertakes investigations, and, if that is the case, elaborates a draft proposal for a penalty to be applied before the Supervisory Board. The latter then passes a complete draft proposal to the Governing Council, which may approve it as a final decision through the non-objection procedure.234 Interestingly, a comparable structure was examined by the ECtHR in Grande Stevens. Similarly to the SSM, also the (then into force) decision-making process of the CONSOB was structured in three phases: Investigation, carried out by an internal office, which also articulates the accusation; submission of the report containing the conclusions and the proposed penalties to a Directorate; and issuing of a final decision (potentially including penalties) by the Commission.235  Article 123(3) SSM FR.  Article 123(1) SSM FR. 231  At the European level, a similar investigating structure may be found with regard to the “independent investigating officer” appointed by the European Securities and Markets Authority (ESMA), cf. Article 64, Regulation (EU) No 648/2012 of 4.07.2012 on OTC derivatives, central counterparties and trade repositories. The same provisions, still referred to ESMA, may be found in Article 31 of the recent Proposal for a Regulation of the European Parliament and of the Council on European Crowdfunding Service Providers (ECSP) for Business, Brussels, 8.3.2018 COM(2018) 113 final. 232  Cf. Article 24 SSM R. 233  Cf. Article 4(1), Decision of the European Central Bank of 14.04.2014 concerning the establishment of the Administrative Board of Review and its Operating Rules (ECB/2014/16); cf. also above, Sect. 4.4.3. 234  Cf. Sect. 4.4.3. 235  Grande Stevens, § 136. 229 230

6.3 Fair Trial Guarantees and Banking Supervision: The Right to an Independent…

205

In that case, although the Court recognized the existence of a “certain separation between the investigative entities and the entity with responsibility for determining whether an offence had been committed and imposing penalties”,236 the overall proceeding was not considered in compliance with the Conventional principles. The Court considered that if the investigation, accusation and decision on the penalties are exercised by “branches of the same administrative body, acting under the authority and supervision of a single chairman […] this amounts to the consecutive exercise of investigative and judicial functions within one body; in criminal matters such a combination of functions is not compatible with the requirements of impartiality set out in Article 6(1) of the Convention”.237 This argument, interestingly, was not raised, nor challenged in the drastic ­revirement of the ECtHR case-law concerning the application of ne bis in idem, nor it was rejected by the recent decisions of the CJEU precisely concerning CONSOB sanctioning procedures.238 Applying such parameters to the Single Supervisory Mechanism, two main critical points emerge. First, the breach referral mechanism adopted by the SSM, even though it made compulsory for the JSTs to refer potential irregularities to the Investigating Units, did not abolished the discretion of the first in deciding what is a breach, in order to refer it. A certain dependency of the IU to the non-independent JSTs (in terms of formal guarantees, both towards the supervised institution(s) and the rest of the SSM bodies) is therefore accepted in the SSM investigations. (not to mention the case of pecuniary payments or supervisory measures, where the IU does not play any role). JSTs risk also to retain in practice a notable weight during the investigation itself. In fact, a really independent investigation, which covers also an inquiry on the merit of the breach, is affordable only if investigating officers are in a sufficient number to face, and investigate, the presumably huge amount of information that will be referred to them. Investigating officers, moreover, shall possess not only the necessary legal knowledge (possibly including also criminal law competences, in light of the Engel case-law), but also specific expertise on the “hard-core financial prudential requirements” (such as capital and liquidity requirements, while the issue appears less critical for prudential requirements related to governance). It is evident, that if this twofold condition is not met, Investigating Units have practically to rely on the expertise of the JST members for what concerns the merit of the investigation, that is determining whether a bank breached prudential requirements or not.

 Idem.  Idem, §137. 238  On the changes in the jurisprudence of the Court in Strasbourg concerning ne bis in idem after A and B v Norway, see above Sect. 2.3.2. On the 2018 CJEU decisions on CONSOB (Garlsson Real Estate SA, Case C-537/16 and Di Puma - Zecca, Joined Cases C-596/16 and C-597/16) still concerning the double jeopardy clause, see Sect. 2.3.3. 236 237

206

6  The Hybrid Nature of Banking Supervision

In this sense, statistics do not draw a reassuring picture: According to the ECB Annual Reports on supervisory activities, in 2016 out of 42 handled sanctioning proceedings, 34 were still ongoing at the end of the year.239 In the following year, the 34 pending cases were joined by 10 new sanctioning proceedings, of which about half (24) were still ongoing at the end of 2017.240 In 2018, the ECB initiated 27 sanctioning proceedings. Taking into account the 24 proceedings that were ongoing at the end of 2017, the ECB handled 51 sanctioning proceedings in 2018, “an increase of 13% relative to the 45 proceedings handled in 2017. The 51 proceedings in 2018 led to 16 ECB decisions, an increase of 60% on the previous year”.241 Such numbers, which clearly show an increasing trend of the SSM sanctioning procedures, raise some issues on the capacity of the SSM Enforcement and Sanction Unit (which deals not only with investigation and sanctions, but also with enforcement), as it presently stands (in terms of personnel and resources in general) to cope with the workload of the whole SSM. All these considerations, moreover, hold valid only when the Investigating Unit is involved; as anticipated, however, such procedural rules are not applied for all kinds of substantially criminal sanctions imposable under the SSM legal framework. Indeed the IU is entitled to propose only the application of “penalties”, as so defined by Article Part X, Title 2 SSM FR. According to it, supervisory measures under Article 16(2)(m) SSM R, withdrawal of banking authorisation under Article 14 SSM R, and periodic penalty payments under Article 18(7) SSM R, on the contrary, are applied by the Governing Council with a non-objection procedure upon indication of the competent JST, which, does not present even the limited independence guarantees that characterise the Investigating Unit. In case they would be recognized a substantially criminal nature, therefore, such sanctions or measures seem destined to cause serious violations of at least one fundamental fair trial safeguard, which appear hardly remediable without a reform of the Joint Supervisory Teams’ structure. Lastly, on a different but related perspective, all the different bodies potentially involved in the SSM sanctioning procedure—the Investigating Unit, the Supervisory Board, the Administrative Board of Review (and even the Mediation Panel)—could be considered as “acting under the authority and supervision” of the same leading body.

 ECB (2017), p. 39, Table 6.  ECB (2018), p. 78, Table 5. “Of the 44 sanctioning proceedings handled in 2017, 28 related to suspected breaches of directly applicable EU law (ECB decisions and regulations included). These cases concerned 26 SIs and related to the areas of own funds, reporting, public disclosure, liquidity and large exposures […] Nine proceedings were closed in 2017 owing mainly to the nonmateriality of the suspected breaches or the absence of a legal basis for imposing sanctions. The remaining 16 out of the 44 sanctioning proceedings handled in 2017 related to suspected breaches of national law transposing CRD IV provisions and concern SIs or natural persons. These proceedings involve suspected breaches with regard to governance (including internal control mechanisms), management body functions and remuneration”. 241  Cf. ECB (2019), § 3.2. 239 240

6.3 Fair Trial Guarantees and Banking Supervision: The Right to an Independent…

207

In fact, it is the Governing Council which appoints four of the six members of the Supervisory Board, and proposes the appointment of the other two to the European Council.242 It is the Governing Council that appoints the members of the ABoR. Likely, also the appointment of the IU investigating officers might today depend either on the Governing Council, or on the Executive Board, as they are the only decision-making body in the ECB current structure. Lastly, of course, it is the Governing Council which, at the end of the proceeding, takes the decisions on whether to apply a sanction or not. The similarities between the SSM internal structure and that of the CONSOB, already censured as contrary to Article 6 ECHR in Grande Stevens, hence put the ECB sanctioning procedure at a rather high risk to be found in violation of the principles of independence and impartiality required by the Convention and the Charter. This conclusion results especially critical with regard to certain supervisory sanctions, for which, as will be examined further below,243 it is not possible to deem applicable the remedy of a full judicial review.

6.3.2  T  he Principle of Equality of Arms: Right to Be Heard, and Right of Access to Files Another relevant profile in the fairness of the SSM punitive powers concerns the compliance with the principle of equality of arms deriving by Article 6(1) ECHR. The principle requires fair balance between the parties both in civil and in criminal proceedings, in particular to guarantee that each party is given “a reasonable opportunity to present his case under conditions that do not place him at a substantial disadvantage vis-à-vis his opponent”.244 The prohibition of discrimination, expressed in general terms by Article 14 ECHR, was first applied by the Court in Strasbourg to judicial proceedings in civil matters,245 and was later translated in criminal proceedings, although it has been observed that in this context, given the structural difference between the position of the prosecutor and that of the defendant, “equality can only be conceived of […] as a certain equivalence”.246 The content of this principle already finds application in EU administrative proceedings, and especially in individual determinations issued by the European Union, or by Member States acting in the scope of EU law. Article 41 of the Charter, —providing for the right to good administration—recognizes to every natural or legal person both the right of access to files, and the right to be heard—that is the right to give the persons concerned by a decision, the opportunity of putting forward their  Cf. above Sect. 4.4.  Cf. below, Sect. 6.3.3. 244  Cf. Kress v France, 7.06.2001, Application no. 39594/98, § 72. 245  Cf., e.g., Dombo Beheer v Netherlands, 27.10.1993, Application no. 14448/88, § 33. 246  Cf. e.g. Trechsel (2005), p. 96 et seq.; Balsamo (2015), p. 125. 242 243

208

6  The Hybrid Nature of Banking Supervision

point of view on the complaints made against them, before that decision is taken.247 The CJEU recognized wide application to these rights to all proceedings which may culminate in adversely affecting measures (including the field of competition law248) even before the entry into force of the Charter,249 defining in particular the right to be heard as “a fundamental principle of Community law which must be guaranteed even in the absence of any rules governing the procedure in question”.250 Within the EU legal framework, however, some uncertainty—relevant also for the field of banking supervision—exists with regard to the scope of the right to be heard under a subjective perspective, which reflects also upon the scope of the right of access to files. Indeed, in what is considered by the literature the first original formulation of the right to be heard, the 1974 CJEU decision Transocean, the right applied exclusively to the addressees of adversely affecting decisions which may be issued in a proceeding.251 This restrictive interpretation, however, was not consistently followed by the Court.252 In the 1994 decision Lisrestal, for instance, the application of the right to be heard was limited to the subjects against which a proceeding had been initiated. This further condition, however, got lost in the translation of the decision from  Cf. M.  M. v Minister for Justice, Equality and Law Reform and Others, Case C-277/11, 22.11.2012, ECLI:EU:C:2012:744; although the Court on the point seems to have changed its jurisprudence, as recognized by Opinion of Advocate General Wathelet, delivered on 16.09.2015, in WebMindLicence, Case C-419/14, § 136. For a more detailed analysis of the theme, see Piva (2017), p. 756 et seq., underlining how, besides for the direct application of Article 41 on Member States, the same principles apply to the latter due to the case-law of the CJEU, upon which Article 41 CFREU has been built upon. 248  Cf. e.g., on the right to be heard, Hoffmannn la Roche & Co. AG v. Commission, Case 85/76, 13.02.1979, ECLI:EU:C:1979:36, § 9; Musique Diffusion française v. Commission, Case 100/80, §10; Shell v. Commission, Case T-11/89, § 39; Compagnie maritime belge v. Commission, Case C-395/96, 16.03.2000, ECLI:EU:C:2000:132, § 142, where the Court clarified that, even if Article 6(1) ECHR does not apply to antitrust proceedings, still the right to be heard and to access to files shall be respected. On access to files as part of the principle of equality of arms, see, e.g., Solvay SA v Commission of the European Communities, T-30/91, 29.06.1995, ECLI:EU:T:1995:115, § 83; Imperial Chemical Industries plc (ICI) v Commission of the European Communities, Case T-36/91, 29.06.1995, ECLI:EU:T:1995:118, § 93. 249  As repeatedly affirmed by the Court of Justice cf., e.g., Transocean Marine Paint Association v Commission of the European Communities, Case 17-74, 23.10.1974, ECLI:EU:C:1974:106, § 15; Lisrestal and others v. Commission, Case T-450/93, 6.12.1994, ECLI:EU:T:1994:290; Dieter Krombach v André Bamberski, Case C-7/98, 28.03.2000, ECLI:EU:C:2000:164, § 42; Sopropé Organizações de Calçado Lda v Fazenda Pública, Case C-349/07, 18.12.2008, ECLI:EU:C:2008:746, § 36. 250  Cf., e.g. Belgium v. Commission, Case 40/85, 10.07.1986, ECLI:EU:C:1986:305, § 28; Belgium v. Commission, Case 234/84, 10.07.1986, ECLI:EU:C:1986:302, § 28. 251  Transocean Marine Paint Association v Commission of the European Communities, Case 17–74, § 15. 252  Cf., e.g., Detlef Nölle, Case T-167/94, § 63, where the fact that the applicants were not charged with allegation was considered a cause for refusing the application of the right. This interpretation has been recovered in trademark cases; for a reconstruction of the case-law on the matter, see Rabinovici (2012), p. 170. 247

6.3 Fair Trial Guarantees and Banking Supervision: The Right to an Independent…

209

French to English,253 and the latter “incomplete” version was then replicated both in the following case-law of the Court,254 and in Article 41(2) of the Charter, which does not include any reference to the need of being the person(s) against which the proceeding has been initiated for invoking that right.255 Along this line, although the scope of the right to be heard highly varies depending on subject matters, the CJEU has increasingly, and somehow seldom, recognized it also in favour of third parties which may be adversely affected by a procedure, without being its direct targets.256 Against this interpretation, especially relevant results the case-law developed by the CJEU with regard to the admissibility requirements for bringing action before the Court. According to Article 263(4) TFEU, in fact, natural or legal persons may appeal “against an act addressed to that person” or, if third parties, against an act “which is of direct and individual concern to them, and against a regulatory act which is of direct concern to them and does not entail implementing measures”.257

 As it emerges comparing the French version of Lisrestal v. Commission, § 42 which states: “Ce principe exige que toute personne à l’encontre de laquelle une décision faisant grief peut être prise soit mise en mesure de faire connaître utilement son point de vue au sujet des éléments retenus à sa charge par la Commission pour fonder la décision litigieuse” with the English version “That principle requires that any person who may be adversely affected by the adoption of a decision should be placed in a position in which he may effectively make known his views on the evidence against him which the Commission has taken as the basis for the decision at issue” where no reference is made to the fact that the measure shall be adopted against the party (emphasis added). 254  Cf., e.g., M. M., §§ 85-87, according to which “The right to be heard guarantees every person the opportunity to make known his views effectively during an administrative procedure and before the adoption of any decision liable to affect his interests adversely”; Spain v Commission, Case C-287/02, 9.06.2005, ECLI:EU:C:2005:368, § 37; Sopropé, § 37; Foshan Shunde Yongjian Housewares & Hardware v Council, Case C-141/08 P, 1.10.2009, ECLI:EU:C:2009:598, § 83; France v People’s Mojahedin Organization of Iran, Case C-27/09 P, 21.12.2011, ECLI:EU:C:2011:853, §§ 64–65. 255  According to which “the right of every person to be heard, before any individual measure which would affect him or her adversely is taken”. As reported by Rabinovici (2012), pp. 152–153, also this provision is differently translated within the EU, and a criterion similar of that of ‘à son encontre’ appears in other six versions (besides for the French one): “Dutch (‘jegems hem’); German (‘ihr gegenüber’); Swedish (‘mot honom eller henne’); Danish (‘over for ham/hende’); Spanish (‘en contra suya’); Italian (‘nei suoi confronti’). However, the Finnish, Portuguese, and Greek versions are similar to the English version, omitting the ‘initiated against’ criterion”. 256  Rabinovici (2012), p. 172, noticing how most EU legislations (in the field of competition law) grant basic hearing rights to third parties having sufficient interest in a procedure, so that usually the Courts do not have to refer to Article 41(2) CFREU to extend its scope. 257  Cf., e.g., LVM v Commission, Case T-84/89 (Joined Cases T-79/89, T-84/89, T-85/89, T-86/89, T- 89/89, T-91/89, T-92/89, T-94/89, T-96/89, T-98/89, T-102/89, T-104/89), 19.06.1990, ECLI:EU:C:2002:582, and Judgment in Dow Benelux NV v Commission of the European Communities, C-85/87, 17.10.1989, ECLI:EU:C:1989:379. This review is not only subject to strict time limitations, as if no proceeding is instituted before the Court within the 2-month period from the publication of the measure, or of its notification, or, in the absence thereof, of the day on which it came to the knowledge of the plaintiff, the challenged decision is held to be valid and cannot be contested anymore as far as its merit is concerned. 253

210

6  The Hybrid Nature of Banking Supervision

These parameters have been strictly interpreted by the Court of Justice, starting from the 1963 landmark case Plaumann,258 according to which the standing requirement for third private parties shall be recognized when the challenged decision “affects them by reason of certain attributes which are peculiar to them or by reason of circumstances in which they are differentiated from all other persons and by virtue of these factors distinguishes them individually just as in the case of the person addressed”.259 This issue was recently raised with specific regard to the SSM supervisory proceedings in the Fursin (Trasta) case, still pending, concerning the ECB withdrawal of the banking licence to a Latvian bank (Trasta Komercbanka-TKB), due to a series of prudential requirement violations, including in the field of anti-money laundering.260 In March 2016, after an ECB decision ordered the withdrawal, the bank was put into liquidation and, under Latvian law, a liquidator was appointed, and all the powers of attorneys to the management body of the bank revoked. In May 2016, however, the lawyer representing TKB during the administrative proceedings brought an action for annulment of the contested decision on behalf of TKB and, as a precaution, on behalf of six of its direct and indirect shareholders, which, contrary to the bank, were not the direct addressees of the ECB decision. Deliberating over the admissibility of the appeal under Article 263 TFEU, in September 2017 the Court of Justice recognized that shareholders retain an individual and direct concern that justifies an interest in bringing proceeding.261 Building on Plaumann, the Court recognized an individual concern to shareholders, since the ECB decision affected them “by reason of certain qualities peculiar to them or of a factual situation which differentiates them from any other person”, that is as shareholders “of the bank whose authorisation has been withdrawn and differentiates the 42 direct shareholders of that bank from any other person”.262 The  Plaumann & Co. v Commission of the European Economic Community, Case 25-62, 15.07.1963, ECLI:EU:C:1963:17, p. 107; Commission of the European Communities v Aktionsgemeinschaft Recht und Eigentum eV, Case C-78/03 P, 13.12.2005, ECLI:EU:C:2005:761, § 33. 259  See, e.g., Comité Central d’Entreprise de la Société Anonyme Vittel and Comité d’Etablissement de Pierval and Fédération Générale Agroalimentaire v Commission of the European Communities, Case T-12/93, 27.04.1995, ECLI:EU:T:1995:78, § 59, where standing was denied to the employees of a company on the basis that the approval of a merger by the Commission would not be a direct cause of the loss of jobs in the merged company. Highlighting this restrictive interpretation, e.g., see Witte (2015), p.  228; Mastroianni and Pezza (2014), p. 947; Lamandini (2015), p. 129. 260  Fursin and Others [former Trasta Komercbanka and Others] v ECB, T-247/16 (Application of 08.07.2016) and T-698/16 (Application of 11.11.2016). 261  Order of the General Court of 12.09.2017, ECLI:EU:T:2017:623, in Fursin and Others, cit., currently appealed before the Court in Case C-663/17 P, 24.11.2017 and in case Trasta Komercbanka AS, Ivan Fursin, Igors Buimisters, C & R Invest SIA, Figon Co. Ltd, GCK Holding Netherlands BV, Rikam Holding SA v ECB, Case C-669/17 P, 28.11.2017; on which see also Opinion of AG Kokott, delivered on 11.04.2019 (ECLI:EU:C:2019:323), where she advices to set aside the Latvian rules on revoking a bank’s mandates in order to provide an effective remedy against the withdrawal of the authorisation (recognizing the standing of the bank) while finding that the shareholders have no right to challenge the withdrawal of the license of a bank. 262  Idem, §§ 61–62. 258

6.3 Fair Trial Guarantees and Banking Supervision: The Right to an Independent…

211

CJEU also recalled its jurisprudence according to which, as in the case under exam, persons may be recognized individually concerned by a measure, even if they ­represent a group, inasmuch as they form part of a limited class of economic operators.263 The Court recognized a direct concern to the shareholders also in light of its case-law, according to which the legal situation of the latter is directly concerned if the decision affects the “substance or extent’ of their rights, “either as regards their proprietary rights or the ability, conferred on them by those rights, to participate in the management of the company”.264 This situation actually occurred in the Trasta case, where the withdrawal of the bank’s authorisation prevented the latter from performing its economic activity, therefore directly affecting the legal position of the shareholders too, in particular their right to receive dividends from the profits of a commercial company, the exercise of voting rights, and the right to take part in the management of the company.265 The case-law concerning the right to be heard appears applicable also to define the scope of the right of access to file, which represents another fundamental part of the defence rights, both before (to fully exercise the right to be heard) and after a decision is issued (to challenge it by judicial review).266 The purpose of this right, enshrined not only in the Charter and in the Convention, but also in Article 7 of Directive 2012/13/EU on the right to information in criminal proceedings, is in fact to “enable the addressees of statements of objections to examine evidence in the […] file so that they are in a position effectively to express their views on the conclusion reached […] on the basis of that evidence”.267 In this case too, however, critical profiles arise, concerning the boundaries of this right. A first issue regards the interpretation of “file”, and therefore the definition of which documents the party shall be granted access to, taking into account that, according to Article 41(2)(b) CFREU, the latter may be limited by “the legitimate interests of confidentiality and professional and business secrecy”. According to Article 7(2) and (3) of the Directive, the right of access to file shall cover at least all “all material evidence in the possession of the competent authorities, whether for or against suspects or accused persons”, in addition to “further material evidence comes into the possession of the competent authorities”. In its  Idem; see also Markku Sahlstedt and Others v Commission of the European Communities, Case C-362/06 P, 23.04.2009, ECLI:EU:C:2009:243, § 36 and the case-law cited. 264  Order of the General Court of 12.09.2017, § 65, and case-law cited there. 265  Idem, §§ 67–69. 266  On the link between the right of access to files, the principle of equality of arms, and Articles 5(4) and 6(3) let. b) ECHR, see Allegrezza (2008b), p. 143 et seq.; Mitsilegas (2016), p. 164 et seq.; Sayers (2015), p. 1333 et seq.; Gless (2013), p. 90. 267  Solvay SA, Case T-30/91, § 59. See also Imperial Chemical Industries plc (ICI), §§ 69. See especially Article 7(2), Directive 2012/13/EU of 22.05.2012 on the right to information in criminal proceedings, which is essentially based on the ECtHR case-law, with few more elevated standards, such as the so-called Letter of rights, see in this sense Mosna (2017), pp. 957 and 961, highlighting also how the provision of Article 7 recalls Article 5(4) ECHR, but without providing for grounds for refusal; see also Sayers (2015), p. 1334 et seq.; Cape et al. (2010), p. 32 et seq. 263

212

6  The Hybrid Nature of Banking Supervision

early jurisprudence, developed in competition law, the CJEU did not recognize an obligation to disclose the complete file to the parties, but only those documents on which the issuing authority has based its decision on. According to this interpretation, it was hence for the same authority to both issue a decision, and select the files the parties may get access to.268 Later, however, in the 2004 landmark decision Aalborg Portland the Court acknowledged the need to grant to the “undertaking concerned the opportunity to examine all the documents in the investigation file which may be relevant for its defence”, including “both incriminating evidence and exculpatory evidence, save where the business secrets of other undertakings, the internal documents of the Commission or other confidential information are involved”.269 Besides for a limited case-law in which documents were considered to be “of relevance to the investigation […] in so far as they formed part of the file”,270 the higher protection to defence rights given under Portland was however partially downsized by the burden of proof set upon the claimant. Indeed, to annul a decision taken without duly granting access to files, the latter should have shown “that the result at which the Commission arrived in its decision would have been different if a document which was not communicated to that undertaking and on which the Commission relied to make a finding of infringement against it had to be disallowed as evidence”.271 This test, extremely restricted the defence’s prerogatives, even though the Court explicitly stated that, in case the document not communicated consisted of an exculpatory evidence, “the undertaking concerned must only establish that its non-disclosure was able to influence, to its disadvantage, the course of the proceedings and the content of the decision of the Commission”, and that “it would have been able to use the exculpatory documents in its defence”.272 A second relevant issue concerns the level of limitation to the access that the proceeding authority may impose on the undertakings due to secrecy or confidentiality reasons. According to the CJEU case-law, in fact, these motives cannot be used to totally deny access to files; and even where it is necessary to omit some parts of a document to protect such interests, that cannot bring to the mere issuing of blank  Vereniging ter Bevordering van het Vlaamse Boekwezen, VBVB, and Vereniging ter Bevordering van de Belangen des Boekhandels, VBBB, v Commission of the European Communities, Joined cases 43/82 and 63/82, 17.01.1984, ECLI:EU:C:1984:9, § 25. 269  The already mentioned Cement joined case: Aalborg Portland A/S (C-204/00 P) and others, § 68. For its relevance with regard to the principle of ne bis in idem, see also Sect. 2.3.3. 270  Hoechst GmbH v Commission of the European Communities, Case T-410/03, 18.06.2008, ECLI:EU:T:2008:211, § 152. 271  Idem, § 73. 272  Idem, §§ 74–75. This test was then slightly modified in 2011, when the CJEU in Solvay established that “where access to the file, and particularly to exculpatory documents, is granted at the stage of the judicial proceedings, the undertaking concerned has to show, not that if it had had access to the non-disclosed documents, the Commission decision would have been different in content, but only that those documents could have been useful for its defence”, cf. Solvay SA v European Commission, Case C-110/10 P, 25.10.2011, ECLI:EU:C:2011:687. 268

6.3 Fair Trial Guarantees and Banking Supervision: The Right to an Independent…

213

pages: The proceeding authority is instead required to provide a comprehensible non-confidential version of the document(s) to be disclosed.273 All limitations to the right of access to files may be challenged before the Court of Justice, which shall determine whether a non-disclosed document “might have influenced the course of the proceedings and the content of the decision” and “have had a significance which ought not to have been disregarded” on the basis of “an objective link between the documents which were not made accessible during the administrative procedure and an objection adopted against the undertaking concerned”.274 These issues have already been faced by the CJEU with specific regard to the ECB or, more generally, to the field of financial supervision. In Espirito Santo Financial (2018), the Court specified that limitations are allowed only if “based on reasons of public or private interest”. Such reasons shall be specific, actual, and punctually stated to the applicant requesting access to files.275 In Baumeister (2018), the Court specified that information concerning the “supervision file, including its correspondence with other bodies, do not constitute, unconditionally, confidential information”. The latter may instead be defined, in regard to the need of maintaining professional secrecy, in information “(1) which is not public and (2) the disclosure of which is likely to affect adversely the interests of the natural or legal person who provided that information or of third parties, or the proper functioning of the system for monitoring” the financial activities.276 Lastly, in UBS Europe (also 2018), the Court clarified that the “subject of a measure adversely affecting him must have the opportunity to examine all of the documents in the investigation that might be relevant for his defence. Those documents comprise both inculpatory and exculpatory evidence, with the exception of business secrets concerning other persons, internal documents of the authority that adopted the measure and other confidential information”. The CJEU affirmed that “it is however allowed to exclude from the administrative procedure evidence which has no relation to the allegations of fact and of law in the statement of objections and which therefore has no relevance to the investigation […] It follows from the foregoing considerations that the right to disclosure of the documents relevant to the defence is not unlimited and unfettered […] Accordingly, in the event of a conflict of, on the one hand, the interest of the person who is the subject of a measure adversely affecting him in having access to the information necessary for him to be in a position to exercise fully his rights of defence and, on the other hand, the interests in connection with maintaining the confidentiality of the information covered by the obligation of professional secrecy, it is for the competent authorities or courts to seek to strike a balance between these opposing interests in the light of the circumstances  Hoechst GmbH v Commission, §§ 152–153.  Aalborg Portland A/S (C-204/00 P) and others, §§ 76-77, and 129. 275  Cf. Espírito Santo Financial (Portugal) v ECB, Case T-251/15, 26.04.2018, ECLI:EU:T:2018:234, appealed in Case C-442/18 P of 23.11.2018, §§ 51–83, where the ECB decision refusing to grant access to files was annulled by the Court. 276  Baumeister, Case C-15/16, 19.06.2018, ECLI:EU:C:2018:464, § 34 et seq. 273 274

214

6  The Hybrid Nature of Banking Supervision

of each case”. National authorities shall therefore “ascertain whether that information is objectively connected to the complaints upheld against him and, if this should be the case, to weigh up” the above mentioned interests.277 The jurisprudence mentioned so far, however, is not the only parameter against which the SSM supervisory proceedings shall be examined: When they may end up with the application of a substantially criminal penalty, the fairness of sanctioning procedures shall indeed be assessed also in light of the notions of the rights to be heard and of access to file developed by the ECtHR for the matière a coloration pénale. In this field, in fact, both rights represent a fundamental part of the adversarial proceeding guarantees, according to which prosecution and defence must be given the opportunity to have knowledge of and comment on the observations filed and the evidence (including witnesses’ testimonies) adduced by the other party.278 For the profiles relevant to the SSM sanctioning proceedings, the content of the right of access to files in criminal matters does not differentiate much from that provided for by Article 41 CFREU. Indeed, also under Article 6(1) ECHR, and starting from the ECtHR case Borgers v Belgium, a party potentially affected by the result of a proceeding has the right to have all the material evidence used for the accusation disclosed in order to guarantee the equality of arms.279 In the ECtHR case-law too, the scope of this right, that is the identification of the documents which shall be disclosed, is determined on the basis of the “relevance” of the said document(s) with regard to the proceeding.280 Lastly, also in criminal matters, the right of access to files is not interpreted to be absolute, as both in the case-law of the ECtHR and in Article 7(4) of Directive 2012/13, the latter may be restricted—only as strictly necessary—to protect fundamental rights of other people, or to safeguard important public interests, such as national security.281 The debate over the definition of the moment from which the right of access to files attaches in criminal proceedings, especially critical (and crucial) when dealing  UBS Europe and o., Case C-358/16, 13.09.2018, ECLI:EU:C:2018:715, §§ 66–70.  Cf., e.g., Rowe and Davis v. the United Kingdom, 16.02.2000, Application no. 28901/95, § 60; Užukauskas v. Lithuania, 6.07.2010, Application no. 16965/04, § 47. According to Trechsel (2005), p.  90, from a Conventional perspective, prosecution shall not be included in the definition. 279  Borgers v Belgium, 30.10.1991, Application no. 12005/86. 280  Cf., e.g., Edwards And Lewis v. The United Kingdom, 27.10.2004, Applications nos. 39647/98 and 40461/98, § 46. 281  Rowe and Davis v. the United Kingdom, § 61; Moiseyev v Russia, 9.10.2008, Application no 62936/00; Edwards and Lewis v UK; Van Mechelen and Others v. the Netherlands, 23.04.1997, Applications nos. 21363/93, 21364/93, 21427/93 and 22056/93, § 58. Restricting provisions due to business secrecy protections or other confidential information have also been implemented by some EU legal acts, cf. Commission Notice on the rules for access to the Commission les in cases pursuant to Articles 81 and 82 of the EC treaty, Articles 53, 54 and 57 of the EEA Agreement and Council Regulation (EC) 139/2004. See also Levitt (1997), p. 1424. According to the Directive, moreover, refusals to access to files shall be authorized by a judicial authority if strictly necessary “to safeguard an important public interest, such as in cases where access could prejudice an ongoing investigation or seriously harm the national security of the Member State in which the criminal proceedings are instituted”, see Ciampi (2012), p. 9. 277 278

6.3 Fair Trial Guarantees and Banking Supervision: The Right to an Independent…

215

with criminal investigations stricto sensu, does not seem to be in point to the SSM sanctioning proceedings, where most of the evidence gathered by the Investigating Unit comes from the credit institutions under investigation. Against this background, the right of access to files as provided by the SSM Regulations does not appear especially problematic, even when applied to proceedings leading to substantially criminal supervisory sanctions. According to Article 32 SSM FR, in fact, parties of supervisory proceedings “shall be entitled to have access to the ECB’s file, subject to the legitimate interest of legal and natural persons other than the relevant party, in the protection of their business secrets”.282 Of course, this exception for confidential information may heavily affect their level of protection from the perspective of the subject under investigations. Nevertheless, this clause, read in light of the consolidated case-law of the European Courts and of the sensitiveness of the matter of banking oversight, may well fall under those situations in which withholding certain documents from the defence is necessary. Such limitation can therefore be considered proportionate, and in line with the provisions of the Convention and of the Charter,283 at least as long as the undisclosed material does not contain items so relevant as to enable the investigated subject to exonerate itself or have the sentence reduced.284 Different conclusions should instead be drawn with regard to some profiles of the right to be heard, where the notion varies more significantly (for the purposes of this analysis) in its administrative and criminal dimension. On one side, in fact, the SSM does not appear especially critical in light of Article 41 CFREU, as interpreted by the CJEU. Under this perspective, Articles 22 and 27 SSM R require that all entities potentially affected by the ECB decisions shall be previously given the opportunity of commenting on the facts. This right applies to all sanctions adopted under Article 18 SSM R, as well as to supervisory measures provided for by Articles 14 SSM R and with those established by Article 16(2) SSM R to ensure compliance with macro-prudential decisions. In case “an urgent decision appears necessary in order to prevent significant damage to the financial system”, Article 22 SSM FR allows the ECB to proceed and take a decision without granting the possibility to previously comment on the facts. Afterwards, however, “without undue delay after its adoption”, the interested parties shall be given the opportunity to do so.285 According to Article 31(6) SSM FR, this option does not apply to administrative penalties. Considering however that it could apply to substantially criminal supervisory measures and that it represents an exception to a fundamental right, this provi-

 Cf. Articles 22 and 32(1) SSM FR.  Cf. Caianiello (2019). 284  In this sense, cf. Natunen v Finland, 31.03.2009, Application no. 21022/04, § 43; C.G.P. v The Netherlands (dec), 15.01.1997, Application no. 29835/96. 285  Cf. Article 31(1)-(4)-(5) SSM FR. 282 283

216

6  The Hybrid Nature of Banking Supervision

sion should be interpreted strictly286. In any case the ECB shall base its decisions only on those objections that the parties concerned have been able to comment.287 Due to the limited scope of Article 22 SSM R, the right to be heard does not apply to macro-prudential decisions. To comply with the ECHR and the CFREU, therefore the right should be extended also to the latter at least when they are not general but addressed to a single credit institution.288 In the criminal matter, moreover, the notion of the right to be heard results much articulated, (although it is not considered by the Court in Strasbourg as an absolute right).289 First, as part of the principle of equality of arms, in this limb such right partially overlaps with the guarantees of Article 6(3)(d) ECHR, according to which everyone charged with criminal offences has the right “to examine or have examined witnesses against him and to obtain the attendance and examination of witnesses on his behalf under the same conditions as witnesses against him”.290 At first glance, the impact of this provision in the SSM supervisory proceedings appears rather limited, since most of the evidence gathered in order to impose a sanction under Article 18(1) SSM R are likely to be of documental, rather than testimonial nature. Nonetheless, where the latter would be the case, also this profile of the right to be heard shall find application in the SSM (punitive) proceedings, even in lack of any specific provision of the Regulations in that sense. Critical issues, instead, arise with regard to the modalities in which such right shall generally be put in place. In the ECtHR case-law applicable to the criminal matter, in fact, the right to be heard shall be read in light of Article 6(1) of the Convention, which requires the proceeding to be hold in a public hearing. While the compliance with this specific profile could be considered of minor relevance for the SSM,291 extremely significant is instead that jurisprudence according to which the “entitlement to a “public hearing” in Article 6 § 1 necessarily implies a right to an “oral hearing””.292 This obligation is not considered absolute by the Court, especially in cases where fair trial rights are applicable due to an extensive interpretation of criminal matter under the Engel doctrine.293 However, even in those cases, the exclusion from the obligation to hold an oral hearing is not  D’Ambrosio (2013), p. 55.  Articles 22(1) and Article 24(7) SSM R. 288  As underlined by D’Ambrosio (2013), p. 59. 289  On the relative character of the right to be heard for the ECHR, see Trechsel (2005), pp. 90–92. 290  Although mainly concerning witnesses, the Court has sometimes traced this guarantee back to evidence in general, interpreting it as a right that no evidence shall be used as the basis for a conviction unless the defendant has had the opportunity to challenge its validity, and comment upon its relevance; see, e.g., Perna v Italy, 6.05.2003, Application no. 48898/99, §§ 25–32. For a detailed case-law analysis of Article 6(3)(d) ECHR, see Trechsel (2005), pp. 292–326; Harris et al. (2014), p. 483 et seq.; Balsamo (2015), pp. 146–151. 291  As it will be argued below, in Sect. 6.3.4. 292  Döry v. Sweden, 12.11.2002, Application no. 28394/95, § 37. 293  Jussila v. Finland, §§ 41–43. 286 287

6.3 Fair Trial Guarantees and Banking Supervision: The Right to an Independent…

217

automatic, and the criterion to establish whether that is required or not depends on “the nature of the issues to be dealt with” by the competent court, the “gravity” attached to the proceedings, and the “significant degree of stigma” carried out by the applicable sanctions (in particular on whether they raise any question of fact or law which could not be adequately resolved on the basis of the case file).294 This jurisprudence raises critical issues in the SSM legal framework. According to Article 126 SSM FR, once an investigation is completed, the Investigating Unit shall notify a Statement of Objections to the supervised entity. Within a “reasonable time limit” established in the same Statement, the party has the right to make submissions in writing to the Unit on the factual results and the objections raised against it. With the Statement of Objection, the Unit may also invite the party to attend an oral hearing. Such a hearing may also be requested directly by the supervised entity itself, but that does not limit the discretion of the Unit in deciding whether to grant the hearing or not.295 In the SSM sanctioning proceedings, therefore, the very possibility of having an oral hearing is not a right of the party of the proceeding, but depends on the discretion of the Investigating Unit.296 Interestingly, a procedure similar to this one was examined by the ECtHR again in Grande Stevens, where the right to be heard took place in a written exchange of views between CONSOB and the private parties, rather than through an oral hearing. In that case, the Court affirmed that although the obligation to hold a hearing is not absolute, “refusing to hold an oral hearing may be justified only in rare cases”.297 The violation of the right to be heard, also in its dimension requiring an oral hearing, does not however automatically determine a violation of the fair trial rights: According to the ECtHR, similarly to what already mentioned with regard to the principles of independence and impartiality, unjustified limitations of this right may be “remedied” if the issued decision is subject to a review before a judicial body that has full jurisdiction. This safeguard, however, as will be argued hereinafter, does not seem entirely applicable to the Single Supervisory Mechanism, and therefore not fully capable of remedying the deficiencies of its sanctioning proceedings under Article 6 ECHR.298 Before analysing this crucial point, it is however necessary to finally underline that the SSM sanctioning proceedings may also result critical for the right to be heard under a last profile. Indeed, according to Article 126 SSM FR, the Statement

 Idem, §§ 41–42, 47–48 (tax-surcharge proceedings); Suhadolc v. Slovenia (dec.), 17.05.2011, Application no. 57655/08 (summary procedure for road traffic offences). 295  Cf. above, Sect. 4.4.3. 296  Contrary for instance to what established in competition law, where “The Commission shall give the parties to whom it addresses an SO the opportunity to develop their arguments at an oral hearing if they so request in their reply to the SO (Article 12(1) of Reg. 773/2004)”, cf. European Commission (2012), p. 6/11—Right to be heard (3.1, § 28). 297  Grande Stevens, § 121. 298  Cf., e.g., Riepan v Austria, 14.11.2000, Application no. 35115/97, § 39; cf. below, Sect. 6.3.3. 294

218

6  The Hybrid Nature of Banking Supervision

of Objection shall contain “the findings under the investigation carried out and of any objections raised thereto”. This provision seems able to satisfy the right to be informed of the charges provided for by Article 6(3)(a) ECHR299 which, as underlined by legal scholars, covers the right to be informed immediately, or at least early enough in the course of the proceedings, of the allegations in fact and in law made by the public authority; and the right that charges cannot be modified unless there is a new communication by the same authority, and a sufficient period of time to allow the defence to re-­structure its strategy.300 On the other side, however, it remains uncertain whether the reference to the “objections raised” covers also the amount of the penalty that the Investigating Unit is proposing the Supervisory Board to impose, or at least the aggravating circumstances and the figures used by the IU to calculate the sanction. Nothing in Article 126 SSM R in fact mentions this profile, which has a major relevance from the perspective of the defence. This circumstance, together with the limited jurisdiction of the Court of Justice for some of the sanctions imposable by the SSM, as will be argued below, risks to leave credit institutions dangerously unsafeguarded precisely on the profile of a sanctioning procedure more capable to adversely affect them, that is the amount of the penalty itself. In this sense, even though that would increase the complexity and length of the proceeding, in order to safeguard the fundamental rights of the undertakings, and to prevent sanctioning decisions to be made void for violation of procedural fair trial rights, it seems recommendable for the European Central Bank to establish a right to be heard also on the amount of the imposable fine. Such a result could be achieved amending the SSM Framework Regulation. In lack of a political consensus in this regard, an attempt could be at least perhaps made issuing a separate working document (to be published, so as to be foreseeable by the parties involved), similarly to what already occurred in Antitrust proceedings before the Commission.301  Kamasinski v. Austria, 19.12.1989, Application no. 9783/82, § 79; Pélissier and Sassi v. France, 25.03.1999, Application no. 25444/94, § 51; Mattoccia v. Italy, 25.07.2000, Application no. 23969/94, § 59; Penev v. Bulgaria, 7.01.2010, Application no. 20494/04, §§ 33 and 42. On the critical issues left unsolved by the ECtHR concerning the modalities in which communication of the charges shall be made, see Mosna (2017), p. 960; Quattrocolo (2015), p. 87 et seq. 300  Cf., e.g., Trechsel (2005), pp. 195–196; Balsamo (2018), pp. 120–123. 301  Cf. European Commission (2012), pp. 5 and 6/15—Drafting of Statement of Objections (SO) (2.2.2), according to which “The SO must also clearly indicate whether the Commission intends to impose fines (Article 23 of Regulation 1/2003), a periodic penalty payment (Article 24) or other remedies (structural or behavioural), should the objections be upheld, referring to the evidence and facts supporting such measures.16 (16) In case of imposition of fines pursuant to Article 23 of Regulation 1/2003, the SO will refer to the relevant principles laid down in the Guidelines on setting fines […] The Best Practices Notice states that, although under no legal obligation in this respect, the SO will endeavour to include (using information available) further matters relevant to any subsequent calculation of fines, including the relevant sales figures to be taken into account and the year(s) that will be considered for the value of such sales. Such information may also be provided to the parties after the Statement of Objections. In both cases, the parties will be provided with an opportunity to comment”. 299

6.3 Fair Trial Guarantees and Banking Supervision: The Right to an Independent…

219

6.3.3  Right to a Full Judicial Review As already mentioned, the application of fair trial rights, especially in their criminal limb interpretation, often results highly problematic when applied by formally administrative authorities, which are structurally and procedurally different from the judiciary.302 In order to find an applicable compromise between the need to elevate the standards of safeguard when punitive sanctions are at stake, and that of not forcing (at least, not too much) a wide range of administrative bodies to assimilate completely with judicial ones, the Court in Strasbourg has, since its 1983 Le Compte decision, developed a solid case-law that identifies in the “full judicial review”, before a tribunal that provides the guarantees of Article 6 ECHR, an adequate counter-balance for certain lacunas of fair trial rights in administrative punitive proceedings.303 In particular, as anticipated, full judicial review is considered to be a remedy to structural problems concerning the impartiality and the independence of decision-­ making bodies, but also to limitations of the right to an oral and public hearing.304 According to such jurisprudence, “full judicial review” or “unlimited jurisdiction” is identified by the possibility of the reviewing body to rule both on questions of fact and law (e.g. analysing the appropriateness and proportionality of the penalty imposed by the administrative authority).305 In Menarini (2011)—a case concerning national competition law, particularly relevant under several profiles also for the field of banking supervision—the Court further specified such notion. The ECtHR indeed considered compatible with this parameter also the scope of review of a national court which did not have, by law, unlimited jurisdiction, but could still decide whether the administrative authority had made a proper use of its powers, examine the grounds for its decision, its proportionality, as well as its technical evaluations, and also review the proportionality of the fine, and, in a given case, replace it.306 This case-law has been recognized also in the European Union, where Article 47 CFREU covers, under the principle of effective judicial protection, both the right to

 Cf. above Sect. 6.2.  Albert and Le Compte v. Belgium, 10.02.1983, Application no. 7299/75; 7496/76, § 29; Segame SA v. France, 7.06.2012, Application no 4837/06, § 55; Menarini Diagnostics S.r.l., § 59; although this argument holds true for Article 6 ECHR also in its civil limb meaning, see Regner v. Czech Republic, 19.09.2017, Application no. 35289/11, §§ 130, 136, 150. 304  Cf., e.g., Riepan v Austria, § 39. 305  Cf., e.g., Albert and Le Compte, § 29; Tsfayo v UK, 14.11.2006, Application no. 60860/00, §§ 42–48; Janosevic v. Sweden, 23.07.2002, Application no. 34619/97, § 81; Menarini Diagnostics S.r.l., § 59. But see also, with specific regard to the banking matter under civil limb, Capital Bank AD v. Bulgaria, 24.11.2005, Application no. 49429/99, §§ 98–116, where a violation was found also in the unjustified self-restraint of a Court from exercising full jurisdiction. 306  Cf. Menarini Diagnostics S.r.l., §§ 64–67. See also Lamandini et al (2015), p. 92, highlighting how, in that case, “The ECtHR even opened the possibility for due process rights to be calibrated in the context of an administrative procedure with independent authorities”. 302 303

220

6  The Hybrid Nature of Banking Supervision

a full judicial review in the ECtHR meaning, and the right to an effective remedy provided for by Article 13 of the Convention.307 In the 2014 Telefónica case, in particular, the Court of Justice recognized how the application of a “penalty” by administrative authorities which do not themselves satisfy the requirements laid down in Article 6(1) ECHR is “possible” as long as the decisions taken could “be subject to subsequent review by a judicial body endowed with unlimited jurisdiction”, that is entrusted with “the power to quash in all respects, on questions of fact and law, the decision at issue”.308 Against this background, it shall be examined whether it is possible to consider the Court of Justice a tribunal with unlimited jurisdiction for the sanctions applied by the ECB in its supervisory capacity. Following the very broad provision of Article 24(11) SSM R, in fact, proceedings may be brought before the CJEU “in accordance with the Treaties”. According to Article 263 TFEU, the Court is entitled to “review the legality of legislative acts” (italics added) issued by EU institutions, bodies, offices or agencies of the Union “intended to produce legal effects vis-à-vis third parties”—a jurisdiction that therefore apparently excludes the merit from its scope. This conclusion seems to be supported by the provision of Article 261 TFEU, according to which the Court may, in any case, be conferred unlimited jurisdiction in regulations adopted jointly by the European Parliament and the Council, and by the Council, with regard to the penalties there provided. Standards of review under Article 263 TFEU are particularly relevant in areas “giving rise to complex economic assessments”, examined by the CJEU for instance in Henri de Compte (1991 and 1994), according to which the merit of administrative discretionary acts  cannot be challenged before the Court, unless they are “manifestly disproportionate”.309 In more recent case-law, however, such as Chalkor and KME (both from 2011), and again in Telefónica (2014), the Court also affirmed that such margin of appreciation deriving from the exercise of discretionary powers “does not mean that the Courts of the European Union must refrain from reviewing the [Commission’s] interpretation of information of an economic nature […] The EU judicature must, among other things, not only establish whether the evidence put forward is factually accurate, reliable and consistent, but must also determine whether that evidence contains all the relevant data that must be taken into consideration in appraising a complex situation and whether it is capable of substantiating

 Chalkor v. Commission, C-386/10 P, § 47; Schindler Holding Ltd and others, § 36.  Telefónica SA and Telefónica de España SAU v European Commission, Case C-295/12 P, 10.07. 2014, ECLI:EU:C:2014:2062, §§ 51-52. Cf. also Jones and Sufrin (2016), p. 898. 309  Cf. also, e.g., Henri de Compte v European Parliament, Case T-26/89, 17.10.1991, ECLI:EU:T:1991:54, § 220 and case-law there mentioned, according to which “The Court cannot substitute its own judgment for that of the appointing authority except in the case of a manifest error or misuse of powers”; Henri de Compte v European Parliament, C-326/91 P, 2.06.1994, ECLI:EU:C:1994:218, § 115. With a substantially similar view, on the ECtHR side, the dissenting opinion of Jusdges Villiger, Yudkivska and Pejchal in Delta Pekárny A.S. v Czech Republic, 2.10.2014, Application no. 97/11. 307 308

6.3 Fair Trial Guarantees and Banking Supervision: The Right to an Independent…

221

the conclusions drawn from it”.310 Nonetheless, when it came to assess the compliance of judicial review systems with Article 47 CFREU, the CJEU required, with regard to competition law, a combination of the “review of legality provided for under Article 263 TFEU” to be supplemented by “the unlimited jurisdiction in respect of the amount of the fine”.311 This model, however, differes from that of the Single Supervisory Mechanism. Indeed, against a decision-making body not completely in compliance with the parameters of independence and impartiality, and with a sanctioning procedure that mentions but does not guarantee the right to an oral hearing, the SSM Regulations do not always provide for a full or unlimited judicial review to all the sanctions with a substantial criminal nature imposable by the ECB. This consideration holds true even though no less than three reviewing bodies may be involved in the SSM supervisory sanctioning proceedings: National judicial authorities, the Administrative Board of Review, and the Court of Justice.312 National courts may be addressed in two cases, one concerning investigative measures, the other concerning sanctions. In the first case, as already anticipated, the SSM Regulation does not require a prior judicial authorization, unless so required at the national level.313 This feature has been already found by the court in Strasrboug to be in compliance with the Convention in the field of competition law on dawn raids in Delta Pekárny, as long as such a lacuna is balanced by an effective ex post judicial review that covers both legality and merit.314 Whether judicial review may be considered so in the SSM legal framework, however, appears dubious, at least with regard to some of the ECB powers. According to Article 13 SSM R, national judges may play a marginal role in the ex post judicial review of some SSM investigating acts, as they are the only authorities directly involved in conferring prior authorizations to on-site inspections carried out by the ECB, when such measures so requires under domestic law. This provision has been considered a “fair compromise between the values involved, since it preserves the effectiveness of the

310  Cf., e.g., Chalkor v. Commission, Case C-386/10 P, § 54; KME and Others v. Commission, Case C-272/09, 8.12.2011, ECLI:EU:C:2011:816, § 94; Europese Gemeenschap v Otis NV and Others, Case C-199/11, § 59; Telefónica SA, Case C-295/12 P, § 54; Commission v Tetra Laval, Case C-12/03 P, 15.02.2005, ECLI:EU:C:2005:87, § 39. Affirming the relevance of this case-law in the ECB supervisory procedures Ligeti and Robinson (2017), p. 232. 311  Cf. KME Germany AG, KME France SAS and KME Italy SpA v European Commission, Case C-272/09 P, 8.12.2011, ECLI:EU:C:2011:810. Cf. also Lenaerts et al (2014), p. 394; Lamandini et al (2015), p. 87. 312  Cf. Ter Kuile et al. (2015), p. 182 et seq. 313  Cf. above, Sect. 4.4.3. and study there mentioned reporting that this occurs only in very few cases in the Eurozone. 314  Delta Pekárny A.S. v Czech Republic, 2.10.2014, Application no. 97/11, §§ 87–91, concerning on site-inspections in competition law; cf. also Neruda and Barinka (2015), 412. Cf. also Ste Colas Est, 16.04.2002, Application no. 37971/97; Ravon, 21.02.2008, App. no 18497/03; Primagaz, 21.12.2010, Application no. 29613/08; Canal Plus, 21.12.2010, Application no. 29408/08; Vinci Construction and o. v France, 2.04.2015, Application nos. 63629/10 and 60567/10.

222

6  The Hybrid Nature of Banking Supervision

ECB’s supervisory powers without prejudice to the protection of business premises to the extent that it is recognized in the relevant national law”.315 Even in the rare cases where at the national level judicial control is required, however, national authorities do not enjoy full reviewing powers over on-site inspections. That is because, under Article 13(2) SSM R, national judges are entrusted only with the control over the proportionality of the measure adopted, exclusively in order to assess whether the ECB decisions are arbitrary or excessive. They are however excluded from any review on the matter, that is, for instance, on the necessity to enforce an on-site inspection with regard to the specific subjects involved, and on the aims pursued—which remain under the sole discretion of the ECB. In this sense, whilst national judges may ask the ECB for detailed explanations relating to the grounds for suspecting that an infringement has occurred, to the seriousness of the suspected infringement and to the nature of the involvement of the person subject to the coercive measures, the same authorities are not entitled to review any of these parameters, nor allowed to be shown the ECB’s files on the matter.316 From one side, this allocation of competence appears in line with the margin of appreciation recognized by the Court in Strasbourg in case of decisions to be taken in areas in which discretion plays a relevant role.317 Such a relationship between national and European bodies also seems to mirror the competition case-law of the Court of Justice established by Roquette Frères, according to which “competent national court, when considering the matter, may not substitute its own assessment of the need for the investigations ordered for that of the Commission, the lawfulness of whose assessments of fact and law is subject only to review by the Community judicature […] The review carried out by the competent national court […] may not go beyond an examination, as required by  D’Ambrosio (2013), p. 54.  Similarly, in this sense, also the new supervisory powers conferred to ESMA with regard to equity and lending crowdfunding activities, cf. Article 24(9) to (11), Commission Proposal for a Regulation of the European Parliament and of the Council on European Crowdfunding Service Providers (ECSP) for Business, Brussels, 8.3.2018 COM(2018) 113 final. Partially derogating to this approach is instead another case concerning down raids and specifically inspections (Deutsche Bahn AG and o., Case C‑583/13 P, 18.06.2015, ECLI:EU:C:2015:404, §§ 34–37). There the CJEU argued that such a review carries out «an in-depth review of the law and of the facts on the basis of the evidence adduced by the applicant», so as to satify both what required by Articles 7 and 8 ECHR, and Article 7 CFREU. The scope of such a review, however, did not extend as to the power to return documents seized in the inspection or order the destruction of unlawfully seized material. Such allocation of competence appears more demanding compared to the aforementioned ECtHR case-law Delta Pekárny, as well as with other CJEU jurisprudence concerning dawn raids; cf. Steene (2016), p. 185 et seq.; Di Federico (2013), p. 31; and Neruda and Barinka (2015), p. 413. Relying more on the margin of appreciation doctrine, cf. e.g. Funke v. France, § 55; Camenzind v Switzerland, 16.12.1997, Reports of Judgments and Decisions 1997-VIII, § 45; Société Colas Est and others v France, 16.04.2002, Application no. 37971/97, §§ 47. 317  In this sense, see Funke v. France, § 55; Camenzind v Switzerland, 16.12.1997, Reports of Judgments and Decisions 1997-VIII, § 45; Société Colas Est and others v France, 16.04.2002, Application no. 37971/97, §§ 47. 315 316

6.3 Fair Trial Guarantees and Banking Supervision: The Right to an Independent…

223

Community law, to establish that the coercive measures in question are not arbitrary and that they are proportionate to the subject-­matter of the investigation. Such an examination exhausts the jurisdiction of that court as regards the review of the justification of the coercive measures applied”.318 The second case in which national judges could be involved as a reviewing jurisdiction, even if not explicitly mentioned in the SSM Regulations, concerns the three complex situations previously illustrated, in which the ECB enjoys some powers under national law, at least to a certain extent: i) When the ECB exercises indirect sanctioning powers under Article 18(5) SSM R, requiring the competent NCA to proceed according to its national framework; ii) under Article 4(3) SSM R, when the ECB is entitled to directly apply national law implementing EU directives or exercising options and discretions; or iii) when the ECB applies supervisory measures under Article 9 SSM R, instructing NCAs to make use of their powers, under and in accordance with the conditions set out in national law. These cases, as already argued,319 may result particularly sensitive in practice since they involve national and Union authorities, that theoretically could both claim competence to review the adopted measures. In this context, however, it is possible to apply the case-law of the Court of Justice, mostly developed in the fields of State aid and competition law, according to which the allocation of full reviewing powers depends upon which authorities is entitled to exercise discretion in the proceeding,320 that is, in the SSM context, on whether the ECB or the NCA are granted discretion in imposing a certain measure. In light of the reconstruction of the SSM sanctioning and supervisory powers illustrated above,321 in case i) it could be affirmed (still in lack of CJEU decisions on the matter directly applicable to the ECB), that the discretion in imposing sanctions under Article 18(5) SSM R remains exclusively in the hands of the NCAs. The latter have to start a proceeding after the ECB requests so, but are not bound by any obligation as to result to be achieved. In this situation, therefore, national courts should be the only authorities competent to adjudicate, with full jurisdiction, the sanctions potentially imposed.322 Opposite conclusions, on the other side, shall be drawn for case ii), since there it is the ECB which seems to retain substantial discretion in the application of the

 Roquette Frères SA v Directeur général de la concurrence, de la consommation et de la répression des fraudes, and Commission of the European Communities, Case C-94/00, 22.10.2002, ECLI:EU:C:2002:603, §§ 39–40. Cf. also Lamandini et al (2015), p. 73 et seq. 319  Cf. Sects. 4.4 and 4.4.1. 320  As discussed in Sect. 4.4.1. See also Stichting Woonlinie et al v Commission, Case C-133/12 P, 27.02.2014, ECLI:EU:C:2014:105, § 55 et seq.; NV International Fruit Company v Commission, Cases 41-44/70, 13.05.1971, ECLI:EU:C:1971:53, §§ 25–26. For further analysis, see Arons (2015), p. 445 et seq. 321  Cf. Sect. 4.4. Cf. also Voordeckers (2019). 322  In this sense, see Fernandez-Bollo (2015), p. 143. 318

224

6  The Hybrid Nature of Banking Supervision

measure(s): This situation hence follows under the jurisdiction of the Court of Justice.323 Confirmation in this sense arrives from the 2018 joined cases concerning la Caisse régionale de crédit agricole mutuel, in which the CJEU was called to decide on an ECB decision based on Article 4(3) SSM R. The case concerned the application, by the SSM, of French national law transposing provisions of CRD IV regarding good governance of credit institutions (and in particular Article L. 511-13 of the French Code monétaire et financier), which brought the ECB to oppose the appointment of a number of subject as ‘effective directors’, for violation of the rules requiring a separation between the exercise of executive and non-executive functions within a credit institution’s management body. In assessing the case, the Court of Justice had therefore to interpret French national law although, according to its settled case-law,324 taking into account “the interpretation given to them by national courts”.325 Case iii), on the other side, remains an open issue. As will be argued below, in fact, here the potential jurisdiction of the CJEU seems at the same time uncertain, and harbinger of revolutionary changes to the role of the Court itself in the balance of powers within Union.326 Against this background, anyway, at present national judicial authorities can be considered a body with “full jurisdiction” as required by Articles 6 ECHR and 47 CFREU only for the case of Article 18(5) SSM R (if the Court of Justice will confirm that NCAs do retain discretion in their action in this context), of course assuming that further limitations to the scope of the review granted before national authorities are not provided for in national law. On a different level, little contribution to the compliance of the SSM sanctioning proceedings with the right to a full judicial review comes from the Administrative Board of Review (ABoR). As already illustrated, the nature of the Board itself is rather controversial, since it presents a unique and hybrid model which has so far no comparison in other so-­

 In this sense, see also Allegrezza and Rodopoulos (2017), p.  245; see also Allegrezza and Voordeckers (2015), p. 159; Arons (2015), p. 442. 324  Cf., e.g., Criminal proceedings against Rémy Schmit, Case C-240/95, 27.06.1996, ECLI:EU:C:1996:259, § 14; European Commission v Slovak Republic, Case C-433/13, 16.09.2015, ECLI:EU:C:2015:602, § 81. 325  Caisse régionale de crédit agricole mutuel Alpes Provence and Others v European Central Bank, Joined Cases T-133/16 to T-136/16, 24.04.2018, ECLI:EU:T:2018:219, §§ 84-88. See Lamandini (2015), p. 130 et seq., according to: “Another possibility would be to read the provisions as meaning that, through the application of the ECB, national law becomes EU law. In such case the CJEU would be entitled to make the authoritative interpretation, and could well answer the preliminary reference without having to make the balancing act of all the superimposed layers of competences. However, this would strain the express language of the provision, which refers to “national law”; it would also put the CJEU in the extremely uncomfortable position of having to determine the authoritative interpretation of domestic law, something that the Court was extremely unlikely to do and careful in avoiding so far”. 326  See also above Sect. 4.4.1. 323

6.3 Fair Trial Guarantees and Banking Supervision: The Right to an Independent…

225

called “quasi-judicial” European reviewing bodies.327 Far from exercising an “unlimited jurisdiction”, the Board may only express an opinion on the legitimacy of the draft decision adopted by the Governing Council, without any competence to question its merit unless manifestly wrong or disproportionate.328 In light of Article 47 CFREU, moreover, the ABoR cannot be identified as a proper “tribunal” either. Indeed, contrary for instance to the ESAs Joint Board of Appeal, whose decisions are binding for the Authority that issued the challenged act,329 the ABoR does not have any legal decision-making power. Following the Board’s review, the Supervisory Board has to submit a new draft decision for the non-objection procedure, in which the opinion of the ABoR shall be taken into account: That does not mean, however, that the Supervisory Board is in any way bound to align the content of the new decision to the furnished opinion.330 Against this background, therefore, the current structuring of the Administrative Board of Review is not capable to provide a remedy to comply with the “unlimited” or “full judicial review” required under Articles 6 ECHR and 47 CFREU. Besides for national courts, therefore, the only other “tribunal” which is conferred jurisdiction in reviewing the lawfulness of the acts adopted by the ECB remains, according to Articles 13 and 24(11) SSM R, the Court of Justice.331 The jurisdiction of the CJEU with regard to the Single Supervisory Mechanism, however, appears critical under several perspectives. A first, more general issue, already raised, concerns the scope of jurisdiction of the Court when it examines measures adopted by the SSM under Article 4(3) or Article 9(1) SSM R in application of national law. In particular, the Court could be called to question national law both in case the latter is wrongly applied by the ECB, or when its application, although correct at the domestic level, results in contrast with EU law.332 In line with what already argued concerning the possibility for an EU institution to apply national law,333 the case of Article 4(3) SSM R appears less problematic in light of the balance of powers currently established in the EU. Indeed, even though reviewing national law generally  See above Sect. 4.4.3, leaving the ABoR’s structure open to possible reforms in the future, in which the Board might be required either to reduce its action to internal advisory functions, or to extend to an (at least more) judicial set-up. See also Brescia Morra (2016); Brescia Morra et al (2017). 328  Idem. 329  Cf. Article 60(5) ESAs Regulations. Contrary to the ABoR, however, the ESAs Joint Board of Appeal cannot rule on the merit of the assessment, as it may only “confirm the decision taken by the competent body of the Authority, or remit the case to the competent body of the Authority”, cf. Looseveld (2013a), p. 9. See above, Sect. 4.4.3. Cf. also Chirulli and De Lucia (2015). 330  Cf. Article 24(7) SSM R as discussed above in Sect. 4.4.3. 331  The CJEU jurisdiction is also provided for by Article 35 of the Statute of the European System of Central Banks. On this point see also Looseveld (2013b), p. 425. 332  Cases identified by Magliari (2015), p.  1371 et seq. In the first case, in fact, a violation of national law would represent a violation of Article 4(3) SSM R, therefore challengeable before the ECJ according to Article 263 TFEU. 333  See above Sects. 4.4 and 4.4.1. 327

226

6  The Hybrid Nature of Banking Supervision

remains in the exclusive competence of national authorities, the possibility for a supranational court to apply, and therefore interpret, domestic provisions is not unprecedented in the European context. Examples of it may be found for instance in patent law, where the Unified Patent Court is authorized to apply national law, besides for EU law and relevant international sources,334 and also in the same jurisdiction of the Court in Strasbourg, which, in examining the compliance of domestic systems with the Convention, often has to interpret the first before carrying out its assessment. Similar cases already exist also with regard to the same CJEU: Here the reference goes to Article 272 TFUE, that allows the Court of Justice to apply national law when deciding pursuant to an arbitration clause,335 and to the already mentioned sector of trade marks protection.336 Indeed, according to Article 65(2) of Regulation 207/2009, decisions of the Boards of Appeal concerning actions taken by the European Union Intellectual Property Office (EUIPO) may be challenged before the CJEU on ground of “lack of competence, infringement of an essential procedural requirement, infringement of the Treaty, of this Regulation or of any rule of law relating to their application or misuse of power”. Since, according to Article 53(2) of the same Regulation, national law is among the sources of law which may be used to declare a trade mark invalid, the interpretation and application of domestic law also fall under the scope of review of the Court of Justice. Similar considerations could thus be referred also to the ECB application of national law under Article 4(3) SSM R. Much more critical, instead, appears the possibility for the CJEU to review national legal acts adopted upon ECB instructions under Article 9(1) SSM R. As already mentioned, in light of the case-law concerning “composite proceedings”, the lack of discretion that (from the wording of Article 9) seems to characterize the action of national authorities, might indicate that also this case falls under the jurisdiction of the Court of Justice.337 This approach, however, would cause the CJEU to be competent also in reviewing legal acts issued (at least formally) by national authorities, a power that so far remained under the exclusive competence of national courts. Indeed, in the case of Article 4(3) SSM R, or in trademarks law, the (already exceptional) CJEU jurisdiction over national law is determined by specific references made to the latter in EU law. From Article 9, however, a much more revolutionary principle may be deduced, according to which the Court of Justice could be competent to review legal acts issued by national authorities, as long as an EU institution may instruct national authorities to act in its name, and the matter concerned falls within the competence of the Union. This new model of review would radically challenge also the prelimi Cf. Article 24(1) let. e), Agreement on a Unified Patent Court (UPC Agreement) of 19.02.2013, OJ EPO 2013, 287. 335  Cf. Kornezov (2016), p. 270. 336  See above Sects. 4.4 and 4.4.1. 337  Cf. International Business Machines Corporation v Commission of the European Communities, Case 60/81, § 10, as discussed above in Sect. 4.4.1. 334

6.3 Fair Trial Guarantees and Banking Supervision: The Right to an Independent…

227

nary ruling mechanism, which founds one of raisons d’être precisely in the separation of jurisdiction between the Union and the national level. Whether the Court will pursue this federally-oriented interpretation, and accept standing for decisions adopted under Article 9(1) SSM R is hard to be foreseen at present, especially taking into account the political difficulties of the European integration process over the last few years. The judges in Luxembourg could perhaps avoid to state on the matter applying a stricter interpretation of the Plaumann test,338 denying as such “direct” character before the Court to the “concerns” of the individuals affected by a legal acts adopted by a national authority following the ECB instructions, and therefore declaring the inadmissibility of such actions to bring proceedings. However, given the novelty of this provision, the issue remains presently open, and it will be possible to fully understand how, and with which implications it could be solved, only once the CJEU will start issuing decisions on the matter. A second critical issue concerning the role of the Court of Justice as an authority capable of providing a “remedy” to fair trial lacunas in the SSM sanctioning proceedings, regards the very scope of the CJEU jurisdiction. Indeed, as anticipated, according to Article 261 TFEU, Regulations adopted by the Council (such as the SSM Regulation) may confer unlimited jurisdiction to the Court upon the penalties there included. Currently, however, and contrary for instance to other comparable legislation,339 no such a provision may be found in the SSM Regulations, with the single exception of Article 18(7) SSM R. This provision recalls Regulation 2532/98, which at Article 5, actually establishes that—for final decisions whereby a sanction is imposed—full jurisdiction is granted to the Court of Justice. Against this background, therefore, to date the CJEU appears to be granted full jurisdiction only with regard to the cases recalled by Article 18(7) SSM R, that is periodic pecuniary penalties and other pecuniary penalties applied due to a violation of an ECB decision. Without circumventing the wording of Article 18(5) SSM R, in fact, it seems unlikely that Article 5 Regulation 2532/98 might be extensively applied also to the other hypothesis of Article 18.340

 See above, Sect. 6.3.2.  Cf., e.g., Regulation 1/2003 in antitrust proceedings, that will be examined at the end of the paragraph. Unlimited jurisdiction for the CJEU may be found also in the Commission’s Proposal to reform the ESAs (Brussels, 20.9.2017 COM(2017) 536 final 2017/0230 (COD) cit., and in Article 33 of the Commission Proposal for a Regulation on Crowdfunding Service Providers, cit., according to which “The Court of Justice shall have unlimited jurisdiction to review decisions whereby ESMA has imposed a fine or a periodic penalty payment or imposed any other sanction or administrative measure in accordance with this Regulation. It may annul, reduce or increase the fine or periodic penalty payment imposed”. 340  In this sense, it is worth recalling that the 2017 Commission’s Proposal to reform the ESAs (Brussels, 20.9.2017 COM(2017) 536 final 2017/0230 (COD) cit.) provides for an explicit introduction of the clause of CJEU unlimited jurisdiction. 338 339

228

6  The Hybrid Nature of Banking Supervision

In particular, Article 18(4) establishes that “The ECB shall apply this Article in accordance with the acts referred to in the first subparagraph of Article 4(3) of this Regulation, including the procedures contained in Regulation (EC) No 2532/98, as appropriate”. As it has been pointed out, however, Article 5 Regulation 2532/98 “is not strictly speaking a rule of procedure that ECB is bound to apply”.341 Indeed, the possibility that the choice of granting the CJEU full jurisdiction could be (more or less implicitly) framed in “the procedures contained in Regulation 2532/98”, when the Treaty requires an explicit indication to achieve so, appears uncertain,342 especially considering that this “unintended” consequence might have great practical and political impacts both on the ECB and the CJEU workload.343 This conclusion seems to find confirmation also in Article 6 Regulation 2532/98, according to which «in the event of a conflict between the provisions of this Regulation and provisions of other Council Regulations [as it is the case of the SSM R] enabling the ECB to impose sanctions, the provisions of the latter shall prevail». In light of the express request of Article 261 TFEU, it could be argued that the silence of the SSM Regulation on the matter of unlimited jurisdiction to the CJEU is able to cause a “conflict” between the two regulations when it comes to sanctions imposed under Article 18(1) SSMR. A conflict which according to the aforementioned Article 6, shall be solved in favour the SSM R.344 In this sense, it is worth reminding that the extension of the Court’s competences established by the Lisbon Treaty has already increased the workload of the CJEU, raising multiple concerns about the capability of the Court to deal with a constantly increasing number of pending cases in a reasonable time345—and these concerns endure also after the last recent reform of September 2016, that brought to the abolition of the Civil Service Tribunal and to the hiring of new judges.346  D’Ambrosio (2013), p. 74.  Cf. Lamandini (2015), p. 137; Lamandini et al (2015), p. 91 et seq., defining this lack of explicit full jurisdiction as a “subtle ‘courts unwelcome’ sign in the SSM framework”. Opting for a positive answer Ligeti, Robinson (2017), p. 232. 343  Cf. Lamandini (2015), p. 137. Opting for a positive answer Ligeti and Robinson (2017), p. 232. 344  Cf. also Article 121 SSM FR, that seems to distinguish the relationship of the SSM FR with Regulation 2532/98 for the purpose of applying sanctions under Article 18(1) and 18(7) SSM R. Cf. also Lamandini et al. (2015), p. 92 highlighting how the ECB did not list among the conflicts between the SSM rules and Reg. 2532/98 the issue of judicial review, see ECB Proposal for amending Regulation (EC) No 2532/98 concerning the powers of the European Central Bank to impose sanctions, OJ C 144/6 15 April 2014. 345  See, e.g., House of Lords (2013), following a first report in 2011 and still maintaining some concerns about the capability of the new structure to deal with its workload. In 2016, the average duration of review proceedings (direct action) was 19.3  months; of appeal proceedings was 12.9 months; of preliminary rulings proceedings was 15 months (2.7 in case of urgent procedures), source: CJEU (2016), p. 100. Questioning the lack of specialisation in the criminal matter within the CJEU, Manacorda (2013), p. 244. 346  See Regulation (EU, Euratom) 2015/2422 of 16.12.2015 amending Protocol No 3 on the Statute of the Court of Justice of the European Union, and Regulation (EU, Euratom) 2016/1192 of 6.06.2016 on the transfer to the General Court of jurisdiction at first instance in disputes between the European Union and its servants. 341 342

6.3 Fair Trial Guarantees and Banking Supervision: The Right to an Independent…

229

This is especially critical since it appears obvious that (if the Eurozone endures too) litigations involving the ECB and specifically the SSM are intended to rapidly increase. In this sense, it should be enough to consider that, only in 2015–2019, several are already the causes lodged before the CJEU and the number appears destined to grow.347 In the first case of July 2017 (now final), the Irish bank Permanent tsb Group Holdings plc was imposed pecuniary fines under Article 18(7) SSM R for an overall amount of EUR 2.5 million for failure to comply with two ECB decisions imposing specific liquidity requirements.348 In the second case, of August 2017, the Italian Banca Popolare di Vicenza S.p.A. (currently wound up) was fined under Article 18(1) SSM R for an overall amount of EUR 11.2 million for several breaches of the CRR prudential requirements.349 In this specific case, the opportunity to examine the SSM sanctions under a criminal law perspective seems to find a confirmation in the same ECB public announcement of the decision, which highlighted how “although the banking license of Banca Popolare di Vicenza S.p.A. in L.C.A was subsequently withdrawn, the penalties imposed take into account the severity of the breaches and the degree of responsibility of the entity”—parameters which seems to closely mirror the two main Engel criteria.350 In the third case, of 14 March 2018, Banco de Sabadell, S.A. was fined under Article 18(1) SSM R for an amount of EUR 1.6 million for “continuous breach of  Among which: Landeskreditbank Baden-Württemberg - Förderbank v European Central Bank, Case T-122/15; Caisse régionale de crédit agricole mutuel Alpes Provence and Others v European Central Bank, Joined Cases T-133/16 to T-136/16; Crédit mutuel Arkéa v European Central Bank, Case T-52/16, currently appealed before the Court in Crédit Mutuel Arkéa v ECB, Case C-153/18 P, 23.02.2018; Crédit mutuel Arkéa v European Central Bank, Case T-712/15, currently appealed before the Court in Crédit mutuel Arkéa v ECB, Case C-152/18 P, 20.04.2018; and the following pending [information not yet available]: Fursin and Others v ECB, Case T-247/16, Order 12.09.2017, Application of 8.07.2016, ECLI:EU:T:2017:623, currently appealed before the Court in Case C-663/17 P, 24.11.2017 and in case Trasta Komercbanka AS, Ivan Fursin, Igors Buimisters, C & R Invest SIA, Figon Co. Ltd, GCK Holding Netherlands BV, Rikam Holding SA v ECB, Case C-669/17 P, 28.11.2017; Fursin and Others [former Trasta Komercbanka and Others] v ECB, T-247/16 (Application of 08/07/2016) and T-698/16 (Application of 11/11/2016); Fininvest and Berlusconi v ECB, Case T-913/16, of 10.02.2017; Comprojecto-Projectos e Construções, Lda and Others v European Central Bank, Case T-22/16, Order of 9.03.2017, Application of 4.03.2016, ECLI:EU:T:2017:172; Berlusconi and Fininvest, Case C-219/17, of 11.08.2017. 348  Cf. ECB, Imposition of administrative penalties on Permanent tsb Group Holdings plc, 13.07.2017 (published in August 2017). https://www.bankingsupervision.europa.eu/banking/sanctions/shared/pdf/ssm.170828_publication_template.en.pdf. Accessed 17 July 2018. 349  In particular of Article 99(1)—referring to the own funds requirements of Article 92 CRR; 431 in connection with Article 437; and Article 395, cf. ECB, Imposition of administrative penalties on Banca Popolare di Vicenza S.p.A. in liquidazione coatta amministrativa, 24.08.2017 (published in September 2017). https://www.bankingsupervision.europa.eu/banking/sanctions/shared/ pdf/ssm.170911_publication_template.en.pdf. Accessed 17 July 2018. 350   ECB, Press release of 15.09.2017. https://www.bankingsupervision.europa.eu/press/pr/ date/2017/html/ssm.pr170915.en.html. Accessed 17 July 2018. 347

230

6  The Hybrid Nature of Banking Supervision

the own funds requirement”.351 This last decision was challenged by sanctioned credit institution before the Court of Justice pursuant to Article 263 TFEU. In three subsequent cases, of 16 July 2018, the ECB sanctioned CA Consumer Finance, Crédit Agricole Corporate and Investment Bank, and Crédit Agricole, S.A also for violations of own funds requirements. These decisions too were challenged before the CJEU. In December 2018, Novo Banco SA was fined by the ECB for “breaches of reporting requirements” under Article 18(1) and then two times for violations of ECB decisions under Article 18(7) SSM R. Lastly (so far) in February 2019, Sberbank Europe AG was fined for “breaches of the large exposure requirements” again under Article 18(1).352 It is possible, therefore, that in the next future the CJEU will have to take position on the problem as to how far the legality review of Article 263 TFEU could be stretched to tackle also profiles of merit (although for instance, in Banco de Sabadell SA the main complaint concerned the lack of anonymization of the sanctions, while the most critical aspect for the CJEU jurisdiction concerns instead the kind and the amount of the penalty imposed). A further and last hint of the limited nature of the jurisdiction of the CJEU in this field seems to emerge also from the arguments expressed by the same Court in the aforementioned cases Chalkor and Telefónica. It should in fact be reminded that the CJEU considerations that the model of jurisdiction established under Article 263 TFEU allows the Court to “establish whether the evidence put forward is factually accurate, reliable and consistent” and “determine whether that evidence contains all the relevant data that must be taken into consideration”353 have all been made within the specific matter of competition law. Antitrust Regulation No. 1/2003, which under a different perspective provides for far less procedural guarantees than the SSM Regulations, contrary to the latter however explicitly confers unlimited jurisdiction to the Court of Justice, as requested by the Article 261 TFEU.354 In lack of a correspondent provision in the SSM Regulations, and in light of Recital (60) SSM R, according to which “pursuant to Article 263 TFEU, the CJEU is to review the legality of acts of, inter alia, the ECB, other than recommendations and opinions, intended to produce legal effects vis-à-vis third parties” (italics added), the CJEU jurisdiction on the SSM decisions, appears confined to a narrower interpretation of Article 263 TFEU, in which the merit of the sanction applied seems hardly challengeable. In the current wording of the SSM Regulations, therefore, the CJEU seems capable of nullifying a decision, even if containing a substantially criminal sanction, only when it is manifestly wrong, which clearly does not constitute “full review” in  ECB, Imposition of administrative penalties on Banco de Sabadell, S.A., 14.03.2018 (published in May 2018). https://www.bankingsupervision.europa.eu/press/pr/date/2018/html/ssm.pr180508. en.html. Accessed 17 July 2018. 352  For reference and a complete and update list of sanctions imposed, see https://www.bankingsupervision.europa.eu/banking/sanctions/html/index.en.html. 353  Cf., e.g., Telefónica SA, Case C-295/12 P, § 54. 354  Cf. Recital (33) and Article 31, Regulation 1/2003. 351

6.3 Fair Trial Guarantees and Banking Supervision: The Right to an Independent…

231

the sense of the Convention. In this sense, in fact, it seems irrelevant that the Court could, in line with the approach chosen in competition law, self-restrict its scope of review for particularly complex technical matters: What is relevant, for the compliance with Article 6 ECHR is indeed the possibility for a judicial body to quash also the merit of a decision (which, under the SSM Regulation, does not seem to cover sanctions under Article 18(1) SSM R), and not the circumstance that such a review is concretely carried out in the specific case. Conferring the CJEU full jurisdiction through a legislative amendment to the SSM Regulations appears therefore increasingly necessary and urgent, if the sanctioning bodies and proceedings are maintaining the internal administrative structure, and the Engel case-law keeps holding also in the EU (not to mention if the EU accesses the ECHR).355 The worst scenario, in fact, could see each and every sanction imposed by the SSM, even with the best reasons on the merit, being invalidated due to procedural violations of fair trial rights that cannot be remedied before a judge granted with powers of full judicial review.356

6.3.4  Right of Legal Assistance and Right to a Public Hearing Two other fundamental fair trial rights, already applicable also to administrative proceedings in light of the Charter, result also relevant in the SSM sanctioning procedure, that is the right to assistance, and the right to a public hearing. According to Article 47(3) CFREU, everyone whose rights and freedoms guaranteed by the law of the Union are violated has the right to be “advised, defended and represented”. In its application to the criminal matter, this right refers more specifically to “legal” assistance, and is further detailed by Article 6(3)(c) ECHR, and by Directive 2013/48/EU which implemented most of the ECtHR case-law. The scope of the directive, however, refers (at least formally) only to the criminal matter stricto sensu, and therefore has no explicit application to the matter of banking supervision.357

 Of this opinion, e.g., Arons (2015), p. 474; Ter Kuile et al. (2015), p. 183.  In this sense, it is worth reminding that one of the key issues that brought to the decision of noncompliance of the proceedings before the Commission bancaire with Article 6 ECHR was precisely the absence of full jurisdiction in the judicial review then established for imposed supervisory sanctions, cf. Dubus S.A. v France, §§ 65–71. 357  Directive 2013/48/EU of 22.10.2013 on the right of access to a lawyer in criminal proceedings and in European arrest warrant proceedings, and on the right to have a third party informed upon deprivation of liberty and to communicate with third persons and with consular authorities while deprived of liberty, Official Journal of the European Union, L 294/1. Highlighting how the Directive missed an opportunity in not extending its scope also to the administrative punitive matter, in light with the Engel case-law, Centamore (2016), p. 6. 355 356

232

6  The Hybrid Nature of Banking Supervision

The right to legal assistance plays a fundamental role to ensure that all other fair trial rights are correctly applied, and to protect the accused against abusive coercion on the part of the authorities.358 As recognized by the Court in Strasbourg, as well as by Directive 2013/48, in criminal proceedings the right to legal assistance applies in favour of suspects from the time when they are made aware by the competent authorities, by official notification or otherwise, that they are suspected or accused of having committed a criminal offence, that is to say, also in pre-trial phases.359 Article 6(3)(c) ECHR, moreover, requires legal assistance to be “practical and effective”, meaning that counselling conditions shall concretely allow the defendant to enjoy this right without undue delay.360 Nonetheless, the right to legal assistance is not considered absolute by the ECtHR case-law. According to the test developed in Salduz, and in the following case-law (as well as in Directive 2013/48, although not equally transposed by Member States361), compliance with Article 6 ECHR shall be assessed on the basis of a double test, to determine: (a) Whether there were “compelling reasons” to restrict access to legal assistance; and (b) whether, even when a restriction on access to legal advice was justified by compelling reasons, the admission of a statement made in lack of legal

 Salduz v. Turkey, 27.11.2008, Application no. 36391/02, §§ 53-54; Ibrahim and others v. The UK, 16.12.2014, Applications nos. 50541/08, 50571/08, 50573/08 and 40351/09 (hereinafter “Ibrahim 2014”), § 192. On this line, Trechsel (2005), p. 245 (calling them “the Technical Aspect” of the right to defence); with regard to the EU legal framework, Mosna (2017), p. 963; SymeonidouKastanidou (2015), p. 69; Ðurðević (2016), p. 19 et seq.; Granner and Raschauer (2014), p. 676. 359  Cf., e.g., Salduz v. Turkey, § 50; Öcalan v Turkey, 12.05.2005, Application no. 46221/99, §§ 131-135; Dayanan v Turkey, 13.10.2009, Application no. 7377/03, §§ 30-31; Imbroscia v Switzerland, 24.11.1993, Application no. 13972/88, § 36; Campbell and Fell v the United Kingdom, § 99; Goddi v Italy, 9.04.1984, Application no. 8966/80, § 31. See also Article 2, Directive 2013/48, and Trechsel (2005), p. 282 et seq. 360  Cf. Artico v Italy, 13.05.1980, Application no. 6694/74, § 33. Sayers (2014), p. 1340 et seq.; Mosna (2017), p. 965; Trechsel (2005), p. 286 which assesses the issue of quality of defence. The crucial debate about the waivers to the right of legal assistance, both in the ECtHR caselaw and in Directive 2013/48/EU of 22.10.2013, on the right of access to a lawyer in criminal proceedings and in European arrest warrant proceedings, and on the right to have a third party informed upon deprivation of liberty and to communicate with third persons and with consular authorities while deprived of liberty, which represents a fundamental issue in criminal proceedings, is not analysed in this work, as it does not appear relevant for the SSM sanctioning proceedings; for a recollection of the legal debate on the matter however, see, among others, Tomkin (2014), pp.  1377–1378; Centamore (2016); Mosna (2017), p.  965 et seq. The conditions from which the right to legal assistance attached represent a fundamental critical problem in the definition of this right; however this profile does not raise special problems in the field of banking supervision. For an analysis of the critical issues related to it in criminal proceedings, especially with regard to the suspect’s questioning when the defendant is deprived of its personal freedom, see, among others, Mosna (2017), p. 967 et seq.; Tomkin (2014), pp. 1377–1378; Bubula (2013). 361  As acknowledged by both legal scholars (see, e.g. Anagnostopoulos (2014), p. 4 et seq.; Cape and Hodgson (2014), pp. 462 and 476), and by the same Court in Strasbourg (A.T. v Luxembourg, 9.04.2015, Application no. 30460/13). 358

6.3 Fair Trial Guarantees and Banking Supervision: The Right to an Independent…

233

assistance would cause such an undue prejudice to the applicant, so as to undermine the fairness of the proceedings as a whole.362 In the context of the SSM sanctioning proceedings, the right of legal assistance is not provided for by the SSM Regulation (issued by the Council), that refers only in general to “due process” rights, but in the SSM Framework Regulation, which is a subordinated piece of legislation issued by the same ECB. There, this right is established for all ECB supervisory procedures363 by Article 27 SSM FR. In case an oral hearing is called by the Investigating Unit, the right is also provided for by Article 126(3) SSM FR. In any case, legal assistance in ensured by the SSM FR only to “parties” to the ECB supervisory procedures which, according to Article 26 SSM FR, do not seem to include all the subjects that may be interviewed by the ECB (such as staff or representatives of the supervised entities, listed in Article 11 SSM R). The relevance of this lacuna in assessing the fairness of the SSM sanctioning proceedings shall not be underestimated; however, it should also be recalled that, most of CRR violations which may be directly sanctioned by the ECB under Article 18(1) SSM R are “quantitative”, rather than “qualitative” breaches (such as irregularities in liquidity, or capital buffer requirements). It is therefore reasonable to suppose, that most evidence that will be needed to prove such infringements would be represented by documents, rather than by oral testimony. Moreover, natural persons which are interviewed by the ECB cannot in any case become the target of a punitive proceeding in the SSM context, given the limitations of supervisory sanctioning powers only against legal entities.364 Nonetheless, in case their conduct could constitute suspicion of a crime (such as obstruction of supervisory functions) these subjects may be held liable under national law. According to Article 136 SSM FR, the ECB is indeed under a duty to refer suspects of criminal activities to the competent NCA.365 The last fair trial right analysed here among those applicable both to criminal and “purely” administrative proceedings, is the right to a public hearing. The rights provided for by Article 47 CFREU and Article 6(1) ECHR, where, as mentioned above, it is strictly linked with the right to an oral hearing. A public hearing is a fundamental guarantee for the defendant, as it prevents to deal litigations away from public scrutiny, therefore increasing the control over the respects of fundamental rights, and contributing to maintain public confidence in

362  Cf. Salduz v Turkey, § 50; John Murray v The UK, 28.10.1994, Application no. 18731/91, § 63; for a more recent application, in which the right was limited in the context of anti-terrorism investigations, see Ibrahim 2014, §§191 et seq. Among the many academic comments on the issue see, e.g., Mosna (2017), p. 964; Trechsel (2005), p. 345; Tomkin (2014), pp. 1377–1378. Limitations to the right of access to a lawyer are provided for also by Article 3 of Directive 2013/48. Critical on these provisions Anagnostopoulos (2014), p. 12 et seq.; Symeonidou-Kastanidou (2015), p. 76 et seq.; Mosna (2017), p. 968 et seq. 363  Cf. Article 2(24) SSM FR; see also, however, Lamandini et al (2015), p. 75 et seq. 364  Cf. above, Sect. 4.4.2. 365  Cf. above, Sect. 6.1.3, and below, Sect. 6.3.6. See also Sect. 4.4.3.

234

6  The Hybrid Nature of Banking Supervision

the administration of justice.366 Derogations to the right to hold a public hearing are however most common in administrative proceedings. This includes the Single Supervisory Mechanism, as the SSM Framework Regulation explicitly states that oral hearings, when they are set, “shall not be held in public”.367 According to the ECtHR, a first remedy to such deficiency in the administrative punitive matter is represented by the existence of the right to full judicial review before a body granted with unlimited jurisdiction, in the terms described above.368 In this case, however, the lack of full judicial review for all types of SSM punitive sanctions seems to bear consequences less severe than those foreseen for other fair trial rights. Indeed, neither under the CJEU, nor under the ECtHR case-law on criminal matter, the right to a public hearing is considered absolute,369 and derogations can be allowed in specific circumstances—mostly listed in Article 6(1) ECHR—as long as they represent a proportionate response to pressing needs of a democratic society.370 Among the reasons that justify not to hold a public hearing, particularly significant for supervisory procedures is that jurisprudence of the ECtHR according to which the open and public nature of proceedings may be limited in order to protect particularly sensitive interests, such as morals, public order or national security in a democratic society, or to the extent strictly necessary in the opinion of the court in special circumstances where publicity would prejudice the interests of justice.371 Under this perspective, even though the “mere presence of classified information in the case file does not automatically imply a need to close a trial to the public”,372 the extreme sensitiveness of the information dealt with by the ECB for the stability of the whole European financial market, which are involved also in SSM sanctioning proceedings, might justify the need not to hold public hearings. This right, in  Cf. Pretto and Others v Italy, 8.12.1983, Application no. 7984/77, § 21.  Cf. Articles 24(2) and 126(3) SSM FR. Similarly also in Antitrust proceedings, see European Commission (2012), p. 7/11—Right to be heard (3.2 at 32), according to which “The oral hearing is not public”. 368  See before, Sect. 6.3.3. Cf. also Diennet v France, 26.09.1995, Application no. 18160/91, § 34; Riepan v Austria, § 39. 369  Critical on the reasoning of the ECtHR in defending the value of this rights, Trechsel (2005), p. 121, which underlines that “visitors are the exception, not the rule”, in judicial proceedings, and that the assumption that if the public is represented “this will contribute to the fairness of the proceedings is somewhat naive”. 370  Taking inspiration from the limitations provided for by Articles 8-11 ECHR, see, e.g. Roman Zakharov v. Russia, 4.12.2015, Application no. 47143/06, § 228 et seq.; see also Campbell and Fell v the United Kingdom, § 86. For a detailed analysis of the ECtHR case-law on the exceptions and limitations to this right, see Trechsel (2005), pp. 129–131; Harris et al. (2014), p. 433 et seq. 371  Such as the safety or privacy of witnesses or to promote the free exchange of information and opinion in the pursuit of justice, cf. B. and P. v. the United Kingdom, 24.04.2001, Applications nos. 36337/97 and 35974/97, § 37. See also Riepan v Austria, § 27; Krestovskiy v Russia, 28.10.2010, Application no. 14040/03, §24; Sutter v Switzerland, 22.02.1984, Application no. 8209/78, § 26; Jussila v. Finland, §§ 41–43. 372  Belashev v. Russia, 4.12.2008, Application no. 28617/03, § 83; Welke and Białek v. Poland, 1.03.2011, Application no. 15924/05, § 77. 366 367

6.3 Fair Trial Guarantees and Banking Supervision: The Right to an Independent…

235

addition, may be also waived by the interested persons, as long as that occurs in an unequivocal manner, and there is no important public interests to the contrary.373 In this sense, it has been pointed out by legal scholars that the right to a public hearing often does not represent a right for the accused—for whom, avoiding publicity might frequently be an advantage—but rather an institutional guarantee, to be read together with the right to freedom of expression set out in Article 10 ECHR.374 In the ECB supervisory proceedings, therefore, the non-public nature of oral hearings does not seem to represent a critical issue neither for the rights of the parties involved (which in supervisory matters could actually prefer hearings to be private), nor for the fairness and efficiency of the SSM decisions, which should not bear significant consequences in case hearing are not hold in public.

6.3.5  The Privilege Against Self-Incrimination The assessment over the compliance of the SSM procedural safeguards with fair trial rights appears instead especially critical with regard to the right not to incriminate oneself. The privilege is already “one of the most complex guarantees in the entire body of fundamental rights”375 in the context of criminal proceedings stricto sensu, due to the difficulty in precisely defining the boundaries of this safeguard. Even more so, in administrative proceedings re-classified as matière a coloration pénale, the privilege against self-incrimination perhaps represents the right whose application results most critical, in light of the traditional structure of administrative investigations, and the procedural rights there provided. In this context, the imputability of the privilege not only to the defence rights,376 but also to the presumption of innocence—underlined both at the academic level,377 by the case-law of the Court of Strasbourg,378 and clearly affirmed in Directive  Cf., e.g., Hakansson and Sturesson v Sweden, 21.02.1990, Application no. 11855/85, § 66; Schuler-Zgraggen v Switzerland, 24.06.1993, Application no. 14518/89, § 58; Pauger v Austria, 28.05.1997, Application no. 16717/90, § 58. 374  Cf. Trechsel (2005), pp. 121–123. 375  Cf., e.g., Telfner v Austria, 20.03.2001, Application no. 33501/96, § 15; John Murray v. the UK, 08.02.1996, Application no. 18731/91, § 54; Melo Tadeu v Portugal, 23.10.2014, Application no. 27785/10, § 60; Vassilios Stavropoulos v Greece, 27.09.2007, Application no. 35522/04, § 39; Barberà, Messegué and Jabardo,§ 77; Poletan e Azirovik v. Macedonia,12.05.2016, Application nos. 26711/07, 32786/10 e 34278/10, § 64; Grande Stevens,§ 159. 376  See, e.g., Viering (2006), p. 626; Grevi (1972), p. 49 et seq. 377  See, among others, Trechsel (2005), p. 166; Nehl (2014), p. 1277 et seq.; Sayers (2014), p. 1303 et seq.; Illuminati (1979), p.  191 et seq.; Chenal and Tamietti (2012), p.  222 et seq.; Balsamo (2015), p. 134 et seq. The inclusion of the privilege within the presumption of innocence is not universally shared in the EU legal context see, e.g., Stumer (2010); Allegrezza (2017), p.  952; Balsamo (2015), pp. 131–134. 378  Cf., e.g., Saunders v the UK, 17.12.1996, Application no. 19187/91, § 68; O’Donnell v the UK, 7.07.2015, Application no. 16667/10, concurring opinion of Judge Wojtyczek, § 3; Heaney and 373

236

6  The Hybrid Nature of Banking Supervision

2016/343 on the strengthening of certain aspects of the presumption of innocence379—appears especially significant. Since its very first wordings, in fact, the presumption of innocence has played an essential role in ensuring that punitive proceedings comply with the principle of human dignity and with the other fundamental rights of the parties potentially affected.380 Such relevance, currently enshrined by most international legal sources dealing with human rights protection,381 does not however always find an explicit and equivalent recognition in all the domestic legal systems.382 This circumstance brought to rather diverging results in different legal contexts. In the US, for instance, where it is not covered by a specific Constitutional provision, the presumption faced a drastic downsizing of its scope in the last century, passing—especially after the 1979 Supreme Court decision Bell v. Wolfish383—from a fundamental bulwark of the individual’s rights against State abuses to a mere evidentiary rule with generally no application to pre-trial proceedings.384 On the contrary, even before the entry into force of the Lisbon Treaty, several EU Member States lacking an explicit indication of the presumption at the constitutional level, have nonetheless been conferring it a constitutional relevance, and had it play a fundamental role in safeguarding suspects and defendants.385 McGuinness v Ireland, 21.12.2000, Application no. 34720/97, § 40; Quinn v. Ireland, 21.12.2000, Application no. 36887/97, § 40. 379  Cf. Recital (25) and Article 7. For the first general comments on the Directive see, e.g., Sayers (2015); Cras and Erbežnik (2016), p. 25 et seq.; Lamberigts (2016a), p. 36 et seq.; Lamberigts (2016b); Camaldo (2016); Canestrini (2016), p. 2224 et seq.; Lippke (2016). Cf. also Commission Green Paper of 26 April 2006 on the presumption of innocence, COM (2006) 174 final. 380  For a reconstruction of the origin of the principle since ancient times, with a special focus on the French and Anglo-American legal systems, see Quintard-Morénas (2010), pp. 107–149. See also Helmholz et al. (1997); Baughman (2011); O’Boyle (2000), p. 1021. 381  Cf., e.g., Article 11(1) of the Universal Declaration of Human Rights of 1948; Article 14(2) of the International Covenant on Civil and Political Rights of 16.12.1966; Principle 36, of the UN Body of Principles for the Protection of All Persons under Any Form of Detention or Imprisonment; Human Rights Committee, General Comment on Article 14: Communication No 770/1997, Gridin v Russian Federation, § 3.5. and 8.3. 382  Cf. Lupária (2017), pp. 919–920. 383  Bell v. Wolfish, 441 U.S. 520, 545 (1979). In a public statement following his dissenting opinion, Justice Marshall concluded that with this decision, “the Supreme Court decided the presumption didn’t exist at all”, cf. Goldstein (1979), while traditionally the presumption of innocence was granted a fundamental rule of common law systems (see, e.g., In re Winship, 397 U.S. 358, 1970). 384  In this sense, Quintard-Morénas (2010), p. 141 et seq., highlighting how “Thirty years after Bell v. Wolfish, the distinction between accused persons and convicted offenders has become staggeringly blurred in the United States” (p. 147). 385  This is, for instance, as reported by Lupária (2017), p. 919, the case of Germany (Weigend 2014, p. 286 et seq.; Bohlander 2012, p. 21 et seq.), and Belgium (Caterini 2015, p. 24 et seq.; Paulesu 2009, p. 7 et seq.). Similar consideration, although highly debated, has been recognized in Italy too, where Article 27(2) of the Constitution makes explicit reference not to the presumption of innocence but to the right not to be considered guilty until the conviction is definitive (Gialuz 2008, p. 273 et seq.; Dominioni 1991, p. 194 et seq). Supporting the deductibility of the presumption of innocence from Article 27(2) of the Italian Constitution, e.g., Garofoli (1998), p.  1195 et seq.; Illuminati (1979), p. 28 et seq.; Paulesu (2009), p. 57 et seq.; interpreting Article 27(1) more as a

6.3 Fair Trial Guarantees and Banking Supervision: The Right to an Independent…

237

Against this background, in 2012 the Court of Justice recognized the presumption of innocence as “a feature of the constitutional traditions common to the Member States”.386 The relevant role (at least if compared to the American system) played by the presumption in many EU Member States, however, did not entail a shared and transnational understanding of its notion, which continued, and continue to highly vary from State to State according to the specific legal tradition. In this framework, extremely relevant was then the explicit introduction of the presumption in Article 48(1) of the Charter, which states that “Everyone who has been charged shall be presumed innocent until proved guilty according to law”. Thanks to the equivalence clause of Article 52(3) CFREU, this provision has the same content of Article 6(2) ECHR, according to which “Everyone charged with a criminal offence shall be presumed innocent until proved guilty according to law”.387 Compared to Article 6 ECHR, however, the wording of Article 48(1) CFREU— although repeatedly challenged during the negotiations that brought to the establishment of the Charter388—maintains a “neutral” connotation with regard to its subject matter (“charged” vs “charged with a criminal offence”). Thanks to it, at least for part of its content, the scope of this provision in the current case-law is not strictly confined to the criminal matter. As already mentioned in fact, although never admitting a substantial criminal nature to competition fines, the CJEU had, even before the entry into force of the Charter, recognized the need to apply the implications of the presumption of innocence with regard to rules on adducing evidence in competition law proceedings ending up with sanctions characterized by a certain “nature and degree of severity”.389 Application of the presumption of innocence in the Union legal framework, moreover, has been raised also in other fields of EU law with a certain kinship with the criminal matter, such as in administrative measures adopted in the fight against terrorism.390 Compliance with different aspects of the presumption are also explicmere presumption of no guilt, instead, Amato (1967), p. 379 et seq.; Grevi (1976), p. 39 et seq. For a more neutral, or restrictive interpretation of the principle deductable from the Constitution, see Ferrua (2015), p. 52; Marzaduri (2010), p. 308 et seq. 386  Criminal proceedings against Marcello Costa and Ugo Cifone, Joined Cases C-72/10 and C-77/10, 16.02.2012, ECLI:EU:C:2012:80, § 86. 387  As explicitly stated also under Article 48  in the Explanation relating to the Charter of Fundamental Rights, cit.; see also Draft Charter of Fundamental Rights of the European Union, Note from the Praesidium, Brussels, 11.10.2000 (18.10) CHARTE 4473/00 CONVENT 49. 388  For the numerous proposal to amend Article 48 during the negotiations see Draft Charter of Fundamental Rights of the European Union, Note from the Praesidium, Brussels, 25.05.2000 CHARTE 4332/00 CONVENT 35, and in particular Amendments no. 164 (Michael O’Kennedy) and no. 167 (Piero Melograni) proposing the following wording “Everyone who has been charged with a criminal offence shall be presumed innocent until proved guilty according to law”. 389  Hüls v Commission, Case C-199/92, § 150; Montecatini v Commission, Case C-235/92 P, §§ 175–176; Groupe Danone v Commission, Case T-38/02, §§ 215–216; Romana Tabacchi Srl v European Commission, Case T-11/06, §§ 129. See also above, Sect. 6.2. 390  Cf. Jose Maria Sison v Council of the European Union, Case C-266/05 P, 1.02.2007, ECLI:EU:C:2007:75, §§ 92-96, where the applicant indicated a violation of the presumption of innocence in the limitation of his right of access to documents which had led the Council to adopt

238

6  The Hybrid Nature of Banking Supervision

itly required by the procedural rules applicable in OLAF administrative investigations.391 In light of the above, to date two profiles of the presumption of innocence (rules on adducing proofs, and rules on treatment) are considered applicable to all fields of law where sanctions are applied, including “purely” administrative proceedings.392 So far, on the contrary, there are still no CJEU decisions specifically concerning the third aspect of the presumption, that is the privilege against self-incrimination, which traditionally was recognized only in criminal proceedings stricto sensu.393 In this sense, the interpretation of the broad wording of Article 48(1) CFREU shall today also take into account Directive 2016/343, which under several aspects, as will be further discussed, does not seem to meet the expectations of those who invoke the need to provide a high standard of protection for such fundamental principle in the EU. In dealing with the compliance of the SSM sanctioning proceedings with fair trial rights, the present analysis focuses therefore mainly on the privilege against self-incrimination, as this is the most controversial profile in administrative punitive contexts. The two other main aspects of the presumption of innocence, although both applicable to the context of banking supervision, result instead less relevant or problematic in light of the current European case-law. As recognized by both the CJEU and in the ECtHR, applying the presumption of innocence brings, first of all, relevant consequences to the rules on adducing proofs, and especially on the standard, and on the burden of proof.394 Under this profile, the presumption requires decision-making bodies to match the “beyond any reasonable doubt test” in order to apply a sanction. According to the CJEU, that reaffirms the standards already established under Article 6(2) ECHR as interpreted by the judges in Strasbourg,395 a court cannot establish the existence of an infringement “to the requisite legal standard if it still entertains any doubts on that point, in particular in proceedings for annulment of a decision imposing a fine”. Therefore, “any doubt in the mind of the Court must

a series of specific restrictive measures directed against certain persons and entities with a view to combating terrorism. The Court declared this ground of appeal inadmissible, and therefore did not ruled on the application of the presumption in the specific case. See also Nehl (2014), p. 1278. 391  Cf. Article 9(1), Regulation No 883/2013, according to which “In its investigations the Office shall seek evidence for and against the person concerned. Investigations shall be conducted objectively and impartially and in accordance with the principle of the presumption of innocence and with the procedural guarantees set out in this Article”. 392  Cf. Lupária (2017), p. 917, and pp. 940–941; Nehl (2014), p. 1280. 393  The Court has only just recently started to deal with the presumption of innocence ex Article 48 CFREU as such outside the field of competition law, see, e.g., Criminal proceedings against Emil Milev, Case C-439/16 PPU, 27.10.2016, ECLI:EU:C:2016:818. 394  Cf. Ubertis (2017), p. 227 et seq. 395  Cf., e.g., Barberà, Messegué and Jabardo v. Spain, 6.12.1988, Application no. 10590/83, § 77; Cleve v. Germany, 15.01.2015, Application no. 48144/09, § 52, according to which the principle “in dubio pro reo” “constitutes a specific expression of the presumption of innocence”.

6.3 Fair Trial Guarantees and Banking Supervision: The Right to an Independent…

239

operate to the advantage of the undertaking to which the decision finding an infringement was addressed”.396 Strictly related with this aspect, the presumption of innocence imposes an allocation of the burden of proof, according to which risks of facts remaining unresolved or allegations unproven must benefit the person under investigations. This content of the presumption was affirmed by both European Courts. In particular, the Court in Strasbourg repeatedly stated how Article 6(2) ECHR is not only requiring the tribunal to impartially examine the defendant (avoiding to consider him or her guilty for the mere fact of being suspected),397 but also that “the burden of proof is on the prosecution, and any doubt should benefit the accused […] Thus, the presumption of innocence will be infringed where the burden of proof is shifted from the prosecution to the defence”.398 This application of the presumption has been recognized by the Court of Justice especially with regard to competition proceedings.399 Such case-law has been also integrated in Regulation No. 1/2003, according to which to date “the burden of proving an infringement of Article 81(1) or of Article 82 of the Treaty shall rest on the party or the authority alleging the infringement”.400 The reference to both standard and burden of proof under the presumption of innocence is only partially enshrined in Directive 2016/343. The latter, indeed, at Article 6 explicitly refers to the burden of proof, literally transposing into EU law its notion as developed by the European Courts.401  Dresdner Bank AG and Others v Commission, Joined cases T-44/02 OP, T-54/02 OP, T-56/02 OP, T-60/02 OP and T-61/02 OP, 27.09.2006, ECLI:EU:T:2006:271, § 60; see also, among others, Toshiba Corp. v Commission, Case T-104/13, 9.09.2015, ECLI:EU:T:2015:610, § 50; Panasonic e MT Picture Display Co. Ltd v Commission, T-82/13, 9.09.2015, ECLI:EU:T:2015:612, § 7; Telefónica e Telefónica de España v. Commission, Case T-336/07, 29.03.2012, ECLI:EU:T:2012:172, §§ 67-72 and case-law there mentioned (hereinafter “Telefónica (2012)”); Franchet and Byk v. Commission, Case T-48/05, 8.07.2008, ECLI:EU:T:2008:257, § 310; Toshiba Corp. v. Commission, Case T-519/09, 21.05.2014, ECLI:EU:T:2014:263, § 36. See also Nehl (2014), p. 1284 et seq.; Illuminati (1979), p. 164 et seq. 397  Cf. Trechsel (2005), p. 164 et seq. 398  Cf., e.g., Telfner v Austria, 20.03.2001, Application no. 33501/96, § 15; John Murray v. the UK, 28.10.1994, Application no. 18731/91, § 54; Melo Tadeu v Portugal, 23.10.2014, Application no. 27785/10, § 60; Vassilios Stavropoulos v Greece, 27.09.2007, Application no. 35522/04, § 39; Barberà, Messegué and Jabardo, § 77; Poletan e Azirovik v. Macedonia, 12.05.2016, Application nos. 26711/07, 32786/10 e 34278/10, § 64; Grande Stevens, § 159. 399  Cf., e.g., Baustahlgewebe GmbH v Commission of the European Communities, Case C-185/95 P, 17.12.1998, ECLI:EU:C:1998:608, § 58; Telefónica (2012), § 67; GlaxoSmithKline Services Unlimited and o. v Commission of the European Communities and o., Joined cases C-501/06 P, C-513/06 P, C-515/06 P and C-519/06 P, 6.10.2009, ECLI:EU:C:2009:610, §§ 82–83. For an application of presumption in another field (protection of specimens) see Criminal proceedings against Tomasz Rubach, Case C-344/08, 16.07.2009, ECLI:EU:C:2009:482, §§ 31–34. 400  Article 2, Regulation No. 1/2003; see also Recital (5) Regulation No. 1/2003. On the issue, see also Castillo De La Torre (2009), p. 521 et seq.; Melícias (2012), p. 473 et seq. 401  “1. Member States shall ensure that the burden of proof for establishing the guilt of suspects and accused persons is on the prosecution. This shall be without prejudice to any obligation on the judge or the competent court to seek both inculpatory and exculpatory evidence, and to the right of 396

240

6  The Hybrid Nature of Banking Supervision

A specific reference to the presumption as a standard of proof, on the contrary, cannot be found in the final text of the Directive, whereas the initial provision of Article 5(3), as proposed by the Commission, was explicitly stating that “Member States shall ensure that where the trial court makes an assessment as to the guilt of a suspect or accused person and there is reasonable doubt as to the guilt of that person, the person concerned shall be acquitted”.402 According to all the legal sources mentioned so far, the rule posed by the presumption of innocence with regard to the burden of proof is not considered absolute, and may therefore bear exceptions. In particular the Court in Strasbourg famously affirmed in Salabiaku v France, and in the following case-law, that Article 6(2) ECHR, although does not “regard presumptions of fact or of law provided for in the criminal law with indifference” does not prohibit in principle presumptions in malam partem, as long as they have a relative, and not absolute nature (or, in the words of the Court, as long as they are not irrebuttable403). The Convention, “does, however, require the Contracting States to remain within certain limits in this respect as regards criminal law”, taking into account “the importance of what is at stake”, and “the rights of the defence”.404 Similar approach has been adopted quite literally by the Court of Justice, according to which “a presumption, even where it is difficult to rebut, remains within acceptable limits so long as it is proportionate to the legitimate aim pursued, it is possible to adduce evidence to the contrary and the rights of the defence are safeguarded”.405 This jurisprudence found a specific application in competition

the defence to submit evidence in accordance with the applicable national law. 2. Member States shall ensure that any doubt as to the question of guilt is to benefit the suspect or accused person, including where the court assesses whether the person concerned should be acquitted”. 402  Cf. Proposal for a Directive of the European Parliament and of the Council on the strengthening of certain aspects of the presumption of innocence and of the right to be present at trial in criminal proceedings, Bruxelles, 27.11.2013 COM(2013) 821 final; see also Presidency note, Brussels, 13538/14, 30.09.2014. 403  Salabiaku v France, 7.10.1988, Application no. 10519/83, § 28. See also Vos v. France, 5.12.2006, Application no. 10039/03; Radio France and others v France, 30.03.2004, Application no. 53984/00, § 24; Pham Hoang v. France, 25.09.1992, Application no. 13191/87, § 36. On this issue, see also Abbadessa (2011), p. 381 et seq; Chiavario (2001), p. 218. 404  Salabiaku v France, § 28. On the point, see also Blum v Austria, 3.02.2005, Application no. 31655/02, § 27; Weh v Austria, 8.04.2004, Application no. 38544/97, § 46; Navalnyy and Ofitserov v. Russia, 23.02.2016, Application nos. 46632/13 and 28671/14, § 98; Västberga Taxi Aktiebolag and Vulic v. Sweden, 23.07.2002, Application no. 36985/97, § 113; Phillips v UK, 5.07.2001, Application no. 41087/98, § 40, and, among legal scholars, Castillo De La Torre (2009), p. 513; Abbadessa (2011), p. 381 et seq.; Caterini (2015), p. 36 et seq. 405  Cf., e.g., Elf Aquitaine SA v European Commission, Case C-521/09 P, 29.09.2011, ECLI:EU:C:2011:620, § 62, (with reference to Spector, § 43–44).

6.3 Fair Trial Guarantees and Banking Supervision: The Right to an Independent…

241

law,406 where several presumptions exist which consent to infer the existence of antitrust breaches committed by undertakings.407 The compatibility of presumptions with Article 48(1) CFREU has been recently affirmed also by Directive 2016/343 which, at Recital (22), states that the presumption of innocence is not as such prejudiced by “the use of presumptions of fact or law concerning the criminal liability of a suspect or accused person”, if they are “rebuttable”, “used only where the rights of the defence are respected”, and “confined within reasonable limits, taking into account the importance of what is at stake and maintaining the rights of the defence, and the means employed should be reasonably proportionate to the legitimate aim pursued”.408 The second profile of the presumption of innocence relatively less critical for the SSM sanctioning proceedings concerns rules on treatment establishing that a suspect or an accused person shall not be presented as guilty neither within nor outside the proceeding, as long as s/he has not been proved guilty according to law (e.g. in public announcements, press release, or in statements by police of the judiciary).409  Cf., e.g., ThyssenKrupp Liften Ascenseurs NV and others v. Commission, Joined cases T-144/07, T-147/07, T-148/07, T-149/07, T-150/07 e T-154/07, 13.07.2011, ECLI:EU:T:2011:364, § 114; Spector, § 44; Opinion of Advocate General Kokott, delivered on 4.06.2009, in TMobile Netherlands and o., Case C-8/08, 4.06.2009, ECLI:EU:C: 2009:343, § 93. 407  See, among others, the possibility to deduce anti-competitive consent from the participation in a cartel meeting (e.g. Commission of the European Communities v Anic Partecipazioni SpA, Case C-49/92 P, 8.07.1999, ECLI:EU:C:1999:356, §§ 83-87); the existence of dominant position in market share above 50% (e.g. AKZO Chemie BV v Commission of the European Communities, Case C-62/86, 3.07.1991, ECLI:EU:C:1991:286, § 60), or the control over subsidiary on the market from the 100% ownership of its parent company (e.g. Akzo Nobel NV and Others v Commission of the European Communities, Case C-97/08 P, 10.09.2009, ECLI:EU:C:2009:536, §§ 60–63; see also Bronckers and Vallery (2011), pp.  547–557. For more cases, see Nehl (2014), pp. 1285–1286. 408  The provision appears in line with point 2.3 of the Green paper on the presumption of innocence. 409  Cf. Recitals (16) to (19) Directive 2016/343. Among legal scholars, see e.g. Lamberigts (2016b); Lupária (2017), pp. 927–936; Trechsel (2005), p. 164; Ubertis (2017), p. 232 et seq. A main field of application of these rules in criminal proceedings concerns the delicate issue of pre-trial measures, which however is not relevant to sanctioning proceedings carried out in banking supervision, cf. especially requiring to treat inmates awaiting for trial, or whose sentence is not final yet, differently from convicted ones, for instance establishing different rules and spaces in the detention structures, see e.g., Article 10 of the International Covenant on Civil and Political Rights of 16.12.1966; Green paper on the presumption of innocence, § 2 and 2.2; Green Paper on the application of EU criminal justice legislation in the field of detention (COM (2011) 327 def.), § 4; Resolution of the European Parliament of 15 December 2011 on detention conditions in the EU 2011/2897/RSP. In this sense, also Fahas v Council, Case T-49/07, 7.12.2010, ECLI:EU:T:2010:499, § 64; El Morabit v Council, Joined cases T-37/07 and T-323/07, 2.09.2009, ECLI:EU:T:2009:296, § 40. Contra, in these terms, Trechsel (2005), p. 181 et seq., ECtHR, Peers v. Greece, 19.04.2001, Application no. 28524/95, § 78; Jiga v. Romania, 16.03.2010, Application no. 14352/04, § 100, although “il convient toutefois de s’assurer que les mesures prises à l’égard des détenus à titre provisoire ne sont pas de nature à porter atteinte au principe de la présomption d’innocence”; Iwańczuk v. Poland, 15.11.2001, Application no. 25196/94, § 53. Another important application of the presumption in this field concerns the prohibition to keep the defendant with handcuffs or jail uniform during the trial hearing cf., e.g., ECtHR, Jiga v. Romania, § 103, and Samoilă and Cionca 406

242

6  The Hybrid Nature of Banking Supervision

This issue has been addressed by both European Courts, as well as by Directive 2016/343. The ECtHR, in particular, in line with other pieces of soft-legislation issued by the Council of Europe,410 repeatedly ruled on this subject, affirming how the presumption of innocence “serves mainly to guarantee the rights of the defence and at the same time helps to preserve the honour and dignity of the accused”.411 While, according to a certain interpretation, the moment in which this profile of the presumption attaches shall be left to the applicable national law,412 the ECtHR has partially limited the margin of appreciation of national authorities, requiring for instance that the presumption shall continue to apply also in appeal proceedings following a conviction, although already enforceable.413 According to the Court, in any case, Article 6(2) ECHR “by no means” prevents “the authorities from informing the public about the criminal conviction concerned, nor prevent discussion of the subject by the media or the general public […] Nonetheless, such reference should be made with all the discretion and restraint which respect for the presumption of innocence demands”.414 When media are involved, moreover, the presumption of innocence needs to be balanced with the right to freedom of expression, protected by Article 10 ECHR, since Article 6(2) ECHR cannot “prevent the authorities from informing the public about criminal investigations in progress, but it requires that they do so with all the discretion and circumspection necessary if the presumption of innocence is to be respected”.415 This interpretation of the presumption of innocence as a rule of treatment is mirrored by Article 4 of Directive 2016/343, according to which “Member States shall v. Romania, 4.03.2008, Application no. 33065/03, §§ 98-101. See also Article 5(1) and Recitals (20)-(21) Directive 2016/343. 410  Cf. CoE Recommendation Rec (2003) 13 on the Provision of Information through the Media, Principles 1 and 2; Guidelines on human rights and the fight against terrorism adopted by the Committee of Ministers on 11.07.2002. 411  Konstas v Greece, 24.05.2011, Application no. 53466/07, § 32; Pandy v. Belgium, 21.09.2006, Application no. 13583/02, § 43; Karaman v. Germany, 27.02.2014, Application no. 17103/10, § 63; Poncelet v. Belgium, 30.03.2010, Application no. 44418/07, § 51; Allenet de Ribemont v. France, 10.02.1995, Application no. 15175/89, § 35; Minelli v Switzerland, 25.03.1983, Application no. 8660/79, § 37. Daktaras v. Lithuania, 10.10.2000, Application no. 42095/98, § 43; Konstas v Greece, § 33; Adolf v. Austria, 26.03.1982, Application no. 8269/78, §§ 36–41. 412  In this sense, Illuminati (1991), p. 22 et seq. On the topic, see also Paulesu (2009), p. 82 et seq. El Kaada v. Germany, 12.11.2015, Application no. 2130/10, § 54; Iwańczuk v. Poland, § 53; Sekanina v. Austria, 25 August 1993, Application no. 13126/87, § 30; Rushiti v. Austria, 21.03.2000, Appication no. 28389/95, § 31. 413  See, Trechsel (2005), p. 163 et seq., and, e.g., Konstas v. Greece, § 36; Perica Oreb v. Croatia, 31.10.2013, Application no. 20824/09, § 146; Iwańczuk v. Poland, § 53. 414  Konstas v. Greece, § 34; Peša v. Croatia, 8.04.2010, Application no. 40523/08, § 139. 415  ECtHR, Y.B. and others v. Turkey, 28.10.2004, Application nos. 48173/99 and 48319/99, § 48; Allenet de Ribemont v. France, § 38; ECJ, Franchet and Byk v. Commission, § 212. See also Recommendation Rec (2003) 13 of the Committee of Ministers to member states on the provision of information through the media in relation to criminal proceedings.

6.3 Fair Trial Guarantees and Banking Supervision: The Right to an Independent…

243

take the necessary measures to ensure that, for as long as a suspect or an accused person has not been proved guilty according to law, public statements made by public authorities, and judicial decisions, other than those on guilt, do not refer to that person as being guilty”, without that being an obstacle in preventing “public authorities from publicly disseminating information on the criminal proceedings where strictly necessary for reasons relating to the criminal investigation or to the public interest”.416 According to Article 2 of the Directive, the scope of this provision, similarly to the other profiles of the presumption of innocence, shall cover “all stages of the criminal proceedings, from the moment when a person is suspected or accused of having committed a criminal offence, or an alleged criminal offence, until the decision on the final determination of whether that person has committed the criminal offence concerned has become definitive”. In dealing with these rules on treatment under EU law, particularly interesting for the analysis of the SSM sanctioning powers—still lacking decisions on the matter directly concerning Directive 2016/343417— is especially that CJEU case-law concerning the relationship between the presumption of innocence and the publication of decisions imposing penalties to undertakings in breach of competition law.418 Indeed, as already mentioned, both Article 68 CRD IV/V, Article 18(6) SSM R and Article 1a(3) Regulation 2532/98 establish for decisions applying penalties to be published.419 Restating its previous jurisprudence on the applicability of the presumption to the procedures against infringements of competition law that may result in the imposition of fines or periodic penalty payments,420 the Court in Pergan Hilfsstoffe (2007) found that, until guilt has been established according to law, the presumption “precludes any formal finding and even any allusion to the liability of an accused person for a particular infringement”, and any findings shall “in principle, be regarded as confidential as regards the public, and therefore as being of the kind covered by the obligation of professional secrecy” in order to safeguard the “reputa Recital (17) of the Directive indicates ‘public statements made by public authorities’ should be understood broadly as covering all authorities involved in criminal proceedings, such as “judicial authorities, police and other law enforcement authorities, […] ministers and other public officials”. 417  For the most recent cases, see the already mentioned Criminal proceedings against Emil Milev, Case C-439/16 PPU, which however was issued after the approval of the Directive but before the expiration of the deadline for the transposition at national level. 418  Cf. Nehl (2014), p. 1283 et seq. See, e.g., Franchet and Byk v. Commission, § 210; Nanopoulos v. Commission, Case F-30/08, 11.05.2010, ECLI:EU:F:2010:43, § 185; Nikolaou v. European Court of Auditors, Case C-220/13 P, 10.07.2014, ECLI:EU:C:2014:2057, § 34 et seq. 419  Cf. above, Sects. 4.3 and 4.4.2. The issue with regard to Article 18(6) SSM R is raised in Allegrezza and Voordeckers (2015), p. 158. 420  Cf., e.g., Hüls v Commission, Case C-199/92, § 150; JFE Engineering and others v Commission, Joined Cases T-67/00, T-68/00, T-71/00 and T-78/00, 8.07.2004, ECLI:EU:T:2004:221, § 178; Sumitomo Chemical and Sumika Fine Chemicals v Commission, Joined cases C-403/04 P and C-405/04 P, 25.01.2007, ECLI:EU:C:2007:52, §§ 104–105; BASF v Commission, Case T-15/02, 15.03.2006, ECLI:EU:T:2006:74, § 604. 416

244

6  The Hybrid Nature of Banking Supervision

tion and dignity of the person concerned as that person has not been finally found guilty of an infringement”. According to the same case-law, “the guilt of a person accused of an infringement is established definitively only where the decision finding that infringement has acquired the force of res judicata, which implies either the absence of an appeal against that decision by the person concerned […] or, after such an appeal, the definitive closure of the contentious proceedings, in particular, by a judicial decision confirming the lawfulness of that decision”. Before that moment, “there is therefore no public interest in publishing the disputed information that is capable of prevailing over the applicants legitimate interest in having such information protected”.421 Similar precautions find application also in other fields of EU law, for instance in the protection of the financial interests of the Union, and in particular during OLAF investigations. In that regard, the CJEU ruled that the presumption of innocence confers rights on suspected individuals “in so far as they are entitled to expect that the investigations concerning them will be conducted in a manner that respects their fundamental rights”, which would be seriously violated in case the Office would “named them publicly—including by the leaks in the press—as guilty of a number of criminal offences”.422 In light of the above, the sanction provided for by Article 68 CRD IV/V does not seem to raise particular problems against the presumption of innocence, since publication duties concern only administrative penalties for CRD IV/V or CRR breaches, against which there is no appeal, or the latter is no longer available. In case Member States would opt to extend the publication duty also to decisions which may still be appealed, moreover, the communication shall include information on the appeal status and outcome thereof. Therefore, it appears that CRD IV/V on the matter remains in line with the case-law of the European Courts, and the applicable legal framework. Similar conclusions may be drawn also with regard to Article 18(6) SSM R and Article 1a(3) Regulation 2532/98 which do not explicitly require a decision to be final before making its publication compulsory (although, if the decision has been appealed, that status and its outcome should also be published). Indeed, SSM Regulations require that in cases where the publication including information on the type and nature of the breach and the identity of the supervised entity concerned would either (a) jeopardise the stability of the financial markets or an on-going criminal investigation; or (b) cause, insofar as it can be determined, disproportionate damage to the supervised entity concerned, the decision to be published shall be anonymised.

 Pergan Hilfsstoffe für industrielle Prozesse GmbH v Commission, Case T-474/04, 12.10.2007, ECLI:EU:T:2007:306, §§ 75–77 and 80. See also Volkswagen AG v Commission, Case T-62/98, 6.07.2000, ECLI:EU:T:2000:180, § 281. 422  Yves Franchet and Daniel Byk v Commission of the European Communities, Case T-48/05, 8.07.2008, ECLI:EU:T:2008:257, § 215. 421

6.3 Fair Trial Guarantees and Banking Supervision: The Right to an Independent…

245

Alternatively, if such circumstances are likely to cease within a reasonable period of time, publication may simply be postponed (Article 132 SSM FR). Such sanctions remained also bound by the “conditions set out in relevant Union law”, and therefore also the case-law interpreting the latter. Against this background, the practice, so far carried out by the ECB, to publish penalties imposed upon credit institutions only after the expiration of the terms to ask for a review before the ABoR, or at the end of this internal reviewing procedure, and (if that is the case), with a clear statement concerning the possibility for them to be still challenged before the Court of Justice, seems to be in compliance with the precautions imposed by both European Courts to safeguard the reputation and dignity of the persons involved in the proceedings. Much more critical considerations shall be drawn, instead, with regard to the presumption of innocence meant as the privilege against self-incrimination, according to which suspects and accused persons have the right to remain silent, and not to incriminate themselves in relation to the charges they are suspected or accused of having committed. In line with the approach followed by the Court in Strasbourg and by Directive 2016/343, the expression “privilege against self-incrimination” is here understood to include only the “right to silence”, and not also,423 the right of the defendant not to state the truth before a request of public authorities. Indeed, in the field of banking supervision, it does not seem appropriate, on the other side, to extend also the right to lie before public authorities to the production of documents, as the possibility to produce false documents would definitely undermine any system of public trust. Contrary to the other aspects of the presumption of innocence, the privilege is not expressly mentioned in the European Convention on Human Rights. It however finds its legal basis in paragraph 1 of Article 6 ECHR, together with the other fair trial rights, with whom it is strictly related. Especially evident is the link with the rights of legal assistance, which is the basic condition to effectively invoke all other procedural rights,424 and with the right

 See, e.g., Grevi (1972), pp.  2–4, and 47 et seq.; Illuminati (1979), p.  193. Contra Trechsel (2005), p. 342, according to which these two guarantees “must be seen as being represented by two partly overlapping circles”. However, differentiating in fact the scopes of the two expressions according to their reference to verbal or non-verbal expressions (such as documents), or on the fact that they cover all statements, or only those detrimental to the person concerned, seems a classification hardly applicable into practice, and a solution leaving the way open to possible restriction to the safeguarding impact of the principle. See e.g., Saunders v the UK, § 71: “the right not to incriminate oneself cannot reasonably be confined to statements of admission of wrongdoing or to remarks which are directly incriminating. Testimony obtained under compulsion which appears on its face to be of a non-incriminating nature-such as exculpatory remarks or mere information on questions of fact-may later be deployed in criminal proceedings in support of the prosecution case, for example to contradict or cast doubt upon other statements of the accused or evidence given by him during the trial or to otherwise undermine his credibility. Where the credibility of an accused must be assessed by a jury the use of such testimony may be especially harmful”. 424  See, e.g., Illuminati (1979), p. 192.

423

246

6  The Hybrid Nature of Banking Supervision

to information, which requires suspects to be promptly warned also of their right to remain silent.425 According to the ECtHR case-law, the privilege does not directly belong to the presumption of innocence. However, the privilege not only lies “at the heart of the notion of a fair procedure under Article 6 ECHR”, avoiding that the accused is subject to “improper compulsion by the authorities” and contributing in reducing miscarriages of justice,426 but, as repeatedly affirmed since the notorious decision Saunders v UK, it is also “is closely linked to the presumption of innocence contained in Article 6 para. 2 of the Convention (art. 6-2)”.427 At the EU level, even if also the Charter does not make any express reference to it, the privilege against self-incrimination is instead considered covered by the presumption of innocence. A confirmation in this sense comes also from Directive 2016/343. Article 7 of the Directive, indeed, puts the right to remain silent within the scope of the presumption of innocence, and grounds its legal basis in Article 48(1) CFREU.428 However, at least in its current interpretation, the objective and subjective scope of the privilege under the Directive does not coincide with that ­recognized by the Court in Strasbourg, with differences extremely relevant when it comes to analyse the application of this right to the matter of punitive banking supervision. Under an objective perspective, and despite the “neutral” and broad wording of Article 48, in fact, it remains controversial whether the privilege may find application outside the criminal matter stricto sensu, and in particular to administrative punitive contexts.429 In truth, recognizing, the application of the privilege to the administrative matters (also with regard to banking supervision) results especially critical, as it risks nullifying the very reporting mechanism employed by administrative independent authorities, that is the duty of supervised entities to report and provide the requested information, to their supervisors and the existence of forms of liability in case of non-compliance. Nonetheless, according to the ECtHR case-law, if a substantial criminal nature is to be recognized in application of the Engel criteria, all rights established by Article 6(1) ECHR shall apply from the moment criminal charges are formulated against  Cf. also Article 3(1) let. e), and Article 4(2), Directive 2012/13/EU on the right to information in criminal proceedings, to which Recital (32) of Directive 2016/343 refers to (directly to Article 4, indirectly to Article 3). Critical on this inclusion, since “it is not easy to imagine a case which could give the Court in Strasbourg the opportunity to find a violation of the right to a fair trial due to the absence of a proper warning”, Trechsel (2005), p. 352. 426  Ibrahim 2016, § 266; see also Gäfgen v. Germany, 1.06.2010, Application no. 22978/05, § 168; John Murray v The UK, § 45; Jalloh v. Germany, 11.07.2006, Application no. 54810/00, § 100; and Bykov v Russia, 10.03.2009, Application no. 4378/02, § 92. 427  Saunders v the UK, § 71; O’Donnell v the UK, concurring opinion of Judge Wojtyczek, § 3; Heaney and McGuinness v Ireland, § 40; Quinn v. Ireland, § 40. 428  Cf. Recital (1), Directive 2016/343. 429  Drastically contrary to this option Trechsel (2005), p. 349 according to which “There can be no doubt that the privilege does not apply outwith the criminal law-a fact evidenced by the very term self-incrimination”; contra Veenbrink (2015), p. 120 et seq. See also Scarparone (1995). 425

6.3 Fair Trial Guarantees and Banking Supervision: The Right to an Independent…

247

the accused, thus including also pre-trial phases.430 No exclusion of the privilege from the punitive administrative matter finds therefore grounds in the ECtHR case-­ law, at least with regard to the right to remain silent. Similar conclusions should be drawn also with regard to the EU legal framework. Indeed, Article 2 of the Directive establishes that the privilege applies to “suspects or accused persons in criminal proceedings”, and Recital (11) specifies that it “should not apply to civil proceedings or to administrative proceedings, including where the latter can lead to sanctions, such as proceedings relating to competition, trade, financial services, road traffic, tax or tax surcharges, and investigations by administrative authorities in relation to such proceedings”. While this provision seems to deny the application of the Engel case-law to the matter, the Recital then continues affirming, not without some contradictions, that the Directive shall however apply to “criminal proceedings as interpreted by the Court of Justice of the European Union without prejudice to the case-law of the European Court of Human Rights”, which seems to bring Engel back on the field. A similar limitation to the scope of the privilege, in any case, besides for raising concerns for the coherence of the interpretation of fundamental rights in the EU, does not find legal basis in the neutral wording of Article 48 (1) CFREU (which refers to “everyone who has been charged”, and not specifically to defendants). And, it worth recalling, the provisions of the Directive are hierarchically subordinated to the principles of the Charter. Relevant differences of approaches between the ECtHR and Directive 2016/343 may be found also analysing the privilege under a subjective point of view, that is with regard to the subjects who may invoke it. Indeed, as already mentioned, the Court in Strasbourg has generally not differentiated the application of fair trial rights between natural and legal persons, although it has not explicitly ruled on the application of the right to remain silent to legal persons as yet.431 A similar interpretation should be attached also to Article 48 CFREU, whose wording does not differentiate between natural and legal persons (“everyone”).432 This would be coherent as well with, the application of the other profiles of the presumption of innocence (standard and burden of proof, and rule on treatment) to legal entities, which has been so far undisputedly admitted by the Court of Justice.433 Against this background, however, the Directive explicitly excludes all the rights related to the presumption of innocence with regard to legal persons. According to Article 2, in fact, this piece of legislation applies to “natural persons who are sus-

 See, e.g., Ibrahim and others v. The UK, 13.09.2016, Applications nos. 50541/08, 50571/08, 50573/08 and 40351/09 (hereinafter “Ibrahim 2016”), § 249. 431  See e.g., Menarini Diagnostics v Italy, § 44, and above, Sect. 6.2. At the academic level see Lamberigts (2016a), p. 36 et seq.; Oliver (2015), p. 685; Van Kempen (2011), p. 373. 432  On this opinion also Nehl (2014), p. 1282; Allegrezza (2017), p. 950. See also O’Connel (2006). 433  Cf., recently, Eturas and others v Lietuvos Respublikos konkurencijos taryba, Case C-74/14, 21.01.2016, ECLI:EU:C:2016:42, § 38. 430

248

6  The Hybrid Nature of Banking Supervision

pects or accused persons in criminal proceedings”.434 Recitals (13) and (14) further specify that the “Directive acknowledges the different needs and levels of protection of certain aspects of the presumption of innocence as regards natural and legal persons” and that “at the current stage of development of national law and of case-law at national and Union level, it is premature to legislate at Union level on the presumption of innocence with regard to legal persons. This Directive should not, therefore, apply to legal persons”. With another ambiguous clause, Recital (14) then affirms that “This should be without prejudice to the application of the presumption of innocence as laid down, in particular, in the ECHR and as interpreted by the European Court of Human Rights and by the Court of Justice, to legal persons”. In light of the above, Recital (15) concludes that “the presumption of innocence with regard to legal persons should be ensured by the existing legislative safeguards and case-law, the evolution of which is to determine whether there is a need for Union action”. This exclusion raises several doubts if looked from a systematic perspective, both within and outside the EU legal framework. From an external perspective, as increasingly observed by legal scholars,435 this interpretation appears to contrast with the case-law of the Court in Strasbourg, setting a lower level of protection in the EU for legal persons. This result should be barred by Article 52(3) CFREU, which requires a standards at least as high as those granted by the Convention.436 From an internal perspective, the exclusion appears first in contrast to the other procedural directives adopted in light of the Stockholm Roadmap for strengthening procedural rights in criminal proceedings, in which no explicit restriction has been established according to the type of subject they refer to.437 Moreover, excluding legal persons not only from the privilege against self-­ incrimination, but also from all the other profiles of the presumption of innocence  During the negotiations, the European Parliament tried to broaden the scope of the Directive also to include legal persons, but the attempt failed, see Amendments no. 9, 10, 39, in European Parliament, I Report on the proposal for a directive of the European Parliament and of the Council on the strengthening of certain aspects of the presumption of innocence and of the right to be present at trial in criminal proceedings (COM(2013)0821—C7-0427/2013—2013/0407(COD)) Committee on Civil Liberties, Justice and Home Affairs (Rapporteur: Nathalie Griesbeck), A8-0133/2015, 20 April 2015. http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP// TEXT+REPORT+A8-2015-0133+0+DOC+XML+V0//EN. Accessed 20 July 2018. 435  Calzado and De Stefano (2012), pp.  423–427; Van Overbeek (1994), pp.  127–133; Willis (2001), pp. 313–321; Belluta (2018), pp. 72–77; Veenbrink (2015), p. 128 et seq. 436  “In so far as this Charter contains rights which correspond to rights guaranteed by the Convention for the Protection of Human Rights and Fundamental Freedoms, the meaning and scope of those rights shall be the same as those laid down by the said Convention. This provision shall not prevent Union law providing more extensive protection”. 437  Resolution of the Council of 30.11.2009 on a Roadmap for strengthening procedural rights of suspected or accused persons in criminal proceedings (better known as the “Stockholm Programme”), O.J. C 295, 4.12.2009, p. 1; on the point see Lamberigts (2016a), p. 36. On a general brief recollection of the measures derived from the Programme see Sayers (2014), pp. 1311–1312. 434

6.3 Fair Trial Guarantees and Banking Supervision: The Right to an Independent…

249

appears to contrast with both the wording of Article 48(1) CFREU (which, again, does not contain any specific reference in this sense), and with the consolidated jurisprudence of the CJEU. The latter indeed actually developed its case-law on the matter in competition law where most undertakings are precisely legal persons.438 In this respect, finally, the reference of Recital (14) to the fact that “the Court of Justice has, however, recognised that the rights flowing from the presumption of innocence do not accrue to legal persons in the same way as they do to natural persons”, used in the Directive as a justification to exclude legal persons from its scope, needs to be carefully put into context. Indeed, it is true that the Court (before the entry into force of the Lisbon Treaty, and, again, mostly in competition law) has recognized the applicability of the presumption of innocence to undertakings only with some limitations, arguing that the acknowledgement of the existence of a broader right “would go beyond what is necessary in order to preserve the rights of defence of undertakings, and would constitute an unjustified hindrance with the Commission’s performance of its duty”.439 In this sense, however, it should first be reminded that even if there is not a clear definition of “undertaking” under antitrust law, the notion is commonly referred not only to legal, but also to natural persons or group of persons. Therefore, it is not possible to conclude that the restrictive approach developed by the CJEU derives from the need to differentiate between natural and legal persons.440 In any case, even the consideration that the level of protection might not be the same for natural and legal persons does not per se imply that the latter should be excluded completely from its scope. For instance, the right to be silent has never been recognized as absolute for natural persons by the ECtHR, but this was never used as an argument to exclude natural persons from the scope of the privilege. Moreover, the cases of the CJEU to which the Directive refers to in Recital (14) mostly concern competition law, which is a field that so far has never been recognized by the Court as substantive criminal matter.441 It is not clear, therefore, as highlighted by some scholars, how limitations in non-criminal fields of law may be used as a model to define the standard of protection for defendant in criminal proceedings.442 The limited scope of the Directive also seems to contrast with other policy indications coming from the EU, which in several legal acts strongly encouraged and promoted the establishment of forms of liability towards legal persons responsible  Cf. Eturas and others v Lietuvos Respublikos konkurencijos taryba, Case C-74/14.  Commission of the European Communities v SGL Carbon AG, Case C-301/04 P, 29.06.2006, ECLI:EU:C:2006:432, § 402; Mannesmannröhren-Werke v Commission, Case T-112/98, 20.02.2001, ECLI:EU:T:2001:61, §§ 66 and 67. See also Nehl (2014), p. 1293. 440  Jones (2012), pp. 301–331. 441  See above, Sect. 6.2. Of this opinion, for instance, Nehl (2014), p. 1294 according to which the Court of Justice could even adopt a higher standard of protection, “as long as the ECtHR does not expressly extend the scope of protection under Article 6 of the ECHR to legal persons in competition proceedings”. 442  Lamberigts (2016a), p. 37. 438 439

250

6  The Hybrid Nature of Banking Supervision

of having committed crimes.443 For instance, the 2017 Directive for the protection of the financial interests of the EU (PIF Directive)444 or the 2014 Market Abuse Directive and Regulation445 require to include legal persons among the subjects which may be prosecuted and sanctioned for criminal behaviours: Against this background, the choice of the same EU legislator to completely deprive the same subjects from one of the core rights of fair trial is, at the very least, contradictory. The exclusion of legal persons from the scope of the Directive appears even less justifiable taking into account that, for natural persons, the level of protection pursued by this legal text is already very “minimal”, and an extension to legal entities, as already pointed out in the academic debate, would not have probably been much more than a statement of principle.446 In fact, as anticipated, nowhere in the Directive, (on this in line with the Court in Strasbourg)447 the right not to incriminate oneself is established as an absolute right. Limitations to the privilege invokable by natural persons may be found, first of all, with regard to the type of information that the proceeding authority is requiring to provide, and especially to the difference between oral statements and documents. Indeed, while the first are usually covered by the privilege, a much stricter interpretation is applied with regard to documents. The case-law of the Court in Strasbourg concerning this profile is especially ambiguous. In a number of cases, starting from the 1993 landmark decision Funke v France, the Court recognized that requesting the accused to give evidence at his own trial, through the production of pre-existing documents from which evidence emerges of the offences allegedly committed, may be considered as a violation of the privilege against self-incrimination. In particular, the ECtHR recognised a violation in the use of production orders aimed at obtaining documents which the investigating authorities believed must exist, although without being certain about it: “Being unable or unwilling to procure them by some other means, they attempted to compel the applicant himself to provide the evidence of offences he had allegedly committed”.448  Cf. Sect. 2.2.  Cf. Article 2, Directive 2017/1371 (“PIF”). 445  Article 8, Directive 2014/57/EU on criminal sanctions for market abuse, and Article 3(1), no. 13, Regulation (EU) No 596/2014. 446  Lamberigts (2016a), p. 40, who notices also that none of the really critical profiles concerning the application of the right to remain silent to legal persons is addressed by the Directive, such as “the definition of persons who may exercise this right on behalf of the legal person. Is it limited to a very select group of employees or officials of the legal person, or can it be invoked on behalf of the legal person by a broad circle of individuals? Member States could have answered this question restrictively, thereby limiting the impact of the Directive in practice”. 447  “Not only the ECtHR’s case law on the issue of documentary evidence, but also its case law on the right to silence in general is at times confusing”, Lamberigts (2016a), p. 39. 448  Funke v France, 25.02.1993, Application no. 10828/84, § 44 “The Court notes that the customs secured Mr Funke’s conviction in order to obtain certain documents which they believed must exist, although they were not certain of the fact. Being unable or unwilling to procure them by some other means, they attempted to compel the applicant himself to provide the evidence of 443 444

6.3 Fair Trial Guarantees and Banking Supervision: The Right to an Independent…

251

Few years later, however, in Saunders v UK (1996), the Court specified and restricted the scope of the privilege, clearly stating that it “does not extend to the use in criminal proceedings of material which may be obtained from the accused through the use of compulsory powers but which has an existence independent of the will of the suspect such as, inter alia, documents acquired pursuant to a warrant, breath, blood and urine samples and bodily tissue for the purpose of DNA testing”.449 A special attention, for the purpose of this work, shall be put on the expression “documents acquired pursuant to a warrant”, which seems to imply that practices requiring suspects to hand over documents, although self-incriminating, should not be considered in violation of the right to remain silent, as long as the person is not required to create new documents.450 This test seemed then to get softened again by the Court in J.B. v Switzerland (2001), where a fine was imposed on the claimant for failure to produce some ­documents concerning the companies in which he had invested money. Those documents, although required by several production orders by the competent tax authorities, were not considered by the Court to be falling under the Saunders test.451 Similar approach was adopted also in Jalloh (2006), where the ECtHR recognized the “principle of self-incrimination as protected under Article 6 § 1 a broader meaning so as to encompass cases in which coercion to hand over real evidence to the authorities was in issue”.452 More recently, in Chambaz v Switzerland (2012), the Court made again a broad application of the privilege, recognizing that fining the applicant to pressure him to submit documents potentially harming his position not only before the tax authorities but also in a criminal proceeding constituted a violation of the right to remain silent.453 At the EU level, the Saunder test was literally transposed in Article 7(3) of Directive 2016/343, which explicitly refers to evidence “which may be lawfully obtained through the use of legal powers of compulsion and which has an existence independent of the will of the suspects or accused persons”.

offences he had allegedly committed. The special features of customs law (see paragraphs 30–31 above) cannot justify such an infringement of the right of anyone “charged with a criminal offence”, within the autonomous meaning of this expression in Article 6 (art. 6), to remain silent and not to contribute to incriminating himself. There has accordingly been a breach of Article 6 para. 1 (art. 6-1)”. 449  Saunders v the UK, § 69; cf. Veenbrink (2015), p. 125 et seq. 450  In this sense, also Lamberigts (2016a), p. 39; Ashworth (2008), pp. 770–771. 451  J.B. v Switzerland, 3.05.2001, Application no. 31827/96, § 68. 452  Jalloh v Germany, 11.07.2006, Application no. 54810/00, § 110. 453  Chambaz v Switzerland, 5.04.2012, Application no. 11663/04, §§ 50-58, and in particular § 54 and 58: “La Cour observe, par ailleurs, que le requérant ne pouvait exclure que toute information relative à des revenus supplémentaires de sources non imposées l’exposait à être accusé d’avoir commis l’infraction de soustraction d’impôt (J.B. c. Suisse, précité, § 65) et était de nature à compromettre sa position dans l’enquête pour soustraction d’impôts […] Ces éléments suffisent à la Cour pour conclure que le droit de ne pas être contraint de s’incriminer soi-même, tel que garanti par l’article 6 § 1 de la Convention, a été violé en l’espèce”.

252

6  The Hybrid Nature of Banking Supervision

The ambiguity of this expression, already visible in the ECtHR jurisprudence, clearly emerges from the combined reading of Recital (29) and (25) of the Directive. According to the first, this exception should refer to evidence “such as material acquired pursuant to a warrant, material in respect of which there is a legal obligation of retention and production upon request, breath, blood or urine samples and bodily tissue for the purpose of DNA testing”. However, Recital (25) states that “suspects and accused persons should not be forced, when asked to make statements or answer questions, to produce evidence or documents or to provide information which may lead to self-incrimination”. The balance between these two interpretative criteria is not clearly identified in the Directive. On one side, in line with the stricter interpretation of Saunders, it could be concluded that “the privilege only covers assistance from the suspect which could not be substituted by employing direct force”, therefore including only documents which are still not existing at the moment of the request.454 In light of the reference of Recital (29) to the “material in respect of which there is a legal obligation of retention and production upon request”, however, a broader and more safeguarding interpretation could also be raised. It could be concluded, in fact, without any reason to distinguish between natural and legal persons, that the privilege covers not only declarations but also the production of documents, with the exclusion of those for which a positive obligation of retention exists (e.g. accounting records).455 Some limitations to the privilege against self-incrimination applicable to natural persons may be found also with regard to oral statements. Already under Article 6(1) ECHR, in fact, not every form of compulsion adopted by public authorities to obtain statements from the persons under investigations is considered to be a violation of the right to remain silent.456 To assess so, it is necessary for the ECtHR to examine several concrete parameters such as “the nature and degree of compulsion used to obtain the evidence; the weight of the public interest in the investigation and punishment of the offence in issue; the existence of any relevant safeguards in the procedure; and the use to which any material so obtained is put”.457 While the legal classification, seriousness or complexity of certain types of crime, such as corporate crime, or terrorism, cannot per se justify a restriction of the privilege,458 the Court, taking into account the nature and the degree of the coercion,  Trechsel (2005), p. 354.  Along the same line, overseas, SEC (2017), p. 73. 456  Cf., e.g., John Murray v the UK, § 47; Heaney and McGuinness v Ireland, § 47; Weh v. Austria, 8.04.2004, Application no. 38544/97, § 46; O’Halloran and Francis v The UK, 29.06.2007, Applications nos. 15809/02 and 25624/02, § 53; Adetoro v. the UK, 20.04.2010, Application no. 46834/06, § 47; O’Donnell v. the UK, § 48. 457  See, e.g., Jalloh v Germany, §§ 97, 101 and 117. 458  Cf., e.g., Marttinen v Finland, 21.04.2009, Application no. 19235/03, § 75; more recently see Ibrahim 2016, §§ 298-300, where the qualification of the offence as terrorism had indeed a relevant weight in the assessment of the Court. 454 455

6.3 Fair Trial Guarantees and Banking Supervision: The Right to an Independent…

253

and starting from John Murray v UK (1996), worryingly distinguished between “proper” forms of compulsion, which do not represent a breach of the privilege, and “improper” forms of compulsion, in which the degree of coercion applied is so that it “destroys the very essence of the privilege against self-incrimination”.459 Besides for cases in which the compulsion results in a violation of Article 3 ECHR and Article 4 CFREU, however, defining what represents a “proper” form of compulsion is far from being straightforward. Aware of this, for what specifically concerns pre-trial phases, which are perhaps the most delicate stage for the presumption of innocence also in “punitive” administrative proceedings, in its case-law the ECtHR has identified a non-exhaustive list of factors which shall be examined to determine whether the compulsion has been improper,460 including (i) the potential vulnerable status of the accused; (ii) compliance of the investigative act with the legal framework governing the pre-trial proceeding—and if evidence was obtained unlawfully, the nature of the unlawfulness in question; (iii) the possibility for the accused to challenge the authenticity of the evidence so obtained and oppose its use (and in case of statement, whether it was promptly retracted or modified by the accused); (iv) the analysis on whether the circumstances in which evidence was obtained cast doubt on its reliability or accuracy; (v) the weight of the evidence so obtained in supporting a conviction, and the strength of the other evidence in the case; and (vi) the weight of the public interest in the investigation and punishment of the particular offence in issue.461 Particular attention was also put by the Court on the will of the suspected person.462 In Ibrahim (2016) however the Court recalled that there are “at least three kinds of situations which give rise to concerns as to improper compulsion”463: Where the suspect is obliged to testify under threat of sanctions and either testifies in consequence, or is sanctioned for refusing to testify464; where physical or psychological pressure, often in the form of treatment which breaches Article 3 of the Convention, is applied to obtain real evidence or statements465; or where the authorities use subterfuge to elicit information that they were unable to obtain during questioning.466

459  John Murray v the UK, § 49; O’Halloran and Francis, § 53–55; Heaney and McGuinness, §§ 54-55; Bykov, § 92; cf. also Balsamo (2015), pp. 134–136, and Veenbrink (2015), p. 122 et seq. and literature there mentioned. 460  As it not necessarily derives only by the use of physical force, cf. an oath to tell the truth (Brusco v. France, 14.10.2010, Application no. 1466/07); a rule permitting to draw adverse inferences from the exercise of the right to remain silent (Condron v the UK, 2.05.2000, Application no. 35718/97), or the use of an undercover agent (Allan v. the United Kingdom, 5.11.2002, Application no. 48539/99). 461  The criteria have been summarized in Ibrahim 2016, § 274. 462  Jalloh v Germany. 463  Cf. Ibrahim 2016, § 267. 464  See, for example, Saunders; Brusco v. France; Heaney and McGuinness.; Weh v. Austria. 465  See, e.g., Jalloh v. Germany; Magee v The UK, 9.06.2000, Application no. 28135/95; and Gäfgen v. Germany, 1.06.2010, Application no. 22978/05. 466  See Allan v. the UK.

254

6  The Hybrid Nature of Banking Supervision

Of these three circumstances, the first is particularly relevant in case of administrative (punitive) proceedings in general, and of the SSM sanctioning proceeding in particular, as it concerns the case in which a suspect is obliged to testify under threat of sanctions and either testifies in consequence, or is sanctioned for refusing to testify.467 This profile is also linked with another critical issue related to the privilege against self-incrimination, that occurs when oral statements are compelled under administrative proceedings, and then used against the declarant in a criminal (or punitive) trial. This case is left unanswered by Directive 2016/343. In Saunders, however, the Court in Strasbourg rejected the Government’s position that the privilege can “reasonably be confined to statements of admission of wrongdoing or to remarks which are directly incriminating. Testimony obtained under compulsion which appears on its face to be of a non-incriminating nature—such as exculpatory remarks or mere information on questions of fact—may later be deployed in criminal proceedings in support of the prosecution case, for example to contradict or cast doubt upon other statements of the accused or evidence given by him during the trial or to otherwise undermine his credibility”. From that, “it follows that what is of the essence in this context is the use to which evidence obtained under compulsion is put in the course of the criminal trial”, and that “public interest cannot be invoked to justify the use of answers compulsorily obtained in a non-judicial investigation to incriminate the accused during the trial proceedings”.468 Therefore, it seems that if the information gathered might be relevant for criminal proceedings, due attention should be paid on the use of form of compulsion also in administrative proceedings.469 This approach to the right to remain silent was applied by the CJEU also towards legal persons, mainly in competition law cases. There, the Court further distinguished between requests for information, and decisions requiring information which may also impose a penalty to the undertaking in the event of a refusal to reply, considering only the latter relevant for the scope of the privilege.470 Within this perspective, the CJEU has repeatedly affirmed, since its landmark case Orkem, that duty to cooperate and provide information is considered legitimate only as long as that does not “undermine the rights of defence of the undertaking concerned and compel it to provide answers which might involve an admission on its part of the existence of an infringement which it is incumbent on the Commission to prove”.471  Cf., e.g., Saunders v The UK, § 65; Heaney and McGuinness, §§ 48–49; Brusco v. France, § 54.  Sanders v The UK, §§ 71 and 74. 469  On this point see also Lamberigts (2016a), p. 37. 470  Limburgse Vinyl Maatschappij NV (LVM) and others v Commission of the European Communities, Joined cases C-238/99 P, C-244/99 P, C-245/99 P, C-247/99 P, C-250/99 P to C-252/99 P and C-254/99 P, 15.10.2002, ECLI:EU:C:2002:582, §§ 274 and 279. 471  Société Générale v Commission of the European Communities, Case T-34/93, 8.03.1995, ECLI:EU:T:1995:46, §§ 74-76. See also Orkem v Commission, § 35 “Commission may not compel an undertaking to provide it with answers which might involve an admission on its part of the existence of an infringement which it is incumbent upon the Commission to prove” (quoted also in the Green paper on the presumption of innocence, § 2.5); Solvay v Commission, Case 27/88, 467

468

6.3 Fair Trial Guarantees and Banking Supervision: The Right to an Independent…

255

The Court, however, in line with the standards already established by the ECtHR (with regard to natural persons) in John Murray v UK,472 established that protection shall be granted only for “strictly” self-incriminating questions, and not where “the answers requested are none the less purely factual”.473 The difference between the  two hypothesis, however is not always precisely identifiable, and very much depends on the specific circumstances of the case. This case-law was later incorporated by Regulation No 1/2003, that at Recital (23) recognizes a need to safeguard also legal persons, stating that “when complying with a decision of the Commission, undertakings cannot be forced to admit that they have committed an infringement, but they are in any event obliged to answer factual questions and to provide documents, even if this information may be used to establish against them or against another undertaking the existence of an infringement”.474 The blurred, and limited safeguards conferred in the European legal framework to the right to remain silent are also magnified by the lack of exclusionary rules in case of its violation. This approach does not represent an unicum in the jurisprudence of the ECtHR, which since the 1988 decision Schenk, has steadily affirmed that “while Article 6 (art. 6) of the Convention guarantees the right to a fair trial, it does not lay down any rules on the admissibility of evidence as such, which is therefore primarily a matter for regulation under national law”.475 In the context of the right to remain silent, this interpretation is reflected in the conclusion that not all direct forms of compulsion lead to a violation of Article 6 ECHR, but only those which may be defined as “improper”. As repeatedly affirmed by the Court in John Murray and in the follow18.10.1989, ECR 3355, summary publication; Mannesmannröhren-Werke v Commission, Case T-112/98, § 66; Tokai Carbon Co. Ltd and Others v Commission of the European Communities, Joined cases T-236/01, T-239/01, T-244/01 to T-246/01, T-251/01 and T-252/01, 29.04.2004, ECLI:EU:T:2004:118, §§ 402-406; Commission of the European Communities v SGL Carbon AG, Case C-301/04 P, §§ 35-49; Limburgse Vinyl Maatschappij NV (LVM) and others v Commission of the European Communities, Joined cases C-238/99 P, § 274; Dalmine SPA v. Commission, Case C-407/04 P, 25.01.2007, ECLI:EU:C:2007:53, § 34. For a comparative analysis of the privilege in competition law, see Veenbrink (2015), p. 133 et seq. 472  Cf. John Murray, § 47; O’Halloran and Francis, § 55; Bykov, § 104. 473  Société Générale, § 75; cf. also Amann & Söhne GmbH & Co. KG and Cousin Filterie SAS v European Commission, Case T-446/05, 28.04.2010, ECLI:EU:T:2010:165, § 328 “the mere fact of being obliged to answer purely factual questions put by the Commission and to comply with its request for the production of documents already in existence cannot constitute a breach of the principle of respect for the rights of the defence or impair the right to fair legal process, which offer, in the specific field of competition law, protection equivalent to that guaranteed by Article 6 of the ECHR. There is nothing to prevent the addressee of a request for information from showing, whether later during the administrative procedure or in proceedings before the Community judicature, when exercising its rights of defence, that the facts set out in its replies or the documents produced by it have a different meaning from that ascribed to them by the Commission”. 474  Cf. Recital (23), Regulation No. 1/2003. See also Veenbrink (2015), p. 131 and 137 ff. Talking about a «discrete exception», Ashworth (2008), p. 771. 475  Schenk v. Switzerland, 12.07.1998, Application no. 10862/84, §§ 50-51; see also Trechsel (2005), p. 162 et seq.

256

6  The Hybrid Nature of Banking Supervision

ing case-law (interestingly almost exclusively based on the British or Irish legal systems476), this perspective de facto allows also to draw adverse inferences from the silence of the accused. Whether that represents an infringement of Article 6 shall “be determined in the light of all the circumstances of the case, having regard to the situations where inferences may be drawn, the weight attached to them by the national courts in their assessment of the evidence and the degree of compulsion inherent in the situation”.477 Such an approach, coherent with the comprehensive perspective adopted for all the rights included in Article 6 ECHR (if not violating also Article 3478), results however rather critical if applied to procedural rights, such as access to a lawyer or, precisely, the privilege against self-incrimination, that represent the core of fair trial and on which most of the other relevant procedural safeguards depends upon.479 The lack of exclusionary rules is mirrored also in Directive 2016/343.480

 With some few exceptions, see e.g. Telfner v Austria, § 17, where the Court considered “that the drawing of inferences from an accused’s silence may also be permissible in a system like the Austrian one where the courts freely evaluate the evidence before them, provided that the evidence adduced is such that the only common-sense inference to be drawn from the accused’s silence is that he had no answer to the case against him”. 477  John Murray v the UK, § 47; Averill v. The UK, 6.06.2000, Application no. 36408/97, § 44. 478  Gäfgen v. Germany, § 168. As recently reaffirmed in Ibrahim 2016, § 254 “As the Court has explained on numerous occasions, it is not the role of the Court to determine, as a matter of principle, whether particular types of evidence, including evidence obtained unlawfully in terms of domestic law, may be admissible. As explained above (see paragraph 250), the question which must be answered is whether the proceedings as a whole, including the way in which the evidence was obtained, were fair […] However, an exception to this approach applies in the case of confessions obtained as a result of torture or of other ill-treatment in breach of Article 3”. 479  Cf. with regard to Directive 2016/343, Lamberigts (2016a), p. 39. In general terms on the issue see, e.g., Illuminati (1979), p. 5; Amodio (1974); Pulitanò (1999). The dependence of other fair trial rights upon the correct exercise of the right to remain silent, in connection with the access to a lawyer, although without getting to the creation of exclusionary rules, has been recognized also by the same ECtHR in John Murray, § 66, according to which “at the beginning of police interrogation, an accused is confronted with a fundamental dilemma relating to his defence. If he chooses to remain silent, adverse inferences may be drawn against him in accordance with the provisions of the Order. On the other hand, if the accused opts to break his silence during the course of interrogation, he runs the risk of prejudicing his defence without necessarily removing the possibility of inferences being drawn against him. Under such conditions the concept of fairness enshrined in Article 6 (art. 6) requires that the accused has the benefit of the assistance of a lawyer already at the initial stages of police interrogation. To deny access to a lawyer for the first 48 hours of police questioning, in a situation where the rights of the defence may well be irretrievably prejudiced, is - whatever the justification for such denial - incompatible with the rights of the accused under Article 6”. 480  As well as in all procedural Directives, due to their compromised origin, in this sense see Caianiello (2014b), p. 317 et seq.; Allegrezza (2017), pp. 970–971, which reminds that the process of EU integration has always developed with small steps, and that much of the effectiveness of the recent European rules will depend on their correct implementation at the national level, and on the will of the Court of Justice in providing a safeguarding interpretation of the texts of the directives. 476

6.3 Fair Trial Guarantees and Banking Supervision: The Right to an Independent…

257

Indeed, Article 7(5) only provides that “The exercise by suspects and accused persons of the right to remain silent or of the right not to incriminate oneself shall not be used against them and shall not be considered to be evidence that they have committed the criminal offence concerned”. Although this provision seems to raise the level of protection recognized by the ECtHR, its scope in practice results rather downsized if read in light of the whole Directive. Contrary to the Commission’s proposal, in fact, the approved text of this legislation does not contain any more an exclusionary rule for the evidence gathered in violation of the privilege.481 According to Article 10(2) of the Directive, what must be always respected, is “only” the fairness of the proceedings and the rights of the defence. This expression, as pointed out by legal scholars, is less strong than an absolute exclusionary rule, and actually seems to implicitly allow the use of evidence collected in violation of the right to remain silent, although with some cautions, such as the right to an effective remedy (also not defined in the Directive).482 Recital (28), moreover, specifies that the exercise of the right to remain silent “should not, in itself, be considered to be evidence” but that “this should be without prejudice to national rules concerning the assessment of evidence by courts or judges, provided that the rights of the defence are respected”. The Directive, therefore, does not really require any substantial strengthening of the standards of protection already established in this field at the national level.483

6.3.6  T  he Right to Remain Silent in the SSM Legal Framework Against this legal, and often rather confused background, the level of safeguards provided for in the SSM sanctioning proceedings appears rather problematic. Indeed, although Article 22(2) SSM R requires to comply with due process rights in the adoption of all supervisory decisions, including sanctioning proceedings, not all the guarantees of fair trial find an explicit recognition in the SSM Regulations—a fact which appears particularly thorny when it concerns fundamental principles, such as the privilege against self-incrimination. As anticipated, the SSM may investigate over all financial institutions under its jurisdiction, all persons belonging to them, and third parties to whom the same enti Cf. Article 7, Directive 2016/343 with Article 4, European Commission, Proposal for a Directive of the European Parliament and of the Council, cit. 482  Lamberigts (2016a), p. 38. 483  The fact that silent might represent an evidence, is also confirmed by Article 7(4) of the Directive, according to which “when sentencing, cooperative behaviour of suspects and accused persons” may be taken into account by judicial authorities, therefore seeming to imply, a contrario, that silent may have detrimental effects on the defendant. Lamberigts (2016a), p. 38; Mazza (2014), p. 1407. 481

258

6  The Hybrid Nature of Banking Supervision

ties have outsourced functions or activities.484 According to Article 11 SSM R, written or oral explanations may be obtained from any of these subjects, their representatives or staff. The SSM may also interview any other person “for the purpose of collecting information relating to the subject matter of an investigation”.485 While the interview of third persons requires their consent to be legally carried out, the picture looks quite different when it comes to the subjects under investigation. Indeed, Articles 28 and 29 SSM FR establish that these parties are required to participate to the ECB supervisory procedure, and to provide assistance clarifying the facts under investigation. Upon request, the same subjects may also be compelled (“shall”) to provide any information that “is necessary in order to carry out the tasks conferred on it by” the SSM Regulations. The ECB may set a time-limit by which evidence shall be provided, and “subject to the limits relating to sanctioning procedures under Union law”, the parties shall “state truthfully the facts known to them”.486 If a person obstructs the conduct of the investigation, the SSM may require the necessary assistance by the National Competent Authority of the participating Member State where the relevant premises are located.487 Secrecy law plays a very restricted role in this field, since, according to Article 10(2) SSM R, it neither exempts banks from their disclosing duty, nor represents a cause for invoking a breach of professional secrecy. The situation is then different for natural and legal persons. According to Recital (53) SSM R, the ECB may not impose penalties upon natural persons. In this case, therefore, non-compliance with the obligation to state the truth and cooperate with the investigations cannot be sanctioned directly by the SSM. The issue is then determined by national law, which the ECB, according to Article 11(2) SSM R, may ask the competent NCA to apply (apparently without any discretion of the latter whether to so do or not, since paragraph (2) prescribes that NCAs “shall afford” the request assistance to the ECB). Where the national legal framework provides for penalties in case of non-­ compliance with the regulator, for instance where that is interpreted as an obstruction to the supervisory functions,488 natural persons may then be sanctioned for their non-cooperation in supervisory activities. This has major implications on the effectivity of their privilege against self-incrimination especially when such sanctions are established as criminal.489 As for legal persons, the possibility to apply sanctions for non-compliance is more straightforward. Article 122 SSM FR, in fact, provides that in case of failure to comply with obligations under ECB regulations or decisions, legal entities may  Article 10 SSM R. For a complete illustration of the SSM investigative powers mentioned here, cf. above, Sect. 4.4.3. 485  Article 11(1) (c)-(d) SSM R. 486  Article 28(3) and Article 29(2) SSM FR. 487  Article 10(1)-(2) SSM R. 488  As it is the case in several Member States, cf. Lasagni and Rodopoulos (2019). 489  Such as in Italy, cf. Article 7(1)(2) of Legislative Decree no. 385, of 1.09.1993 (TUB). 484

6.3 Fair Trial Guarantees and Banking Supervision: The Right to an Independent…

259

be sanctioned according to Article 18(7) SSM R, which refers to Regulation 2532/98. The duty to state the truth and supply the information requested, established by Articles 10(2) SSM R and 29 SSM FR, seems to represent an obligation established by ECB Regulations Investigatory measures are also adopted on the basis of an ECB decision which, according to Article 142(c) SSM FR, shall also specify that any obstruction constitutes a breach under Article 18(7). Therefore, in case of non-compliance, the SSM has the power to impose significant enforcement measures or even trigger the initiation of a specific sanctioning procedure against the subjects under investigation. In light of the privilege against self-incrimination, this legal background presents several critical points. In general terms first of all, the ECB should perhaps not rely too easily on the aforementioned CJEU case-law, about the privilege in competition law proceedings (that acknowledging the existence of a broader right “would go beyond what is necessary in order to preserve the rights of defence of undertakings, and would constitute an unjustified hindrance with the Commission’s performance of its duty”).490 Although investigations carried out by DG Comp seems rather comparable with those of the SSM (both EU institutions with investigating powers, both formally administrative but—likely—with punitive character, both with sanctioning powers applicable upon legal persons491), there are solid arguments suggesting the need to differenciate. First, so far there is no evidence that the Court of Justice will extend its “exceptionalism” also towards authorities other than DG-COMP, that is to say, that the CJEU will maintain also for the ECB the ambiguity of classification reserved until now only to antitrust proceedings. In the latter, as previously illustrated, the Court repeatedly acknowledged the severity of the imposable fines (one of the Engel criteria), and therefore the need to comply with some fundamental procedural rights, such as rules on adducing proofs and on treatment deriving from the presumption of innocence, but it never recognized the Commission as a tribunal in the meaning of Article 6 ECHR, nor the subject matter to be of substantive criminal nature, without providing a clear legal reasoning behind such interpretation.492 However, as already argued, competition law retains a sui generis treatment mostly thanks to historical and pragmatic rather than legal reasons, not easily transferrable to the post-Lisbon-­ established Single Supervisory Mechanism.493 A reason to exempt the SSM sanctioning proceedings from the need to comply with the right to remain silent could not be grounded either on the fact that targets of the SSM may be only legal persons, and that these subjects enjoy only a limited  Commission of the European Communities v SGL Carbon AG, Case C-301/04 P, § 402; Mannesmannröhren-Werke v Commission, Case T-112/98, §§ 66-67. Cf. also Nehl (2014), p. 1293. 491  Affirming that competition law represents a “privileged field” for reconstructing the framework of defence safeguards in the EU, Allegrezza (2017), p. 953. 492  In this sense, also the Commission’s prerogative to fine undertakings for non-cooperating conducts could likely be increasingly undermined and challenged by national parties in the next future, see, e.g., Slater et al. (2008); cf. also Sects. 6.2 and 6.3.5. 493  Cf. above Sect. 6.3. 490

260

6  The Hybrid Nature of Banking Supervision

amount of guarantees under the CJEU case-law developed in the field of competition law. Indeed, as it was previously illustrated, the jurisprudence of the Court of Justice on the matter is not exclusively referred to legal persons.494 The subjective scope of the privilege against self-incrimination represents another critical issue in the analysis of the SSM sanctioning proceedings under Article 6(1) ECHR and Article 48 CFREU, especially for the possibility of sanctioning legal entities under Regulation 2532/98 in case of failure to comply with an ECB information request. In fact, against the broad wording of Article 48 CFREU (“everyone”), and the ambiguous reference illustrated above, of Recitals (13) to (15) Directive 2016/343, to the evolving jurisprudence of the European Courts, the exclusion of legal persons from the scope of the privilege does not appear justified. This is even more true looking at the case-law of the Court in Strasbourg, whose interpretation, according to Recital (14) should not be prejudiced by the Directive, and that, as discussed above, has already, and repeatedly decided in favour of the recognition of fair trial rights also towards legal persons.495 Critical profiles in the SSM investigating proceedings emerge also with regard to natural persons listed under Article 10(1) SSM R (persons belonging to credit institutions, mixed financial holding companies, mixed-activity holding companies established in the participating Member States, or their representatives or staff), who according to paragraph (2) of the same article, and paragraph (2) of Article 11 SSM R, cannot refuse to provide the information requested. In particular, especially problematic in light of the jurisprudence of the European Courts and of Article 7(5) of Directive 2016/343, is the possibility for these subjects to be sanctioned for their refusal to provide (potentially self-incriminating) information, even though in this case the competence relies at national level. In light of the above, both with regard to natural and legal persons, the power to impose sanctions in case of mere refusal shall be interpreted and applied with extreme caution by the ECB. In particular, to comply with the right to remain silent, sanctions should never be imposed for the refusal of the requested person to provide statements, which might involve an admission of the existence of an infringement incumbent upon the ECB to prove. A similar restrictive approach, in light of the aforementioned jurisprudence of the European Courts, should be also applied with regard to requests to produce documents, avoiding to impose sanctions in case of refusal to cooperate, when there is no legal obligation for the subject required to keep such documents (e.g. documents other than accounting). This clarification appears necessary even though most of the sanctions directly applicable by the ECB (Article 18(1) SSM R) concern breaches of “quantitative” requirements (such as capital buffers, or liquidity  Cf. Jones (2012).  See above, Sect. 6.2, e.g., Menarini Diagnostics v Italy, § 44; Zegwaard & Segwaard B.V. v the Netherlands, 9.09.1998, Application no. 26493/95, §§ 34–51. The need for such a non-discriminatory approach also within the EU will certainly be accelerated in case the Union would finally access the European Convention, under which no apparent distinction is made between legal and natural persons, a process which, after the stop of the ECJ in 2012, might still be resumed. 494 495

6.3 Fair Trial Guarantees and Banking Supervision: The Right to an Independent…

261

thresholds)496: In these cases, in fact, it is likely that the investigations may be carried out exclusively requiring the supervised entity to produce information which the latter is under a general obligation to keep. Most of “qualitative” prudential requirements (e.g. concerning governance), for which it is more likely that also interviews as well as the production of documents other than accounting ones could be necessary are instead provided for by CRD IV. Hence, in case of breaches, investigations rely upon the NCAs, and not the ECB. Nonetheless, also CRR provides for additional disclosure obligations, and prescribes conducts for the management of risk. For the investigation of these breaches, examining accounting or similar documents may likely not be always sufficient. Moreover, the content of CRR is not immutable as the approval of CRR II clearly shows and it could be subject to amendment in the future, that might include also “qualitative” obligations. Lastly, “qualitative” assessments are also required in some supervisory proceedings which might end up with the application of measures characterized by a substantial criminal nature in light of the Engel criteria (such as the removal of members from the management body of credit institutions ex Article 16(2)(m SSM R)497). Also when supervisory measures cannot be classified as criminal, the need to comply with the privilege against self-incrimination shall be taken into account. Indeed, no clear distinction really exists between ordinary and sanctioning supervisory activities with regard to the right to remain silent. Information collected for “daily” supervisory tasks could then be easily used by the same ECB to apply punitive measures on a later stage. Moreover, in performing the SSM supervisory and investigating tasks, suspicious elements of a crime may emerge. In this case, examined above, the SSM has the duty, according to Article 136 SSM FR, to refer the matter to the competent NCA, which shall refer it to the national judicial authorities according to national law.498 As already mentioned, however, the Court of Justice in the 2015 case WebMindLicence conditioned the possibility of using evidence gathered in other proceedings to a double proportionality and compliance check.499 Although the principle affirmed there was referred to the case in which evidence gathered in a criminal proceeding had to be used in an administrative one, the need to comply with this test seems even more necessary in the opposite case, taking into account the stricter criteria for the admission of evidence usually established in criminal procedural law.500 Even besides for the recognition of substantial criminal nature to some sanctions, therefore, the possibility of using the information gathered by the SSM as evidence in criminal proceedings should be conditioned to its  The differentiation between “quantitative” and “qualitative” requirements is used here only to understand the practical impact of the provisions under analysis, but it does not find a specific recognition in CRR or CRD IV. 497  Cf. above Sect. 6.2. 498  Cf. above, Sect. 6.1.3, and Sect. 4.4.3. 499  Cf. WebMindLicence, Case C-419/14, §§ 75 and 82. 500  See Tesoriero (2016), p. 1540. 496

262

6  The Hybrid Nature of Banking Supervision

compliance, during the administrative investigations, with the fundamental rights of the defendant, including the privilege against self-incrimination. Both for natural and legal persons, moreover, other critical issues arise from the analysis of the SSM Regulations in light of the right to silence. First, as already discussed above under the profile of the dissemination of information,501 “compulsory” requests for information result critical also for the safeguard of professional secrecy. According to Article 10(2) SSM R, indeed, «professional secrecy provisions do not exempt» the subjects under investigations «from the duty to supply that information. Supplying that information shall not be deemed to be in breach of professional secrecy». As already mentioned, the analysis of the professional secrecy of ECB members of staff goes beyond the remit of this work, as it will require an in-depth exam of the privileges and immunities to the ECB members of staff, still in lack of specific caselaw on the matter.502 For the purposes of this analysis, focused on the privilege against self-incrimination, it shall however be reminded that the definition of the boundaries of the legal professional privilege appears problematic. Legal professional privilege does not find a specific protection under the SSM Regulations, although Recital (48) SSM R recognizes it as “a fundamental principle of Union law” in line with the importance of the principle enshrined in Article 41(2) CFREU,503 and “in accordance with the conditions laid down in the case-law of the Court of Justice”. The CJEU, however, although acknowledged in the past that this right represents an “essential corollary to the rights of the defence”,504 has more recently adopted a rather narrower interpretation. In the leading case Akzo Nobel Chemicals, indeed, the Court concluded that “legal professional privilege does not cover exchanges within a company or group with in-house lawyers”.505 Such a strict interpretation raises several issues with regard to the effectiveness of defence rights, although a limited protection of the legal professional privilege is not unheard of in the field of banking or financial supervision. In the US, for instance, both the attorney-client privilege and the work product doctrine receive a special benefit in the context of banking supervision. Indeed, according to it, disclosing information to supervisors is exceptionally not considered as a waiver to these protections (meaning that providing information to the supervisors should not generally expose the bank to the obligation of discovering that material during private litigations).506

 Cf. above, Sect. 6.1.3.  Cf. above, Sect. 6.1.3. 503  According to which in the right to good administration is included “the right of every person to have access to his or her file, while respecting the legitimate interests of confidentiality and of professional and business secrecy”. 504  Since AM & S Europe Limited v Commission of the European Communities, Case 155/79, 18.05.1982, ECLI:EU:C:1982:157, § 18 et seq. especially § 23. 505  Cf. Akzo Nobel Chemicals Ltd, Akcros Chemicals Ltd v European Commission, Council of the Bars and Law Societies of the European Union, Algemene Raad van de Nederlandse Orde van Advocaten, Association européenne des juristes d’entreprise (AEJE), American Corporate Counsel Association (ACCA), Case C-550/07 P, 14.09. 2010, ECLI:EU:C:2010:512, § 44. 506  Cf. 12 U.S.C. § 1828 (x). 501 502

6.3 Fair Trial Guarantees and Banking Supervision: The Right to an Independent…

263

Banks, moreover, can also benefit from the Bank Examination Privilege, according to which also communications between credit institutions and their supervisors are protected from disclosure duties towards third parties.507 Against this background, however, several are the flows which significantly weaken the effectiveness of all these privileges in banking supervision in the US. First, the Bank Examination Privilege is qualified, meaning it does not apply to “purely factual material” (which is sometimes broadly interpreted by the courts) and may be overridden by a court upon demonstration of “good cause”.508 Secondly, all these privileges cover only the bank, and not employees. The latter should be informed of the risk they incur while cooperating to internal investigations (according to the so-called “Upjohn wanrning”509), but distinctions of roles within the company is not always straightforward in practice. Lastly, unless the credit institution secures a specific confidentiality agreement with the supervisor, the mere existence of the privileges does not always successfully bind the regulator from disclosing the information received to third parties.510 In a context, like the EU, where some of the sanctions applicable by banking supervisors may be attributed a substantial criminal nature, however, notable compressions of defence rights could become definitely critical, considering that the Convention provides on the matter a much wider level of protection.511 Finally, the SSM Regulations do not consider at all the position of the subject (natural or legal person) who, first interviewed as a simple witness, issues statements with a self-incriminating character in the course of the interview. This situation was however repeatedly examined by the ECtHR, which for instance in the 2016 decision Ibrahim (partially overruling in appeal the 2014 decision512) considered an infringement of Article 6 ECHR using the statements so obtained as evidence, in lack of an adequate demonstration by the Government that “the overall fairness of the trial was not irretrievably prejudiced by the decision not to caution” the applicant.513 Regardless of this jurisprudence, on which the CJEU has not had a chance yet to take position, procedural rules dealing with similar situations have been already  In re Bankers Trust Co., 61 F.3d 465, 471 (6th Cir. 1995); In re Subpoena Served Upon Comptroller of Currency & Sec’y of Bd. of Governors of Fed. Reserve Sys., 967 F.2d 630, 634 (D.C. Circ. 1992). 508  Cf. Lambrakopoulos et al. (2017), p. 6 and 14 et seq. 509  Upjohn Co. v. United States, 449 U.S. 383, 394–95 (1981). 510  Cf. Lambrakopoulos et al. (2017), p. 9 et seq. 511  Under the Article 8 ECHR, see, e.g., Brito Ferrinho Bexiga Villa-Nova v. Portugal, 1.12.2015, Application no. 69436/10, § 59; Niemietz v. Germany, §§ 30–33; André and Another v. France, 24.07.2008, Application no. 18603/03, § 41; Xavier Da Silveira v. France, 21.01.2010, Application no. 43757/05, §§ 37, 42 and 48 (requiring “special procedural guarantees”, and the possibility for the lawyer to have access to “effective scrutiny” to contest them). The issue has been pointed out by Allegrezza and Voordeckers (2015), p. 154. See also Nehl (2014), p. 1301. 512  Cf. Ibrahim and others v. The UK, 16.12.2014, Applications nos. 50541/08, 50571/08, 50573/08 and 40351/09. 513  Ibrahim 2016, § 271-273; Serves v France, 20.10.1997, 82/1996/671/893, § 42. 507

264

6  The Hybrid Nature of Banking Supervision

provided for in 2013 by Article 9(2) of the OLAF Regulation, which requires that “where, in the course of an interview, evidence emerges that a witness may be a person concerned, the interview shall be ended. The procedural rules provided for […] shall immediately apply. That witness shall be informed forthwith of his rights as a person concerned and shall receive, upon request, a copy of the records of any statements made by him in the past. The Office may not use that person’s past statements against him without giving him first the opportunity to comment on those statements”.514 A similar safeguard has not been replicated in the SSM Regulations, in which the position of the declarant that becomes target of the investigations at a later stage is not supported by any specific right. Against this background, as already highlighted by scholars,515 inserting in the SSM Regulations a provisions similar to that of Article 9(2) OLAF Regulation appears necessary and appropriate, at least to impose a duty upon the proceeding officer(s) to inform not only the undertakings subject to supervisory investigations, but also the subjects who consent to be interviewed (ex Article 11(1)(d) SSM R) as third parties of their rights, including the privilege against self-incrimination, shielding them from any form of “improper” coerced admissions of responsibility. In order to keep a record of this warning, it may be useful to request the interviewee also to sign a statement acknowledging that he/she has been expressly informed on his/her rights. Lastly, taking into consideration that Joint Supervisory Teams provide the Investigating Unit with most of substantive relevant information for the investigations, it should be advisable that similar safeguards apply also in the course of their supervisory tasks (at least to those referred to “qualitative” assessments), to avoid subsequent problems in using such information as grounds to impose (substantially criminal) sanctions. After all, the necessity to notifying suspects of their rights is not coming just from the case-law of the ECtHR, but has also been recognized in the EU legal framework by Directive 2012/13/EU on the right to information in criminal proceedings, which includes the right to remain silent among the procedural rights that a suspect shall be informed about.516 Again similarly to Article 9(2) OLAF Regulation, this obligation shall be extended towards those subjects which are heard only as persons informed about the

 Cf. Article 9, Regulation No 883/2013. Interestingly, this provision applies also when the person has given his or her consent to be interviewed, as interviews carried out by OLAF are voluntary (at least for external investigations, while for internal investigations this provision shall be interpreted also taking into account Article 16 of the OLAF Guidelines on Investigation Procedures for OLAF Staff (1 October 2013) according to which “officials or other servants should also be informed that they have a duty to cooperate with the OLAF investigation”. Cf. also Guidelines on Digital Forensic Procedures for OLAF staff, referring to the leaflet wito be given to the investigated subject containing reference to his/her rights. 515  Wissink et  al. (2014), p.  114; of the same position also Allegrezza and Voordeckers (2015), p. 157. 516  Cf. Article 3, Directive 2012/13/EU. 514

6.3 Fair Trial Guarantees and Banking Supervision: The Right to an Independent…

265

matter of the investigation, as soon as evidence emerges from their statements that they might also be held responsible for breaches. If that raises potential inculpatory profiles also against the natural person interviewed (and not only for the legal person represented), the interview should be interrupted to warn the subject of the change in its legal standing. The case file would then likely be transmitted to the competent national authority, as the SSM has no competence to sanction natural persons. The abovementioned safeguards should be accordingly respected during on-site inspections too, considering that, under Article 12 SSMR and Article 143 SSM FR, the ECB may request information and oral explanations also in that circumstances. All these profiles require therefore a special attention both from the ECB and NCAs to the potential uses of the information collected, especially when it is likely to be put at the basis of a punitive decision.517

6.3.7  The Protection from Bis In Idem Finally, since relevant administrative penalties applicable by the SSM may present a substantial criminal nature, and the principle of ne bis in idem (still) applies to all sanctions a coloration pénale and (at least formally) to the related proceedings according to the Engel criteria, the compliance of the SSM sanctioning procedure with the double jeopardy clause shall also be examined. The analysis of this profile, however, collides with the great interpretative uncertainty left in Europe after the ECtHR revirement in A and B, as followed by the 2018 CJEU decisions on the same matter.518 Also in banking supervision, in fact, the overruling of the ECtHR and the restrictive interpretation to this right resulting from the interpretation of the Court of Justice, significantly risk to undermine at the very basis the possibility to grant individuals effective protection. In particular, the persistence of double-track systems in punitive contexts appears even more critical when multiple sanctions or proceedings may be applied to subjects with a great social impact, like credit institutions. Especially in this field indeed, adverse consequences (as tragically exemplified in the Arthur Anderson LLP (Enron) case519) should be carefully considered before endorsing a system towards credit institutions (and therefore, above all, shareholders and depositors) in  Cf. Bontempelli (2009) and Orlandi (1992).  For a detailed analysis of the development in the jurisprudence of the ECtHR and of the CJEU on the ne bis in idem, and its relevance in the administrative punitive matter see Chap. 2, respectively Sects. 2.3.2 and 2.3.3. 519  Cf. Sect. 2.2. Another relevant profile, which goes beyond the remit of this work, as it may represent the subject of a whole separate analysis, could concern the potential implications of ne bis in idem in the application of supervisory punitive sanctions and precautionary punitive measures applied either by national judicial authorities or by national administrative authorities (if considered to be falling under Article 6 ECHR). 517 518

266

6  The Hybrid Nature of Banking Supervision

which duplication of proceedings bears almost no limits and standards of protection are virtually unpredictable. In addition to this precarious case-law, the SSM Regulations do not foresee any specific rule or remedy to address issues related to the ne bis in idem.520 Only a few provisions in fact address the possibility of multiple proceedings, but without providing any substantial guarantees for the affected subjects. This is the case of Article 130(5) SSM FR, according to which, in case a criminal proceeding is pending against the supervised entity “in connection with the same facts”, the limitation period to impose penalties shall be suspended for the duration of the latter. Slightly different terms are instead employed in Article 4c(3)(b) Regulation 2532/98, according to which the limitation period within which the ECB may impose a sanction for the breach of one of its decisions or of a regulation relating to its supervisory tasks (Article 18(7) SSM R), can be extended in case “criminal proceedings are pending against the concerned undertaking in connection with the same facts” until the conclusion of the latter. Also in this field, therefore, as more generally noticed for all the matter of administrative punitive proceedings, the protection from bis in idem seems to have flattened out on the principle of proportionality of sanctions. This principle, explicitly mentioned by both Articles 18(3) SSM R and 2(2) and (3) Regulation 2532/98, however, does not cover also the procedural notion of ne bis in idem, that is the protection from being subject to multiple proceedings for the same illicit conduct. Only in Article 2 Regulation 2353/98, moreover, it is clearly affirmed that, in deciding the amount of a sanction to be imposed, the ECB shall consider “prior sanctions imposed by other authorities on the same undertaking and based on the same facts”. This precaution, therefore, results mandatory for the ECB, at least explicitly, only for penalties under Article 18(7), and not for those of Article 18(1).521 Against this background, several are the issues which remain currently unanswered, and for which providing solutions is to date highly speculative. In lack of ECB specific case-law on the matter by the Court of Justice, what can be already done, however, is first to identify which are the relationships between authorities relevant for the Eurozone enforcement systems (SSM, NCAs, national judicial authorities, other national administrative authorities, the CJEU) which may give rise to a risk under a ne bis in idem perspective (for instance, a violation of the double jeopardy  Under this perspective, some author has affirmed that the role of supremacy of the EU law as established in Walt Wilhelm will apply, cf. Walt Wilhelm and others v Bundeskartellamt, C-14-68, 13.02.1969, ECLI:EU:C:1969:4, in D’Ambrosio (2013), p. 81. A provision explicitly requiring to “shall refrain from imposing fines or periodic penalty payments where a prior acquittal or conviction arising from identical fact or facts which are substantially the same has already acquired the force of res judicata as the result of criminal proceedings under national law” has been explicitly introduced with regard to ESMA sanctioning powers in crowdfunding services by Article 31(11) of the Commission Proposal for a Regulation on Crowdfunding Service Providers, cit. 521  See also D’Ambrosio (2017), pp.  1037–1038, underlying how the SSM Regulation does not provide for any safeguard clause to reduce the amount of the sanctions potentially imposable in light of the proportionality principle. 520

6.3 Fair Trial Guarantees and Banking Supervision: The Right to an Independent…

267

clause is not foreseeable between the CJEU and national courts, besides for the extremely unlikely hypothesis in which both would declare competent for to adjudicate on acts issued under Article 9(1) SSM R). In the current legal framework, as reconstructed in the analysis carried out so far, they can be grouped as those among: (i) The SSM and national judicial authorities; (ii) the NCAs and national judicial authorities; (iii) the SSM and the NCAs; and (iv) the SSM or the NCA and other relevant administrative national courts (e.g. in tax or financial law). Two further potentially critical profiles of ne bis in idem are also here examined, respectively originated (v) within the same SSM, or (vi) by the difficulty in identifying precisely who is the subject that should be held liable for prudential breaches. Of course, further relationships could emerge in practice following the development of the supervisory activities both at the national and at EU level. Scenario (i)—SSM and National Judicial Authorities In case breaches of prudential requirements committed by banks are also representing criminal offences at national level,522 two are the main factual scenarios that could be covered by this first hypothesis. 1. The case of the ECB directly imposing punitive sanctions/starting a sanctioning procedure under Article 18(1) or (7) SSM R, for a breach that is also considered a criminal offence in national law.—This represent the situation with the highest risk of originating violations of the principle of ne bis in idem, since credit institutions could be charged under two different forms of punitive liability for the same conduct: At the EU level by the SSM (with punitive administrative sanctions), and at the national level, by a national court, under the applicable criminal law. To this case, therefore, it is necessary to apply all the considerations illustrated in Chap. 2 with regard to the uncertain current legitimacy of parallel proceedings, and more in general of all double-track systems. In light of the current case-law, in fact, the duplication of criminal and administrative proceedings originated from the same fact are considered legitimate by the Court of Justice, as long as they present a sufficiently closely connection in substance; pursue an objective of general interest that justifies such a duplication; contain rules ensuring coordination which limit to what is strictly necessary the additional disadvantage for the persons concerned; and provide for rules making it possible to ensure that the severity of all of the penalties imposed is limited to what is strictly necessary in relation to the seriousness of the offence concerned.523 In this sense, it is necessary to recall that, contrary to other fields of law (such as the protection of the EU financial interests, or the regulation of credit rating agen522 523

 Cf. Lasagni and Rodopoulos (2019).  Cf., e.g., Menci, Case C-524/15, § 63; see also Sects. 2.3.2 and 2.3.3.

268

6  The Hybrid Nature of Banking Supervision

cies), the power of the ECB to impose sanctions is not assisted by safeguard clauses which impose to take into account sanctions already ordered under a different proceeding besides for the case of Article 18(7) SSM R, or to suspend the administrative proceeding in case a criminal one is carried out.524 It seems, therefore, that not even under the mild conditions currently required by the European Courts, to recognize a violation of ne bis in idem, it is possible to exclude potential violations to Article 50 CFREU in the SSM enforcement system. To this aim, however, it shall also be reminded that—at present—potential violations of ne bis in idem could emerge under this profile only for those States where forms of criminal liability for legal entities have been established.525 Only subject to a reclassification of hybrid or administrative forms of liability under the Engel case-law, it might indeed be possible to extend this consideration also to those States where sanctions for legal entities are not formally criminal. 2. The case of the SSM directly imposing punitive supervisory measures/ starting punitive proceedings to apply punitive supervisory measures for a breach that is also considered a criminal offence in national law.—This situation could be assimilated to the previous one; nonetheless, it is useful to examine separately it as the punitive nature of the supervisory measures provided for by Articles 14 and 16 appears more uncertain than that of those of Article 18 SSM R.526 If, however, measures such as the removal of members from the management body of credit institutions, and the withdrawal of a banking licence will be confirmed as substantially punitive in future case-law, even only in certain circumstances,527 the same considerations illustrated in point 1 above shall apply. In both situations (1-2), critical appears the identification of the court before which such transnational violations of ne bis in idem should be raised. This could indeed represent a further implicit case in which the CJEU might have to extend its scope of review also over national law, with all the implications described above. However, the Court could rule on the existence of a violation to the principle, but perhaps not—at least for cases of Article 18(1) SSM R, where it lacks unlimited jurisdiction—on the amount of the penalty to be finally imposed to the supervised entity.

 The reference goes here to Article 23-sexies, § 8, Regulation (EU) No 513/2011 of 11.05. 2011 amending Regulation (EC) No 1060/2009 on credit rating agencies, and to Article 6, Council Regulation (Ec, Euratom) No 2988/95 of 18.12.1995 on the protection of the European Communities financial interests. Cf. on this issue, D’Ambrosio (2017), pp. 1038–1039; Tomkin (2014), pp. 1377–1378. 525  Cf. Sect. 2.2. 526  Cf. above, Sect. 6.2. 527  Cf., e.g., Van Bockel (2015), p. 114, highlighting how “the concurrence of the withdrawal of a license and the imposition of a fine is not necessarily problematic as long as the withdrawal of the license (and therefore not the imposition of a fine, due to its necessarily punitive nature) forms the immediate and foreseeable consequence of a decision sanctioning certain conduct”. 524

6.3 Fair Trial Guarantees and Banking Supervision: The Right to an Independent…

269

Scenario (ii)—NCAs and National Judicial Authorities This case covers the factual scenarios in which an NCA is either imposing punitive sanctions/starting a sanctioning punitive proceeding on less significant credit institutions, OR is imposing punitive sanctions/starting a sanctioning punitive proceeding on significant credit institutions following the SSM request under Article 18(5) SSM R, OR is instructed to apply a supervisory measure against a significant credit institution under Article 9 SSM R, for a breach that is also considered a criminal offence in national law. Such situations appear similar to the cases of double-track systems examined above, and clearly fall in the interpretative uncertainties opened at the national level on the matter by the ECtHR after the revirement in A and B. Considerations expressed above with regard to the existence of forms of criminal liability against legal entities shall also apply. In these cases, issues related to the ne bis in idem could not only be raised before national courts, but also to before the European Court of Human Rights, at least in those States that did ratify Protocol No. 7 to the Convention. Scenario (iii)—SSM and NCAs At least at theoretical level, this case should not originate violations of ne bis in idem, as the SSM Regulations allow only for a very limited risk of overlapping competences between the ECB and the NCAs, thanks to the “significance” criterion established by Article 6 SSM R.528 As carefully pointed out, however, “similarly to competition law, the division of tasks and competences between the ECB and the NCAs within the enforcement architecture of the SSM is not characterized by ‘hard’ legal formalism, but could be described as a system of regulated and centralized cooperation between authorities”.529 Indeed, regardless of the delegation of supervisory competences to NCAs provided for by Article 6 SSM R, it is the ECB which remains the entity responsible for the overall functioning of the system. However, contrary to competition law, penalties imposed by the SSM or the NCAs “do not supposedly reflect the impact of an infringement on affected markets, but are determined according to the subjective gain had by a bank through the infringement”, a difference which in practice should work “to limit the potential for ne bis in idem violations”.530 Therefore, if the coordination between SSM and NCAs works also in practice,531 potential violations of the double jeopardy clause under this profile should possibly  In this sense, see also Senkovic (2015), p. 101; see also above, Sect. 4.4.  Van Bockel (2015), p. 114. 530  Van Bockel (2015), p. 120; see also p. 104, where the author concludes that “the SSMR appears rather ‘ne bis in idem proof’ compared to competition law as far as the penalties of Article 18(1) are concerned”. 531  Cf. Lamandini et al (2015), p. 98, according to whom “The risk of falling within the ne bis in idem principle, however, can be further mitigated through the development not only of a coordinated investigatory practice, but also the coordinated imposition of penalties.” 528 529

270

6  The Hybrid Nature of Banking Supervision

be avoided, as there are no cases provided for by the SSM Regulations, where the ECB and the NCA are entitled to both sanction the same subject(s) for the same breach(es).  cenario (iv)—SSM or NCAs and Other Relevant Administrative National S Authorities or Courts Lastly, a potential ne bis in idem issue can be identified in the interaction between punitive penalties imposed under banking supervisory regulations—either by the SSM (under Article 14(5), 16(2) let. m), 18(1) or partially, by 18(7) SSM R) or NCAs (under Article 18(5) SSM R,532 or other applicable national law)—and other administrative punitive penalties imposed by national administrative authorities or courts. This hypothesis is of course limited to cases in which the two forms of liability originate from the same conduct committed by the same subject shall be considered substantially criminal in light of the Engel criteria. This could, for instance, be the case of punitive sanctions imposed by national authorities under resolution law (e.g. Article 110 of BRRD533), or under AML regulations for failure to comply with disclosure duties required both for banking supervision, and for resolution or AML purposes. Violation of the ne bis in idem could in these cases be raised both the Court of Justice (if the SSM is involved), or before national courts or the ECtHR (where the conflict remains at domestic level). Scenario (v)—Potentially Critical Profiles Originated Within the SSM Potential causes of non-compliance with the principle of ne bis in idem may also arise from the (unlikely) concurrent application of more supervisory punitive penalties for the same breach, and over the same legal entity, by the same SSM. This could happen, for instance, in case the ECB is exercising both its direct sanctioning powers under Article 18(1) SSM R, and its supervisory punitive powers, for instance the withdrawal of the banking licence against the same entity under Article 14(5) SSM R. Such cases, which would presumably fall under the jurisdiction of the Court of Justice, can however be avoided by the SSM both ex ante, with  an adequate organization of its internal structures and decision-making proceedings,534 and (eventually) ex post, applying the principle of proportionality in the amount of the penalty imposed in light of the case-law of the European Courts.535

 This hypothesis related to the NCAs is of course subject to the recognition of a criminal nature also to the penalties provided by the specific national law, applicable under Article 18(5) SSM R. 533  Directive 2014/59/EU of 15.05.2014, cit. 534  In this sense see, e.g., Van Bockel (2015), p. 120. 535  E.g., A and B v Norway, § 132. On the proportionality principle, cf. Caianiello (2014a), p. 143. 532

References

271

 cenario (vi)—Potentially Critical Profiles in the Identification S of the Subject Under Investigations Lastly, further critical profiles on ne bis in idem may also emerge with regard to the very targets of supervisory sanctions, that is credit institutions. While the concurrent liability of the bank and its employees and/or CEOs does not raise any double jeopardy issue, since they certainly represent different and separate subjects, a far more blurred situation is that of banking groups. In this last case, indeed, it could be possible to identify each single entity (parent or subsidiary) as a separate subject, or to consider the group as such (including therefore, the parent company holding the group) as a single liable subject. Only in the first case, it would be possible for the SSM to sanction for the same fact both the parent and one or more subsidiaries without incurring in any violation of the ne bis in idem. To solve this issue, it has been reasonably proposed to adopt for the ECB supervisory sanctioning proceedings the same rule applied in competition cases.536 There, with regard to the relations between holders of concessions belonging to the same group, the CJEU has repeatedly affirmed that “if the undertakings form an economic unit within which the subsidiary has no real freedom to determine its course of action on the market”,537 the latter cannot be treated as separate culpable subjects. If that approach would be upheld also in banking supervision, this would imply that if a sanction is imposed on a parent company, subsidiaries shall be protected under the double jeopardy clause against punishment for the same fact.

References Abbadessa G (2011) Il principio di presunzione di innocenza della CEDU: profili sostanziali. In: Manes V, Zagrebelsky V (eds) La Convenzione europea dei diritti dell’uomo nell’ordinamento penale italiano. Giuffrè, Milano, p 381 et seq Abrams RK, Taylor MW (2000) Issues in the unification of financial sector supervision, in IMF Working Paper, no. 213 Abrams RK, Taylor MW (2001) Assessing the case for unified sector supervision. Paper presented at the 2001 risk management and insurance international conference, Mimeo, New York Adams S, Parras FJ (2013) The European stability mechanism through the legal meanderings of Union’s constitutionalism: comment on Pringle. Eur Law Rev 6:848–865 Agarwal S, Lucca D, Seru A, Trebbi F (2014) Inconsistent regulators: evidence from banking. Q J Econ Adv Access 129(2):889–938 Allegrezza S (2008a) L’armonizzazione della prova penale alla luce del Trattato di Lisbona, in Cass. pen., p 3882

 In this sense, see Van Bockel (2015), p. 109.  See, e.g., Centrafarm BV and Adriaan de Peijper v Sterling Drug Inc., Case 15-74, 31.10.1974, ECLI:EU:C:1974:114, § 41; Corinne Bodson v SA Pompes funèbres des régions libérées, Case 30/87, 4.05.1988, ECLI:EU:C:1988:225, § 39.

536 537

272

6  The Hybrid Nature of Banking Supervision

Allegrezza S (2008b) La conoscenza degli atti nel processo penale fra ordinamento interno e Convenzione europea dei diritti dell’uomo. In: Balsamo A, Kostoris RE (eds) Giurisprudenza europea e processo penale italiano. Giappichelli, Torino, p 143 et seq Allegrezza S (2017) Commento all’art. 48. In: Mastroianni R, Pollicino O, Allegrezza S, Pappalardo F, Razzolini O (eds) Carta dei diritti fondamentali dell’Unione europea. Giuffrè, Milano, p 946 Allegrezza S (ed) (2019) The enforcement dimension of the single supervisory mechanism (SSM). The interplay between administrative and criminal law. CEDAM, Milano Allegrezza S, Rodopoulos I (2017) Interactions between administrative and criminal law in the context of the enforcement of bank prudential regulations. In: Franssen V, Ligeti K (eds) Challenges in the field of economic and financial crime in Europe and the US. Hart Publishing, Oxford, pp 233–264 Allegrezza S, Voordeckers O (2015) Investigative and sanctioning powers of the ECB in the framework of the single supervisory mechanism. Mapping the complexity of a new enforcement model. EUCRIM 4:151 Amato G (1967) Individuo e autorità nella disciplina della libertà personale. Giuffrè, Milano Amodio E (1974) Diritto al silenzio o dovere di collaborazione?, in Riv. dir. proc., p 408 Anagnostopoulos IG (2014) The right of access to a lawyer in Europe: a long road ahead? EuCLR 4:3 Andenæs M (2015) The ECB and NCA liability within the single supervisory mechanism: foreword. In: Quad. Ricerca Giuridica, Banca d’Italia, 78, January 2015, pp 3–6 Andreangeli A (2008) EU competition enforcement and human rights. Edward Elgar, Cheltenham Antoniazzi S (2013) La Banca centrale europea tra politica monetaria e vigilanza bancaria. Giappichelli, Torino Antoniazzi S (2015) The ECB’s banking supervision and European administrative integration: organisation, procedures and legal acts. Ital J Public Law 2:318–369 Arons TMC (2015) Judicial protection of supervised credit institutions in the European Banking Union. In: Busch D, Ferrarini G (eds) European Banking Union. Oxford University Press, Oxford, p 469 et seq Ashworth A (2008) Self-incrimination in European human rights law: a pregnant pragmatism. Cardozo Law Rev 30(3):751–774 Athanassiou P (2011) Financial sector supervisors’ accountability: a European perspective, in ECB Legal Working Paper Series, 12 August 2011 Balsamo A (2015) Il contenuto dei diritti fondamentali. In: Kostoris RE (ed) Manuale di procedura penale europea, 2nd edn. Giuffrè, Milano, p 109 et seq Balsamo A (2018) The content of fundamental rights. In: Kostoris RE (ed) Handbook of European criminal procedure. Springer, Cham, p 99 et seq Barth JR, Nolle DE, Phumiwasana T, Yago G (2002) A cross-country analysis of the bank supervisory framework and bank performance, in OCC economic and policy analysis working paper 2002-2, September 2002 Barth JR, Caprio G, Nolle DE (2004) Comparative international characteristics of banking, in OCC economics working paper 2004-1 Baughman SB (2011) Restoring the presumption of innocence. Ohio State Law J 72(4):768 BCBS (2012) Core principles for effective banking supervision, September 2012. https://www.bis. org/publ/bcbs230.htm. Accessed 16 July 2018 Belluta H (2018) L’ente incolpato. Diritti fondamentali e “processo 231”. Giappichelli, Torino Black J (2002) Critical reflections on regulation. Centre for Analysis of Risk and Regulation at the London School of Economics and Political Science, London Black J (2005) Proceduralisation and polycentric regulation, Especial 1 DIREITO GV L.  REv, p 99 Black J (2008) Forms and paradoxes of principles based regulation. LSE Law, Society and Economy Working Papers 13/2008 Black J (2010) The rise, fall and fate of priniciple based regulation. LSE Law, Society and Economy Working Papers 17/2010

References

273

Black J (2012) Paradoxes and failures: ‘New Governance’ techniques and the financial crisis. Mod Law Rev 75(6):1037–1063 Black J (2013) Seeing, knowing, and regulating financial markets: moving the cognitive framework from the economic to the social. LSE Law, Society and Economy Working Papers 24/2013 Bohlander M (2012) Principles of German criminal procedure. Hart Publishing, Oxford Bontempelli M (2009) L’accertamento amministrativo nel sistema processuale penale. Giuffrè, Milano Brescia Morra C (2016) The administrative and judicial review of decisions of the ECB in the supervisory field, in AA.VV., Scritti sull’Unione Bancaria, in Quad. Ricerca Giuridica, Banca d’Italia, 81:105 Brescia Morra C, Smits R, Magliari A (2017) The administrative board of review of the European Central Bank: experience after 2 years. Eur Bus Org Law Rev 18:567–589 Briault C (1999) The rationale for a single national financial services regulator, in Financial services authority occasional paper, series 2 Brodowski D (2011) Judicial cooperation between the EU and non-member states. New J Eur Crim Law 2(1):21–44 Bronckers M, Vallery A (2011) No longer presumed guilty? The impact of fundamental rights on certain dogmas of EU competition law. World Compet 4:535 Bubula FA (2013) La Direttiva 2013/48/UE sul diritto al difensore e a comunicare con terzi e autorità consolari in caso di privazione della libertà personale. Alcune note a prima lettura, in Dir. pen. cont., 29 novembre 2013 Caianiello M (2014a) Il principio di proporzionalità nel processo penale, in Riv. Trim. Dir. pen. cont., 3-4:143 Caianiello M (2014b) To sanction (or not to sanction) procedural flaws at EU level? A step forward in the creation of an EU criminal process. Eur J Crime Crim Law Crim Justice 22(4):317 Caianiello M (2017) Commento all’art. 47 (in materia penale). In: Mastroianni R, Pollicino O, Allegrezza S, Pappalardo F, Razzolini O (eds) Carta dei diritti fondamentali dell’Unione europea. Giuffrè, Milano, p 902 Caianiello M (2019) Access to and limits on Evidence Dossiers in civil law systems. In: Brown DK, Turner JI, Weisser B (eds) The Oxford handbook of criminal process. Oxford University Press, New York Caianiello M, Di Pietro A (eds) (2016) Indagini penali e amministrative in materia di frodi IVA e doganali. L’impatto dell’European Investigation Order sulla cooperazione transnazionale. Cacucci, Bari Calzado JR, De Stefano G (2012) Rights of defence in cartel proceeding. Some ideas for manageable improvements. In: Cardonnel P, Rosas A, Wahl N (eds) Constitutionalising the EU judicial system. Essay in Honour of Pernilla Lindh. Hart Publishing, Oxford, pp 423–427 Camaldo L (2016) Presunzione di innocenza e diritto di partecipare al giudizio: due garanzie fondamentali del giusto processo in un’unica Direttiva dell’Unione europea, in Dir. pen. cont., 23 marzo 2016 Canestrini N (2016) La direttiva sul rafforzamento di alcuni aspetti della presunzione di innocenza e del diritti di presenziare al processo nei procedimenti penali, in Cass. pen., p 2224 Cape E, Hodgson J (2014) The right to access to a lawyer at police stations. Making the European Union directive work in practice. New J Eur Crim Law 5(4):450 Cape E, Namoradze N, Smith R, Spronken T (2010) Effective criminal defence in Europe. Intersentia, Cambridge Cappiello S (2015) The EBA and the Banking Union. Eur Bus Org Law Rev 16:421–437 Castellano GG, Jeunemaitre A, Lange B (2012) Reforming European union financial regulation: thinking through governance models. Eur Bus Law Rev 23:409–414 Castillo De La Torre F (2009) Evidence, proof and judicial review in cartel cases. World Compet 4:505 Caterini M (2015) Dalla presunta innocenza dell’imputato alla presunta efficienza del sistema penale. Politica del diritto 1:13

274

6  The Hybrid Nature of Banking Supervision

Centamore G (2016) Il diritto al difensore nel procedimenti di esecuzione del mandato d’arresto europeo nella direttiva 2013/48/UE: osservazioni generali e aspetti problematici, in Dir. pen. cont., 14 gennaio 2016 Chenal R, Tamietti A (2012) sub art. 6. In: Bartole S, De Sena P, Zagrebelsky V (eds) Commentario breve alla Convenzione europea per la salvaguardia dei diritti dell’uomo e delle libertà fondamentali. CEDAM, Padova, p 172 et seq Chiavario M (2001) Diritto ad un processo equo. In: Bartole S, Conforti B, Raimondi G (eds) Commentario alla Convenzione europea per la tutela dei diritti dell’uomo e delle libertà fondamentali. CEDAM, Padova, p 154 Chirulli P, De Lucia L (2015) Specialised adjudication in EU administrative law: the Boards of Appeal of EU agencies. Eur Law Rev 6:832 Chiu IH-Y (2016) Power and accountability in the EU financial regulatory architecture: examining inter-agency relations, agency independence and accountability. In: Andenæs M, Deipenbrock G (eds) Regulating and supervising European Financial Markets. More risks than achievements. Springer, Heidelberg, p 67 et seq Ciampi S (2012) La direttiva del Parlamento e del Consiglio sul diritto all’informazione nei procedimenti penali. Note a margine della direttiva 2012/13/UE, in Dir. pen. cont., 27 June 2012 Colliard JE (2014) Monitoring the supervisors: optimal regulatory architecture in a banking union. SSRN Working Paper No. 2274164. https://papers.ssrn.com/sol3/papers. cfm?abstract_id=2274164 Consolo C (2017) Commento all’art. 47 (diritto processuale civile). In: Mastroianni R, Pollicino O, Allegrezza S, Pappalardo F, Razzolini O (eds) Carta dei diritti fondamentali dell’Unione europea. Giuffrè, Milano, p 883 et seq Covolo V (2015) L’émergence d’un droit penal en réseau. Analyse critique du système européen de lutte antifraude. Nomos, Baden-Baden Craig P (2014) sub art. 41. In: Peers S, Hervey TK, Kenner J, Ward A (eds) The EU charter of fundamental rights. Hart Publishing, Oxford, p 1069 et seq Cras S, Erbežnik A (2016) The directive on the presumption of innocence and the right to be present at trial. EUCRIM 1:25 D’Ambrosio R (2013) Due process and safeguards of the persons subject to SSM supervisory and sanctioning proceedings, in Quad. Ricerca Giuridica, Banca d’Italia, 74, dicembre 2013 D’Ambrosio R (2015) The ECB and NCA liability within the single supervisory mechanism, in in Quad. Ricerca Giuridica, Banca d’Italia, 78 D’Ambrosio R (2016) The Single Supervisory Mechanism (SSM): selected institutional aspects and liability issues. In: Andenæs M, Deipenbrock G (eds) Regulating and supervising European financial markets. More risks than achievements. Springer, Heidelberg, p 299 et seq D’Ambrosio R (2017) Commento all’art. 50. In: Mastroianni R, Pollicino O, Allegrezza S, Pappalardo F, Razzolini O (eds) Carta dei diritti fondamentali dell’Unione europea. Giuffrè, Milano, p 1031 et seq De Moor Van Vugt A (2012) Administrative sanctions in EU law. Rev Eur Adm Law 5(1):5–41. Spring 2012 Di Federico G (2013) Deusche Bahn: what the commission can and cannot do in dawn raids. J Eur Compet Law Pract 5(1):29–31 Di Federico G, Di Chiara G (1994) Cooperazione tra Stati ed assunzione della prova nel territorio straniero. Lo Scarabeo, Milano Dominioni O (1991) sub art. 27, comma 2. In: Branca G, Pizzorusso A (eds) Commentario della Costituzione. Art. 27-28. Rapporti Civili. Zanichelli, Bologna, p 194 et seq Doorenbos DR (2007) Naming & shaming, in Serie Onderneming en Recht, deel 38:88 Duijkersloot T, Karagianni A, Kraaijeveld R (2017) Political and judicial accountability in the EU shared system of banking supervision and enforcement. In: Scholten M, Luchtman M (eds) Law enforcement by EU authorities. Edward Elgar, Cheltenham, p 28 et seq Ðurðević Z (2016) The directive on the right of access to a lawyer in criminal proceedings: filling a human rights gap in the European Union legal order. In: Ðurðević Z, Karas I (eds) European

References

275

criminal procedure law in service of protection of European Union financial interests: state of play and challenges. Croatian Association of European Criminal Law, Zagreb, p 19 et seq ECB (2017) Annual Report on supervisory activities 2016, March 2017. https://www.bankingsupervision.europa.eu/press/publications/annual-report/pdf/ssm.ar2016.en.pdf?a679777c56323e d778fc4734ee3667fb. Accessed 16 July 2018 ECB (2018) Annual Report on supervisory activities 2017, March 2018. https://www.bankingsupervision.europa.eu/press/publications/annual-report/pdf/ssm.ar2017.en.pdf?63a120afab30be 18171c083089709229. Accessed 16 July 2018 ECB (2019) Annual report on supervisory activities 2018, 21 March 2019. https://www.bankingsupervision.europa.eu/press/publications/annual-report/html/ssm.ar2018~927cb99de4. en.html. Accessed 3 June 2019 ECB Monthly Bulletin (2012) Comparing the recent financial crisis in the United States and the Euro Area with the experience of Japan in the 1990s, May 2012 ECJ (2016) Annual Report 2016. Judicial activity. https://curia.europa.eu/jcms/upload/docs/application/pdf/2017-03/ra_jur_2016_en_web.pdf. Accessed 16 July 2018 Elderson F, Weenink H (2003) The European Central Bank redefined? A landmark judgment of the European Court of Justice. Euredia:273–301 European Commission (2012) Antitrust manual of procedure. http://ec.europa.eu/competition/ antitrust/antitrust_manproc_3_2012_en.pdf. Accessed 16 July 2018 European Court of Auditors (2016) Special Report No. 29, Single supervisory mechanism - good start but further improvements needed, 18 November 2016 Ferguson C (written by) (2010) Inside job  - transcript, Sony Pictures, September 2010. https:// www.sonyclassics.com/awards-information/insidejob_screenplay.pdf. Accessed 17 July 2018 Fernandez-Bollo É (2015) Coexistence of national and European Regulations with regard to the Ne Bis In Idem principle. In ECB Legal Conference 2015. From Monetary Union to Banking Union, on the way to Capital Markets Union. New opportunities for European integration, 1–2 September 2015. https://publications.europa.eu/en/publication-detail/-/publication/5b46b7803703-11e7-a08e-01aa75ed71a1/language-en. Accessed 16 July 2018, p 143 Ferran E (2012a) Understanding the new institutional acrhitecture of EU financial market supervision. In: Wymeersch E, Hopt KJ, Ferrarini G (eds) Financial regulation and supervision. A post-crisis analysis. Oxford University Press, Oxford, p 111 et seq Ferran E (2012b) Crisis-driven regulatory reform: where in the world is the EU going? In: Ferran E, Moloney N, Hill JG, Coffee JC Jr (eds) The regulatory aftermath of the global financial crisis. Cambridge University Press, New York, p 1 et seq Ferrua P (2015) La prova nel processo penale. Volume I. Struttura e procedimento. Giappichelli, Torino FinCEN (2014) News Release, J.P. Morgan Admits Violation of the Bank Secrecy Act for Failed Madoff Oversight; Fined $461 Million by FinCEN. January 7th 2014. https://www.fincen.gov/ news/news-releases/jpmorgan-admits-violation-bank-secrecy-act-failed-madoff-oversightfined-461. Accessed 16 July 2018 Flore D (2014) Droit Pénal Européen. Les enjeux d’une justice pénale européenne. Larcier, Bruxelles FSOC (2011) 2011 Annual Report, October 2012. https://www.treasury.gov/initiatives/fsoc/ Documents/2012%20Annual%20Report.pdf. Accessed 16 July 2018 Garofoli V (1998) Presunzione d’innocenza e considerazione di non colpevolezza. La fungibilità delle due formulazioni, in Riv. it. dir. proc. pen., p 1168 Gialuz M (2008) sub art. 27, comma 2. In: Beartole S, Bin R (eds) Commentario breve alla Costituzione, 2nd edn. CEDAM, Padova, p 273 et seq Gialuz M (2014) L’assistenza linguistica nella prassi giudiziaria e la difficile attuazione della Direttiva 2010/64/UE. In: Falbo C, Viezzi M (eds) Traduzione e interpretazione per la società e le istituzioni. EUT Edizioni Università di Trieste, Trieste Giddy IH (1994) Who should be the banking supervisors. Paper presented at the Seminar on Current Legal Issues Affecting Central Banks, IMF, May 10, 1994

276

6  The Hybrid Nature of Banking Supervision

Gless S (2013) Transnational cooperation in criminal matters and the guarantee of a fair trial: approaches to a general principle. Utrecht Law Rev 9:90–108 Goldstein T (1979) In rare attack, Justice Marshall says Court Erred, in NYT, May 28, 1979 Goodhart C (2000) The organisational structure of banking supervision. In: FSI Occasional Papers, no 1, November 2000, 10, 25 Goodhart C (2002) The organizational structure of banking supervision. Econ Notes 31(1):1–32, draft paper, Financial Markets Group, London School of Economics, London Goodhart C, Schoenmaker D (1993) Institutional separation between supervisory and monetary agencies, in Special Paper No. 52, London School of Economics Financial Markets Group, London Goodhart C, Schoenmaker D (1995) Should the functions of monetary policy and banking supervision be separated? Oxford Econ Papers 47:539–560 Gortsos CV (2016) The role of the European Banking Authority (EBA) after the establishment of the Single Supervisory Mechanism (SSM). In: Andenæs M, Deipenbrock G (eds) Regulating and supervising European financial markets. More risks than achievements. Springer, Heidelberg, p 277 et seq Granner G, Raschauer N (2014) Unschuldsvermutung und Verteidigungsrechte. In: Holoubek M, Lienbacher G (eds) GRC Kommentar. Charta der Grundrechte der Europäischen Union. Manz, Wien, p 655 et seq Grevi V (1972) Nemo tenetur se detegere: interrogatorio dell'imputato e diritto al silenzio nel penale italiano. Giuffrè, Milano Grevi V (1976) Libertà personale dell’imputato e costituzione. Giuffrè, Milano Harris DJ, O’Boyle M, Beates EP, Buckley M (2014) Law of the European Convention on Human Rights, 3rd edn. Oxford University Press, Oxford Haubrich JG (1996) Combining bank supervision and monetary policy, in Economic Commentary, Federal Reserve Bank of Cleveland, November, 1996 Helmholz HR, Gray CM, Langbein JH, Moglen E, Smitz HE, Alschuler AW (1997) The privilege against self-incrimination: its origins and development. University of Chicago Press, Chicago House of Lords (2013) European Union Committee, Workload of the Court of Justice of the European Union: Follow-Up Report, 29 April 2013, London Illuminati G (1979) La presunzione d’innocenza dell'imputato. Zanichelli, Bologna Illuminati G (1991) (voce) Presunzione di non colpevolezza. Enc giur Treccani XXIV:22 et seq International Monetary Fund (2001) International capital markets, August 2001. https://www.imf. org/external/pubs/ft/icm/2001/01/eng/index.htm. Accessed 17 July 2018 Ioannidou VP (2002) Does monetary policy affect the Central Bank’s role in bank supervision. Paper presented at the 38th Annual Conference on Bank Structure and Competition, Federal Reserve Bank of Chicago, May 8–10 2002 Jackson H (2007) Variations in the intensity of financial regulation: preliminary evidence and potential implications. Yale J Regul 24:253 Jones A (2012) The boundaries of an undertaking in EU competition law. Eur Compet J 8(2):301–331 Jones A, Sufrin B (2016) EU competition law. Text, cases, and materials, 6th edn. Oxford University Press, Oxford Kane EJ (1984) Regulatory structure in futures markets: jurisdictional competition between the SEC, the CFTC, and other agencies. J Futur Mark 4:367–384 Kane EJ (1996) De Jure Interstate Banking: why only now? J Money Credit Banking 28:141–161 Kern A (2016) The ECB and banking supervision: does single supervisory mechanism provide an effective regulatory framework? In: Andenæs M, Deipenbrock G (eds) Regulating and supervising European financial markets. More risks than achievements. Springer, Heidelberg, p 253 et seq Klip A, Vervaele JAE (2002) European cooperation between tax, customs and judicial authorities: the Netherlands, England, and Wales, France and Germany. Kluwer Law International, The Hague

References

277

Kornezov A (2016) The application of national law by the ECB – a maze of (un)answered questions. In ECB Legal Conference 2016. 6–7 October 2016. https://www.ecb.europa.eu/pub/pdf/ other/escblegalconference2016_201702.en.pdf. Accessed 16 July 2018, p 270 Kostoris RE (2017) Manuale di procedura penale europea, 2nd edn. Giuffrè, Milano Kupiec PH, White AP (1996) Regulatory competition and the efficiency of alternative derivative product margining systems, finance and economics discussion series, in Board of Governors of the Federal Reserve System, no 96-11, June 1996 Lamandini M (2015) Limitations on supervisory powers based upon fundamental rights and SSM distribution of enforcement competences. In ECB Legal Conference 2015. From Monetary Union to Banking Union, on the way to Capital Markets Union. New opportunities for European integration, 1–2 September 2015. https://publications.europa.eu/en/publicationdetail/-/publication/5b46b780-3703-11e7-a08e-01aa75ed71a1/language-en. Accessed 16 July 2018, p 121 Lamandini M, Ramos Muñoz D, Solana Alvarez J (2015) Depicting the limits to the SSM’s supervisory powers: the role of constitutional mandates and of fundamental rights’s protection, in Quad. Ricerca Giuridica, Banca d’Italia, p 79 Lamberigts S (2016a) The directive on the presumption of innocence. A missed opportunity for legal persons? EUCRIM 1:36 Lamberigts S (2016b) The presumption of innocence (and the Right to be Present at Trial) directive, in European Law Blog, 3 May 2016. https://europeanlawblog.eu/2016/05/03/the-presumption-of-innocence-and-the-right-to-be-present-at-trial-directive/. Accessed 17 July 2018 Lambrakopoulos SE, Baker NA, Flinn ME (2017) Satisfying the banking regulators’ “Right to Know” while maintaining confidentiality of privileged material: the privileges and protections available to banking institutions. J Tax Regul Financ Inst 30(3):5–15 Lasagni G (2019) Investigatory, supervisory and sanctioning powers within the SSM. In: Allegrezza S (ed) The enforcement dimension of the single supervisory mechanism (SSM). The interplay between administrative and criminal law. CEDAM, Milano Lasagni G, Rodopoulos I (2019) Comparative study. In: Allegrezza S (ed) The enforcement dimension of the single supervisory mechanism (SSM). The interplay between administrative and criminal law. CEDAM, Milano Lenaerts K, Maselis I, Gutman K (eds) (2014) EU procedural law. OUP, Oxford Levitt M (1997) Access to the file: the Commission’s Administrative Procedures in Cases under Articles 85 and 86. Common Mark Law Rev:1424 Ligeti K, Robinson G (2017) Transversal report on judicial protection. In: Luchtman M, Vervaele JAE (eds) (2017) Report. Investigatory powers and procedural safeguards: Improving OLAF’s legislative framework through a comparison with other EU law enforcement authorities (ECN/ ESMA/ECB). https://dspace.library.uu.nl/handle/1874/352061. Accessed 15 July 2018, p 219 Lippke RL (2016) Taming the presumption of innocence. Oxford Scholarship Online, Oxford Llewellyn DT (1999) Introduction: the institutional structure of regulatory agencies. In: Courtis N (ed) How countries supervise their banks, insurers, and securities markets. Central Bank Publications, London, pp xi–xix Looseveld S (2013a) Appeals against decisions of the European supervisory authorities. J Int Bank Law Regul 1:9–13 Looseveld S (2013b) The ECB’s investigatory and sanctioning powers under the future single supervisory mechanism. J Int Bank Law Regul 1:422–425 Lupária L (2017) Commento all’art. 48. In: Mastroianni R, Pollicino O, Allegrezza S, Pappalardo F, Razzolini O (eds) Carta dei diritti fondamentali dell’Unione europea. Giuffrè, Milano, p 913 et seq Magliari A (2015) Il Single Supervisory Mechanism e l’applicazione dei diritti nazionali da parte della banca centrale europea, in Riv. Ital. Dir. Pubbl. Comunitario, Anno XXV Fasc. 5:1349–1379 Manacorda S (2013) Dalle Carte dei diritti a un diritto penale à la carte. Note a margine delle sentenze Fransson e Melloni della Corte di Giustizia, in Riv. Trim. Dir. pen. cont., 3:242

278

6  The Hybrid Nature of Banking Supervision

Manes V (2012) sub art. 7 § 1. In: Bartole S, De Sena P, Zagrebelsky V (eds) Commentario breve alla Convenzione europea per la salvaguardia dei diritti dell’uomo e delle libertà fondamentali. CEDAM, Padova, p 258 et seq Mangiaracina A (2004) Verso nuove forme di cooperazione giudiziaria, in Cass. pen., p 2194 Mangiaracina A (2010) Garanzie partecipative e giudizio in absentia. Giappichelli, Torino Marzaduri E (2010) Considerazioni sul significato dell’art. 27, comma 2, Cost.: regola di trattamento e regola di giudizio. In: Dinacci FR (ed) Processo penale e costituzione. Giuffrè, Milano, p 308 et seq Masciandaro D, Nieto MJ (2014) Governance of the single supervisory mechanism: some reflections. BAFFI Center Research Paper Series No. 2014-149 Mastroianni R, Pezza A (2014) Access of individuals to the European court of justice of The European Union under the new text of Article 263, para 4, TFEU, in Riv. it. dir. pub. comunitario, 5:947 Mazza O (2014) Presunzione d’innocenza e diritto di difesa, in Dir. pen. e proc., p 1401 Meister E (2019) How should regulatory and supervisory responsibilities be shared among the National Functional Regulators?, lecture held at the Multinational Banking Seminar, New York, June 9, 2001. https://www.bis.org/review/r010613d.pdf. Accessed 17 July 2018 Melícias MJ (2012) “Did They Do It?” The interplay between the standard of proof and the presumption of innocence in EU cartel investigation. World Compet 3:471 Mitsilegas V (2016) EU criminal law after Lisbon. Rights, trust and the transformation of justice in Europe. Hart Publishing, Oxford Moloney N (2012a) Supervision in the wake of the financial crisis: achieving effective “Law in Action”  – a challenge for the EU.  In: Wymeersch E, Hopt KJ, Ferrarini G (eds) Financial regulation and supervision. A post-crisis analysis. Oxford University Press, Oxford, p 71 et seq Moloney N (2012b) The legacy effect of the financial crisis on regulatory design in the EU. In: Ferran E, Moloney N, Hill JG, Coffee JC Jr (eds) The regulatory aftermath of the global financial crisis. Cambridge University Press, New York, p 111 et seq Mosna A (2017) Commento all’art. 48. In: Mastroianni R, Pollicino O, Allegrezza S, Pappalardo F, Razzolini O (eds) Carta dei diritti fondamentali dell’Unione europea. Giuffrè, Milano, p 957 et seq Myers RE II (2011) Complex time don’t call for complex crimes. NCL Rev 89:1849 Negri D (2015) Il processo nei confronti dell’imputato “assente” al tortuoso crocevia tra svolgimento e sospensione. In: Daniele M, Paulesu PP (eds) Strategie di deflazione penale e rimodulazioni del giudizio in absentia. Giappichelli, Torino, p 197 et seq Nehl HP (2014) sub art. 48 (Administrative Law). In: Peers S, Hervey TK, Kenner J, Ward A (eds) The EU charter of fundamental rights. Hart Publishing, Oxford, p 1277 et seq Neruda R, Barinka R (2015) Delta Pekarny v Czech Republic: European court of human rights on dawn raids and prior judicial national authorization. J Eur Compet Law Pract 6(6):411–413 O’Boyle M (2000) Freedom from self-incrimination and the right to silence: a Pandora’s Box? In: Mahoney P, Matscher F, Petzold H, Wildhaber L (eds) Protecting human rights: the European perspective, studies in memory of Rolv Ryssdal. Carl Heymans, Cologne, p 1021 et seq O’Connel D (2006) sub art. 48. In: AA.VV (ed) Commentary of the Charter of fundamental rights of the European Union. EU Network of Independent Experts on Fundamental Rights, Bruxellses, p 372 et seq OCC (2008) A guide to the National Banking System, April 2008. https://www.occ.treas.gov/publications/publications-by-type/other-publications-reports/nbguide.pdf. Accessed 17 July 2018 Oliver P (2015) Companies and their fundamental rights: a comparative perspective. Int Comp Law Q 64:685 Onado M (1997) L’evoluzione della vigilanza in campo finanziario: dalla ripartizione per soggetti alla ripartizione per finalità, in Diritto ed economia, p 145 Orlandi R (1992) Atti e informazioni della autorità amministrativa nel processo penale. Contributo allo studio delle prove extracostituite. Giuffrè, Milano

References

279

Padoa Schioppa T (2002) EU structures for financial regulation, supervision and stability, Brussels, ECB Speech, 10 July 2002. https://www.ecb.europa.eu/press/key/date/2002/html/sp020710. en.html. Accessed 8 Apr 2019 Panzavolta M (2013) Choice of forum and the lawful judge concept. In: Luchtman M (ed) Choice of forum in cooperation against EU financial crime. Eleven International Publishing, The Hague Paulesu PP (2009) La presunzione di non colpevolezza dell’imputato. Giappichelli, Torino Pech L (2014) sub Article 47. In: Peers S, Hervey TK, Kenner J, Ward A (eds) The EU charter of fundamental rights. Hart Publishing, Oxford, p 1250 et seq Pfaeltzer JJW (2014) Naming and shaming in financial market regulations: a violation of the presumption of innocence? Utrecht Law Rev 10(1):134–148 Piva P (2017) Commento all’art. 41. In: Mastroianni R, Pollicino O, Allegrezza S, Pappalardo F, Razzolini O (eds) Carta dei diritti fondamentali dell’Unione europea. Giuffrè, Milano, p 754 et seq Pulitanò D (1999) Nemo tenetur se detegere: quali profili di diritto sostanziale?, in Riv. it. dir. e proc. pen., p 1271 Quattrocolo S (2015) The right to information in EU legislation. In: Ruggeri S (ed) Human rights in European criminal law new developments in European legislation and case law after the Lisbon Treaty. Springer, Heidelberg, p 85 et seq Quintard-Morénas F (2010) The presumption of innocence in the French and Anglo-American legal traditions. Am J Comp Law LVIII(1):107–150 Rabinovici I (2012) The right to be heard in the charter of fundamental rights of the European Union. Eur Public Law 18(1):149–173 Rafaraci T (2007) Lo spazio di libertà, sicurezza e giustizia nel crogiuolo della costruzione europea. In: Rafaraci T (ed) L’Area di Libertà, Sicurezza e Giustizia: alla ricerca di un equilibrio fra priorità repressive ed esigenze di garanzia. Giuffrè, Milano, p 5 et seq Riso AL (2014) The power of the ECB to impose sanctions in the context of the SSM, in Bančni vestnik, Letnik 63, Številka 4:32–35 Romano R (2001) The need for competition in international securities regulation, in Yale International Center for Finance. John M.  Olin Center for Studies in Law, Economics, and Public Policy Working Papers, 258 Ruggeri S (2015) Transnational prosecutions, methods of obtaining overseas evidence, human rights protection in Europe. In: Ruggeri S (ed) Human rights in European criminal law new developments in European legislation and case law after the Lisbon Treaty. Springer, Heidelberg, pp 147–197 Sarkany Z (2012) International financial supervisory convergence: how much should there be? How best to assess the appropriate level of cross border supervision and enforcement? In: SSRN. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2201439. Accessed 11 Apr 2019 Sayers D (2014) sub art. 48 (Criminal law). In: Peers S, Hervey TK, Kenner J, Ward A (eds) The EU charter of fundamental rights. Hart Publishing, Oxford, p 1303 et seq Sayers D (2015) The new directive on the presumption of innocence: protecting the “Golden Thread”, in EU Law Analysis, 15 November 2015. http://analysis1921.rssing.com/chan30137355/all_p12.html#item223. Accessed 17 July 2018 Scarparone M (1995) Obbligo di autoincriminazione del fallito, in Giur. cost., p 2182 SEC (2017) Division of enforcement, enforcement manual, Office of Chief Counsel, November 28, 2017. https://www.sec.gov/divisions/enforce/enforcementmanual.pdf. Accessed 16 July 2018 Senkovic P (2015) Introduction to Panel 3, The coexistence of National and EU Law and The Ne Bis In Idem Principle with a Focus on the Supervisory Powers of The European Central Bank. In ECB Legal Conference 2015. From Monetary Union to Banking Union, on the way to Capital Markets Union. New opportunities for European integration, 1–2 September 2015. https://publications.europa.eu/en/publication-detail/-/publication/5b46b780-3703-11e7-a08e01aa75ed71a1/language-en. Accessed 16 July 2018, p 100

280

6  The Hybrid Nature of Banking Supervision

Shapiro M (1997) The problems of independent agencies in the United States and the European Union. J Eur Public Policy 4(5):276–291 Slater D, Thomas S, Waelbroeck D (2008) Proceedings before the European Commission and the right to a fair trial: no need for reform?, in Research Papers in Law, Cahiers juridiques, No 5. https://www.coleurope.eu/system/files_force/research-paper/researchpaper5_2008. pdf?download=1. Accessed 17 July 2018 Steene A (2016) Nexans, Deutsche Bahn, and the ECJ’s refusal to follow ECHR case law on dawn raids. J Eur Compet Law Pract 7(3):180–193 Stewart JB (2011) As a Watchdog Starves, Wall Street is tossed a Bone, in NYT, July 15, 2011. https://archive.nytimes.com/query.nytimes.com/gst/fullpage-9B06E5DB1E3DF935A25754C0A9679D8B63.html. Accessed 17 July 2018 Stumer A (2010) The presumption of innocence. Evidential and human rights perspectives. Hart Publishing, Oxford Symeonidou-Kastanidou E (2015) The right of access to a lawyer in criminal proceedings: the transposition of the Directive 2013/48/EU of 22 October 2013 on national legislation. EuCLR 1:68 Taylor M (1995) Twin peaks: a regulatory structure for the new century. Centre for the Study of Financial Innovation, London Ter Kuile G, Wissink L, Bovenschen W (2015) Tailor-made accountability within the single supervisory mechanism. Common Mark Law Rev 52:155–190 Tesoriero S (2016) Processo penale e prova multidisciplinare europea in materia di illeciti finanziari, in Riv. dir. proc., Novembre-Dicembre 2016, Anno LXXI (Seconda Serie) N. 6:1526–1547 Tomkin J (2014) sub Article 50. In: Peers S, Hervey TK, Kenner J, Ward A (eds) The EU charter of fundamental rights. Hart Publishing, Oxford, p 1373 et seq Traverso F (1997) La circolazione probatoria, in Dir. proc. pen., p 987 Trechsel S (2005) Human rights in criminal proceedings. Oxford University Press, Oxford U.S. Department of the Treasury (2014) U.S. Department of the Treasury -FinCEN in the matter of: Number 2014-1 J.P.  Morgan Chase Bank, N.A., Columbus, OH, Assessment of Civil Money Penalty. https://www.fincen.gov/sites/default/files/enforcement_action/JPMorgan_ ASSESSMENT_01072014.pdf. Accessed 16 July 2018 U.S. Senate Permanent Subcommittee on Investigations (2010a) Wall Street and the financial crisis: the role of high risk home loan, S.Hrg. 111-671, April 13, 2010. https://catalog.princeton. edu/catalog/6432027. Accessed 16 July 2018 U.S. Senate Permanent Subcommittee on Investigations (2010b) Wall Street and the financial crisis: role of the regulators, S.Hrg. 111-672, April 16, 2010. https://catalog.princeton.edu/catalog/6432020. Accessed 16 July 2018 U.S. Senate Permanent Subcommittee on Investigations (2011) Wall Street and the financial crisis: anatomy of a financial collapse, April 13, 2011. https://www.gpo.gov/fdsys/pkg/CHRG112shrg66051/html/CHRG-112shrg66051.htm. Accessed 16 July 2018 Ubertis G (2009) Principi di procedura penale europea. Le regole del giusto processo, 2nd edn. Raffaello Cortina Editore, Milano Ubertis G (2017) Sistema di procedura penale, I. Principi generali, 4th edn. Giuffrè, Milano Van Bockel B (2015) Fundamental rights aspects of the single supervisory mechanism: differentiated standards of protection under the charter of fundamental rights of the EU. In ECB Legal Conference 2015. From Monetary Union to Banking Union, on the way to Capital Markets Union. New opportunities for European integration, 1–2 September 2015. https://publications. europa.eu/en/publication-detail/-/publication/5b46b780-3703-11e7-a08e-01aa75ed71a1/language-en. Accessed 16 July 2018, p 103 Van Dijk P (2006) Right to a fair trial and public hearing (article 6). In: van Dijk P, van Hoof F, van Rijn A, Zwaak L (eds) Theory and practice of the European Convention on Human Rights, 4th edn. Intersentia, Cambridge, pp 513–577

References

281

Van Kempen PH (2011) The recognition of legal persons in international human rights instruments: protection against and through criminal justice. In: Pieth M, Ivory R (eds) Corporate criminal liability – emergence, convergence and risk. Springer, Dordrecht, p 373 Van Overbeek W (1994) The right to remain silent in competition investigations: the Funke decision of the court of human rights makes revision of the ECJ’s case law necessary. Eur Compet Law Rev 15:127–133 Veenbrink M (2015) The privilege against self-incrimination in EU competition law: a deafening silence? Leg Issues Econ Integrat 42(2):119–142 Vella F (2002) Banca centrale europea, banche centrali nazionali e vigilanza bancaria: verso un nuovo assetto dei controlli nell’area euro?, in Banca, borsa, tit. cred., p 150 Vervaele JAE (2014) European criminal justice in the Post-Lisbon area of freedom, security and justice, with a prologue by G. Fornasari and D. Sartori (eds.) Quaderni della Facoltà di Giurisprudenza, Trento Vervaele JAE (2017) Jurisdictional issues in transnational multi-agency and multi-disciplinary investigations of economic and financial crimes. In: Franssen V, Ligeti K (eds) Challenges in the field of economic and financial crime in Europe and the US. Hart Publishing, Oxford, p 167 Viering M (2006) Right to a fair trial and public hearing. In: van Dijk P, van Hoof F, van Rijn A, Zwaak L (eds) Theory and practice of the European Convention on Human Rights, 4th edn. Intersentia, Cambridge, pp 578–649 Vogler R (2015) Lost in translation: language rights for defendants in European criminal proceedings. In: Ruggeri S (ed) Human rights in European criminal law new developments in European legislation and case law after the Lisbon Treaty. Springer, Heidelberg, pp 95–109 Voordeckers O (2019) Administrative and judicial review of supervisory acts and decisions under the SSM. In: Allegrezza S (ed) The enforcement dimension of the single supervisory mechanism (SSM). The interplay between administrative and criminal law. CEDAM, Milano Wall LD, Eisenbeis RA (2000) Financial regulatory structure and the resolution of conflicting goals. J Financ Serv Res 17(1):223–245 Weber RH, Arner DW, Gibson EC, Baumann S (2014) Addressing systemic risk: financial regulatory design. Tex Int’I LJ 49:149 Weigend T (2014) Assuming that the defendant is not guilty: the presumption of innocence in the German system of criminal justice. Crim Law Philos 8:285 Whalen G (2001) Key issues in consolidated supervision by the Central Bank, draft paper, Office of the Comptroller of the Currency, December 2001. Mimeo, New York Willis PR (2001) “You have the right to remain silent…”, or do you? The privilege against self-­ incrimnation following Mannesmannröhren-Werke and other recent decisions. Eur Compet Law Rev 22:313–321 Wissink L, Duijkersloot T, Widdershoven R (2014) Shifts in competences between Member States and the EU in the new supervisory system, for credit institutions and their consequences for judicial protection. Utrecht Law Rev 10(5):92 Witte A (2015) Standing and judicial review in the new EU financial markets architecture. J Financ Regul 1:226–262 Wolfers B, Voland T (2014) Level the playing field: the new supervision of credit institutions by the European Central Bank. Common Mark Law Rev 51:1463–1496 Wymeersch E (2007) The structure of financial supervision in Europe. About single, twin peaks and multiple financial supervisors. Eur Bus Organ Law Rev 8(2):237–306 Zilioli C, Selmayr M (2001) The law of the European Central Bank. Hart Publishing, Oxford Zwaak L (2006) General survey of the European Convention. In: van Dijk P, van Hoof F, van Rijn A, Zwaak L (eds) Theory and practice of the European Convention on Human Rights, 4th edn. Intersentia, Cambridge, pp 2–89

Part III

Banking Criminal Investigations

Chapter 7

Real-Time Monitoring of Banking Data: State of Play

If banking supervision in Europe stretches the boundaries of criminal investigations, defying the very definition of substantive criminal matter, and the content of the safeguards protecting the individuals’ fundamental rights, a non-less challenging element to criminal banking investigations (and to criminal proceedings in general) is represented today by the potential of real-time monitoring or surveillance investigative techniques. For the purpose of this work, the terms “real-time monitoring” and “surveillance” are used as synonyms to refer, in light of the case-law of the Court in Strasbourg,1 to the possibility of observing and recording or collecting data as soon as (or immediately after) they come into existence (as opposed to gathering already stored data). This special investigative technique, which may notably impact the private sphere of individuals and, accordingly, the fairness of criminal proceedings grounded on the information so collected, is here analysed with specific regard to banking data or records,2 although its potential extends well beyond the remit of financial crime.3 To provide a bases for the subsequent critical legal analysis and proposals, this Chapter proceeds as follows: Sect. 7.1 identifies the categories of banking investigative techniques, and illustrates how secrecy law, once possibly “the” obstacle in  Cf., e.g., Harris et al. (2014), p. 555 et seq, and the cases-law there cited. The analysis of the impact of the ECtHR jurisprudence on real-time monitoring is carried out in Chap. 8. 2  On the ambiguous definition of banking data, see below Sect. 8.1. 3  Broadly interpreted as all forms of crime which are twisting the financial system either to mainly realize illicit financial operations (e.g. money laundering, market abuse, obstruction of public procurement or grant procedures, and tax fraud), or to achieve additional illicit purposes (e.g. corruption, cybercrime, terrorist financing, or human trafficking)—in these last cases, realizing illicit financial operations is not a necessary, but only a practically frequent part of the illicit conduct. On the difficulties of defyining the sphere of “financial and economic” crimes, see Franssen and Ligeti (2017), pp. 2–3. 1

© Springer International Publishing Switzerland and G. Giappichelli Editore 2019 G. Lasagni, Banking Supervision and Criminal Investigation, Comparative, European and International Criminal Justice 1, https://doi.org/10.1007/978-3-030-12161-7_7

285

286

7  Real-Time Monitoring of Banking Data: State of Play

carrying out banking investigation, is currently relegated to a secondary factor, due to both substantial changes in criminal (and tax) policy, and the development of digital technology, which makes it easier for sealed information to be leaked. Section 7.2 illustrates the legal basis on which production orders on banking identity and past transactions, are currently carried out in the EU, in particular after the entry into force of Directive 2014/41/EU on the European Investigation Order. Section 7.3 introduces the theme of real-time monitoring or surveillance, which currently pays for the lack of adequate legal basis explaining the reasons why this measure represents now one of the most challenging frontiers in criminal investigations, especially on the front of fundamental rights’ protection, and why, in the banking and financial sector in particular, it is increasingly necessary to introduce a proper regulation on the matter. Section 7.4 briefly completes the picture on banking investigative techniques with a reference to freezing and confiscation measures, which however do not fall under the remit of this work. Section 7.5 illustrates the European legal basis dealing with surveillance on banking data or records. Taking into account the provisions available both under the Council of Europe and the European Union legal framework, and examining their limited binding value, this Section shows the extremely fragmented panorama in which some EU Member States are currently applying this intrusive investigative technique. Lastly, Sect. 7.6 presents the state of play for surveillance of banking data in the US. In particular, it reveals how forms of monitoring in real-time are daily enforced by the US Government (for instance, through so-called Hotwatch orders), even in lack of clear legal basis (and safeguards) to do so.

7.1  B  anking Investigative Techniques and the Residual Role of Bank Secrecy Law For a long time, the enforcement of banking investigative techniques, both in criminal and in administrative (tax) matters found one of its main obstacles in bank secrecy law. In recent years, however, possibly due to the fact that obtaining financial information has become a crucial element for the successful implementation of goals increasingly high ranking in the public policy of many countries, such as the fight against terrorism or (perhaps to a lower extent) the urgency to recover defrauded pecuniary amounts, awareness at the international level has considerably—although not necessarily uniformly—grown, concerning the need to allow judicial authorities to overcome such a barrier. Following this pressure, several jurisdictions with bank secrecy regulations have been urged to introduce disclosing rules at least when dealing with transnational cooperation cases. A significant dividing line in the policy approach to the issue may be identified in the 2005 review of the OECD Income and Capital Model Convention, and

7.1  Banking Investigative Techniques and the Residual Role of Bank Secrecy Law

287

p­ articularly in Article 26(5) thereto, frequently reproduced in numerous subsequent legislation, according to which in no case shall the provisions concerning confidentiality “be construed so as to impose on […] a Contracting State to decline to supply information solely because the information is held by a bank, other financial institution, nominee or person acting in an agency or a fiduciary capacity or because it relates to ownership interests in a person”.4 Even before that date, however, the European policy on bank secrecy law underwent some fundamental evolutionary steps. Already in 1990, in fact, the Council of Europe introduced the obligation on States Party not to invoke bank secrecy as a ground to refuse transnational cooperation, eventually allowing judicial authorities to lift this privilege, at least in the fight against money laundering and, since 2005, terrorist financing.5 In the EU, the necessity “to improve the cooperation programme in the field of action against organised crime, the laundering of the proceeds of criminal offences, and financial crime by abolishing barriers to criminal investigations for tax reasons” had been acknowledged since the late 2000, when the Council of the European Union explicitly stated “its position that bank secrecy in particular should not be invoked against judicial authorities”.6 In 2001, this position was implemented by Article 7 of the First Protocol to the 2000 Convention on Mutual Assistance in Criminal Matters,7 with a formulation replicated also in the Tax Recovery Directive 2010/24/EU,8 and in the Administrative Cooperation Directive 2011/16/EU.9 The latter, in particular, provided at Article 18(2) that “in no case” Member States shall be permitted to “decline to supply information solely because this information is held by a bank, other financial institution, nominee or person acting in an agency or a fiduciary capacity or because it relates to ownership interests in a person”. This provision, entered into force in 2017, was considered by many “the end of banking secrecy law” in the Union.10 At first glance, this conclusion appears contra Cf. Article 26(5), OECD (2005).  Cf. Articles 4(1) and 18(7), COE Convention on Laundering, Search, Seizure and Confiscation of the Proceeds from Crime, CETS 141, Strasbourg, 08.11.1990; and Article 7(1), COE Convention on Laundering, Search, Seizure and Confiscation of the Proceeds from Crime and on the Financing of Terrorism, CETS 198, Warsaw, 16.05.2005. 6  Conclusion no. 6, 2298th Council meeting- ECOFIN and JUSTICE and HOME AFFAIRS, Luxembourg, 17.10.2000, 200012128/00 (Presse 381). http://europa.eu/rapid/press-release_ PRES-00-381_lt.htm?locale=lt. Accessed 19 July 2018. 7  First Protocol to the 2000 Convention on Mutual Assistance in Criminal Matters, Council Act of 16.10.2001; 2001/C 326/01 (hereinafter “2001 Protocol”). See also Comment to Article 7, Explanatory report to the Protocol to the 2000 Convention on mutual assistance in criminal matters between the Member States of the European Union (Text approved by the Council on 14.10.2002). Cf. De Amicis (2002); Vernimmen-Von Tiggelen and Surano (2008). 8  Cf. Article 5, Council Directive 2010/24/EU of 16.03.2010 concerning Mutual Assistance for the recovery of claims relating to taxes, duties and other measures. Interestingly, however, a similar provision has not been included in the EIO Directive. 9  Cf. Article 18(2), Council Directive 2011/16/EU of 15.02.2011 on Administrative Cooperation in the field of Taxation, as modified by Council Directive 2014/107/EU of 9.12.2014. 10  Cf., e.g., Spiegel (2014). Especially after Luxembourg and Austria after agreed to lift their vetoes, cf., e.g., Loi du 26 mars 2014 portant transposition de l’article 8 de la directive 2011/16/UE 4 5

288

7  Real-Time Monitoring of Banking Data: State of Play

dicted by Directive 2014/41/EU on the European Investigation Order (EIO).11 Regardless of its numerous (and sometimes evident) limitations, abundantly highlighted by legal scholars, Directive 2014/41 represents to date the forefront of the EU legal framework on the matter of evidence, aiming at establishing a “single regime” for the collection and dissemination of evidence in the Union.12 Identifying the grounds which may be invoked in refusing an EIO, Article 11 of the Directive recognizes the “immunity or a privilege under the law of the executing State which makes it impossible to execute the EIO”.13 It might be then argued that “bank secrecy law”—never explicitly mentioned in the EIO Directive but possibly included in this clause is here, indirectly “revived” as a reason to refuse transnational cooperation. According to Article 34 of the same legislation, however, as from 22 May 2017 the Directive replaces (only) “the corresponding provisions” of (among other legal sources) the 2000 Convention on Mutual Legal Assistance in Criminal Matters and its protocol. Since Article 7 of the Protocol—explicitly dealing with bank secrecy law—does not find any specific correspondent in the Directive, it may then be concluded that this provision remains into force also under the new regime (at least against those few States who ratified the Protocol14). The fact that bank secrecy law is no long enforceable among Member States in the field of taxation, thanks to aforementioned Administrative Cooperation Directive, also supports this interpretation: Indeed, it would be hard to argue that this privilege, banned from the tax matter, maintains a relevant role in criminal law, where even more compelling interests are at stake.

du Conseil du 15 février 2011 relative à la coopération administrative dans le domaine fiscal et portant modification 1. de la loi du 29 mars 2013 relative à la coopération administrative dans le domaine fiscal; 2. de la loi modifiée du 4 décembre 1967 concernant l’impôt sur le revenu (Official publication: Mémorial Luxembourgeois A; Number: 44; Publication date: 2014-03-31; Page: 00510-00511) for Luxembourg. 11  Transposed by several Member States after the expiration of the related deadline, e.g. AT and ES, https://eur-lex.europa.eu/legal-content/EN/NIM/?uri=celex:32014L0041. Accessed 22 June 2019. The Directive was also transposed in the UK. 12  Cf. Recital (24) Directive 2014/41. For an analysis on the innovative character and the limits of these cooperation tool see, e.g., Armada (2015), Mangiaracina (2014), Allegrezza (2014), Bachmaier Winter (2010), and Daniele (2017), p. 418 et seq. For more literature and analysis on the EIO Directive in the panorama of EU cooperation in criminal matter, see Sect. 2.3.4. 13  Cf. Article 11(1), let. a). For the role of the EIO Directive in the general panorama of EU cooperation in criminal matter, see above Sect. 2.3.4; for its role concerning real-time monitoring, see below Sect. 7.5. 14  In particular, HR, EE, EL, IE and IT did not ratify it. http://www.consilium.europa.eu/en/documents-publications/treaties-agreements/agreement/?id=2001090. Accessed 18 July 2018.

7.1  Banking Investigative Techniques and the Residual Role of Bank Secrecy Law

289

Against this background, in the EU bank secrecy currently receives less protection than commercial, industrial or professional secrets15. A drastic reduction of the role played by bank secrecy law may be observed also in the United States, where banks are compelled under the Bank Secrecy Act to report any suspicious activity to the competent authorities (such as the OCC), under pain of civil and criminal penalties.16 This approach was further strengthened in 2010, with the approval of the Foreign Account Tax Compliance Act (FATCA); which imposed on non-US financial institutions the duty to report 124 to the Department of Treasury assets and identities of potential US national customers. In this sense, FATCA represented a powerful incentive for the EU to approve the aforementioned Administrative Cooperation Directive.17 This trend, of course, does not mean that bank secrecy law has lost all its impeding character on a global dimension, where tax havens (officially listed, or de facto) are far from being side-lined. Against the notorious Swiss case, where the extent of the privilege was substantially reduced in the last few years,18 some countries in fact still maintain, also within the same US or European jurisdictions (e.g. Delaware, or the UK Crown Dependency of Jersey, Guernsey, Isle of Man and British Virgin Islands), an extremely strict policy when it comes to disseminate financial records. Nonetheless in general terms, the growing interest at the international level in exchanging banking information has drastically changed the general perception over the right to confidentiality of financial institutions.19 A sign in this sense can be seen in the increasing use of the so-called “naming and shaming” policies against legal entities which do not comply with obligation reports and disclosure duties established both for administrative and criminal justice purposes.20 The reduction of bank secrecy law has also been strongly supported by

 Even though professional secrecy is also heavily limited in banking investigations, since, as previously illustrated, cannot be invoked by credit institutions, persons belonging to them or third parties to whom these entities have outsourced functions or activities, before the requests for information made by the Single Supervisory Mechanism; Cf. Article 10(2) SSM R; see Sect. 6.1.3, note 85; and Sect. 6.3.5 with regard to the impact on the privilege against self-incrimination. 16  31 U.S. Code § 5311 et seq., in particular §§ 5321–5322. Cf. above, Sect. 5.2. 17  P.L. 111–147. 18  Especially after 2017, when the Amending Protocol to the Agreement between the European Community and the Swiss Confederation providing for measures equivalent to those laid down in Council Directive 2003/48/EC on taxation of savings income in the form of interest payments entered into force, cf. also Hess (2012), pp. 169–173. 19  In the US, the theme is actually shifting from the right to confidentiality of financial institutions, including banks, to that of financial (and banking) regulators. That is for instance the case of requests of information from foreign third-parties (such as the ECB supervising over branches of EU banks located in the US) being rejected not because a financial institution is opposing bank secrecy, but because if that piece of information has already been shared with a US regulator, the bank is prevented from making further disclosures of the same, under threat of punishment. For the analysis of cooperation rules in the SSM legal framework, see Sect. 6.1.3; for the US supervisory system, see Sect. 6.1.2. 20  As shown by the EU banking supervisory legislation previously analysed. For a definition of “naming and shaming”, see Sect. 6.2, note 133. For this kind of sanctions in CRD IV, see Sect. 4.3, 15

290

7  Real-Time Monitoring of Banking Data: State of Play

the advent of digital technology, which made it a lot easier to collect and leak (legally or illegally) non-public information, including banking data. Clear examples of this potential may be found in the notorious scandals involving the British HSBC (where numerous cases of tax evasion and money laundering were discovered thanks to the disclosure of about 30,000 bank accounts holders by Mr. Falciani, a former employee of the bank21), or in those concerning the world’s fourth biggest provider of offshore financial services Mossack Fonseca & Co. (better known as “Panama papers”22) or, more recently, the State of Malta (the so-called “Malta-files scandal”23). To date therefore, bank secrecy does not seem anymore that insurmountable challenge to banking and financial investigations that it used to be.24 As clearly shown by the HSBC example a much more relevant obstacle to efficient transnational cooperation is today represented, by the legal uncertainty about whether, and if so, at which conditions, obtained records may be successfully used as evidence at trial.25 This assessment appears all the more difficult when records are collected through technological highly intrusive investigative techniques which, are generally highly unregulated, as it is the case of real-time monitoring. But this is not a mere problem with regard to more recent investigative techniques: in most cases the status of banking criminal investigations as such, is not clearly defined by legislature. In this sense, different approaches may be currently found in Europe. From one side, at the supranational level, banking investigative techniques tend to be recognized a certain autonomy from other criminal investigative measures in particular by the Council of Europe, and the EU. On the other side, at the national level, specific procedural rules for banking investigations are only seldom established (sometimes accompanied by specialized prosecutorial or law-enforcement bodies26). This situation seems to presist regardand in the SSM legal framework, Sect. 4.4.2. 21  For the “massive backlog of over 17,000 alerts identifying possible suspicious activity that had yet to be reviewed; ineffective methods for identifying suspicious activity; a failure to file timely Suspicious Activity Reports with U.S. law enforcement; a failure to conduct any due diligence to assess the risks of HSBC affiliates before opening correspondent accounts for them […] inadequate and unqualified AML staffing; inadequate AML resources […] severe, widespread, and longstanding AML deficiencies”, HSBC—one of the largest financial institutions in the world—has been convicted in the US, agreed to an about $ 2 billion fine, and faced a criminal proceeding in Switzerland, where it was closed in return for a £ 28 million settlement. Cf. U.S. Senate Permanent Subcommittee on Investigations (2012), p. 3; and BBC (2012). See also, among others, Carvajal and Minder (2013), M.V. (2016), and Garside (2015). 22  As revealed by The International Consortium of Investigative Journalists (ICIJ), cf. https://panamapapers.icij.org. Accessed 19 July 2018. See, e.g., Fitzgibbon (2017). 23  As revealed by European Investigative Collaborations, cf. https://eic.network/projects/maltafiles. See, e.g., Malagutti et al. (2017), and Henrichs (2017). 24  Cf. Drüen (2012), p. 80; In this sense also Panzavolta (2016), p. 370. 25  Analyzing this issue, with regard to a Luxemburgish/Belgian case, Van Hoek and Luchtman (2005). 26  Cf. Lasagni and Rodopoulos (2019, forthcoming). Franssen and Ligeti (2017), p. 7, report of the development of a specialized prosecutorial body, the National Financial Public Prosecutor; a simi-

7.2  Measures (i) and (ii): Access to Banking Information and Past Transactions

291

less of the fact that the collection and analysis of banking records have become increasingly essential components of all criminal investigations, especially in a transnational dimension, and not only for those concerning financial and economic offences.27 Against this asymmetric background, legal scholars tend to divide investigative powers allowing access to banking data into four main categories, taking into account their degree of coercion, the fundamental rights affected and, as a consequence, the level of necessary safeguards required.28 On a scale of increasing intrusiveness such investigative techniques may therefore encompass (i) measures granting access to banking information in a “strict sense” and (ii) to past banking transactions; (iii) measures allowing a continuous monitoring of bank accounts; and (iv) measures aiming at the freezing of banking accounts.

7.2  M  easures (i) and (ii): Access to Banking Information and Past Transactions The first two kinds of banking investigative techniques, which are at the same time the less intrusive and controversial, belong to the wide category of “production orders”. Although the EU legal framework does not provide for a definition of production orders, they are referred to by legal scholars as “the powers of the authorities to inspect, copy or order the production of data, documents or other objects, in whatever form (oral, written, digital)”.29 In banking investigations, production orders mainly consist in requests for information, to which a financial institution (in the broad sense described above30) is compelled to reply providing the details (a) to identify the owner(s) or the holder(s) of specific bank account(s) (the so-called “banking identity”), or (b) to reconstruct

lar specialization has been recently recommended also in Italy by the Parliamentary Committee on banking investigations (although the outcome of these recommendations is currently rather uncertain, given the termination of the current parliamentary term), cf. Senato della Repubblica Italiana, Legislatura 17ª. Commissione parlamentare di inchiesta sul sistema bancario e finanziario. Resoconto sommario n. 47 del 30.01.2018, Relazione conclusiva approvata dalla Commissione nella seduta del 30.01.2018 (relatore: sen. Marino). http://www.parlamento.it/japp/bgt/showdoc/ frame.jsp?tipodoc=SommComm&leg=17&id=01064008&part=doc_dc-sedetit_a1&parse=no. Accessed 19 July 2018. 27  In the EU, as reported by Tricot and Martìn (forthcoming), p. 5 of the draft, that is the case only of AT, BE, PT, SI, and UK. In the present work, therefore, reference to the national legislations will be made only to underline some of the risks inherent in such fragmentation, especially on the front of procedural rights and safeguards, while the main legal analysis focuses only on the European level, again in comparison with the US federal relevant legal framework in the more critical profiles (real-time monitoring). 28  Cf. Tricot and Martìn (forthcoming), p. 2 of the draft. 29  Luchtman and Vervaele (2017), p. 268. 30  Cf. Sect. 2.1.

292

7  Real-Time Monitoring of Banking Data: State of Play

banking transaction(s) carried out in a specified time in the past (e.g. disclosing the sending or the recipient account details). Historically, production orders represent the basic core of investigative tools from which banking investigations had been developed. For this reason, and for their relatively low level of intrusiveness (if compared with the surveillance measures) the need to make these investigative techniques available to investigating authorities is generally undisputed. All competent authorities of EU Member States (law-enforcement agencies, prosecutors or investigating judges, according to the different legal systems) may apply production orders. These measures find clear legal basis also at the supranational level, especially thanks to the intervention of the Council of Europe, which first introduced an obligation to implement these tools in the 1990 Convention on Laundering, Search, Seizure and Confiscation of the Proceeds from Crime and (in the 2005 version) on the Financing of Terrorism. In particular, according to Article 4 of the 1990 Convention, “Each Party shall adopt such legislative and other measures as may be necessary to empower its courts or other competent authorities to order that bank, financial or commercial records be made available” for investigative purposes, or to apply provisional measures, or for confiscation.31 This obligation was further specified in the 2005 Convention, whose Article 7(2) explicitly requires Member States to “adopt such legislative and other measures as may be necessary to enable it to: a) determine whether a natural or legal person is a holder or beneficial owner of one or more accounts, of whatever nature, in any bank located in its territory and, if so obtain all of the details of the identified accounts; b) obtain the particulars of specified bank accounts and of banking operations which have been carried out during a specified period through one or more specified accounts, including the particulars of any sending or recipient account”.32 The need to include digital data among the potential targets of production orders also for banking investigative purposes was explicitly stressed in the 2001 Convention on Cybercrime, which at Article 18 establishes the duty for Each Party to empower competent authorities to “order: a) a person in its territory to submit specified computer data in that person’s possession or control, which is stored in a computer system or a computer-data storage medium; and b) a service provider offering its services in the territory of the Party to submit subscriber information relating to such services in that service provider’s possession or control”, including in that expression “the subscriber’s identity, postal or geographic address, telephone and other access number, billing and payment information [… and] any other information on the site of the installation of communication equipment”.33 Regulation of production orders is acknowledged a certain level of agreement also at the EU level, where a satisfying common level of procedural rules (in criminal, as well as in administrative law) is still far from being achieved.34  CETS 141, cit.  CETS 198, cit. 33  CETS 185, Budapest, 23.11.2001. 34  Symptomatic, in this sense, is the Proposal of the Commission for a Regulation on the European Production and Preservation Orders for electronic evidence in criminal matters COM/2018/225 31 32

7.2  Measures (i) and (ii): Access to Banking Information and Past Transactions

293

First of all, production orders consisting in requests for information on bank accounts and on banking transactions are included in the First Protocol to the 2000 Convention on Mutual Assistance in Criminal Matters. The Protocol does not directly regulate domestic investigations, but rather deals with banking inquiries carried out at the transnational level, in relation to specific forms of crimes, mostly represented by the so-called PIF offences.35 Under this perspective, to the extent that the information is in the possession of the bank holding the account, Articles 1 and 2 of the Protocol required Member States to “take the measures necessary to determine, in answer to a request sent by another Member State, whether a natural or legal person that is the subject of a criminal investigation holds or controls one or more accounts, of whatever nature, in any bank located in its territory and, if so, provide all the details of the identified accounts”, including those “for which the person that is the subject of the proceedings has powers of attorney”, as well as to “provide the particulars of specified bank accounts and of banking operations which have been carried out during a specified period through one or more accounts specified in the request, including the particulars of any sending or recipient account”. As anticipated, the value of the Protocol should not be overestimated, since to date it has been implemented only by some EU Member States.36 However, due the general availability of production orders in domestic legal orders, its limited enforceability does not seem to play a determinant role in this specific regard. This is even more so, considering that production orders are also listed among the investigative techniques contained in the European Investigation Order (EIO) Directive. The 2001 provisions concerning production orders in banking investigations could be then now considered substituted by Articles 26 and 27 of the EIO Directive.37 According to Article 26, in particular, an EIO may be issued to determine whether any natural or legal person subject to criminal proceedings holds or controls one or more accounts, of whatever nature, in any bank or non-bank financial institution38 located in the territory of the executing State, and if so, to obtain all the details of the identified accounts (the so-called “banking (or financial) identity”). In this case, an EIO may be issued if the requested information is likely considered to be “of substantial value” for the purpose of the criminal proceedings concerned.39 final-2018/0108 (COD). The mere existence of this initiative, although uncertain in its outcome, shows a certain degree of trust among Member States on this matter. For general considerations, still valid, on the harmonisation of national law in the criminal matters, see Illuminati (2009) and Siracusano (2012). 35  For a definition of PIF crimes, see above Sect. 2.3.4. 36  Cf. Sect. 7.1. 37  Cf. Article 34, Directive 2014/41/EU. 38  As defined by Article 3 of Directive 2005/60/EC of 26.10.2005 on the prevention of the use of the financial system for the purpose of money laundering and terrorist financing (better known as “Third AML Directive”). The directive has currently been substituted by the “Fifth AML Directive” (Directive 2018/843, cit.), which directly refers to CRD IV and CRR for the definition of respectively “financial institution” and “credit institution”. 39  Cf. Article 26(5) Directive 2014/41.

294

7  Real-Time Monitoring of Banking Data: State of Play

According to Article 26(3), this information may be referring to the direct subject of a criminal investigations, either natural or legal person, and to all persons for which the latter has powers of attorney. Recital (27) of the Directive, however, adds that when an EIO is issued to obtain evidence concerning the accounts, of whatever nature, held in any bank or any non-­ banking financial institution by a person subject to criminal proceedings, “this possibility is to be understood broadly as comprising not only suspected or accused persons but also any other person in respect of whom such information is found necessary by the competent authorities in the course of criminal proceedings”. It remains therefore unclear whether this subjective extension of the order could prevail on the narrower wording of Article 26.40 The “details” which may be obtained following an EIO should be interpreted as including at least: The name and address of the account holder; potential details of any powers of attorney held over the account; and any other details or documents provided by the account holder when the account was opened and that are still held by the bank.41 Article 27 of the Directive, on the other side, provides that an EIO may be issued to obtain details on banking operations, and financial operations conducted by non-­ banking financial institutions, which have been carried out during a defined period through one or more accounts. These details shall include, for instance, the banking (or financial) identity of any sending or recipient account. An EIO may be issued in this case if the requested information is likely considered to be “relevant for the purpose” of the criminal proceedings concerned.42 Comparing this parameter with the one provided for by Article 26 (“substantial value”), legal scholars have pointed out how it appears difficult to understand which is the ratio justifying different requirements for these measures, and, in particular, an apparently less pressing requirement in case of the most intrusive one, i.e. request for information about the details of past transactions.43 Similarly to the Protocol to the 2000 Convention, also the EIO Directive does not impose specific requirements for national investigation. It however requires Member States to adopt all measures necessary to collect and share such banking records in case an EIO is issued. Nonetheless, again similarly to the Protocol, the obligation to disclose banking identity or past transactions applies “only to the extent that the information is in the possession of the bank keeping the account”.44 In case the information refers to a non-banking financial institution, taking into account that in many countries only banks are subject to a more stringent regulation, both Articles 26(6) and 27(5) of the Directive provide that an EIO may be refused  The point has been raised by Panzavolta (2016), p. 372.  Cf. Recital (29) Directive 2014/41. 42  Cf. Article 27(4) directive 2014/41. 43  Panzavolta (2016), pp. 371–372. 44  Cf. Articles 26(4) and 27(3) Directive 2014/41. 40 41

7.3  Measures (iii): Real-time Monitoring of Banking Data

295

“if the execution of the investigative measure would not be authorised in a similar domestic case”. Differences concerning protection orders thus keep persisting at the national level also under the EIO Directive, including very relevant profiles, such as the possibility to impose sanctions against the refusal to provide the information requested.45 Nonetheless, it is indicative that production orders of banking records are included in the rather limited list of investigative powers that the European Public Prosecutor Office (EPPO) will be able to exercise in its transnational inquiries. In particular, according to Article 30(1) of the EPPO Regulation, participating Member States shall ensure that prosecutors from the Office will be entitled to issue production orders to obtain “any relevant object or document” and “stored computer data”, including (also) banking account data, at the conditions provided for by national law.46 In this context, actually, some doubts may arise as to whether the exclusive reference to banking “account data” could be interpreted as potentially preventing the EPPO from accessing records of past transactions, when that is not allowed in national law. However, the mere fact that production orders have been included in the EPPO Regulation testifies a rather broad consensus over the need of making this measure available in banking and financial investigations: This is not the case with all banking investigative techniques, and in particular, with real-time monitoring of banking records.

7.3  Measures (iii): Real-time Monitoring of Banking Data Conversely to production orders, surveillance or real-time monitoring investigative techniques represent today one of the most debated frontiers in the evolution of criminal law and prosecutorial systems, both in the EU and in the US. Surveillance in banking investigation, in fact, touches several critical profiles that are currently challenging the obligation for criminal investigations to respect fundamental rights, such as the transnational dimension of offences and inquiries, and the impact of digital technology. Today, banking records are mostly no more represented by paper documents, but rather by digital data, the treatment of which is still highly varying in national legal systems.47 In this sense, talking about real The profile, relevant under the protection from self-incrimination, has been analysed with regard to the SSM banking investigations in Sect. 6.3.6. 46  Cf. Article 30(1), let. c) and d), EPPO Regulation (2017/1939), cit. 47  As, for instance, shown by the increasingly prominent role played by FinTech (Defined by the Financial Stability Board as “technology-enabled innovation in financial services that could result in new business models, applications, processes or products with an associated material effect on the provision of financial services” (cf. FSB 2017, p. 7) in the banking sector, also recognized at the institutional level in the EU, and in particular by the European Central Bank, which in 09/2017 has published for consultation a draft guides to bank licensing and fintech bank licensing, cf. 45

296

7  Real-Time Monitoring of Banking Data: State of Play

time monitoring of banking records means also to talk, and examine, forms of realtime collection of digital data.48 Banking surveillance, may be used for different purposes. Real-time monitoring may be performed to identify suspicious accounts, or more likely, financial transactions in order to apply freezing measures in due time. That is for instance the purpose mainly pursued by the Financial Investigating Unit (FIUs), which may be granted the power to apply assets’ temporary and urgent measures to suspicious financial transactions, pending the opening of a criminal proceeding.49 Surveillance, however, could also serve location purposes, for instance when it is necessary to locate a subject in real-time through the reconstruction of his/her financial transactions; or may be applied when it is necessary to collect evidence in a short time, for instance to reach probable cause to enforce an arrest or a search. Real-time monitoring may hence be used in a twofold direction: First, to collect information which generally does not get stored, and risks being otherwise dispersed, similarly to wire-tapping.50 Second, surveillance may be used to gather information which in theory could be obtained also through production orders, in those cases where the latter cannot be applied. That could happen, for instance, in contexts where data are not stored due to the lack of legislative basis providing for retention and reporting obligations upon certain financial operators, or where retention obligations are rather limited in time. Typical in this sense is the case of non-banking “alternative” financial operators, which are usually not subject to reporting obligations like financial institutions (e.g. for donation or reward crowdfunding), and/or whose transactions are either not

https://www.bankingsupervision.europa.eu/press/pr/date/2017/html/ssm.pr170921.en.html. Accessed 19 July 2018. 48  For the implications of this dimension in the compliance with fundamental rights of defence and privacy established in the CFREU, see Sect. 8.1. 49  As it is, for instance, the case of the Italy, see Article 6(7)(c) of Legislative Decree no. 231 of 21.11.2007 (implementing Directive 2005/60/EC, mentioned above in Sect. 3.4, note 66). For FIUs, see Sect. 3.3. 50  Although highly worrying retention practices of commercial operators and communication service providers, for instance involving intelligent personal assistants like Echo, are increasingly making possible to retrieve the content of communications also ex post. As clearly showed by the renowned murder case in the US, in which the police “seized” the communications recorded by Alexa (Echo), an intelligent personal assistant developed by Amazon, activated by vocal commands, and capable of several interactions (e.g. music playback, making to-do lists, setting alarms, streaming podcasts, playing audiobooks, providing weather, traffic, and other real-time information, and control several smart devices). In order to get the command, Alexa is constantly listening what happens in the location where it is placed; in that case, it was further “discovered” that Alexa (i.e. Amazon) was actually keeping the records of all noises, so that it was able to produce them at trial. Cf., e.g., Sampathkumar (2017).

7.3  Measures (iii): Real-time Monitoring of Banking Data

297

stored, or stored in a way that makes reconstruction of the financial operations de facto impracticable (e.g. in case of Hawala).51 The need to apply surveillance techniques may also arise from concrete difficulties in using production orders, for instance where the amount of information is likely to be so huge or dispersed, that an ex post analysis would require such a long time, or such relevant resources to make its result almost farfetched. Lastly, real-time monitoring may also prove extremely useful in those situations where it is not possible or very unlikely to obtain a production order because of limited jurisdiction, lack of cooperation agreements, or poor implementation of the latter (e.g. in case of tax havens). In this sense, surveillance is an investigative technique able to keep pace with the globalised dimension of financial (also criminal) transactions and networks, circumventing the limited enforcing powers of criminal justice systems, that are still mostly nationally based. Against this background, on one side, applying surveillance techniques to financial crime appears rather fitting to meet the targets established by the FATF Recommendations, which require national competent authorities to exercise “effective systems for monitoring” of financial transactions, at least in the fight against money laundering and financing of terrorism.52 Indeed, the financial market and especially the banking system, as it was shown by the last financial crisis, is possibly the most globalized economic sector ever, in which the dematerialization of services, encouraged and strengthened by the Internet, makes it extremely and increasingly hard both to identify breaches of criminal law, and to collect evidence to prove the latter at trial, without using equally technological and transnational investigative measures. For this reason, the opportunity to implement real-time monitoring investigative techniques is increasingly shared by scholars and practitioners, which acknowledge the need to equip criminal justice systems with tools apt to the challenges of digital technology and globalization, especially against the most serious (often also organized) forms of crimes.53 On the other side, however, the pervasiveness of surveillance investigative techniques, and their capacity to circumvent national regulation based on the rule of law and severely affect fundamental rights of the individual(s), suggests a very cautious approach, that vouches for adequate practical and legal safeguards to limit and balance the scope of such new powers.

 As illustrated above, Sect. 2.1. On the other side, some alternative financing transactions may be neither stored, nor intercepted, at least given the current technological development, as in the case of bit-coins. 52  See FATF Recommendation, no. 26 and 27. In general on the FATF role in financial investigations, see Sect. 3.2. The Recommendations refer also explicitly to real-time monitoring in the Recommendation 19, according to which “A beneficiary financial institution should take reasonable measures to identify cross-border wire transfers that lack required originator or required beneficiary information. Such measures may include post-event monitoring or real-time monitoring where feasible”. Cf. also Franssen and Ligeti (2017), p. 1 et seq. 53  Cf., e.g., Tricot and Martìn (forthcoming); Caianiello (2016), p. 315; Panzavolta (2016), p. 371; Franssen and Ligeti (2017), p. 1 et seq.; Zanetti (2008), p. 510; Felicioni (2012), p. 42; Cocq and Galli (2013). See also Di Nicola et al. (2015). 51

298

7  Real-Time Monitoring of Banking Data: State of Play

Actually, technological, and above all digital development already allow to implement forms of intrusive real-time monitoring, affecting the same time several fundamental rights, especially when they found an expression on the internet, such as: Freedom of expression; health (with the digitalization of health care systems, or even through applications installed in everyday devices like smartphones, measuring steps, pulse, etc.); freedom of movement (with GPS o real-time tracking of financial transactions); and secrecy of communications and of private domiciles (with the possibility to remotely activate mikes and cameras in digital devices). At first glance, such serious concerns might even bring to the conclusion that surveillance measures shall better not be implemented at all. Here, however, this argument is not believed to be an option which can or shall be put into practice. Indeed, like it or not, digital technology and globalization are part of the time we are living and cannot but influence the way crimes are being committed, and how they are prosecuted. Preventing criminal justice systems from using digital technology would bring to anachronistic results, and possibly to less protection of fundamental rights. Certainly, it would not prevent criminals from using digital tools in a globalized context.54 Arguably, as it emerges from the US example, that would not prevent even law-­enforcement and prosecutors from doing the same either. Indeed, to date most surveillance measures are already applied within inadequate legal frameworks (where even such legal framework do exist) and with few mechanisms (or none) to prevent and sanction potential abuses.55 That being said, drafting an “ideal” model of real-time monitoring of banking records (both with regard to banking identity and transactions) is far from being a straightforward operation, especially considering that not rarely the existing legal bases offer little ground, on which to anchor even the basic features of this investigative technique, and that banking and financial inquiry measures are frequently characterized by uneven levels of regulation at the national level. The fragmentation and frequent inefficiency of national regulations are however relevant parameters highlight that banking surveillance, as a criminal investigative measure, shall no more be regulated only in national legislation, but also, and perhaps above all, at the supranational level: Criminal offenders, financial markets, institutions and transactions, as well as abuses in surveillance practices already operate on a transnational dimension, that can be profitably faced only at a correspondent level.

 “There is no prospect either of mass internet surveillance being accepted by all, or of being abandoned by the authorities in any modern state. That makes the debate over how that surveillance should happen, what limits should be placed upon it, how it should be overseen and the legislation under which it operates, a crucial one”, Bernal (2016), p. 260. 55  Cf. below, Sect. 7.6. Highlighting how government surveillance realizes and overcomes the Jeremy Bentham’s idea of a Panopticon and Balkin (2008), p. 12, considering how the main reasons for the changes in the surveillance practices of the government should be understood as a technology rather than a governance problem Kerr (2009), Timan et al. (2017), pp. 3–4. 54

7.4  Measures (iv): Freezing of Banking Accounts (Brief Overview)

299

Within this perspective, the goal of this work is to identify some common principles and basic standards which should characterize an EU legislation requiring the implementation of forms of real-time monitoring of banking records.56 To achieve so, identifying what is the state of play of banking surveillance represents a necessary step to reach a common understanding on what is an acceptable balance of the interests at stake: The current EU and the US applicable legislation on the matter are examined to this aim in the following paragraphs.

7.4  M  easures (iv): Freezing of Banking Accounts (Brief Overview) Before proceeding with the analysis of real-time monitoring, and with the only aim of providing a complete picture on the investigative techniques applicable in banking investigations, a few words are briefly devoted to measures aiming at freezing of banking accounts. Opposite to surveillance techniques, freezing and confiscation have since long been grounded on supranational legal basis in the EU,57 culminated in the approval of Directive 2014/42/EU on the freezing and confiscation of instrumentalities and proceeds of crime and more recently, in the perspective of judicial cooperation by Regulation (EU) 2018/1805.58 According to Article 7 of the Directive, “Member States shall take the necessary measures to enable the freezing of property with a view to possible subsequent confiscation”. Those measures may be addressed either against the legitimate owner of the property to be frozen or against third parties in the possession of the same. Since Article 2 of the Directive defines property as “any description, whether corporeal or incorporeal, movable or immovable, and legal documents or instruments evidencing title or interest”, it could be concluded that banking account are also falling under the scope of the Directive.

 Cf. below, Chap. 8.  See Council Framework Decision 2001/500/JHA of 26.06.2001 on money laundering, the identification, tracing, freezing, seizing and confiscation of instrumentalities and the proceeds of crime; Council Framework Decision 2003/577/JHA of 22.07.2003 on the execution in the European Union of orders freezing property or evidence; Council Framework Decision 2005/212/JHA of 24.02.2005 on Confiscation of Crime-Related Proceeds, Instrumentalities and Property; Council Framework Decision 2006/783/JHA of 6.10.2006 on the application of the principle of mutual recognition to confiscation orders (consolidated version of 03.2009); Council Decision 2007/845/ JHA of 6.12.2007 concerning cooperation between Asset Recovery Offices of the Member States in the field of tracing and identification of proceeds from, or other property related to, crime. 58  Directive 2014/42/EU of 3.04.2014 on the freezing and confiscation of instrumentalities and proceeds of crime in the European Union, and Regulation (EU) 2018/1805 of 14.11.2018 on the mutual recognition of freezing orders and confiscation orders. 56 57

300

7  Real-Time Monitoring of Banking Data: State of Play

Partially corresponding provisions may be found overseas in the freezing and confiscation measures established by 18 U.S.C. § 1956, as modified by Section 317 of the USA PATRIOT ACT. According to it when property involved in a financial transaction represents the proceeds of some form of unlawful activity, courts may issue a “pre-trial restraining order or take any other action necessary to ensure that any bank account or other property held by the defendant in the United States is available”, to satisfy a judgment over such activity.59

7.5  Real-time Monitoring of Banking Data in the EU At the European level, real-time monitoring of data was faced first in the already mentioned 1990 COE Convention on Laundering, Search, Seizure and Confiscation of the Proceeds from Crime, which at Article 4(2) provided that “Each Party shall consider adopting such legislative and other measures as may be necessary to enable it to use special investigative techniques facilitating the identification and tracing of proceeds and the gathering of evidence related thereto. Such techniques may include monitoring orders, observation, interception of telecommunications, access to computer systems and orders to produce specific documents” (italics added).60 A specific reference to the application of surveillance to banking records can then be found in the 2005 COE Convention on Laundering, Search, Seizure and Confiscation of the Proceeds from Crime and on the Financing of Terrorism. According its Article 7, in fact, each participating State “shall adopt such legislative and other measures as may be necessary to enable it to […] (c) monitor, during a specified period, the banking operations that are being carried out through one or more identified accounts” (italics added).61 To achieve this aim, each Parties shall consider establishing “special investigative techniques facilitating the identification and tracing of proceeds and the gathering of evidence related thereto, such as observation, interception of telecommunications, access to computer systems and order to produce specific documents”.62 Similarly to the 1990 version, however, also the 2005 Convention simply created a general obligation to establish mechanisms of real-­time monitoring of banking transactions, but without including any procedural rules on how surveillance shall be carried out.

 18 U.S.C. § 1956 (b)(3). Cf. also 21 U.S. Code § 853-Criminal forfeitures, 8 U.S. Code § 1189(a) (2)(C)-Designation of foreign terrorist organization, and 5 CFR 1690.15-Freezing an accountadministrative holds. 60  CETS 141, cit. 61  CETS 198, cit. 62  Cf. Article 7(2)(c) and 7(3). 59

7.5  Real-time Monitoring of Banking Data in the EU

301

The Convention moreover, as a legal source issued by an international intergovernmental body, is not equipped with effective enforcing mechanisms in case States are not implementing its provisions. And actually within the sole EU, only a few countries have ratified the Convention,63 and even less have introduced surveillance mechanism in their national legal system.64 The need to perform real-time monitoring operations on banking records has however since long emerged also within the European Union. Similarly to the other banking investigative measures previously discussed, surveillance on banking data was taken into account in the aforementioned First Protocol to the 2000 Convention on Mutual Assistance in Criminal Matters.65 Article 3 of the Protocol, in particular, concerned the monitoring of banking transactions, and especially the surveillance of future operations, following the drafting model for controlled deliveries already provided for in the 2000 Convention.66 According to the Protocol, each Member State shall possess a legal framework which allows them to “monitor, during a specified period, the banking operations that are being carried out through one or more accounts specified in the request”.67 Similarly to the 2005 COE Convention, also this legal text sets a positive obligation for the Member States to introduce such an investigative technique, which should be available, if not internally, at least to answer to cooperation requests coming from other States, if the latter can show that the information requested is relevant for the ongoing investigation.68 The conditions under which surveillance shall be carried out, however, are not specified by the Protocol, which leaves the competent authorities of the Member States free to determine procedural rules.69

 AT, EE, FI, LT, and LU signed the Convention, but never ratified it; while CZ and EI did not even sign it. Source: http://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/ 198signatures?p_auth=7eEdeclx. Accessed 18 July 2018. 64  As it is for instance the case of Italy and Germany. For Germany, see the transposing law: Gesetz zu dem Übereinkommen des Europarats vom 16.05.2005 über Geldwäsche sowie Ermittlung, Beschlagnahme und Einziehung von Erträgen aus Straftaten und über die Finanzierung des Terrorismus vom 19.12.2016, BGBl. II 2016 Nr. 36 27.12.2016 S. 1370. For the Italian case, the situation seems however to have slightly changed after the transposition of the EIO Directive, see below note 72. 65  2001 Protocol, cit. 66  Cf. Article 12 of the 2000 Convention on Mutual Assistance. 67  Cf. Article 3(1), 2001 Protocol. 68  Cf. Article 3, 2001 Protocol. 69  Cf. Article 3(4), 2001 Protocol. 63

302

7  Real-Time Monitoring of Banking Data: State of Play

Also the enforcement of the Protocol was not very effective. Since 2001, in fact, only some EU Member States had implemented this act,70 and among those who did, not all fully complied with its provisions under the specific profile of real-time monitoring (as it is the case of Germany, where Article 3 was “interpreted” as not requiring to introduce in the national framework such surveillance measure71). This impasse might have been solved in late 2014, when the Commission’s power to initiate infringement procedures against Member States that did not transpose, or transposed incorrectly EU secondary law, extended also to pre-Lisbon legislation, therefore including in this number also the First Protocol to the 2000 Convention (at least for those States who signed it). The impact of such a change, in itself of major implications in the EU legal framework, holds however in this specific regard only a relative importance. Indeed, in the same year in which the new Commission’s prerogatives entered into force, this piece of legislation, was arguably partially substituted by Directive 2014/41/EU on the European Investigation Order (EIO).72 Article 28 of the Directive, in particular, recognizes that an EIO may be issued for the purpose of “executing an investigative measure requiring the gathering of evidence in real time, continuously and over a certain period of time, such as the monitoring of banking or other financial operations that are being carried out through one or more specified accounts”. Similarly to the previously discussed Article 27, concerning production orders on past banking transaction, also in this case the prerequisite for issuing an EIO is that the information requested is considered to be “relevant for the purpose of the  In particular, EE, EL, IE and IT signed, but did not ratify it, HR never signed it. Source: http:// www.consilium.europa.eu/en/documents-publications/treaties-agreements/agreement/?id=20010 90&DocLanguage=en. Accessed 19 July 2018. 71  Cf. Entwurf eines Gesetzes zu dem Protokoll vom 16.10.2001 zu dem Übereinkommen über die Rechtshilfe in Strafsachen zwischen den Mitgliedstaaten der Europäischen Union, BT-Drs. 15/4230, S. 12, in force since 27.07.2005, available online at: http://dipbt.bundestag.de/doc/ btd/15/042/1504230.pdf. Accessed 19 July 2018. On the German system of banking investigation see also Weigend (2013), p. 284. 72  See above note 12, and Sect. 2.3.4, note 322 (also for academic references to the Directive). Before the EIO Directive, real-time monitoring of banking records was also explicitly considered in the European Evidence Warrant (EEW), even though only with the purpose of excluding its scope of application (cf. Article 4(1)(c), Council Framework Decision 2008/978/JHA of 18.12.2008 on the European Evidence Warrant for the purpose of obtaining objects, documents and data for use in proceedings in criminal matters, according to which the possibility to obtain “information in real time such as through the interception of communications, covert surveillance or monitoring of bank accounts” is actually explicitly excluded by the scope for which such a Warrant could be issue). Indeed, one of the main weak spots of the EEW, which substantially contributed to the failure of this piece of legislation, was represented by the fact that it could apply only to obtain evidence already existing, or at most discovered during the execution of the EEW, which obviously is not the case of real-time monitoring (cf. Article 4(4) and (5) EEW). For a critical analysis on the EEW see, e.g., Bachmaier Winter (2013), p. 127; De Hert et al. (2009), Spencer (2010), p. 602; De Amicis (2011); Vervaele (2005). Following the massive non-implementation of the Framework Decision by most Member States, also because of its structural limits, the European Evidence Warrant was later substituted by the new legal tool to implement mutual recognition in transnational cooperation concerning evidence, the EIO. Cf. also Allegrezza (2010). 70

7.5  Real-time Monitoring of Banking Data in the EU

303

criminal proceedings concerned”.73 The execution of such EIO, however, may be refused, not only in according with the general grounds for non-recognition provided for by Article 11 of the Directive, but also if performing such measure “would not be authorised in a similar domestic case”.74 Contrary to the other sources previously examined, therefore, the EIO Directive does not even really provide for a positive obligation to introduce real-time monitoring in national legal frameworks, as it merely regulates requests of transnational cooperation in contexts where such investigative technique already exists. This structural limitation is likely to become critical in cases where an EIO is issued from a country where surveillance on banking records is in place (e.g. Belgium) to a country where it is not (e.g. Germany).75 In these situations, according to Article 10 of the Directive, before refusing the EIO, the executing authority shall recourse, where possible, to an investigative measure other than that requested to achieve the same goal. It is not clear, though, whether it would really be possible to obtain the same result pursued by real-time monitoring through another investigative measure, If the answer to this question should be negative, the only option for the executing authority would be then to notify the issuing authority that it is not possible to provide the assistance requested. The EIO Directive, however, may nonetheless create an indirect harmonizing effect, in case Member States would take the chance to introduce this investigative technique (or one of the others established in the Directive) in domestic systems, during the transposition at the national level. Interestingly enough, this appears to be the case of Italy, where the legislative decree implementing the Directive introduced the possibility to collect banking and financial data in real-time to answer to an EIO request, while no such tool was available before for corresponding purely domestic cases.76 Article 28 of the Directive also indicates a few procedural requirements for this kind of surveillance to be applied. Already at first glance, however, such conditions appear rather questionable as they provide for a level of safeguards lower than that established by Article 26 concerning production orders on banking identity.

 Cf. Article 28(1)(a) and (3) Directive 2014/41.  Article 28(1), Directive 2014/41. 75  The directive also does not seem to take into account that financial institutions are operating on a globalized market, so that it is possible that account are hold within the same bank or banking group but physically located in different countries, critically examining the issue Panzavolta (2016), pp. 381–382. 76  Article 20, Legislative Decree no. 108 of 21.06.2017. The provision is likely to create a debate at internal level with regard to the principle of equal treatment, since currently real-time collection of data (different from content of communication) requires only a reasoned decree of the public prosecutor, while the new investigative tool follows the same (and more safeguarding) rules established for wiretapping, cf. also Caianiello (2018), § 5; De Amicis (2018), § 5. In general terms on the Italian implementation of the EIO Directive, see Daniele (2017), Falato (2018), De Amicis (2018), p. 22; Selvaggi (2018), p. 44. On the minimum procedural rules that should be implemented with regard to real-time monitoring of (banking) data, see below, Chap. 8. 73 74

304

7  Real-Time Monitoring of Banking Data: State of Play

An EIO requesting real-time monitoring of banking records may, in fact, be issued as long as the information required is considered “relevant” for the criminal proceedings concerned, while for production orders the investigative measure shall be deemed of “substantial value”.77 In addition, similarly to Article 27 of the Directive (concerning production orders on past banking and financial transactions), also Article 28 does not circumscribe its scope only to the accounts of persons subject to criminal proceedings; while this limitation is explicitly indicated in case of Article 26.78 The different requirements established in the Directive for each of these banking investigative techniques seem therefore not to take into account that real-time monitoring of banking records is a much more intrusive measure than production orders on banking identity. This result appears hardly justifiable in light of the proportionality principle and the need to respect the fundamental rights of the affected individuals.79 To complete the EU legal framework on financial surveillance, it should be finally recalled that another rather specific reference to real-time monitoring in the financial sector was introduced by Regulation (EU) 2015/847 on information accompanying transfers of funds, which applies since 26 June 2017.80 Originated from the need to contrast serious criminal phenomena, such as money laundering, financing of terrorism and organized crime, which “are likely to take advantage of the freedom of capital movements within the Union’s integrated financial area unless certain coordinating measures are adopted at Union level”, the Regulation aims at establishing control mechanisms to check whether transfers of funds are accompanied by all the required information on the payer and the payee, to better identify suspicious transactions and flows of illicit money.81 To this end, according to Articles 7(2) and 11(2) of the Regulation, payment service providers or intermediary service providers of the person recipient of the transfer shall implement effective procedures to detect whether certain key information on the payer or the payee is missing, “including, where appropriate, ex-post monitoring or real-time monitoring”.82 The subjects to this obligation, as defined by Article 3(5) of the Regulation, are a broad category, that includes credit and electronic money institutions.83  Cf. Article 26(5) and 28(3) Directive 2014/41. Cf. above, Sect. 7.2.  Cf. above, Sect. 7.2. 79  In this sense also Panzavolta (2016), p. 372. 80  Regulation (EU) 2015/847 of 20.05.2015 on information accompanying transfers of funds and repealing Regulation (EC) No 1781/2006. 81  Cf. Recitals (1), (2) and (22) Regulation 2015/847. 82  Articles 7(2); 11(2); 22(1) Regulation 2015/847. 83  Article 3(5) refers to Article 1(1) of Directive 2007/64/EC of the European Parliament and of the Council of 13.11.2007 on payment services in the internal market amending Directives 97/7/EC, 2002/65/EC, 2005/60/EC and 2006/48/EC and repealing Directive 97/5/EC, according to which there are “six categories of payment service provider: (a) credit institutions within the meaning of Article 4(1)(a) of Directive 2006/48/EC; (b) electronic money institutions within the meaning of Article 1(3)(a) of Directive 2000/46/EC; (c) post office giro institutions which are entitled under 77 78

7.5  Real-time Monitoring of Banking Data in the EU

305

The impact of this Regulation, however, results rather limited for the scope of the present analysis. First, the wording of Articles 7(2) and 11(2) sets a rather weak legal basis, as it merely refers to the implementation of surveillance measures where appropriate. Regulation 2015/847 moreover, does not contain any procedural rules describing which are the conditions and procedure to be complied with in the implementation of such investigative measure. Interestingly, moreover, the “soft” obligation set by the Regulation does not address national investigating authorities, but rather payment service or intermediary payment service providers, which are the subjects that should implement forms of real-time monitoring. This form of “indirect” surveillance (very common in our big-data society) actually raises relevant issues for privacy protection and integrity of the information collected, since in these cases such intrusive measures are carried out not by public authorities, but by private parties. This rather thorny situation appears especially relevant in light of the US example where, as will be further illustrated, these forms of real-time monitoring seem rather widespread.84 Lastly, it should be recalled that, in the EU, an attempt to set a positive obligation to introduce forms of banking surveillance was carried out in the negotiations concerning the establishment of the European Public Prosecutor Office (EPPO).85 Indeed, the original draft, proposed by the Commission in July 2013, clearly supplied the Office with the power to request the monitoring of banking transactions, by ordering any financial or credit institution to inform it in real time “of any financial transaction carried out through any specific account held or controlled by the suspected person or any other accounts which are reasonably believed to be used in connection with the offence”.86 This provision would have implied an obligation, at least for all the participating Member States, to make this measure available for all crimes falling within the EPPO jurisdiction.87 In light of the evolution of the negotiations, however, it clearly appeared that this feature did not meet with agreement among Member States. Due to the pressure of several delegations, which considered it an excessive step toward the harmonization of criminal procedure in the EU, this power was in the end removed from the prerogatives of the EPPO, together with most of the intrusive investigative powers previously provided for in the Commission’s proposal (such as surveillance of telecommunications, video and

national law to provide payment services; (d) payment institutions within the meaning of this Directive; (e) the European Central Bank and national central banks when not acting in their capacity as monetary authority or other public authorities; (f) Member States or their regional or local authorities when not acting in their capacity as public authorities”. 84  “Data gathering and surveillance involves both commercial and governmental organisations, and to consider them separately is to misunderstand the nature of both. The government uses data gathered by commerce, methods developed by commerce and piggyback on systems used by commerce” Bernal (2016), p. 260. Cf. also below, Sect. 7.6. 85  For a general overview of the EPPO and its role in cooperation matters, see Sect. 2.3.4. 86  Cf. Article 26(1)(g), European Commission, Proposal for a Council Regulation on the establishment of the European Public Prosecutor’s Office {SWD(2013) 274 final} Brussels, 17.7.2013. 87  Cf. Article 22 EPPO Regulation; see above Sect. 2.3.4.

306

7  Real-Time Monitoring of Banking Data: State of Play

audio surveillance, and targeted surveillance in public places).88 The new EU investigative body, specialized in the matter of financial crimes, will then be able to exercise only a limited range of investigative powers (unless differently provided for at the national level),89 which for instance, do not include the questioning of suspects and witnesses (even though the Prosecutor will be entitled to order the arrest of the suspect90), nor the real-time monitoring of financial transactions. Once identified, however, the EPPO will be able to freeze suspicious assets.91 Against this rather fragmented background, in the EU the current situation concerning the legal framework on real-time monitoring of banking transactions may therefore be summarized as follow. Most Member States (26) are theoretically under supranational obligations to establish some form of banking surveillance at the domestic level, either due to the provisions of the 2005 COE Convention (BE, BG, CY, DE, DK, ES, EL, FR, HR, HU, IT, LV, MT, NL, PL, PT, RO, SE, SI, SK, and UK) or of the First Protocol to the 2000 Convention on Mutual Legal Assistance (AT, BE, BG, CY, CZ, DE, DK, ES, FI, FR, HU, LT, LU, LV, MT, NL, PL, PT, RO, SE, SI, SK, and UK). Estonia and Ireland have neither ratified the First Protocol, nor the 2005 Convention (even if MONEYVAL reported the first to have implemented the measure at domestic level for “very special cases”92). Whether the obligations to introduce real-time monitoring of banking records deriving from the Protocol should still be considered binding after the approval of the EIO Directive (which does not state anything on this specific point) remains uncertain. The question could be especially relevant, taking into account that only few Member States have so far established forms of banking surveillance in their domestic legal system (such as BE, NL,93 AT,94 UK,95 or in the terms illustrated above, IT).96 In case of a positive answer, moreover the Commission could initiate  Compare Article 30 EPPO Regulation with Article 26(1)(f)(i)(r), Proposal for a Council Regulation on the establishment of the European Public Prosecutor’s Office. 89  Namely: Search and seizure, production orders, interception of communications, freezing of instrumentalities or proceeds of crime, and controlled deliveries. Interception and controlled deliveries were harshly criticized by many delegations repeatedly ask for their ejection; controlled deliveries was reintroduced in the Regulation only in 2017 cf. Article 30 Council Regulation implementing enhanced cooperation on the establishment of the European Public Prosecutor’s Office (“the EPPO”), Interinstitutional File: 2013/0255 (APP), Brussels, 30.06.2017; the freezing of instrumentalities or proceeds of crime only in the final period of the negotiations. 90  Cf. Article 33 EPPO Regulation. 91  Cf. Article 30(1)(d) EPPO Regulation. 92  Cf. MONEYVAL (2013), p. 37. For the role of MONEYVAL, see above Sect. 3.4. 93  Cf. Ligeti (2012), Panzavolta (2016), p. 377. 94  See below, note 99. 95  Cf. Proceeds of Crime Act (POCA) of 2002 (chapter 29), §§ 370–371. 96  Cf. Tricot and Martìn (forthcoming), p. 11 of the draft. In France “the CCP does not foresee the monitoring of banking transaction. However, it is in practice covered by the general power of requisition provided for in CCP, Article 60-1, which, combined with CC, Article 132-22, entitles judicial police officers to request information on bank accounts, on banking transactions and the 88

7.5  Real-time Monitoring of Banking Data in the EU

307

an infringement procedure against those countries which did not comply with the Protocol. In any case, also among those States that do provide for a specific regulation, applicable procedural rules are not harmonised. In Belgium, for instance, according to Article 46-quarter, § 2 of the criminal procedure code, the prosecutor may require the monitoring of banking transactions relating to one or more of bank accounts or banking or financial instruments of the suspect. This measure may be applied only in case serious and exceptional circumstances justify it, and only if the investigation relates to certain serious crimes (for which also wiretapping is allowed).97 In the Netherlands, real-time monitoring of banking records can be performed according to Articles 126ne et seq. Wv Sv, which grants prosecutors the faculty to exercise this power, after a prior written authorization by the Judge-­Commissioner. Data surveillance may be used in investigations against certain offences provided for by Article 67a, § 1 Wv Sv, generally punished with a maximum of 4-year imprisonment, including money laundering and terrorist financing. The monitoring may have a maximum duration of 4 weeks, which may be extended for a period up to 4 weeks.98 In Austria, the prosecutor may request information on bank accounts and transactions. According to Section 109(4) of the Austrian criminal procedural code, such information also includes business transactions for a particular past or future period. Such surveillance shall be grounded on a court authorization, that shall also set a time limits. The issuing of information on bank accounts and banking transactions, together with judicial authorization, shall be served on the accused, and the persons entitled to exercise the business relationship as soon as they are known to the public prosecutor, but that can be deferred as long as the purpose of the investigation would be endangered.99 In the UK, banking surveillance is established within the legislation providing for investigations of criminal assets for confiscation, or money laundering offences, the 2002 Proceeds of Crime Act (POCA), § 370–375.100 Law-enforcement may apply before a court for the issuance of an account monitoring written order, which lasts up to 90 days (but might be extended). In case of any investigations, the order may be granted if there are “reasonable grounds for believing that account information which may be provided in compliance with the order is likely to be of substantial value (whether or not by itself) to the investigation for the purposes of which the monitoring of banking transactions. Indeed, according to CCP, Article 60-1, a judicial police officer may order any person, establishment or organisation, whether public or private, or any public services likely to possess any documents relevant to the inquiry in progress, including those produced from a registered computer or data processing system, to provide them with these documents, unless legal privileges apply”, cf. also Tricot (2012), p. 241. 97  Cf. Article 90-ter, §§ 2 to 4 of the Belgian Crim. Proc. Code; see also Panzavolta (2016), p. 377. 98  Cf. International Monetary Fund (2011), p. 110; Panzavolta (2016), p. 375; Peçi (2012), p. 95. 99  Cf. Section 116(5) of the Austrian Criminal Procedure Code. See also Kert and Lehner (2012), p. 9. 100  Cf. Howse (2012), pp. 154–155.

308

7  Real-Time Monitoring of Banking Data: State of Play

order is sought” or if there are “reasonable grounds for believing that it is in the public interest for the account information to be provided, having regard to the benefit likely to accrue to the investigation if the information is obtained”. In the case of a money laundering investigation, reasonable grounds shall concern the fact that “the person specified in the application for the order has committed a money laundering offence”.101 Lastly, in Italy, according to the recent legislation introduced by the legislative decree transposing the EIO Directive, real-time monitoring of banking data seems to follow the same regulation established for wiretapping. According to it, the measure shall be authorized by a judge, and may last 15 days (40 in case of especially serious crimes), a term which could be extended.102 Whether, and if so, how real-time monitoring of banking records applies in the EU remains therefore today an issue mainly determined by national diverging regulation. Risks of potential abuses and violations of fundamental rights however, present an increasingly supranational, if not global dimension. As of June 2017, indeed, all payment service providers in the EU may implement forms of real-time monitoring of payment transactions according to Regulation 2015/847, and, as of May 2017, data gathered with (not harmonised) surveillance techniques can circulate among Member States with European Investigation Orders. As it clearly emerges also by the US example, moreover the absence of a clear legal framework does not mean that these intrusive forms of banking surveillance are not actually put into place.

7.6  Real-time Monitoring of Banking Data in the US According to the law on the books, in principle the US Government should not have access to citizens’ financial records without a special authorization for doing so— authorization that, in compliance with the Right to Financial Privacy Act of 1978 (12 U.S.C. § 3401–3422), may be granted directly by the affected individual, or by a public competent authority.103 In this last case, several legal tools may be applied to get access to banking data, four of which are especially relevant to the theme here analysed: (i) Court Orders; (ii) Judicial or Grand Jury Subpoena; (iii) Administrative Subpoena or Summons;

 Cf. POCA, § 371.  Cf. Article 267 Italian c.p.p. 103  P.L. 95-630, codified at 12 U.S.C. Chapter 35 (§ 3401–3422); cf. in particular, 12 U.S.C. § 3404. 101 102

7.6  Real-time Monitoring of Banking Data in the US

309

and (iv) Probable Cause Search Warrant.104 These investigative techniques, briefly described hereinafter, differ for the circumstances, generally determined by the law, in which they may be applied, and on other relevant legal profiles, such as the extent of powers recognised to the judiciary, and the burden of proof on the government. The latter may also use a formal written request to obtain financial information; however, since this request is not coercive, financial institutions remain free to decide whether to comply with it or not.105

7.6.1  Court Order In this case, the government needs to obtain a court order before acquiring the (financial) information sought. According to the burden of proof that it must comply with, it is possible to distinguish between: Relevance Court Order The government may obtain the order merely by certifying to a court that the information likely to be obtained is relevant to a law-­enforcement investigation. Examples of this case can be found in 18 U.S.C. § 3123, that describes the process for obtaining an order under the Pen Register and the Trap and Trace Device statute.106 Similarly to the EU data retention directives,107 this regulation enables the government to collect “external data” (i.e. everything that is non-­

 For the complete list, see Table 2 in Kerr (2003b). See also Stevens and Doyle (2002).  Cf. 12 U.S.C. § 3408(2); see also US Attorneys’ Manual, Criminal Resource Manual (hereinafter “CRM”). §§ 408–409. https://www.justice.gov/usam/criminal-resource-manual. Accessed 19 July 2018. 106  Enacted as Title III of the ECPA, P.L. 99-508, codified at 18 U.S.C. § 3121 et seq. “Pen register” is defined by 18 U.S.C. 3127(3) as “a device or process which records or decodes dialing, routing, addressing, or signaling information transmitted by an instrument or facility from which a wire or electronic communication is transmitted, provided, however, that such information shall not include the contents of any communication, but such term does not include any device or process used by a provider or customer of a wire or electronic communication service for billing, or recording as an incident to billing, for communications services provided by such provider or any device or process used by a provider or customer of a wire communication service for cost accounting or other like purposes in the ordinary course of its business”. 107  Directive 2002/58/EC, and Directive 2006/24/EC of 15.03.2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC (OJ 2006 L 105, p. 54), the latter annulled by the notorious case Digital Rights Ireland, Case C-293/12, cf. Sect. 2.3.3, note 263, and Sect. 8.2. 104 105

310

7  Real-Time Monitoring of Banking Data: State of Play

content108), with specific focus on phone communications and, after the USA Patriot Act, in line with the practice previously followed by the US Department of Justice, on internet data.109 Under this statute, an order can authorize the installation and use of the tracking device for a period not exceeding 60 days, which may be extended.110 Articulable Facts Court Order To obtain an order, the government must offer specific and articulable facts, establishing reasonable grounds to believe the information to be obtained is both relevant and material to an ongoing criminal investigation. An example in this sense is provided for by the Stored Wire and Electronic Communications and Transactional Records Access Act (SCA), which allows the retrospective tracking of electronic communication service providers, concerning wire or electronic communications.111 According to 18 U.S.C. § 2703(d), the government, giving prior notice to the subscriber/customer, can obtain a court order to require an internet service provider (of remote computing service, or of electronic communication service) to disclose the records (i.e. content) or any other information of wire or electronic communication pertaining to that subject, that the provider has stored for more than 180 days. According to the same provision, if “the information or records requested are unusually voluminous in nature or compliance with such order otherwise would cause an undue burden”, service providers may file a motion to have the order quashed or modified.

 47 U.S.C. § 102(a)(2); United States v. Espudo, 954 F.Supp.2d 1029, 1039 (S.D. Cal. 2013).  On the USA Patriot Act see also above, Sect. 5.2. For an of the impact of the USA Patriot Act on the Pen Register see, e.g., Guernsey (2001); contra, under an academic perspective, Kerr (2003b), sustaining that the Act did not expand law enforcement powers dramatically, but made mostly minor amendments to the electronic surveillance laws, many of which actually protecting privacy and civil liberties. 110  The order shall contain “(A) the identity, if known, of the person to whom is leased or in whose name is listed the telephone line or other facility to which the pen register or trap and trace device is to be attached or applied; (B) the identity, if known, of the person who is the subject of the criminal investigation; (C) the attributes of the communications to which the order applies, including the number or other identifier and, if known, the location of the telephone line or other facility to which the pen register or trap and trace device is to be attached or applied, and, in the case of an order authorizing installation and use of a trap and trace device under subsection (a)(2), the geographic limits of the order; and (D) a statement of the offense to which the information likely to be obtained by the pen register or trap and trace device relates”. 111  Enacted as Title II of the Electronic Communications Privacy Act (ECPA) of 1986 P.L. 99-508, codified at 18 U.S.C. § 2701 et seq. 108 109

7.6  Real-time Monitoring of Banking Data in the US

311

7.6.2  Judicial or Grand Jury Subpoena Judicial subpoenas are particular court orders, for instance to produce financial records, governed by 12 U.S.C. § 3407.112 The addressee(s) must comply with it, or file a sworn statement and motion to quash the subpoena in an appropriate court.113 Failure to comply with the order, without having challenged it, may result in the addressee being held in contempt before court. According to 12 U.S.C. § 3410, the affected individual(s) (“customers”) can file a motion to quash subpoena, summons, or formal written requests in the appropriate United States district court, within 10 days of service or within 14 days from their notification. The court rejects the motion, if the applicant is not the customer to whom the records are pertaining, or if there is a demonstrable reason to believe that the records sought are relevant to the inquiry. If that is not the case, or if due procedural rules have not been complied with by the Government, the motion shall be granted.114 According to § 3414, however, the rules provided above shall not apply whether access to financial records is necessary to conduct foreign counter or positive-­ intelligence activities carried out by the Prosecutions service or other Government authorities or by the Secret Service, or intelligence or counterintelligence investigations related to international terrorism.115  The subpoena shall be served together with the following notice: “Records or information concerning your transactions which are held by the financial institution named in the attached subpena are being sought by this (agency or department or authority) in accordance with the Right to Financial Privacy Act of 1978 [12 U.S.C. 3401 et seq.] for the following purpose: If you desire that such records or information not be made available, you must:

112

1. Fill out the accompanying motion paper and sworn statement or write one of your own, stating that you are the customer whose records are being requested by the Government and either giving the reasons you believe that the records are not relevant to the legitimate law enforcement inquiry stated in this notice or any other legal basis for objecting to the release of the records. 2. File the motion and statement by mailing or delivering them to the clerk of the…Court. 3. Serve the Government authority requesting the records by mailing or delivering a copy of your motion and statement to… 4. Be prepared to come to court and present your position in further detail. 5. You do not need to have a lawyer, although you may wish to employ one to represent you and protect your rights. If you do not follow the above procedures, upon the expiration of ten days from the date of service or fourteen days from the date of mailing of this notice, the records or information requested therein will be made available. These records may be transferred to other government authorities for legitimate law enforcement inquiries, in which event you will be notified after the transfer.  12 U.S.C. § 3407; see also CRM §§ 408–409.  See also CRM 415. In this latter case, the right to judicial review is subject to a statute of limitation of 3 years from the date on which the violation occurs or the date of discovery of such violation, whichever is later, cf. 18 U.S.C. § 3511 and 12 U.S. Code § 3416. 115  12 U.S.C. § 3414(a) (1) (A)(B)(C). On the exceptionalism of foreign intelligence see, e.g., Taipale (2007), and Kerr (2014). 113 114

312

7  Real-Time Monitoring of Banking Data: State of Play

When these interests are at stake, the Director of the FBI is required to certify in writing to the financial institution that such records are sought for the purposes illustrated, to proof that the investigation is not conducted solely upon the basis of activities protected by the First Amendment to the Constitution (freedom of speech).116 Notably, such protective clause cannot be invoked in favour of all targets of an investigation, as it applies only to United States nationals (while financial records may concern also other nationals).117 Further exceptions are also provided in case obtaining financial records is urgent due to imminent danger of physical injury to any person; serious property damage; or flight to avoid prosecution.118 In such circumstances, the Government may acquire the records after the submission of a certificate, signed by a supervisory official of a designated rank, together with the specific identification of the customer, entity, or account to be used as the basis for the production and disclosure.119 Grand Jury Subpoena Where a Grand Jury proceeding is established (i.e. in case of especially serious offences120), the latter—which acts under the authority of a US federal court, and is supervised by a US federal prosecutor—has the power of issuing a particular kind of subpoena ordering the production of financial records.121 With such subpoena  “Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances”. 117  12 U.S.C. § 3414(a)(5)(A). The information so gathered may be shared by the FBI only following the cases provided in the Attorney General’s guidelines for foreign intelligence collection and foreign counterintelligence investigations, and only if such information is clearly relevant to the authorized responsibilities of such agency. Such activity shall be periodically reported to the competent Congressional Committees by the Attorney General. On the subjective limitations to US nationals, see also Electronic Privacy Information Center (EPIC) (2018). Cf. also Gross (2002); Vervaele (2007). 118  12 U.S.C. § 3414(b)(1). 119  12 U.S.C. § 3414(b). 120  A Grand Jury is “a body of (usu. 16 to 23) people who are chosen to sit permanently for at least a month—and sometimes a year—and who, in ex parte proceedings, decide whether to issue indictments”. According to the “Grand Jury Clause” of the Fifth Amendment, an indictment by a grand jury is required before a person can be tried for serious offenses, when the public interests so required, cf. Garner (2014), pp.  814–815. For an overview on grand jury issues, see, e.g., O’Sullivan (2016), p. 795. 121  “Although the Act is clear on the point that grand jury subpoenas are excepted, 12 U.S.C. § 3413(i), one financial institution has argued that grand jury subpoenas are a form of “judicial subpoena” and therefore subject to the customer notice and challenge requirements of 12 U.S.C. § 3407. The court considering this argument, however, held that grand jury subpoenas are not “judicial subpoenas” within the meaning of the Act. In re Subpoena to Testify Before the Grand Jury Issued to the Commonwealth Nation Bank, Civil Action No. 79-349, Misc. 7924, slip op. (M.D. Pa., April 6, 1979)”, cf. CRM § 408. See also US v. R. Enterprises, Inc., 498 U.S. 292, 298, 111 S. Ct. 722, 112 L. Ed. 2d 795 (1991), which underlines the difference between a grand jury subpoena and a trial subpoena, that can be quashed according to the test set up by US v. Nixon, 418 U.S. 683, 699–700, 94 S. Ct. 3090, 41 L. Ed. 2d 1039 (1974). 116

7.6  Real-time Monitoring of Banking Data in the US

313

(known as duces tecum s.), the Grand Jury may order a subject to produce documents pertinent to a proceeding, including financial records, without the possibility for the addressee(s) to challenge the request under 12 U.S.C. § 3410, and substantially, for any reason different from the clause against self-­incrimination established in the Fifth Amendment.122

7.6.3  Administrative Subpoena or Summons Different conditions apply to administrative summons or subpoena, which may be issued if there is reason to believe that the records sought are relevant to a legitimate law enforcement inquiry. They consist of “a judicially enforceable demand for records issued by a government authority which is authorized by some other provision of law to issue such process”.123 In these cases in fact, it is the Government, and 122  Although the case-law of the USSC has drastically downsized the possibility for these subjects to invoke the Fifth Amendment protection too (cf., e.g., Braswell v. US, 487 U.S. 99, 108 S. Ct. 2284, 101 L. Ed. 2d 98, 88-2 U.S. Tax Cas. (CCH) P 9546, 25 Fed. R. Evid. Serv. 609, 25 Fed. R. Evid. Serv. 632, 62 A.F.T.R.2d 88-5724 (1988); Hale v. Henkel, 201 U.S. 43, 26 S. Ct. 370, 50 L. Ed. 652 (1906); In re Grand Jury Subpoena Issued June 18, 2009, 593 F.3d 155, 158 (2d Cir. 2010)). The peculiarity of the Grand Jury functions, as constantly affirmed by the Supreme Court (see, e.g., US v. R. Enterprises, Inc., cit.; US v. Mechanik, 475 U.S. 66, 106 S. Ct. 938, 89 L. Ed. 2d 50 (1986), where the Court refused to dismiss an indictment solely because of the violation of Rule 6(d) of the Fed. R. Crim. P.) justifies to denial of most of the evidentiary rules protecting defendants’ fundamental constitutional rights (such as the obligation for the prosecutor to disclose exculpatory evidences, the prohibition of anchoring a decision on hearsay testimony, and the Fourth Amendment exclusionary rule for illegally seized evidence). Quashing a subpoena, thus, becomes extremely hard for the subjects involved in the investigations, both as targets and as witnesses, especially when the target of the investigation is a corporation (including financial institutions). 123  12 U.S.C. § 3405; the subpoena shall be served together with the following notice “Records or information concerning your transactions held by the financial institution named in the attached subpena or summons are being sought by this (agency or department) in accordance with the Right to Financial Privacy Act of 1978 [12 U.S.C. 3401 et seq.] for the following purpose: … If you desire that such records or information not be made available, you must:

1. Fill out the accompanying motion paper and sworn statement or write one of your own, stating that you are the customer whose records are being requested by the Government and either giving the reasons you believe that the records are not relevant to the legitimate law enforcement inquiry stated in this notice or any other legal basis for objecting to the release of the records. 2. File the motion and statement by mailing or delivering them to the clerk of any one of the following United States district courts: … 3. Serve the Government authority requesting the records by mailing or delivering a copy of your motion and statement to … 4. Be prepared to come to court and present your position in further detail. 5. You do not need to have a lawyer, although you may wish to employ one to represent you and protect your rights. If you do not follow the above procedures, upon the expiration of ten days from the date of service or fourteen days from the date of mailing of this notice, the records or information requested therein will be made available. These records may be transferred to other Government authorities for legitimate law enforcement inquiries, in which event you will be notified after the transfer; see also CRM § 408.

314

7  Real-Time Monitoring of Banking Data: State of Play

not a court, which issues the summons to the private party that possess the relevant information, asking for its disclosure. An example of administrative subpoena is given by the Inspector General Act of 1978, that at § 6(4) establishes that each Inspector General is authorized to “require by subpoena the production of all information, documents, reports, answers, records, accounts, papers, and other data in any medium (including electronically stored information, as well as any tangible thing) and documentary evidence necessary in the performance of the functions assigned by this Act, which subpoena, in the case of contumacy or refusal to obey, shall be enforceable by order of any appropriate United States district court”.124 Similarly to judicial subpoenas, also administrative subpoenas compel the holder of financial records to supply the information required, and may be quashed at the conditions provided for by 12 U.S.C. § 3410. This tool, however, presents two rather peculiar features. First, administrative subpoenas represent an example of “indirect” surveillance in which private parties have a major role, as the concrete surveillance activity is not carried out by the Government, but by service providers that are ordered to discover the records they collected (e.g. for business related reasons). Second, in administrative subpoenas, courts play only a marginal role: They are involved exclusively if the Government wishes to compel the addressee of the subpoena not to reveal its customers that access to their information was requested. To obtain a legally binding non-disclosure effect, the Government shall request a court the issuance of an order towards the addressee of the subpoena.

7.6.4  Probable Cause Search Warrant Lastly, pursuant to Rule 41 of the Federal Rules of Criminal Procedure (Fed. R. Crim. P.), a prosecutor or a federal law-enforcement officer authorized by the Attorney General, may request a search warrant before the magistrate judge geographically competent for the interested district.125 According to the Fourth Amendment, search warrants are granted only if there is probable cause to believe that the search, or the installation and use of a tracking device126 is justified in light of the facts offered by the Government, which shall establish a likelihood that a crime has occurred, and that evidence of the latter exists

 U.S.C. Title 5, appendix.  Cf. Fed. R. Crim. P., Rule 41 (b)(c)(d). According to 12 U.S. Code § 3406 (b)(c) the warrant shall be served together with the following notice: “Records or information concerning your transactions held by the financial institution named in the attached search warrant were obtained by this (agency or department) on (date) for the following purpose: … You may have rights under the Right to Financial Privacy Act of 1978 et seq.]”. Cf. also CRM § 407. 126  “Tracking device” is defined by 18 U.S.C. § 3117 (b) as “an electronic or mechanical device which permits the tracking of the movement of a person or object”. 124 125

7.6  Real-time Monitoring of Banking Data in the US

315

in the location to be searched.127 When the request concerns information to be sought with a tracking-device, the warrant shall: Identify the person(s) or property to be tracked, designate the magistrate judge to whom it must be returned, and specify a reasonable length of time for the device to be used, which must not exceed 45 days from its issuing, and may be extended for a reasonable period, again not to exceeding 45 days each. No later than 90 days after the search warrant has been served, the customer shall be notified a copy of the warrant, unless a delay is granted by the court.128 An example in this sense may be found again in the Stored Wire and Electronic Communications and Transactional Records Access Act (SCA) where it is established that, as provided for by 18 U.S.C. § 2703(a), if the Government is not willing to afford prior notice to the subscriber/customer, it has to obtain a search warrant before ordering a provider of electronic communication service to disclose the contents of wire or electronic communications stored for 180 days or less. “Super” Search Warrants  Among the category of search warrants, there are also particularly safeguarded situations, in which the Government needs to meet a higher threshold than that of “normal” warrants.129 That is for instance the case of the Wiretap Act, which authorizes the Government to intercept wire or oral communications, but only complying with specific procedural requirements.130 In particular, 18 U.S.C. § 2516 compels law-enforcement agents to submit their request to a prosecutor; the latter is then required to obtain a judicial authorization before starting the monitoring procedures. Interceptions may be used only as extrema ratio, i.e. after the exhaustion of other traditional investigative techniques, and exclusively to prosecute a limited number of offences. Unless the court grants an extension, wiretapping cannot last for more than 30 days, and information so obtained needs to be secured and placed under seal. Subjects intercepted shall be notified within a reasonable time, and not later than 90 days after the expiration of the order. As anticipated, according to the applicable statutory law, formal written requests, judicial and Grand Jury subpoenas, administrative summons and search warrant are the investigative tools that the Government may use to access electronic records, including financial and banking data. However, while no question concerning the identification of the applicable legal basis arises with regard to the collection of pre-­ existing or pre-stored information, also in the US several critical issues emerge when data are to be collected real-time. This situation persists regardless of the reform carried out to adjust the legal framework to the new technological challenges.

 12 U.S. Code section 3406; see also CRM § 407. Cf. also Taslitz (2013).  Fed. R. Crim. P., Rule 41 (e)(c). 129  So defined by Kerr (2003b). 130  The Wiretap Act was first passed as Title III of the Omnibus Crime Control and Safe Streets Act of 1968 (P.L. 90-351), and is thus generally known as “Title III”, codified at 18 U.S.C. § 2510–2522. 127 128

316

7  Real-Time Monitoring of Banking Data: State of Play

The reference goes here especially to the Electronic Communications Privacy Act (ECPA), which in 1968 amended the aforementioned Wiretap Act, introducing in the US Code the Pen Register statute and Store Wire and Electronic Communications Act (also already mentioned). None of these statutes, indeed, provides for satisfactory legal bases for the real-time monitoring of banking data. On one side, the scope of the Stored Communications Act (SCA) covers the tracking of electronic communication service providers concerning wire or electronic communications, both in their “content” and “non-content” details. The SCA, however, as the same title suggests, is limited only to “stored records” and not to future ones. Moreover, it is also hardly applicable to financial institutions, since banks are not electronic communication service providers. On the other side, both the Wiretap Act and the Pen Register statute regulate prospective real-time information gathering, including also that on the Internet. The first Act regulates access to the content of communications (requiring a “super” search warrant) and the second to non-content information (requiring a relevance court order). Taking into account its pervasiveness, banking surveillance could theoretically fall under the scope of the Wiretap Act, but according to 18 U.S.C. § 2510(12), financial transactions are specifically excluded from the definition of electronic communications, and that lays a substantial obstacle in applying provisions drawn for communicative contents to banking transactions.131 The only piece of legislation which seems able to provide legal basis to real-time monitoring of banking records remains therefore the Pen Register statute. It however does not provide for strong guarantees for the individuals affected by such measures. As anticipated, in fact, a Pen Register request for information requires only a relevance court order, in which the judiciary is recognized just a limited reviewing power, and the Government is conferred a great discretion. The Pen Register statute, moreover, contrary to the Wiretap Act, does not provide for exclusionary rules to sanction potential violations, a lacuna which seems rather ominous in light of the great relevance of surveillance practices in the US.132 This lacuna, actually, has been identified by legal scholars as one of the reasons why real-time monitoring of banking data as long been “virtually ignored” by the US legal system: Indeed, due to the lack of exclusionary rules, US courts “only  Cf. 18 U.S.C. § 2510(12), according to which: ““electronic communication” means any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectronic or photooptical system that affects interstate or foreign commerce, but does not include—[…] (D) electronic funds transfer information stored by a financial institution in a communications system used for the electronic storage and transfer of funds”. 132  Proposing to introduce a suppression remedy Kerr (2003a), according to “such a change would create a strong incentive for defendants to challenge the government’s surveillance practices in court. In so doing, it would create a forum for the courts to apply the statutes in criminal cases, which would clarify both to the government and the public what powers the government can exercise to investigate Internet crime, as well as the limits on those powers” which also the US Department of Justice should be found useful. 131

7.6  Real-time Monitoring of Banking Data in the US

317

rarely encounter challenges to Internet surveillance practices”.133 Hence, questions on the basic working of this investigative technique can be found in judicial decisions much less frequently than it would be expected, taking into account the practical application of this measure.134 All these elements contribute in making today the identification of adequate legal basis for real-time monitoring of (banking) data and its interpretation, rather uncertain.135 US courts also examine issues related to electronic surveillance in a relatively limited number of cases due to the impossibility—caused by the US Supreme Court’s (USSC) case-law—to invoke the Fourth Amendment protection in case of records shared in informatics systems. Indeed, the purpose of the Electronic Communications Privacy Act (ECPA) was to provide a protection equivalent to that recognized for search and seizure under the Fourth Amendment also to electronic communications. However, in the jurisprudence of the Supreme Court, no expectation of privacy, and thus no protection under this Constitutional clause may be invoked when a subject has revealed a piece of information to third parties. This “disclosure principle” or “third party doctrine” has been broadly interpreted by the USSC, that applies it also to non-public disclosures made to non-human beings, such as phones or electronic devices,136 or, for the issue here at stake, to the  And when they do, the challenges tend to be in civil cases between private parties, since exclusionary rules are here substituted with strong provisions of civil law liabilities, cf. Kerr (2003a), who highlights that “Owing to the near-total absence of criminal precedents interpreting these statutes, a court often will have little sense of how its decision fits within the context of criminal cases, or even that the decision will have any implications at all for criminal law […] When the resulting civil precedents are applied in a criminal context, however, the decisions can have surprising and disturbing implications for routine criminal investigations”. 134  Kerr (2003a), who reports how “In the more than fifteen years since Congress enacted the modern Internet surveillance laws, only a trickle of cases have emerged that shed light on any part of them […] Because Congress has not provided a statutory suppression remedy, criminal defendants have little incentive to raise challenges to the government’s Internet surveillance practices. Absent defense challenges, courts rarely encounter disputes alleging violations of those laws, and few decisions result […] When defendants raise these challenges, the courts generally reject them without reaching the merits on the ground that no suppression remedy exists”, even if exceptions do exist. 135  In this sense, Kerr (2004). 136  Cf. Smith v. Maryland 442 U.S. 735, 442 (1979), according to which “Petitioner in all probability entertained no actual expectation of privacy in the phone numbers he dialed, and even if he did, his expectation was not “legitimate.” First, it is doubtful that telephone users in general have any expectation of privacy regarding the numbers they dial, since they typically know that they must convey phone numbers to the telephone company and that the company has facilities for recording this information and does, in fact, record it for various legitimate business purposes. And petitioner did not demonstrate an expectation of privacy merely by using his home phone, rather than some other phone, since his conduct, although perhaps calculated to keep the contents of his conversation private, was not calculated to preserve the privacy of the number he dialed. Second, even if petitioner did harbor some subjective expectation of privacy, this expectation was not one that society is prepared to recognize as “reasonable”. When petitioner voluntarily conveyed numerical information to the phone company and “exposed” that information to its equipment in the normal course of business, he assumed the risk that the company would reveal the information”. More specifically on the internet see, e.g., Guest v. Leis, 255 F.3d 325, 335-36 (6th Cir. 2001), finding no expectation of privacy in non-content information disclosed to ISP; United States v. 133

318

7  Real-Time Monitoring of Banking Data: State of Play

Internet, and to financial institutions (e.g. in case of a bank account).137 Following this settled case-­law, therefore, the Fourth Amendment clause does not apply to internet communications and data (including banking digital data), with the result, among others, that if the ECPA provisions are violated, this is “only” a statutory and not a Constitutional violation. When, such as in the case of the Pen Register statute (but also of the Stored Communications Act), the Congress did not provide for specific exclusionary rules in the legislation, the level of protection for the individuals affected by these surveillance measures is therefore rather limited, including possibilities for the latter to claim procedural or substantial violations before a court. This interpretation was recently confirmed in Carpenter v United States (2018), where the Court was called to judge upon the legitimacy of the warrantless search and seizure of cell-site location information through a SCA disclosure order over the course of 127 days. The USSC, indeed, recognised in the specific case a Fourth Amendment’s protection, and thus an obligation for the Government to show probable cause to obtain the records. However, it also explicitly confirmed the validity of the third-party doctrine (at least formally), and simply created an exception grounded on the supposed (and widely challengeable) “unique nature” of cell-site location information.138 To this background, it should be added that a rather worrying practice has been revealed in the US in the last decades. Thanks to a claim filed by a private citizen for releasing information on the Government’s procedure of tracking individuals via real-time measures,139 it emerged in fact that US prosecutors and law-enforcement are not obtaining financial data through Pen Register Relevance Court Orders

Hambrick, 55 F. Supp. 2d 504, 508-09 (W.D. Va. 1999), aff’d, 225 F.2d 656 (4th Cir. Aug. 3, 2000); United States v. Kennedy, 81 F. Supp. 2d 1103, 1110 (D. Kan. 2000). Cf. also Balkin (2008), p. 19. On the nature of right to privacy, see the landmark case Katz v. United States, 389 U.S. 347 (1967). Critical on this issue Kerr (2003b), and Kerr (2003a). Reflecting on the role of third-parties (in a pre-digital context) in the scope of privacy and secrecy, Caprioli (2000), pp. 30–32. 137  Cf. United States v. Miller, 425 U. S. 435,443 (1976), according to which there is no expectation of privacy in financial records held by a bank, as revealing financial affairs to a financial institution implies taking “the risk […] that the information [would] be conveyed by that person to the Government” and “There is no legitimate “expectation of privacy” in the contents of the original checks and deposit slips, since the checks are not confidential communications, but negotiable instruments to be used in commercial transactions, and all the documents obtained contain only information voluntarily conveyed to the banks and exposed to their employees in the ordinary course of business”. Cf. also Blitz (2013); Lafave et al. (2017); Dennis (2011); Kerr (2010); Slobogin (2007). 138  Carpenter v. United States, 585 U.S. ____ (2018), p. 11, see also Justice Kennedy and Alito’s dissenting opinions, in favour of the doctrine, but concluding that the decision will make it de facto inapplicable on fairly predictable basis. See also below, Sect. 8.2, sub 7). 139  The claim has been filed by Christopher Soghoian, a cyber-security and privacy researcher, under the Freedom of Information Act, 5 U.S.C. ß 552 (2006), and was answered almost a year later, in 2010, see Soghoian (2014).

7.6  Real-time Monitoring of Banking Data in the US

319

(despite the wide discretion already granted by this tool), but rather using administrative subpoenas, issuing orders that go under the name of “Hotwatch”.140 According to the limited information (a mere power-point presentation, partially censored) released in 2010 by the Department of Justice (DOJ), Hotwatch orders represent a consolidated practice of electronic surveillance over citizens’ financial records, and in particular over credit card transactions, retail shopping member cards, calling cards, cell phones, travel agencies (e.g. rental car, airlines) and travel reservations.141 To activate the orders, all that federal agencies allegedly have to do is to contact the credit card security department, explain why the information is relevant to the criminal investigation, and eventually send an administrative subpoena with a court order for non-disclosure addressed to the financial institutions, “preventing them from telling their customers that the government has spied on their financial transactions”.142 The Government can therefore directly compel financial institutions to monitor ongoing and future banking transactions involving their own customers, and consequently obtain all needed details concerning date, time and location of account transactions, as they occur. The use of administrative subpoenas to perform real-time surveillance measures raises severe concerns, due to the low level of controls intrinsic to this mechanism. For instance, it has been reported of law-enforcement investigators, especially at State level, going directly to the court, and obtaining Hotwatch orders without even previously discussing or vetting the application with a prosecutor.143 The main concern, however, is not represented by the lack of prosecutorial oversight, but rather by the limited role played by courts in this procedure. As previously illustrated, in fact, the use of administrative subpoenas permits the judge to intervene only in an eventual and subsequent way (within the non-disclosure order). The court, therefore, is not entitled to conduct any Fourth Amendment analysis on the

 DOJ (2010), reporting that “Records may be obtained via: Administrative subpoena with a Court order for Non-Disclosure (preferred way) [bold in the original] Administrative subpoena with Ex Parte order (90 day delay of notice) Search Warrant Grand Jury subpoena (past records only)”. 141  This notwithstanding, “the US Department of Justice found 10 relevant documents in response to the author’s Freedom of Information Act request, but has refused to deliver them”, cf. Soghoian (2010), note 193. 142  Cf. DOJ (2010), and Soghoian (2014). 143  “In Freedman v. America Online, 303 F.Supp.2d 121 (7th Cir. 2005), over-zealous law enforcement officers presented a search warrant application to America Online (“AOL”) which had been reviewed or signed by a judge. AOL complied with the invalid warrant, and the person whose email account information had been disclosed sued the law enforcement officers as well as AOL. The claims against AOL were dismissed pursuant to a forum selection clause in the plaintiff’s subscription agreement with AOL.  The claims against the law enforcement officers survived summary judgment”, cf. Denney and Parker (2015), p. 1. 140

320

7  Real-Time Monitoring of Banking Data: State of Play

existence of a probable cause to enforce the surveillance measure, that is to say, the court does not have any real power of reviewing the merit of the measure.144 This profile is even more critical considering that the existence of a legitimate legal basis for the Government to obtain such summons appears rather uncertain.145 The process requested by the Pen Register statute illustrated above, which currently is the only US piece of legislation that could explicitly include banking surveillance in its scope, is indeed incompatible with the feeble oversight requested by administrative subpoenas, and therefore cannot represent a proper legal basis to issue Hotwatch orders. According to legal scholars and public available sources, currently the US Government appears to seek these administrative subpoenas mainly pursuant to the All Writs Act, a very broad piece of legislation characterized by a quite vague subject matter, which allows courts to issue “all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law”.146 The All Writs Act, for instance, was identified by the Government as the legal basis to try at forcing Apple to grant access to the data contained in the iPhone of the St. Bernardino’s terrorist attacker.147 While generally what is sought under this statute is pre-existing evidence, some case-law also supports the application of the All Writs Act towards future records, even if not explicitly the installation of real-time tracking devices.148 Both cases, anyway, seem to “grant the executive branch authority to use investigative techniques either explicitly denied it by the legislative branch, or at a minimum omitted from a far-reaching and detailed statutory scheme that has received the legislature’s intensive and repeated consideration”.149 Although to date, no court appears to have explicitly confirmed the legitimacy of using the All Writs Act as a proper legal basis for banking surveillance, it is not far-fetched to imagine its application also in this field, especially in cases where interests, particularly “alarming” for the US criminal justice policy, are at stake. Lastly, adding concern to concern, administrative subpoenas are, as anticipated, based on a mechanism of indirect surveillance, which delegates real-time monitoring tasks on private parties that (by default) apply standards, rules and (if any) safeguards that are usually not disclosed to the public, and therefore hard to be democratically controlled and effectively reviewed. As it was brilliantly summarized “Each type of surveillance requires trust in someone; the difference comes in  See, e.g., Davis (2012).  Denney and Parker (2015), p. 4. See also Singel (2010). 146  The All Writs Act, originally established as part of the Judiciary Act of 1789 (1. Stat. 73), then repeatedly modified starting from 1911, is codified at 28 U.S.C. § 1651. 147  Cf., e.g., Lewis (2016). In this sense, see, for all, Electronic Privacy Information Center (2016). 148  Cf., e.g., United States v. Doe, 537 F. Supp. 838 (1982) at 839, ordering the disclosure of phone calls records for the following 6 months; In re Application of the U.S.A. For an Order Directing X To Provide Access to Videotapes, 2003 WL 22053105, No. 03-89 (22.08.2003 D. Md.), concerning the subsequent production of videotapes from a camera installed in an apartment hallway. 149  Cf. In re Authorizing Use of a Pen Register, 384 F.Supp.2d 562 (E.D.N.Y. 2005), concerning an order reaffirming denial of government’s phone tracking request, available online. 144 145

References

321

who receives the grant of trust. Direct surveillance asks us to trust the government, and indirect surveillance asks us to trust the provider”.150 In a context in which either the Government and the providers are operating without clear legal boundaries and oversight (at statutory level, or by courts), this alternative does not look reassuring either way. In this sense, the Hotwatch example shows how introducing clear surveillance measures and procedures in domestic legal systems is increasingly urgent and necessary. A lack of legal bases indeed does not mean that real-time surveillance is not actually being implemented. On the contrary, it often results in the discretional and uncontrolled exercise of intrusive powers by public, or private authorities in disregard of defence and privacy rights of the affected individuals.

References Allegrezza S (2010) Critical remarks on the Green Paper on obtaining evidence in criminal matters from one member state to another and securing its admissibility. ZIS 9:569 Allegrezza S (2014) Collecting criminal evidence across the European Union: the European investigation order between flexibility and proportionality. In: Ruggeri S (ed) Transnational evidence in multicultural inquiries in Europe developments in EU legislation and new challenges for human rights-oriented criminal investigations in cross-border cases. Springer, Heidelberg, p 51 et seq Armada I (2015) The European investigation order and the lack of European standards for gathering evidence is a fundamental rights-based refusal the solution? New J Eur Crim Law 6(1):8 Bachmaier Winter L (2010) European investigation order for obtaining evidence in the criminal proceedings study of the proposal for a European Directive. ZIS 9:580 Bachmaier Winter L (2013) Transnational criminal proceedings, witness evidence and confrontation: lessons from the ECtHR’s case law. Utrecht Law Rev 9(4):127 Balkin JM (2008) The constitution in the National Surveillance State. Faculty Scholarship Series. Paper 225 BBC (2012) HSBC money laundering report: key findings, 11 December 2012. https://www.bbc. co.uk/news/business-18880269. Accessed 19 July 2018 Bernal P (2016) Data gathering, surveillance and human rights: recasting the debate. J  Cyber Policy 1(2):243–264 Blitz MJ (2013) The Fourth Amendment future of public surveillance: remote recording and other searches in public space. Am Univ Law Rev 63:21 Caianiello M (2016) Verso l’attuazione della direttiva ue sull’ordine europeo di indagine penale. In: Caianiello M, Di Pietro A (eds) Indagini penali e amministrative in materia di frodi IVA e doganali. L’impatto dell’European Investigation Order sulla cooperazione transnazionale, Cacucci, Bari, p 305 Caianiello M (2018) L’attuazione della direttiva sull’ordine europeo di indagine penale e le sue ricadute nel campo del diritto probatorio. Cass pen 6:2197 Caprioli F (2000) Colloqui riservati e prova penale. Giappichelli, Torino Carvajal D, Minder R (2013) A whistle-blower who can name names of Swiss Bank account holders. The New York Times, 8 August 2013 Cocq C, Galli F (2013) The catalysing effect of serious crime on the use of surveillance technologies for prevention and investigation purposes. New J Eur Crim Law 4(3):256 150

 Kerr (2003b).

322

7  Real-Time Monitoring of Banking Data: State of Play

Daniele M (2017) L’ordine europeo di indagine penale entra a regime. Prime riflessioni sul d. lgs. n. 108 del 2017. Dir pen cont, 28 luglio 2017 Davis B (2012) Prying eyes: how government access to third-party tracking data may be impacted by United States v. Jones. New Eng Law Rev 46:843 De Amicis G (2002) Il protocollo della convenzione relativa all'assistenza giudiziaria in materia penale tra gli stati membri dell'Unione europea fatta a Bruxelles il 29 maggio 2000. Cass pen, fasc.1: 421 De Amicis G (2011) Limiti e prospettive del mandato di ricerca della prova. Dir pen cont, 5 aprile 2011 De Amicis G (2018) Dalle rogatorie all'ordine europeo di indagine: verso un nuovo diritto della cooperazione giudiziaria penale. Cass pen, p 22 De Hert P, Weis K, Cloosen N (2009) The Framework Decision of 18 December 2008 on the European evidence warrant for the purpose of obtaining objects, documents and data for use in proceedings in criminal matters - a critical assessment. New J Eur Crim Law 1:55–78 Denney C, Parker C (2015) Bankers beware of so-called “Hotwatch” orders – are they even legal? In: White Collar Crime Committee Newsletter, ABA-Criminal Justice Section’s White Collar Crime Committee, Winter/Spring 2015 Dennis ES (2011) A Mosaic Shield: Maynard, the Fourth Amendment, and privacy rights in the digital age. Cardozo Law Rev 33:737 Di Nicola A, Gounev P, Levi M, Rubin J, Vettori B (2015) Study on Paving the Way for Future Policy Initiatives in the Field of Fight Against Organised Crime: The Effectiveness of Specific Criminal Law Measures Targeting Organised Crime. Final report funded by the European Commission, February 2015. https://ec.europa.eu/home-affairs/sites/homeaffairs/files/elibrary/docs/20150312_1_amoc_report_020315_0_220_part_1_en.pdf. Accessed 19 July 2018 DOJ (2010) Powerpoint Presentation on Hotwatch Surveillance Orders of Credit Card Transactions, issued on 2 December 2010. https://www.scribd.com/document/44542244/DOJ-powerpointpresentation-on-Hotwatch-surveillance-orders-of-credit-card-transactions. Accessed 19 July 2018 Drüen K-D (2012) The mutual assistance directives. In: Rust A, Fort E (eds) Exchange of information and bank secrecy. Wolters Kluwer, The Netherlands, p 80 Electronic Privacy Information Center (EPIC) (2016) Apple v. FBI CM 16-10 (SP) Central District of California (Fourth Amendment) Brief of Amicus Curiae Electronic Privacy Information Center (Epic) and Eight Consumer Privacy Organizations. https://www.epic.org/amicus/ crypto/apple/EPIC-Amicus-Brief.pdf. Accessed 19 July 2018 Electronic Privacy Information Center (EPIC) (2018) United States v. Microsoft 17-2, Whether the Stored CommunicationsAct authorizes warrants for personal data stored outside of the United States. https://www.supremecourt.gov/DocketPDF/17/17-2/28360/20180118172113162_17-2%20 bsac%20Electronic%20Privacy%20Information%20Center.pdf. Accessed 19 July 2018 Falato F (2018) La proporzione innova il tradizionale approccio al tema della prova: luci ed ombre della nuova cultura probatoria promossa dall’ordine europeo di indagine penale. Arch pen, no. 1. http://www.archiviopenale.it/la-proporzione-innova-il-tradizionale-approccio-al-temadella-prova-luci-ed-ombre-della-nuova-cultura-probatoria-promossa-dallordine-europeo-di-indagine-penale/articoli/15303. Accessed 19 July 2018 Felicioni P (2012) Le ispezioni e le perquisizioni. Giuffrè, Milano Fitzgibbon W (2017) Where are they now? A year later, mixed fortunes for Panama Papers line-up. ICIJ/Panama Papers, 3 April 2017. https://www.icij.org/investigations/panama-papers/yearlater-panama-papers-update/. Accessed 19 July 2018 Franssen V, Ligeti K (eds) (2017) Challenges in the field of economic and financial crime in Europe and the US. Hart, Oxford FSB (2017) Financial Stability Implications from FinTech, June 2017. http://www.fsb.org/wpcontent/uploads/R270617.pdf. Accessed 15 July 2018 Garner BA (ed in Chief) (2014) Black’s law dictionary, 10th edn. Thomson Reuters, St. Paul

References

323

Garside J  (2015) HSBC pays out £28m over money-laundering claims. The Guardian, 4 June 2015. https://www.theguardian.com/business/2015/jun/04/hsbc-fined-278m-over-money-laundering-claims. Accessed 19 July 2018 Gross E (2002) The influence of terrorist attacks on human rights in the United States: the aftermath of September 11, 2001. N C J Int Law Commer Regul 28:1 Guernsey L (2001) Living under an electronic eye. The New York Times, 27 September 2001 Harris DJ, O’Boyle M, Beates EP, Buckley M (2014) Law of the European Convention on human rights, 3rd edn. Oxford University Press, Oxford Henrichs C (2017) Steueroase in der EU. Mafia-Blut an Maltas Geld. Der Spiegel, 21 May 2017. http://www.spiegel.de/wirtschaft/soziales/malta-files-wie-die-steueroase-die-mafia-anlockta-1148446.html#ref=rss. Accessed 19 July 2018 Hess M (2012) Exchange of information: the swiss perspective. In: Rust A, Fort E (eds) Exchange of information and bank secrecy. Wolters Kluwer, The Netherlands, p 169 Howse T (2012) England. In: Ligeti K (ed) Toward a prosecutor for the European Union, Volume 1: a comparative analysis. Hart, Oxford, p 133 Illuminati G (ed) (2009) Prova penale e Unione Europea–Atti del convegno L’Armonizzazione della prova penale nell’Unione Europea. In: Facoltà di Giurisprudenza dell’Università di Bologna, 18-19 aprile 2008, BUP, Bologna International Monetary Fund (2011) Staff Country Reports, Kingdom of the Netherlands-­ Netherlands: Detailed Assessment Report on Anti Money Laundering and Combating the Financing of Terrorism, April 2011. https://www.imf.org/en/Publications/CR/ Issues/2016/12/31/Kingdom-of-the-Netherlands-Netherlands-Detailed-Assessment-Reporton-Anti-Money-Laundering-24801. Accessed 19 July 2018 Kerr OS (2003a) Symposium: enforcing privacy rights: communications privacy: lifting the “Fog” of internet surveillance: how a suppression remedy would change computer crime law. Hastings Law J 54:805 Kerr OS (2003b) Internet surveillance law after the USA Patriot Act: the big brother that isn’t. Northwest Univ Law Rev 97:607 Kerr OS (2004) The future of internet surveillance law: a symposium to discuss internet surveillance, privacy & the USA Patriot Act: foreword: the future of internet surveillance law. George Wash Law Rev 72:1139 Kerr OS (2009) The National Surveillance State: a response to Balkin. Minn Law Rev 93:2179 Kerr OS (2010) Applying the Fourth Amendment to the internet: a general approach. Stanford Law Rev 62:1005 Kerr OS (2014) A rule of lenity for national security surveillance law. Va Law Rev 100:1513 Kert R, Lehner A (2012) Austria. In: Ligeti K (ed) Toward a prosecutor for the European Union, Volume 1: a comparative analysis. Hart, Oxford, p 9 Lafave WR, Israel JH, King NJ, Kerr OS (2017) Criminal procedure, 6th edn. West Academic Publishing, St. Paul Lasagni G, Rodopoulos I (2019) Comparative study. In: Allegrezza S (ed) The enforcement dimension of the single supervisory mechanism (SSM). The interplay between administrative and criminal law. CEDAM, Milano Lewis D (2016) What the all writs act of 1789 has to do with the iPhone. How a law signed by George Washington is being applied to Apple. Smithsonian.com, 24 February 2016. https:// www.smithsonianmag.com/smart-news/what-all-writs-act-1789-has-do-iphone-180958188/. Accessed 19 July 2018 Ligeti K (ed) (2012) Toward a prosecutor for the European Union Volume 1: a comparative analysis. Hart, Oxford Ligeti K (ed) (forthcoming publication) Toward a Prosecutor for the European Union, Vol 2. Hart, Oxford Luchtman M, Vervaele JAE (eds) (2017) Report. Investigatory powers and procedural safeguards: Improving OLAF’s legislative framework through a comparison with other EU law enforce-

324

7  Real-Time Monitoring of Banking Data: State of Play

ment authorities (ECN/ESMA/ECB). https://dspace.library.uu.nl/.../Report_Investigatory_ powers_and_procedural_safeguards. Accessed 15 July 2018 M.V. (2016) The fall-out from Falciani. The Economist, 16 October 2013 Malagutti V, Riva G, Tizian G, Vergine S (2017) Malta Nostra: how Italian Mafia is using the island to launder money. The Italian crime organization choose the Mediterranean state to invest in new businesses. L’Espresso, 25 May 2017. http://espresso.repubblica.it/inchieste/2017/05/23/ news/malta-nostra-1.302445. Accessed 19 July 2018 Mangiaracina A (2014) A new and Controversial Scenario in the gathering of evidence at the European level: the proposal for a directive on the European investigation order. Utrecht Law Rev 10(1):113 MONEYVAL (2013) The Postponement of Financial Transactions and the Monitoring of Bank Accounts, April 2013. https://rm.coe.int/research-report-the-postponement-of-financial-transactions-and-the-mon/168071509b. Accessed 19 July 2018 O’Sullivan JR (2016) Federal white collar crimes, cases and materials, 6th edn. West Academic Publishing, St. Paul OECD (2005) Articles of the model convention with respect to taxes on income and on capital [as they read on 15 July 2005]. http://www.oecd.org/tax/treaties/35363840.pdf. Accessed 19 July 2018 Panzavolta M (2016) Ordine di indagine europeo e indagini bancarie: spunti di riflessione sul concetto di caso interno analogo e atto di indagine alternativo. In: Caianiello M, Di Pietro A (eds) Indagini penali e amministrative in materia di frodi IVA e doganali. L’impatto dell’European Investigation Order sulla cooperazione transnazionale. Cacucci, Bari, p 367 Peçi I (2012) The Netherlands. In: Ligeti K (ed) Toward a prosecutor for the European Union, Volume 1: a comparative analysis. Hart, Oxford, p 95 Sampathkumar M (2017) Amazon Echo could become key witness in murder investigation after data turned over to police. Man on trial for murder has agreed to turn over audio data from his smart home device. The Independent, 9 March 2017 Selvaggi E (2018) L’ordine europeo di indagine-EIO: Come funziona? Cass pen, p 44 Singel R (2010) Feds Warrantlessly Tracking Americans’ Credit Cards in Real Time, 12 February 2010. https://www.wired.com/2010/12/realtime/. Accessed 19 July 2018 Siracusano F (2012) Tra mutuo riconoscimento e armonizzazione preventiva: quali prospettive per la circolazione della prova dichiarativa nell’ambito dell’Unione europea?. Arch pen, n. 1 Slobogin C (2007) Privacy at risk: the new government surveillance and the Fourth Amendment. The University of Chicago Press Soghoian C (2010) Privacy and law enforcement: caught in the cloud: privacy, encryption, and government back doors in the Web 2.0 Era. J Telecommun High Technol Law 8:359 Soghoian C (2014) DOJ’s ‘Hotwatch’ Real-Time Surveillance of Credit Card Transactions, 4 December 2010. https://www.lewrockwell.com/2010/12/christopher-soghoian/dojs-hotwatch-real-time-surveillance-of-credit-card-transactions/. Accessed 19 July 2018 Spencer JR (2010) The Green Paper on obtaining evidence from one Member State to another and securing its admissibility: the reaction of one British Lawyer. ZIS 9:602 Spiegel P (2014) EU agrees laws to end banking secrecy. Financial Times, 14 October 2014 Stevens GM, Doyle C (2002) Privacy: wiretapping and electronic eavesdropping. Books, Novinka Taipale KA (2007) The ear of dionysus: rethinking foreign intelligence surveillance. Yale J Law Technol 9:128 Taslitz AE (2013) Symposiun on Cybercrime: Cybersurveillance without restraint? The meaning and social value of the probable cause and reasonable suspicion standards in governmental access to third-party electronic records. J Crim Law Criminol 103:839 Timan T, Maša G, Koops B-J (2017) Surveillance theory and its implications for law. In: Brownsword R, Scotford E, Yeung K (eds) The Oxford handbook of law, regulation, and technology. Oxford University Press, Oxford, pp 731–753 Tricot J (2012) France. In: Ligeti K (ed) Toward a prosecutor for the European Union, Volume 1: a comparative analysis. Hart, Oxford, p 222

References

325

Tricot J, Martìn AN (forthcoming) Monitoring of banking transactions and traffic data. In: Ligeti K (ed) Toward a prosecutor for the European Union-draft rules of procedure, vol 2. Hart, Oxford U.S. Senate Permanent Subcommittee on Investigations (2012) Committee on Homeland Security and Governmental Affairs, U.S.  Vulnerabilities to Money Laundering, Drugs, and Terrorist Financing: HSBC Case History, 17 July 2012. https://www.gpo.gov/fdsys/pkg/CHRG112shrg76061/html/CHRG-112shrg76061.htm. Accessed 19 July 2018 Van Hoek AAH, Luchtman M (2005) Transnational cooperation in criminal matters and the safeguarding of human rights. Utrecht Law Rev 1(2):1–39 Vernimmen-Van Tiggelen G, Surano L (2008) Analysis of the future of mutual recognition in criminal matters in the European Union, Final Report. Institute for European Studies Jean Monnet/ Université Libre de Bruxelles, European Criminal Law Academic Network, 20 November 2008. https://www.advokatsamfundet.se/globalassets/advokatsamfundet_sv/nyheter/slutrapport_mutual_recognition_eng.pdf. Accessed 19 July 2018 Vervaele JAE (ed) (2005) European evidence warrant. Transnational judicial inquiries in the EU. Intersentia, Cambridge Vervaele JAE (2007) La legislazione anti-terrorismo negli Stati Uniti: inter arma silent leges? Riv it dir e proc pen, fasc. 2:739 Weigend T (2013) Germany. In: Ligeti K (ed) Toward a prosecutor for the European Union, Volume 1: a comparative analysis. Hart, Oxford, p 264 Zanetti G (2008) Il diritto penale dell’era digitale. Caratteri, concetti e metafore. Ind pen, p 510

Chapter 8

Introducing a Regulation on (Banking) Data Surveillance in the EU: Some Proposals

Against the composite framework and the increasing urgency to provide for clear legal basis, and above all for adequate guarantees in case forms of real-time monitoring of banking records are performed, this Chapter concludes the present work, introducing some proposals on the key features that should characterize a regulation concerning surveillance on banking data within the EU legal framework. To this aim, in Sect. 8.1 a special focus is put on identifying the right(s) affected by banking data surveillance in light of the Charter of the Fundamental Rights of the European Union and of the European Convention on Human Rights. Accordingly, in Sect. 8.2 basic procedural rules and safeguards are highlighted, that shall apply when such surveillance techniques are implemented (at least) in criminal proceedings, including, as discussed in Sect. 8.3, considerations over which authority should authorize the use of real-time monitoring of banking records.

8.1  I dentifying the Fundamental Right(s) Affected by Real-­Time Monitoring of Digital (Banking) Data The first element that shall be considered in outlining the main features of a legal framework for the surveillance on banking records is the identification of the rights affected by this investigative measure. Facing this task, it shall be taken into account that, as already observed, most banking records are no more represented by paper documents, but rather by digital data, the creation of which represents today an unavoidable factor for all human (including financial) relationships1: Indeed, in the present digital society, it is

 Cf. above, Sect. 7.3.

1

© Springer International Publishing Switzerland and G. Giappichelli Editore 2019 G. Lasagni, Banking Supervision and Criminal Investigation, Comparative, European and International Criminal Justice 1, https://doi.org/10.1007/978-3-030-12161-7_8

327

328

8  Introducing a Regulation on (Banking) Data Surveillance in the EU: Some Proposals

b­ asically impossible for natural or legal persons not to daily produce an incredible amount of (mostly digital) data, which incidentally may reveal enormous amounts of (valuable) private information.2 A relevant part of this knowledge does not remain in the exclusive availability of its producers: As highlighted by the new EU data protection Regulation No 2016/679 (better known as “GDPR”), “Rapid technological developments and globalization have brought new challenges for the protection of personal data. The scale of the collection and sharing of personal data has increased significantly […] persons increasingly make personal information available publicly and globally”.3 This ­phenomenon may occur either because data is voluntarily published or, more worryingly, because it gets unwittingly shared, due to the fact that many online services (also in the financial field) necessarily require the production and/or disclosure of private information to be accessed to: For average users therefore the alternative is simply whether to use the service, thus sharing personal data, or not to use the service at all (while, for instance, it is still possible to use the phone to communicate while graduating the level of sensitive information that gets disclosed). Digitalisation, naturally, highly affects also criminal justice systems since, as reported by Directive 2016/680 on the protection of personal data in preventive and criminal proceedings, “Technology allows personal data to be processed on an unprecedented scale in order to pursue activities such as the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties”.4 To date, however, the impact of digital technology in criminal investigation has been only unevenly taken into account in national legal frameworks. In some legal orders, the acknowledgment that already existing legal categories often cannot properly regulate phenomena so overwhelming as digitalization— potentially able to affect fundamental rights to an extent previously unconceivable—brought to the creation of new legal categories and rights. That was, for instance, the approach followed by the German Constitutional Court which, in 2008, declared the inadequacy of the Constitutional guarantees protecting private communications and home, and created a “new” Constitutional right to the secrecy and the integrity of IT systems grounded on human dignity (Grundrecht auf Gewährleistung der Vertraulichkeit und Integrität informationstechnischer Systeme), to be used as a parameter in evaluating the legitimacy of electronic forms

2  Either because the information is valuable in itself, or because it might become so through data mining operations. Only with regard to cell phone data, the market “is now estimated to be in the billions of dollars” cf. Carpenter v US, cit., Kennedy J, dissenting, p. 5. 3  Recital (6), Regulation (EU) 2016/679 of 27.04.2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. 4  Cf. Recital (3), Directive (EU) 2016/680 of 27.04.2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data. On the impact of new technologies in criminal investigations, see also Orlandi (2009), p. 129; Orlandi (2014).

8.1 Identifying the Fundamental Right(s) Affected by Real-­Time Monitoring…

329

of surveillance.5 A similar approach, although practically less effective—for the reasons that will be discussed further below—was also followed by the Italian Supreme Court, that extended the protection established for domicile also to that virtual space personal, the access to which may be controlled (and excluded), through the elaboration of the notion of “virtual domicile” (domicilio informatico).6 In most cases, however, digital technology represents a challenging factor that still founds no adequate response in criminal justice systems, especially when it comes to balance fundamental rights with general interests, such as security. These critical issues, for instance, are increasingly fuelling a debate in the US with regard to the trade-off between successful government investigation and privacy. This is attested by a series of Supreme Court’s landmark cases, which started to deal with the use of digital technology in criminal investigation for tailing purposes in United Sates v Knotts (1983) and United States v Jones (2012)7; and for home searches in Kyllo v United States (2001)8; than considered the peculiarity of digital devices in search incident to arrest in Riley v California (2014)9; and in the collection of location records from cell-site location information in Carpenter (2018).10 Numerous are also the cases, at local level, concerning requests addressed to internet search engine corporations to provide the government with users’ information.11 These and other problematics created by digital technology in criminal investigations, are however destined to inevitably remain unsolved in lack of a comprehensive legal, but also philosophical and ethical re-thinking of the foundational basis of fundamental rights and principles. Such re-calibration is actually essential to identify and separate the concrete modalities that characterize the exercise of a certain right in a specific historical period (e.g. e-mails instead of letters, VoIP instead of phones, digital documents rather than paper) from the core and scope of these rights. The latter indeed need to endure in order to maintain an adequate level of safeguards. For instance, taking into account the rather broad definition of domicile developed by the Court in Strasbourg as a “physically defined area, where private and 5  BVerfG, 27.02.2008, BVerfGE 120, 274 et seq., on the impact for the decision and its following case-law see, e.g., Knierim (2008), p. 253764; Kudlich (2008), p. 475; Maisch (2015), p. 56 et seq.; Bull et al. (2016), Nicolicchia (2017), and Orlandi (2018), note 7. 6  Cf., e.g., in the Italian case-law, Cass., Sez. V, sent. 8.05.2012, dep. 26.10.2012, n. 42021, in Foro it., 2012, 12, 2, p. 709. On the notion of “virtual domicile”, see Torre (2017), p. 84 et seq.; Maioli and Sanguedolce (2012), Pica (1999), p. 66; Signorato (2017), pp. 59–66. 7  Respectively 460 U.S. 276 (beeper tracking) and 615 F. 3d 544, affirmed (GPS tracking). 8  533 U.S. 27, 34 (2001), concerning the use of a thermal imager to detect heat radiating from the side of the defendant’s home. 9  573 U.S. __ (2014), with specific regard to cell phones, cf. e.g., Logan (2001), and, if you please, Lasagni (2018). 10  Cf. Sect. 7.6. In this sense, see, for all, Electronic Privacy Information Center (2017). 11  Since also other major corporations or search engines, such as Google and Yahoo, report of thousands of government requests for user’s information, “including web pages visited and the search terms used”, cf. Gray (2017), p. 107; see also Schulhofer (2012).

330

8  Introducing a Regulation on (Banking) Data Surveillance in the EU: Some Proposals

family life develops” characterized by the existence of a sufficient and continuous link with the person involved by the investigations,12 any intrusion into a personal digital system, especially if protected by a password, could in principle be considered as a violation of the negative obligation of the State not to interfere with such spaces. The possibility to extend the concept of domicile also to include personal (especially digital) data, however, bears certain limitations: Indeed, under the advent of informatics, in a context where human personality is indifferently developed both “physically” and “virtually”, most distinctions between private and public spaces, and the same definition of “space” are mostly and increasingly failing. In addition, tracing intangible digital data, which may be not only stored on a device, but also on the cloud, back to the notion of a “physically defined area” may appear ontologically hard. Where, as in many countries, such a foundational re-thinking has not occurred yet, and fundamental rights concerning several aspects of individual liberty, strictly connected to each other, are frequently safeguarded by separated Constitutional rights, the investigative technique of real-time monitoring of banking record (as a species of the broader genus of personal (digital) data surveillance) is usually applied using legal basis grounded on “analogue” interpretations of fundamental rights. This trend notably stretches legal notions and categories, and often produces unsatisfactory results.13 Digital forms of surveillance, in fact, are able to simultaneously affect several aspects of individual liberty, and may therefore cannot be adequately correlated only to fundamental rights protecting for instance home or communications, and even less to sets of legislation traditionally regulating their limitations.14 In this sense, difficulties in granting adequate protection persist for instance adopting, as mentioned above, a notion of “virtual domicile” without implementing adequate changes in secondary legislation too. The problem, in fact, is not only that of identifying a relevant fundamental right, but also to select one from which it is possible to derive adequate procedural safeguards without distorting the current asset of “analogous” criminal investigations, which of course maintain a fundamental role also in the present digital society. Under this profile for example, regulations concerning search do not generally encompass the use of real-time monitoring tools and are rather shaped upon retrospective investigative measures (i.e. measures to collect pre-existing data). Hence, procedural guarantees provided for in such cases usually lack fundamental rules establishing, a maximum duration of the measure, or the need for a specific authorization in case of extension of such term. Pre-digital  Cf. Giacomelli v Italy, 2.11.2006, Application no. 59909/00, § 76; Gillow v the United Kingdom, 24.11.1986, Application no. 9063/80, § 46. 13  Such as Italy, cf., if you please, with regard to smartphone search, Lasagni (2018). 14  Cf. e.g. Bernal (2016), p. 247 “‘new’ surveillance is both qualitatively and quantitatively different from ‘traditional’ surveillance or interception of communications. Where traditional ‘communications’ was seen as a subset of traditional privacy rights […] the new form of communications has a much broader relevance, a wider scope, and brings into play a much broader array of human rights. The surveillance too is different—and the impact that it can have is different: more extensive, more multifaceted and with a greater impact on the people subjected to it”. 12

8.1 Identifying the Fundamental Right(s) Affected by Real-­Time Monitoring…

331

regulations, moreover, do not frequently take into account that online searches may occur remotely and unbeknown to the person concerned. These two crucial profiles of intrusiveness should instead be specifically tackled by a regulation dealing with surveillance of digital (banking) data that aims at being effective in safeguarding the rights of affected individuals. In this sense, thus, the “digitalisation” of pre-existent rights appears more critical than the solution proposed by the German Constitutional Court, as sometimes maintaining even a linguistic link with “traditional” forms of protection risks to generate misleading interpretations, and encourage indulging in the false impression for instance, that traditional search regulation may suffice also for real-time monitoring of digital (banking) data.15 Critical issues emerge also trying to apply to this case regulations of interception of communications, although wiretapping certainly shares some important features with data surveillance. Contrary to production orders, which are a retrospective measure, both interceptions and real-time monitoring are indeed prospective investigative techniques, a circumstance which implies a higher degree of curtailment for the rights of the subject involved.16 In this perspective, from one side, wiretapping might actually be intended as a form of surveillance or real-time monitoring, used to collect a specific kind of information, that is “communication”. One might wonder, on the other side, whether the notion of “communication” should be interpreted so as to include in it also the personal (banking digital) data. Indeed, if this question were to be answered in the affirmative, distinguishing between wiretapping and surveillance would lose its raison d’être, and there would be no need of establishing a different legal framework for real-time monitoring of (banking) data: Also this investigative technique could be performed according to the rules provided for interceptions with a mere extensive interpretation.17 This would require including in the notion of “communication” not only its more traditional meaning (written and oral communications between at least two human beings, including if mediated by an electronic device, such as e-mails, chats or VoIP conversations), but also the content derived from the interaction between a person and the device itself.18 In this sense, online banking records represent an example of information which could hardly be classified as communication in its traditional meaning, but that may likely be included in its extended notion.

 As currently occurring in Italy (regardless of the criticism of academics, see for all Orlandi (2018); Torre (2017), p. 85), cf. Cass., Sez. V, sent. 14.10.2009, dep. 29.04.2010, n. 16556, Pres. Calabrese, Rel. Pizzuti, Imp. Virruso e a., C.E.D. 246954, pp.  20–21, commented by Aterno (2013), p. 955 et seq. and Torre (2015), p. 1167, which applied the notion depending not on the sensitive content of the information itself, but rather on whether the servers are physically located in a private domicile or not. 16  Cf. above Sect. 7.3. 17  As seemingly occurs in IT with the transposition of the EIO Directive, cf. Sect. 7.5. 18  On the impact of new technology in wiretapping regulation see e.g. Camon (1996), p. 7 et seq. 15

332

8  Introducing a Regulation on (Banking) Data Surveillance in the EU: Some Proposals

Real-time monitoring, however, has always been maintained separated from wiretapping in the Council of Europe and the European Union’s supranational legal sources.19 A broad interpretation of “communication” does not appear to have met the favour of national legislators and jurisprudence either, as clearly showed in the US,20 as well as by other EU Member States’ case-law.21 Reasons to keep wiretapping and real-time monitoring separated may be derived also from more substantial grounds. For instance, whilst communications and the creation of digital (also banking) data in a human being-machine interaction certainly present some similarities, data collection may present critical profiles (deriving for instance from the application of data mining techniques) that are not pertinent to cases in which only stricto sensu communications are apprehended. Indeed, as already highlighted by numerous sources, including the Court of Justice starting from in its landmark decision Digital Rights Ireland (2014) data “taken as a whole, may allow very precise conclusions to be drawn concerning the private lives of the persons whose data has been retained, such as the habits of everyday life, permanent or temporary places of residence, daily or other movements, the activities carried out, the social relationships of those persons and the social environments frequented by them”.22 As concluded by the same Court in Tele2-Watson (2016), “data provides the means […] of establishing a profile of the individuals concerned, information that is no less sensitive, having regard to the right to privacy, than the actual content of communications”.23 Against this background, it is to be welcomed the approach, first inaugurated by the Court in Strasbourg, which examines data surveillance in light of the broader right to a private and family life established by Article 8 ECHR. Indeed, the vague (and for that reason both praised and criticized24) wording of this provision (defined by the same ECtHR “not susceptible to exhaustive definition”25) allowed the Court to include in it several aspects related to the right to privacy, interpreted as “the “inner” circle in which the individual may live his own personal life as he chooses and to exclude therefrom entirely the outside world not encompassed within that circle”, comprising also “to a certain degree the right to establish and develop relationships with other human beings” (e.g. communication protection).26  Such as the 2005 COE Convention, and the EIO Directive, cf. Sect. 7.3.  Cf. Sect. 7.6. 21  Such as in Italy, see Cass., Sez. un., 28.05.2003, dep. 24.09.2003, n. 36747, Pres. Marvulli, Rel. Milo, Imp. Torcasio, in Cass. pen., 2004, p. 2094 commented by Filippi (2003); see also Fumu (2003), p. 762. 22  Digital Rights Ireland, Case C-293/12, § 27. 23  Joined cases Tele2 Sverige AB (C-203/15) v Post- och telestyrelsen and Secretary of State for the Home Department v Tom Watson and Others (C-698/15), § 99. 24  Cf. e.g., Harris et al. (2014), p. 522 et seq. 25  Benedik v Slovenia, 24.04.2018, Application no. 62357/14, §§ 100 and 102. 26  Cf. Niemietz v Germany, 16.12.1992, Application no. 13710/88, § 29; Uzun v Germany, 2.09.10, Application no. 35623/05, § 43. 19 20

8.1 Identifying the Fundamental Right(s) Affected by Real-­Time Monitoring…

333

From such a broad notion, the ECtHR derived both a negative obligation for the States not to interfere with the privacy of individuals (right to “be left alone”),27 and a positive obligation for the same States to adopt adequate legal framework and measures to ensure that compliance with this right is effectively achieved also among private parties.28 In this sense, the ECtHR has famously and repeatedly underlined the “essential role played by personal data protection in safeguarding the right to respect for private life as guaranteed by Article 8”,29 and how “the storing of data relating to the “private life” of an individual constitutes interference for the purposes of Article 8”.30 This notion of privacy permits to confer a more uniform level of safeguards than the approaches previously described. Regardless of their “communicative” or “not communicative” (in their traditional meaning) content, in fact, any operation of real-time monitoring of personal data, certainly constitutes “in itself an interference” with the right to a private life.31 Collecting personal information, in fact, certainly affects the right to personal autonomy in establishing individual identity32. This conclusion, in the jurisprudence of the Court in Strasbourg, holds true for both natural and legal persons,33 although with some limitations in the latter case, as legal persons cannot invoke the Conventional protection “from nuisances or problems which can be encountered only by natural persons”.34 According to the Court, personal data shall be considered related to private-life aspects taking into account “the specific context in which

 Cf., e.g., Malone v the UK, 2.08.1984, Application no. 8691/79; Kroon and Others v. the Netherlands, 27.10.1994, Application no. 18535/91, § 31. 28  Cf., e.g., Evans v. the United Kingdom, 10.04.2007, Application no. 6339/05, § 75, although the principle was first set out in Marckx v. Belgium, 13.06.1979, Application no. 6833/74; cf. also Pollicino (2017), p. 136; Martinico (2017), p. 118. 29  Cf., e.g., G.S.B. v. Switzerland, 22.12.2015, Application no. 28601/11, § 90; S. and Marper v. The United Kingdom, 4.12.2008, Applications nos. 30562/04, 30566/04, §§ 66–67. 30  M.N. and Others v. San Marino, 7.07.2015, Application no. 28005/12, § 53. 31  Digital Rights Ireland, Case C-293/12, § 34; cf. also Balsamo (2015), pp. 168–175. 32  Cf. X v The Federal Republic of Germany, Decision of 7.05.1981, Application no 8334/78. 33  Cf., e.g., Bernh Larsen Holding As and Others v. Norway, 14.03.2013, Application no. 24117/08, where, against the Government’s opinion that “only natural persons could be considered to have a “private life”” (§ 98), the Court reiterated that the protection of Article 8 ECHR, in the specific case with regard to home or domicile protection, “includes not only the registered office of a company owned and run by a private individual […] but also that of a legal person and its branches and other business premises” (§ 104); Saint-Paul Luxembourg S.A. v. Luxembourg, 18.04.2013, Application no. 26419/10, § 37. See also Martinico (2017), p.  118. See also Ste Colas Est, 16.04.2002, Application no. 37971/97, § 41; Buck v Germany, 28.07.2005, Application no. 41604/98. 34  Asselbourg and 78 Others and Greenpeace Assocation-Luxembourgv v. Luxembourg, 29.06.1999, Application no. 29121/95, p. 6; Sdružení Jihočeské Matky v. the Czech Republic (dec.), Application no. 19101/03, 10.07.2006, at 2.1. On the application of fair trail rights to legal persons in the ECtHR case-law, see above Sect. 6.2, and Sect. 6.3.5. with specific regard to the privilege against self-incrimination. 27

334

8  Introducing a Regulation on (Banking) Data Surveillance in the EU: Some Proposals

the information at issue has been recorded and retained, the nature of the records, the way in which these records are used and processed and the results that may be obtained”.35 This interpretation was explicitly applied by the ECtHR to banking records retained by public authorities. In M.N. and others v. San Marino (2015), for instance, the Court considered “that information retrieved from banking documents undoubtedly amounts to personal data concerning an individual, irrespective of it being sensitive information or not. Moreover, such information may also concern professional dealings and there is no reason of principle to justify excluding activities of a professional or business nature from the notion of “private life””.36 In Sommer v. Germany (2017), again in the context of investigative measures applied to banking data, the Court further specified that “storage or collection of data relating to the “private life” of an individual constitutes interference for the purposes of Article 8, irrespective of who is the owner of the medium on which the information is held”.37 Similar considerations were consistently confirmed by the ECtHR in its following jurisprudence, and extended also to other categories of “similar” personal data, such as “tax data” (G.S.B. v. Switzerland, 2015)38 and that generally concerning “a financial situation” (Brito Ferrinho Bexiga Villa-Nova, also 2015).39 In the EU, thanks to the equivalence clause of Article 52(3) CFREU, the content of Article 8 ECHR shall be recognised to Articles 7 and 8 of the Charter, which protect both the right to private and family life, and personal data40 (the latter finding  Cf., e.g., S. and Marper v. the United Kingdom, § 67.  M.N. and Others v. San Marino, § 51. 37  Sommer v. Germany, 27.04.2017, Application no. 73607/13, § 59, and case-law there mentioned. 38  G.S.B. v. Switzerland, § 89 and case-law there mentioned. 39  Cf., e.g., Brito Ferrinho Bexiga Villa-Nova v. Portugal, 1.12.2015, Application no. 69436/10, §§ 42–44: “42. Les parties conviennent que les données bancaires de la requérante constituent des informations personnelles relevant de sa vie privée, entrant bien dans le champ d’application de l’article 8 de la Convention. Elles s’accordent également à reconnaître qu’il y a eu ingérence dans l’exercice par la requérante de son droit au respect de sa vie privée. La Cour note aussi que les juridictions internes n’ont pas contesté que les informations bancaires étaient couvertes par le secret professionnel étant donné notamment que la requérante avait reçu des versements effectués par des clients sur son compte bancaire personnel (voir ci-dessus paragraphes 9, 10 et 12). 43. La Cour ne voit pas de raison de conclure autrement. Elle rappelle que la notion de “vie privée” peut inclure les activités professionnelles ou commerciales (Niemietz c. Allemagne, 16.12.1992, § 29, série A no 251-B). En outre, elle “accorde un poids singulier au risque d’atteinte au secret professionnel des avocats car il est la base de la relation de confiance entre l’avocat et son client (André et autre c. France, no 18603/03, § 41, 24.07.2008 et Xavier da Silveira c. France, no 43757/05, § 36, 21.01.2010) et il peut avoir des répercussions sur la bonne administration de la justice” (Wieser et Bicos Beteiligungen GmbH c. Autriche, no 74336/01, §§ 65–66, CEDH 2007-IV; Niemietz, précité, § 37, et André et autre, précité § 41). 44. La Cour en conclut que la consultation des extraits de comptes bancaires de la requérante a bien constitué une ingérence dans son droit au respect du secret professionnel, lequel rentre dans la vie privée (M.N. et autres c. Saint-Marin, no 28005/12, § 51, 7.07.2015)”. 40  See Explanatory report to the Protocol to the 2000 Convention on mutual assistance in criminal matters between the Member States of the European Union (Text approved by the Council on 14 35 36

8.1 Identifying the Fundamental Right(s) Affected by Real-­Time Monitoring…

335

legal basis also in Article 16 TFEU,41 and declined in several pieces of secondary EU legislation42). Protection of privacy and personal data indeed represents a fundamental part of the vast (although perhaps not as vast as it could or should be43) caselaw of the Court of Justice. The Court often applies Articles 7 and 8 in combination44–although it seldomly underlined the innovative character of Article 8 CFREU which “is distinct from that enshrined in Article 7 of the Charter and which has no equivalent in the ECHR”.45 First of all, similarly to what affirmed by the ECtHR in Sommer, also according to the CJEU when it comes “to establish the existence of an interference with the fundamental right to privacy, it does not matter whether the information on the private lives concerned is sensitive or whether the persons concerned have been inconvenienced in any way”.46 In the CJEU case-law, privacy and data protection are recognized to natural persons and, at least in principle, to legal entities as well,47 although in this second case the level of protection might be different, given that “legal persons are already October 2002), pp.  10–11, and Pollicino (2017), pp.  135–136. See also Google Spain SL and Google Inc. v Agencia Española de Protección de Datos (AEPD) and Mario Costeja González, Case C-131/12, 13.05. 2014, ECLI:EU:C:2014:317, § 68. The link was also confirmed in Maximillian Schrems v Data Protection Commissioner, Case C-362/14, 6.10.2015, ECLI:EU:C:2015:650, § 39, according to which “It is apparent from Article 1 of Directive 95/46 and recitals 2 and 10 in its preamble that that directive seeks to ensure not only effective and complete protection of the fundamental rights and freedoms of natural persons, in particular the fundamental right to respect for private life with regard to the processing of personal data, but also a high level of protection of those fundamental rights and freedoms. The importance of both the fundamental right to respect for private life, guaranteed by Article 7 of the Charter, and the fundamental right to the protection of personal data, guaranteed by Article 8 thereof, is, moreover, emphasised in the case-law of the Court”. 41  Cf. Digital Rights Ireland Ltd, Case C-293/12, § 53. 42  Such as Regulation 2016/679 and Directive 2016/680, cit. 43  Cf. in this sense, e.g., Martinico (2017), p. 120, in general terms with regard to the Charter as a whole in the ECJ case-law, see Sarmiento (2013), p. 1267; Fontanelli (2011), p. 22 et seq.; Sanchez (2012), p. 1565. 44  Cf. Explanatory report to the Protocol to the 2000 Convention, p. 11. 45  Cf. Joined cases Tele2 Sverige AB (C-203/15) and Watson (C-698/15), § 129; see also Sayers (2014), p. 229 et seq. and case-law there mentioned. 46  Digital Rights Ireland Ltd, Case C-293/12, § 33; see also see, Judgement in Österreichischer Rundfunk and Others, 20.05.2003, C-465/00, C-138/01 and C-139/01, EU:C:2003:294, § 75. 47  Cf., e.g., Hoechst AG v Commission of the European Communities, Joined cases 46/87 and 227/88, 21.09.1989, ECLI:EU:C:1989:337, § 19, according to which “None the less, in all the legal systems of the Member States, any intervention by the public authorities in the sphere of private activities of any person, whether natural or legal, must have a legal basis and be justified on the grounds laid down by law, and, consequently, those systems provide, albeit in different forms, protection against arbitrary or disproportionate intervention”. Cf. Lamandini et al. (2015), p. 73: «The CJEU, on the other hand, established in its early decisions that some privacy rights, such as the inviolability of domicile, were typically rights of natural persons, but did not protect legal persons; legal persons only had a protection against “arbitrary or disproportionate intervention”. In Hoechst, however, the CJEU tried to establish a balance between the finality of an effective investigation, and the existence of safeguards (arising from all domestic legal systems) which introduce an element of certainty and proportionality similar to the privacy protection».

336

8  Introducing a Regulation on (Banking) Data Surveillance in the EU: Some Proposals

s­ ubject to a more onerous obligation in respect of the publication of data”.48 More recently, a sharper difference between the levels of protection granted to legal and natural persons has been affirmed by the European legislators, by Article 1 of Directive 2016/680, the scope of which (in line with Article 1 GDPR) is explicitly limited to natural persons. This choice, which presents the same concerns already highlighted in the analysis concerning fair trial rights in banking supervision,49 appears even less justifiable in this context, where no specific physically-tailored legal profiles, such as sanctions involving physical imprisonment, is even at stake. Within this boundaries, Directive 2016/680 contains a broad definition of “personal data”, which is intended as “any information relating to an identified or identifiable natural person […] in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.50 Recital (51) of the Directive, in particular, clearly points out how risks “of varying likelihood and severity” may result to the rights established by Article 7 and 8 CFREU from the processing of personal data especially where that gives rise “to discrimination, identity theft or fraud, financial loss, damage to the reputation, loss of confidentiality of data protected by professional secrecy, unauthorised reversal of pseudonymisation or any other significant economic or social disadvantage […] where personal aspects are evaluated, in particular analysing and predicting aspects concerning performance at work, economic situation, health, personal preferences or interests, reliability or behaviour, location or movements, in order to create or use personal profiles […] or where processing involves a large amount of personal data and affects a large number of data subjects”.51 This wording closely resembles the definition of personal data formulated by the Court of Justice in Digital Rights Ireland, where the general sensitiveness was explicitly highlighted, considering how the latter (in the specific case, concerning communications), “taken as a whole, may allow very precise conclusions to be drawn concerning the private lives of the persons whose data has been retained, such as the habits of everyday life, permanent or temporary places of residence, daily or other movements, the activities carried out, the social relationships of those persons and the social environments frequented by them”.52  Volker und Markus Schecke GbR (C-92/09) and Hartmut Eifert (C-93/09) v Land Hessen, Joined cases C-92/09 and C-93/09, 9.11.2010, ECLI:EU:C:2010:662, §§ 52–53 and 87. Article 7 and 8 CFREU also provide for protection to other interests related to the notion of privacy, such as the protection of family, the analysis of which falls however out of the scope of this work. 49  Cf. above Sect. 6.3.6. 50  Cf. Article 3(1), Directive (EU) 2016/680. 51  Recital (51), Directive 2016/680. 52  Cf. Digital Rights Ireland Ltd, Case C-293/12, §§ 26 and 27, and particularly § 26 according to which “Those data make it possible, in particular, to know the identity of the person with whom a subscriber or registered user has communicated and by what means, and to identify the time of the communication as well as the place from which that communication took place. They also make it possible to know the frequency of the communications of the subscriber or registered user with certain persons during a given period”. 48

8.1 Identifying the Fundamental Right(s) Affected by Real-­Time Monitoring…

337

Building on this definition, also under EU law, banking records clearly fall under the label of personal data for which (contrary to the USSC case-law53) privacy expectations arise. They can indeed certainly be used to identify several aspects of a person beyond the mere economic background, revealing personal information concerning health care, political opinions or preferences, activities and agenda, sexual orientation and life, family personal identification or linking.54 These arguments hold true not only with “analogue” personal (banking) information, but also with personal digital data, although to date no specific definition of the latter is provided for in EU law or in the jurisprudence of the ECtHR. Digital technology has, however, repeatedly been taken into account at the supranational level. The Court in Strasbourg, in particular, explicitly affirmed, with regard to the use of modern scientific techniques in criminal-justice systems, that “the protection afforded by Article 8 of the Convention would be unacceptably weakened if such techniques were allowed at any cost and without carefully balancing the potential benefits of the extensive use of such techniques against important private-life interests”.55 In particular, with regard to the “digital” dimension of the right to privacy, the ECtHR explicitly pointed out how Article 8 “provides for the right to a form of informational self-determination, allowing individuals to rely on their right to privacy as regards data which, albeit neutral, are collected, processed and disseminated collectively and in such a form or manner that their Article 8 rights may be engaged” (italics added).56 In this sense, for instance, the ECtHR recognized the application of Article 8 ECHR in cases of surveillance techniques used to obtain internet usage data,57 highlighting how “given the technological advances since the Klass and Others case, the potential interferences with email, mobile phone and Internet services as well as those of mass surveillance attract the Convention protection of private life even more acutely”.58  Cf. United States v. Miller, see above Sect. 7.6. Critical in this sense Justice Kennedy dissenting in Carpenter v US, highlighting how “Financial records are of vast scope. Banks and credit card companies keep a comprehensive account of almost every transaction an individual makes on a daily basis. “With just the click of a button, the Government can access each [company’s] deep repository of historical [financial] information at practically no expense.” […] Today, just as when Miller was decided, “it is impossible to participate in the economic life of co contemporary society without maintaining a bank account.”” (pp. 17–18). 54  Similarly to what concluded under the ECtHR case-law, cf. e.g. S. and Marper v. The United Kingdom, §§ 66–67, referred to the case of retention of fingerprints and cellular samples and DNA profiles after the end of a criminal proceeding. 55  S. and Marper v. the United Kingdom, § 112 (concerning DNA database). In general, with regard to the impact of new technology on the case-law of the Court see, e.g., Brownsword and Goodwin (2012), Murphy and Ó Cuinn (2010), pp. 601–638. 56  Satakunnan Markkinapörssi Oy And Satamedia Oy v Finland, 27.06.2017, Application no. 931/13, § 137; Benedik v Slovenia, § 103. 57  Cf. Copland v The United Kingdom, 3.04.2007, Application no. 62617/00 (telephone calls, e-mail correspondence and Internet usage); see also Khan v The United Kingdom, 12.05.2000, Application no. 35394/97 (listening device). 58  Szabó and Vissy v Hungary, 12.01.2016, Application no. 37138/14, § 53; Bernal (2016), p. 251. 53

338

8  Introducing a Regulation on (Banking) Data Surveillance in the EU: Some Proposals

The Court of Justice, on the other side, repeatedly underlined the sensitiveness of data which is produced, and therefore potentially collected, in highly technological environments, for instance in the sector of electronic communication, or with regard to IP addresses—but the same argument shall be valid for other fields too, such as that of online financial transactions (e.g. online banking). Indeed, all this information, even more than analogue one, may enable to trace and identify the source of an operation, its addressee, date, and location; the IP address for Internet services, and therefore the identity of the persons involved, the frequency of certain operations during a given period, the amounts transferred and so on.59 Confirmation of this approach may be found also in Directive 2016/680, which at Article 2(2) does not make any distinction between the level of protection that should be conferred to data processed by automated (i.e. digital) or non-automated (i.e. analogue) means. Against this background, in the European legal framework it appears preferable to trace back, the investigative technique of real-time monitoring of personal data, including of banking records (analogous and digital), back to the scope of the (broad) right to privacy, which includes, but is not limited to domicile and communication protection. This said, it remains to be assessed whether the relevant provisions of the Charter and of the Convention, as interpreted by the respective courts, are up to the task of establishing an effective level of protection when it comes to define applicable procedural rules and to sanction potential violations. Indeed, Article 8 ECHR and Articles 7 and 8 CFREU certainly serve well as statements of principle about the crucial role of privacy protection, and represent a source of inspiration for those national legal orders that do not provide for a “technologically updated” right to privacy (or for an explicit right to privacy at all, as in the Italian case). Besides for the (indispensable) recognition of the principle, however, under a procedural point of view it is fundamental to understand whether these provisions, can already grant an adequate level of protection to surveillance measures concerning personal (digital) data, or whether further jurisprudential or legislative development is needed to achieve that result. Given the crucial role of personal digital data in contemporary society, and the common imputability to the scope of Articles 8 ECHR and 7 and 8 CFREU of both communication and data protection (so that, as anticipated, real-time monitoring and wiretapping might be grouped under a common category of “electronic” or  Digital Rights Ireland Ltd, Case C-293/12, §§ 49–51; Joined cases Tele2 Sverige AB (C-203/15) and Watson (C-698/15), § 96. In this sense, for instance, “the use of modern investigation techniques” has been considered of fundamental in the fight against serious crime, and the data so collected deemed “valuable tool for criminal investigations” a conclusion which applies well not only to data related to electronic means of communication (as in the case dealt with by the Court), but also to banking data. Specifically on IP addresses, cf. Scarlet Extended SA contro Société belge des auteurs, compositeurs et éditeurs SCRL, Case C-70/10, 24.11.2011, ECLI:EU:C: 2011:771, § 51; Patrick Breyer v Bundesrepublik Deutschland, Case C-582/14, 19.10.2016, ECLI:EU:C:2016:779, §§ 15–16.

59

8.2 Defining Procedural Rules for the Surveillance of Personal (Banking) Data

339

“digital surveillance”), it appears increasingly disproportionate to maintain procedural legal systems which provides for a certain (usually high) level of safeguard with regard to interception, and for a much lower standard of protection in case the target of surveillance investigative measure is personal (digital, and banking) data. Indeed, as precisely described, surveillance on metadata “is not less intrusive than content: it might best be described as ‘differently intrusive’”.60 Recognizing at least a similar degree of safeguard in both these cases appears increasingly necessary also taking into account that, some surveillance digital techniques, such as malware, are currently able to intercept at the same time both digital data and communications (as clearly showed for instance by the use of Trojan horses in criminal investigations61). Hence, rules to perform personal digital (banking) data surveillance should certainly ensure, the same level of protection of wiretapping although procedural rules should then be declined and tailored upon the material target (data, instead of communications).62 Understanding the procedural impact of Article 8 ECHR and especially, given the primacy of EU law, of Articles 7 and 8 of the Charter63—is therefore fundamental to assess whether, relying exclusively upon the standards there established (as interpreted by the European courts), would already confer an adequate level of guarantees to the right to privacy in case of real-time monitoring of personal (banking) data or if further legislation or change in the jurisprudence would be necessary to achieve so, and if so, how.

8.2  D  efining Procedural Rules for the Surveillance of Personal (Banking) Data States maintain a certain margin of appreciation in determining the specific procedural framework applicable to measures interfering with the right to privacy and data protection enshrined in Article 8 ECHR and Articles 7 and 8 CFREU.64  Cf. Bernal (2016), p. 248 “metadata can be more helpful for surveillance than content. Metadata by its nature is more easily analysed and aggregated. The formats are standardised, much of it is numeric and can be subjected to quantitative analysis—particularly significant in the ‘big data’. Moreover, content can be written in indirect forms, working by innuendo or in language not easily or automatically understandable. On the kinds of scales envisaged by mass surveillance, the idea of actually ‘reading’ or ‘listening’ to content is not practical until the very latest stages of analysis. Content is much more easily and regularly encrypted than metadata. Finally, metadata can include new types of data such as geolocation data, data about devices used and so forth”. 61  Cf., e.g., Strafprozeßordnung (stop), § 100b Online-Durchsuchung, German crim. proc. code. 62  Cf. Tricot and Martìn (forthcoming), p. 7 of the draft. 63  Whose provisions, as anticipated with regard to the ne bis in idem protection, have already been recognized liable of direct application in the Member States, with disapplication of contrary national provisions, cf. Sect. 2.3.3. 64  Cf., e.g., Buckley v. the United Kingdom, 29.09.1996, Application no. 2034/92, § 76. The margin of appreciation doctrine “refers to the room for manoeuvre the Strasbourg institutions are prepared 60

340

8  Introducing a Regulation on (Banking) Data Surveillance in the EU: Some Proposals

Nonetheless, settled case-law of the ECtHR clearly requires domestic legislation on this matter to meet certain “quality” standards in order to comply with the principles there established.65 These requirements should find application also in EU law, thanks to the equivalence clause of Article 52(3) CFREU. As will be discussed hereinafter, however, in certain cases it is necessary to verify whether this operation may be impeded by the fact that, at literal level, the safeguards enshrined in the Convention and in the Charter, although comparable, are not exactly coinciding. Starting with the elements present without challenge in both provisions, limitations to the right to privacy may be accepted only “on the basis of the consent of the person concerned or some other legitimate basis laid down by law” (Article 8 CFREU66) or “in accordance with the law” (Article 8 ECHR) the impugned measure shall therefore both “be compatible with the rule of law” and have “some basis in domestic law”67 (which, in the broad interpretation of the Court in Strasbourg comprises both statutory and case-law68). According to the ECtHR, in particular, States are requested to provide a specific regulation, publicly foreseeable, which authorizes measures interfering with the right to privacy.69 Following the test developed by the ECtHR in the case Sunday Times v. the United Kingdom, this condition is satisfied whether the law is adequately accessible and is formulated with precision sufficient to enable citizens to regulate their conducts, especially as far as the scope and the manner of the exercise of the discretion conferred to the authorities are concerned.70

to accord national authorities in fulfilling their obligations under the European Convention on Human Rights. However, the term is not found in the text of the Convention itself, nor in the travaux préparatoires, 1 but first appeared in 1958 in the Commission’s report in the case brought by Greece against the United Kingdom over alleged human rights violations in Cyprus.2 Since then it has been adopted in numerous other Commission decisions and in over 700 judgments of the Court”, cf., e.g., Greer (2000), p. 5; Kostoris (2017), p. 51. 65  Zakharov v. Russia, 4.12. 2015, Application no. 51380/07, § 228; Buckley v. the United Kingdom, § 76; McMichael v. the United Kingdom, 24.02.1995, Application no. 16424/90, § 87. 66  See, e.g., Google Spain, Case C-131/12, § 34; see also Martinico (2017), p. 125 et seq. 67  Zakharov v. Russia, § 228. 68  Cf. Del Río Prada v. Spain, 21.10.2013, Application no. 42750/09, § 91, according to which “When speaking of “law” Article 7 alludes to the very same concept as that to which the Convention refers elsewhere when using that term, a concept which comprises statutory law as well as case-law and implies qualitative requirements, notably those of accessibility and foreseeability”. See also S.W. v. The United Kingdom, 22.11.1995, Application no. 20166/92, § 35; Contrada c. Italia (N. 3), 14.04.2015, Application no. 66655/13, § 60 et seq., largely commented by Italian legal scholars, see e.g., Mazzacuva (2015), and Donini (2016). 69  Cf. Silver and Others v The United Kingdom, 25.03.1983, Application nos. 5947/72; 6205/73; 7052/75; 7061/75; 7107/75; 7113/75; 736/75, §§ 85–86. 70  The Sunday Times v The United Kingdom, 26.04.1979, Application no. 6538/74, §§ 48–53; Rotaru v. Romania, 4.05.2000, Application no. 28341/95, § 52. See also Kruslin v France, 24.04.1990, Application no. 11801/85; Huvig v France, 24.04.1990, Application no. 11105/84.

8.2 Defining Procedural Rules for the Surveillance of Personal (Banking) Data

341

Similar interpretation is given also with regard to Article 8 CFREU, where the CJEU first affirmed in Digital Rights Ireland and later confirmed, for instance in Schrems (2015), that “legislation involving interference with the fundamental rights guaranteed by Articles 7 and 8 of the Charter must, according to the Court’s settled case-law, lay down clear and precise rules governing the scope and application of a measure and imposing minimum safeguards, so that the persons whose personal data is concerned have sufficient guarantees enabling their data to be effectively protected against the risk of abuse and against any unlawful access and use of that data. The need for such safeguards is all the greater where personal data is subjected to automatic processing and where there is a significant risk of unlawful access to that data”.71 In light of Article 8 ECHR, moreover, limitations to the right of private and family life are allowed only if they are “necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others”. In the ECtHR case-law, a rather wide margin of appreciation is recognized to States when it comes to this requirement, in particular concerning the choice of the means to achieve at domestic level the legitimate aim of protecting national security.72 Nonetheless, to avoid abuses, national legislation remains subject to the supervision of the Court also under this profile, especially when secret surveillance measures (such as wiretapping, or, precisely real-time monitoring of personal (banking) data) are into place, as these tools poses a relevant “danger […] of undermining or even destroying democracy on the ground of defending it”, so that States cannot, even in the name of the fight against serious crimes such as “espionage or terrorism, adopt whatever measures they deem appropriate”.73 Secret surveillance techniques were repeatedly dealt with by the Court (although not yet with specific regard to banking data), starting from the landmark case Klass and others v Germany (1978), where the ECtHR stressed out the fundamental importance, whatever is the adopted system of surveillance, of having “adequate and effective guarantees against abuse. This assessment has only a relative character: it depends on all the circumstances of the case, such as the nature, scope and duration of the possible measures, the grounds required for ordering such measures, the authorities competent to permit, carry out and supervise such measures, and the kind of remedy provided by the national law”.74 This approach was further confirmed by the Court in the following case-law, especially in Kennedy v The UK (2010), and more recently in Zakharov v Russia (2015).75 In the latter, concerning a case of (potential) interception of communica Schrems, Case C-362/14, § 91; Digital Rights Ireland Ltd, Case C-293/12, §§ 54–55.  In this sense, see Zakharov v. Russia, § 232; Klass and Others v Germany, 6.09.1978, Application no 5029/71, § 49 and case-law there mentioned. See also Bernal (2016), p. 259. 73  Klass and Others, § 49. 74  Klass and Others, § 50. 75  That although, brought a change in the admissibility test, harshly criticized in Judge Dedov’s dissenting opinion, part 3, arguing that in this way the Court would lose its case-by-case approach. 71 72

342

8  Introducing a Regulation on (Banking) Data Surveillance in the EU: Some Proposals

tions, the ECtHR, acknowledging how the implementation of such measures “is not open to scrutiny by the individuals concerned or the public at large”, concluded that “it would be contrary to the rule of law for the discretion granted to the executive or to a judge to be expressed in terms of an unfettered power. Consequently, the law must indicate the scope of any such discretion conferred on the competent authorities and the manner of its exercise with sufficient clarity to give the individual adequate protection against arbitrary interference”.76 Legislation is then considered by the Court of sufficient “clarity” and “quality” when a series of minimum safeguards are there established, including “the nature of offences which may give rise to an interception order; a definition of the categories of people liable to have their telephones tapped; a limit on the duration of telephone tapping; the procedure to be followed for examining, using and storing the data obtained; the precautions to be taken when communicating the data to other parties; and the circumstances in which recordings may or must be erased or destroyed”.77 Clearly expressed in the Convention, the clause on the “necessity in a democratic society” is not reproduced in Articles 7 or 8 CFREU, and the issue of whether the scope of these provisions, as interpreted by the Court of Justice, is wider than that of Article 8 ECHR has not been fully addressed by the CJEU yet. Declaring the question inadmissible on this point in the already mentioned joined cases Tele2Watson (2016),78 the Court recalled how “whilst, as Article 6(3) TEU confirms, fundamental rights recognised by the ECHR constitute general principles of EU law, the ECHR does not constitute, as long as the European Union has not acceded to it, a legal instrument which has been formally incorporated into EU law”, and that in any case Article 52(3) CFREU does not preclude Union law from providing protection that is more extensive then the ECHR.79 The difference in the wordings of Articles 7 and 8 CFREU and 8 ECHR concerning this clause has been emphasized by some legal scholars, according to which, in the EU that could bring to a different, and potentially broader interpretation of the limitations affecting the right to privacy.80 In this sense, however, it shall be reminded that the Explanation to the Charter clearly states that “limitations which may legitimately be imposed on this right are the same as those allowed by Article 8 of the ECHR”.81 Moreover, according to Article 52(1) CFREU, restrictions to the rights of the Charter are acceptable only if provided for by law, and insomuch as they are strictly necessary and proportionate to the “general interest recognised by the Union or the need to protect the rights and freedoms of others”.82

 Kennedy v The UK, 18.05.2010, Application no. 26839/05; Zakharov v. Russia, § 230.  Zakharov v. Russia, § 231 and case-law mentioned there. 78  Joined cases Tele2 Sverige AB (C-203/15) and Watson (C-698/15), §§ 127-133. 79  For the recent restatement of the need to recognize an autonomous meaning to the Charter in the field of ne bis in idem, see above Sect. 2.3.3. 80  Cf. Martinico (2017), p. 116 et seq. 81  Cf. Explanation relating to the Charter, 2007, OJ C303/17, sub Article 7, p. 10. 82  Digital Rights Ireland Ltd, Case C-293/12, §§ 38 and 52. 76 77

8.2 Defining Procedural Rules for the Surveillance of Personal (Banking) Data

343

The “democratic proportionality test” seems therefore to play a fundamental role also in the EU legal framework, and consequently in the jurisprudence of the Court of Justice.83 In the most relevant cases on data protection, namely the aforementioned Digital Rights Ireland, and Tele2-Watson, the CJEU indeed famously hold that “subject to the principle of proportionality, limitations may be made to those rights and freedoms only if they are necessary and genuinely meet objectives of general interest recognised by the Union or the need to protect the rights and freedoms of others”.84 Even when the purpose of data retention is especially serious and therefore represent an “objective of general interests”, such as in case of “prevention, investigation, detection and prosecution of serious crime, such as organised crime and terrorism”,85 it is therefore necessary for the interfering measures to respect “principles of data protection and data security”86 to preserve the essence of the rights protected by Articles 7 and 8 CFREU, and comply with the principle of proportionality, which must be consistent with a democratic background.87 As clearly summarized by the Court in Tele2-Watson, in fact, “an objective of general interest, however fundamental it may be, cannot in itself justify that national legislation providing for the general and indiscriminate retention of all traffic and location data should be considered to be necessary for the purposes of that fight”.88 The proportionality test developed by the CJEU thus requires an assessment as to whether the adopted acts are “appropriate for attaining the legitimate objectives pursued by the legislation at issue and do not exceed the limits of what is appropriate and necessary in order to achieve those objectives”.89 This evaluation applies “all the greater” where “personal data are subjected to automatic processing and where there is a significant risk of unlawful access to those data”.90 This is the case of means or technology “very widespread and of growing importance in people’s everyday lives”, which may generate “an interference with the fundamental rights of practically the entire European population”91: a definition which seems to fit well not only with electronic means of communication, but also to online banking services and financial transactions. In these “new” tech In this line in the conclusion, Martinico (2017), p. 116.  Digital Rights Ireland Ltd, Case C-293/12, § 38; Joined cases Tele2 Sverige AB (C-203/15) and Watson (C-698/15), § 94. See also above Sect. 2.3.3. 85  Digital Rights Ireland Ltd, Case C-293/12, § 24, cf. also §§ 41–44 and Iovene (2014); see also Joined cases Tele2 Sverige AB (C-203/15) and Watson (C-698/15), § 102. 86  Digital Rights Ireland Ltd, Case C-293/12, § 40. 87  Cf., e.g., Joined cases Tele2 Sverige AB (C-203/15) and Watson (C-698/15), §§ 96 and 107; see also Productores de Música de España (Promusicae) v Telefónica de España SAU, Case C-275/06, 29.01.2008, ECLI:EU:C:2008:54, §§ 68–70. 88  Digital Rights Ireland Ltd, Case C-293/12, § 51; Joined cases Tele2 Sverige AB (C-203/15) and Watson (C-698/15), § 103. 89  Digital Rights Ireland Ltd, Case C-293/12, § 46 and case-law there mentioned. 90  Idem, §§ 54–55. 91  Idem, § 56. 83 84

344

8  Introducing a Regulation on (Banking) Data Surveillance in the EU: Some Proposals

nological contexts, as recalled also in Schrems, it becomes pivotal to “ensure a fair balance between, on the one hand, observance of the fundamental right to privacy and, on the other hand, the interests requiring free movement of personal data”.92 As limitations to the right to privacy may be accepted, also under EU law, only “in so far as is strictly necessary”,93 “quality” requirements for the legal basis are established also in the jurisprudence of the CJEU. According to it, the law “must lay down clear and precise rules governing the scope and application of the measure in question and imposing minimum safeguards” so as to ensure “sufficient guarantees to effectively protect […] personal data against the risk of abuse and against any unlawful access and use of that data”.94 In particular, the CJEU explicitly labelled as not strictly necessary, nor clear or precise, and therefore disproportionate, limitations of the right to privacy that cover “in a generalised manner, all persons and all means […] as well as all […] data without any differentiation, limitation or exception being made in the light of the objective of fighting against serious crime”,95 including persons “for whom there is no evidence capable of suggesting that their conduct might have a link, even an indirect or remote one, with serious crime”, or that “does not provide for any exception”,96 neither requires any “relationship between the data whose retention is provided for and a threat to public security and, in particular, it is not restricted to a retention in relation (i) to data pertaining to a particular time period and/or a particular geographical zone and/or to a circle of particular persons likely to be involved, in one way or another, in a serious crime, or (ii) to persons who could, for other reasons, contribute, by the retention of their data, to the prevention, detection or prosecution of serious offences”.97 Equally, law shall be considered ­disproportionate if it lacks to establish a clear definition of what should be considered an offence “serious enough” so as to justify such limitation,98 or if it does not contain “substantive and procedural conditions relating to the access of the competent national authorities to the data and to their subsequent use”99 or the duration of the interfering measures,100 limiting it to what is strictly necessary in the light of the objective pursued. To sum up, law establishing limitations to the rights to privacy protected by Articles 7 and 8 CFREU is therefore considered acceptable by the CJEU only as  Schrems, Case C-362/14, § 42.  Schrems, Case C-362/14, § 92; Digital Rights Ireland Ltd, Case C-293/12, § 52. 94  Digital Rights Ireland Ltd, Case C-293/12, §§ 54–55. 95  Idem, § 57; see also Schrems, Case C-362/14, §§ 93–94 according to which a generalized access implies a violation of the essence of the fundamental right to respect for private life. Cf. Mitsilegas (2016). 96  Digital Rights Ireland Ltd, Case C-293/12, § 58; Joined cases Tele2 Sverige AB (C-203/15) and Watson (C-698/15), § 105. 97  Digital Rights Ireland Ltd, Case C-293/12, § 59; Joined cases Tele2 Sverige AB (C-203/15) and Watson (C-698/15), § 106. 98  Digital Rights Ireland Ltd, Case C-293/12, § 60. 99  Idem, § 61. 100  See also Joined cases Tele2 Sverige AB (C-203/15) and Watson (C-698/15), § 95. 92 93

8.2 Defining Procedural Rules for the Surveillance of Personal (Banking) Data

345

long as “the retention of data is limited, with respect to the categories of data to be retained, the means of communication affected, the persons concerned and the retention period adopted, to what is strictly necessary”.101 Legislation shall therefore “lay down clear and precise rules governing the scope and application of such a data retention measure and imposing minimum safeguards, so that the persons whose data has been retained have sufficient guarantees of the effective protection of their personal data against the risk of misuse”.102 It shall also “meet objective criteria, that establish a connection between the data to be retained and the objective pursued. In particular, such conditions must be shown to be such as actually to circumscribe, in practice, the extent of that measure and, thus, the public affected […] Such limits may be set by using a geographical criterion where the competent national authorities consider, on the basis of objective evidence, that there exists, in one or more geographical areas, a high risk of preparation for or commission of such offences”.103 Along the same line, interferences to the right to privacy are acceptable, in general terms, “in relation to the objective of fighting crime, only to the data of individuals suspected of planning, committing or having committed a serious crime or of being implicated in one way or another in such a crime […] However, in particular situations, where for example vital national security, defence or public security interests are threatened by terrorist activities, access to the data of other persons might also be granted where there is objective evidence from which it can be deduced that that data might, in a specific case, make an effective contribution to combating such activities”.104 A few last brief notations shall be made with regard to the approach adopted by the CJEU, toward personal data surveillance. First, these legitimacy conditions were drawn by the Court of Justice with regard to the collection of personal data both for preventive and repressive purposes. Especially in the first case, however, besides for the clear (and fundamental) assertion of the central role of privacy and data protection, the criteria set by the Court appear especially critical in their practical application. Indeed, if on one side it is certainly reassuring that no form of generalized control over every person’s personal data shall be legally carried out within the EU, on the other, it seems hard to understand how it would be possible to preventively apply “geographical” or other selecting criteria without that ending up in some form of discrimination which are also contrary to the EU fundamental principles (e.g. against geographical areas inhabited by poor people, or by migrants; against recidivists; against people belonging to a certain ethnicity or religious group, etc.).105  Idem, § 108.  Digital Rights Ireland Ltd, Case C-293/12, § 54 and the case-law cited; Joined cases Tele2 Sverige AB (C-203/15) and Watson (C-698/15), § 109. 103  Joined cases Tele2 Sverige AB (C-203/15) and Watson (C-698/15), §§ 110–111. 104  Idem, § 119 see also Zakharov v. Russia, § 260, and case-law there cited. 105  In case of criminal investigation, that is where the search for evidence begins after a crime has been committed, the problem appears less pressing, as certain objective suspicious elements are generally required to open a criminal proceeding. Cf. also Mitsilegas (2015). 101 102

346

8  Introducing a Regulation on (Banking) Data Surveillance in the EU: Some Proposals

At the same time, the foreseeability requirements necessary in light of Article 52(1) CFREU seems hardly applicable to a context, like that of preventive investigations, in which the very efficiency of the operations is depending on secrecy. In order to remedy to the difficult (perhaps even impossible) application of the parameters established by the CJEU when intrusions to the right to privacy are implemented,106 Nonetheless, exclusionary rules, currently applied in some EU Member States the creation of binding exclusionary rules, according to which information gathered for preventive purposes cannot be used in criminal investigations, seems a necessary safeguard to maintain the collection of personal data proportionate for a democratic society. As already discussed with regard to fair trial rights, and in particular to the privilege against self-incrimination, however, implementing this procedural solution at the EU level results especially unlikely at the moment, mainly due to the lack of political consensus for the harmonization of procedural principles and rules among Member States.107 Nonetheless, exclusionary rules, currently applied in some EU Member States108 and also by the US Supreme Court (although with a rather restrictive, not to say sceptical approach109), still appear a key feature to promote efficiency to preventive investigations, and, at the same time to ensure that limitations of the right to privacy remain in the boundaries of a democratic society, conferring to the individuals affected by disproportionate and/or illegitimate measures solid grounds for effectively challenge data collection. Applying all this legislative and jurisprudential background to the specific case of real-time monitoring of banking records, in the EU it is possible to identify a core of minimum procedural safeguards.  efined Objective Scope of Real-Time Monitoring: Offences D Taking into account the intrusiveness of this form of surveillance, it seems appropriate to limit its application only to serious offences, which could include: Serious financial crimes as defined by Articles 3 and 4 of the PIF Directive,110 cybercrimes (Articles 2 to 8 and 10 to 12 of the Budapest Convention) committed in the financial field (at least upon a certain threshold of imprisonment, e.g. four years, that is the threshold adopted to define “seriousness” by the PIF directive and also indicated in the Explanatory Report to the 2001 Protocol111), as well as further serious offences related to the use of the financial and banking system, such as money laundering (as  Especially when data collected are particularly capable of profiling individuals (see, a contrario), Proceedings brought by Ministerio Fiscal, Case C-207/16, 2.10.2018, ECLI:EU:C:2018:788. 107  Cf. above Sect. 6.3.5. 108  Such as in Italy, cf. Article 226(5) disp. att. c.p.p. 109  Gray (2017), p. 217 et seq. 110  Fraud (VAT fraud only if the damage involved is of at least 10 million euros), corruption, and misappropriation affecting the EU financial interests, as implemented by national law. The seriousness is here either defined by the provision of a maximum penalty of at least 4 years of imprisonment or by the involvement of “considerable damage or advantage”, meaning with that expression that it involves more than EUR 100,000 (cf. Article 7, PIF Directive). 111  Article 1(3), Explanatory report to the Protocol, cit. 106

8.2 Defining Procedural Rules for the Surveillance of Personal (Banking) Data

347

defined by Article 3, Directive 2018/1673112), terrorist financing (as defined by Article 11, Directive 2017/541113), insider trading and market manipulation (as defined by Articles 3 to 6 of Directive 2014/57). Alternatively, broader and less specific, but already existing selections of serious crimes may be derived from the lists of offences provided for by, for instance, the EIO Directive, Europol Regulation,114 or, by Article 83(1) TFEU which identifies the so-called “Eurocrimes”.115  efined Subjective Scope of Real-Time Monitoring: Potential Targets D The regulation should allow the application of real-time monitoring measures both against legal and natural persons. The awareness that certain forms of crime, above all those characterized by an important economic background, may be perpetrated also (and perhaps even better) by corporations requires today to extend this investigative techniques against these subjects too. That requires, however, that legal persons should be also recognized correspondent fair trial rights. Indeed, as already argued with regard to the privilege against self-­incrimination,116 the (even partial) exclusion of legal entities from the scope of the rights provided for by the Charter through secondary legislation appears in contrast both with the wording of the CFREU and with the increasing trend in adopting forms of criminal liability against organizations. In particular, the exclusion of legal persons from the scope of Directive 2016/680 appears rather anachronistic and subject to the same (even more evident, when the right to privacy is at stake) criticism raised for the exclusion of legal persons from the scope of Directive 2016/343 on the presumption of innocence. Irrespective of their being natural or legal persons, in line with the provisions contained in Article 28 of the EIO Directive,117 and with the standards and recommendations issued by the Financial Action Task Force,118 measures of surveillance on banking data should moreover be applicable both to subjects suspected of having committed a crime, and to any other person in respect of whom such information is found necessary by the competent authorities in the course of criminal proceedings, e.g. persons acting as front-man to financial operations. Lastly, to avoid that the use of electronic surveillance turns into massive forms of State watching, “fishing expeditions” shall be explicitly prohibited (at least for repressive purposes), and the same should follow for the use at trial of the elements

 Directive (EU) 2018/1673 of 23.10. 2018 on combating money laundering by criminal law.  Directive (EU) 2017/541 of 15.03.2017 on combating terrorism. 114  Cf. Annex I to the Regulation (EU) 2016/794 of 11.05.2016 on the European Union Agency for Law Enforcement Cooperation (Europol) and replacing and repealing Council Decisions 2009/371/ JHA, 2009/934/JHA, 2009/935/JHA, 2009/936/JHA and 2009/968/JHA. 115  As defined by Klip (2016), p. 231 et seq. 116  Cf. above Sect. 6.3.5. 117  Cf. Sect. 7.3. 118  Cf. Sect. 3.2. 112 113

348

8  Introducing a Regulation on (Banking) Data Surveillance in the EU: Some Proposals

so gathered. Monitoring shall thus be limited, both in the phase of data gathering and in its access, only to specified bank account(s)/subjects/transactions.119 This conclusion appears necessary also in light of the current international state of play: Specifying who is the precise subject of the investigations is required, for instance, by Article 28(1)(a) of the EIO Directive, according to which it is possible to issue an EIO for the gathering of evidence in real time over “one or more ­specified accounts”. Similarly, Article 7(2)(c) of the aforementioned 2005 COE Convention states that the party should enable the monitoring of “the banking operations that are being carried out through one or more identified accounts”.  etermined Duration of Surveillance Measures D Similarly to wiretapping regulations, also on account of the potential remote (and therefore secret) activation of surveillance measures, time-limits should be provided for by law: Upon their expiration, a new authorization from the competent authority shall be requested again in case an extension is sought.120  afeguards in the Storage of Data S In line with the CJEU case-law following Digital Rights, unlimited and generalized storage of the data shall not be allowed. Selected and legally obtained information should then be stored guaranteeing the integrity and authenticity of collected data, in line with the best technical practices (e.g. ISO Standards 27037:2012). In this sense, it is especially relevant to consider, among other features, that service providers where data are available may have private economic considerations when determining the modalities of storage, the level of security and the possibility of dissemination of the information collected, ending up with standards not aligned to the general interests in the protection of the individual right to privacy. Regulations should therefore take this aspect into account and accordingly demand adequate guarantees, for instance allowing the retention of data only within the territory of the European Union, and requiring the irreversible destruction of the data at the end of the retention period.121  ublic Reporting Duties P The procedure followed for examining, using and storing data should be publicly disclosed. If revealing all technical details (especially for the examination, i.e. surveillance techniques) could hamper the result of the investigation, or could be difficult to balance with intellectual property rights (e.g. in case licensed software are  Cf. Bernal (2016), p. 246 highlighting how, for instance, under the UK Investigatory Powers Bill, surveillance is operated on a “‘gather in bulk, access in detail’ basis. The question of whether this constitutes ‘mass surveillance’ is one of the key parts of the debate, but may […] be a largely semantic argument. What is clear is that surveillance law and practice as it currently exists, and is being legally proposed, involves gathering of massive amounts of data […] where there are no limits on how ‘bulky’ the bulk might be”. 120  On the identification of the competent authority, see below, Sect. 8.3. 121  Schrems, Case C-362/14, § 92; Digital Rights Ireland Ltd, Case C-293/12, §§ 67–68. 119

8.2 Defining Procedural Rules for the Surveillance of Personal (Banking) Data

349

adopted), at least forms of public control should be established, for instance through the disclosure of relevant information to restricted independent specialized committees, and/or through periodical reports to the Parliament or other independent authorities.122 Anti-Leaking Precautions When communicating data to other parties during the investigation, and especially before an assessment over the relevance of the collected data has been made by the competent authorities, specific technical procedures shall be implemented in order to avoid (or reduce) the risk of early disclosure, in compliance with the presumption of innocence of the suspect, and of the right to privacy of the latter and of third parties potentially involved.123 At the very least, mechanisms to record all accesses to stored information the so-called chain of custody, according to the best international practices shall be put into place, to allow affected parties to trace back the liability line and ask for compensation where a leak of reserved information occurs.  echnical Neutrality and Content-Based Approach T Personal (banking) data should not be collected under lower guarantees just because new technologies allow to bypass traditional checks and balance. As authoritatively highlighted, indeed, “New facts will trigger new rules, but the role of the Constitution should remain constant regardless of technology […] so that the law will maintain the old function in the new environment”.124 To this end, the level of safeguard recognized in a regulation on real-time monitoring of banking records, aspiring to maintain effectiveness also in times of great technological changes and to avoid becoming quickly obsolete, should not depend on the specific technology used to carry out the surveillance, nor upon the kind (technology) of device where the data is stored. This approach, that goes under the name of technical neutrality, has been successfully applied, for instance, by the Budapest Convention on cybercrime,125 and may be recognised also in the “generous approach” to Article 8 ECHR followed by the Court in Strasbourg, that “allowed

 As provided in Germany, cf. Bundersverfassungsgericht, I Senate, 20.04.2016, 1 BVR 966/09, 1 BVR 1140/09, analysed, e.g., by Giordano and Venegoni (2016). 123  Joined cases Tele2 Sverige AB (C-203/15) and Watson (C-698/15), § 122; Digital Rights Ireland Ltd, Case C-293/12, §§ 66–68. 124  Discussing about the principle of neutrality with regard to the Fourth Amendment, Kerr (2010), according to whom “Technology neutrality assumes that the degree of privacy the Fourth Amendment extends to the Internet should try to match the degree of privacy protection that the Fourth Amendment provides in the physical world […] That is, the Fourth Amendment will remain technology-neutral in the sense that the overall amount and function of Fourth Amendment protection will be roughly the same regardless of whether a wrongdoer commits his crime entirely online, entirely in the physical world, or using a mix of the two”. 125  Greatly contributing in maintaining it, after almost 20 years from its entry into force, one of the most applied and appreciated international legal tools. 122

350

8  Introducing a Regulation on (Banking) Data Surveillance in the EU: Some Proposals

the case-law to develop in line with social and technological developments”.126 Technical neutrality has been also specifically raised and tackled at the EU level by Directive 2016/680, which at Recital (18) explicitly requires that “in order to ­prevent creating a serious risk of circumvention, the protection of natural persons should be technologically neutral and should not depend on the techniques used”.127 The content-rather-than-technique-based perspective that results from this approach should not however be understood in a “quantitative” perspective, as partially suggested by the USSC in Jones and Carpenter (talking about “longer term” monitoring, e.g. when surveillance lasts more than 7 days)128 and, in 2013, by the American Bar Association which, addressing law-enforcement information gathering, proposed to graduate the level of protection according to the “degree of privacy” of the information to be collected (“highly private, moderately private, minimally private, or not private”).129 The extreme vagueness of this “quantitative” approach (although quantity certainly maintains an important role in todays big data society) has been indeed understandably criticized by legal scholars, which pointed out the arbitrariness underlying this criterion.130 Identifying the best legislative technique to deal with technological development is not however a task with an easy solution, especially in the field of privacy protection. Indeed, on one side, it appears unlikely to be able to define a precise quantitative (time-wise) threshold beyond which intrusion to privacy shall be considered more severe, as serious harm to this right may be perpetrated also in a limited time period, if the tool used is very intrusive. However, also linking the level of protection only to the degree of intrusiveness of the specific technique adopted does not necessarily provide for the best solution in a technological society in which the same data may often be obtained both through “intentionally-intrusive” and “automatically-structural” tools. For instance, it appears sensible to require a high level of protection if law-enforcement intends to install a malware on a smartphone to activate its GPS to spy upon the movements of a suspect. The same privacy-sensitive location information, however, may also get continuously and automatically stored in cell-site location information records with basically the same accuracy and irrespective of the users’ will. It seems therefore unreasonable that such information could be accessed by law-enforcement with lowers guarantees, given that the limitation to the right to privacy of the subjects affected (represented by the ability to reconstruct “a detailed chronicle of a person’s  Guide on Article 8 of the European Convention on Human Rights, § 46. https://www.echr.coe. int/Documents/Guide_Art_8_ENG.pdf. Accessed 20 July 2018; Harris et al. (2014), p. 522 et seq. 127  Cf. Recital (15) GDPR and Recital (18), Directive 2016/680. 128  Cf., respectively, above Sects. 8.1 and 7.6. 129  ABA (2013), also known as “LEATPR Standard”, Standard 25-4.1 Categories of information; a version of content-shaped approach has also been proposed with regard to the First Amendment, see Richards (2013), criticized by Gray and Keats Citron (2013). A third content-based approach, again referring to the First Amendment, has been developed within the Yale’s Information Society Project, see e.g. Balkin (2016). 130  Highlighting also how, in the US context, the Fourth Amendment case-law has a history of “neutrality” “with respect to degrees of privacy involved”, cf. Gray (2014, 2017). 126

8.2 Defining Procedural Rules for the Surveillance of Personal (Banking) Data

351

physical presence compiled every day, every moment, over several years”131) appears similarly acute in both cases. Lastly, also the solution of making the protection exclusively dependent upon the quantitative level of privacy attributable to a single information does not appear satisfactory. Indeed, the possibility of individual and group profiling, which certainly represents a “world of difference”132 compared to the information that could be gathered through non-digital and retrospective forms of data collection, does not necessarily depend upon the sensitiveness of the single piece of data. It results on the contrary by a combination of the “degree of privacy” involved by single pieces of information and of the data-mining capacity to extract sensitive information also from potentially non-sensitive big-data.133 Against this background, without any optimal solution at hand, but taking into account the fundamental character of the interests at stake (individual and collective privacy, democracy and rule of law) it seems preferable to adopt the interpretation that, allows for a higher degree of protection with a minor impact on the effectiveness for the investigations. In the EU legal framework, such solution might be found applying a content-­ based approach that, without distinguishing among higher or lower level of ­sensitiveness, grounds the scope of protection upon the aforementioned legislative definition of “personal data”, provided for by Articles 4(1) GDPR and, with specific regard to the criminal matter, Article 3(1) of Directive 2016/680. According to it, and in line with the case-law so far developed by the CJEU, all personal (including banking) data which are subject to real-time monitoring investigative techniques should then receive the same level of protection (i.e. in terms of the level of proof needed to obtain the authorization to access to it, or concerning the authority competent to grant the latter), regardless of the tool applied to perform the monitoring, the kind of device in which data was stored, the duration of the monitoring, or the “degree of privacy” entailed in each piece of information. The significance to be attributed to all these elements should then not be punctually assessed in the legislation, to allow it to keep pace with technological development. However, it may be taken into account by the competent authority when assessing (ex ante, to grant the authorization, and/or ex post, if the measure is challenged) the proportionality of the specific tool and the conditions (to be) applied to perform the surveillance.  xclusionary Rules and Destruction of Illegally Obtained Information E Lastly, in case the measure applied is considered to be disproportionate, or if it violates the requirements described above, a regulation on real-time monitoring of (banking) data should provide for strict exclusionary rules, making it possible for

 Carpenter v United States, pp. 16–17.  Id., p. 17. 133  As famously shown by the notorious Target case, cf. Hill (2012), and Duhigg (2012). 131 132

352

8  Introducing a Regulation on (Banking) Data Surveillance in the EU: Some Proposals

the affected individuals to trigger effective remedies.134 Data unlawfully collected should be accordingly destroyed.135 Contrary to the ECtHR “comprehensive” approach, and also in light of the gap of protection shown by the US example described in the previous Chapter, it seems indeed that the protection of such fundamental rights cannot be left to a case by case appreciation of the harm brought to the interests at stake when the minimum procedural safeguards discussed above are violated. Only automatic exclusionary rules, appear adequate to limit abuses (especially when surveillance measures may be remotely activated) and maintain the implementation of invasive surveillance investigative techniques in line with the basic features of a democratic society. In light of these minimum standards, the regulations in the (few) EU Member States dealing with real-time monitoring of banking data currently appear rather inadequate, also taking into account that information so gathered could then be disseminated via an European Investigation Order.136 Indeed, although some of the procedural safeguards listed above have been implemented in national legislations,137 it remains critical that requirements for applying this surveillance measure differ from country to country, while financial institutions operate in a single legal and economic area, and enjoy an intrinsic and unavoidable transnational dimension.

8.3  R  ight to an Effective Remedy: The Authority in Charge of Real-Time Monitoring of Banking Records In addition to the creation of exclusionary rules, the Charter and its interpretation by the CJEU certainly need to be strengthened when it comes to the other parameter upon which to verify whether surveillance measure qualifies as “necessary for a democratic society”: Identifying an appropriate authority in charge of the control over real-time monitoring of personal (banking) data able to ensure the right to an effective remedy.138 Under this profile, no rule at all on the matter is provided for by Article 7 CFREU. On the other side Article 8(3) CFREU only requires that limitations to data protection “shall be subject to control by an independent authority”.

 In this sense, see, e.g., Caianiello (2014), p. 317.  Although complicated appear to define in this case when such a destruction should occur, highly depending on the features of each national legal system (for instance, regulating up until when it is possible for prosecutors to integrate the investigating material). 136  Cf. above Sect. 7.3. 137  As it emerges from the brief recollection of national legal orders illustrated in the previous, cf. above Sect. 7.5. 138  Cf. Sect. 6.3.3. 134 135

8.3 The Authority in Charge of Real-Time Monitoring of Banking Records

353

This threshold, although recalling the jurisprudence developed by the CJEU and the ECtHR the notion of “independence”,139 could indeed encompass both administrative and judicial authorities, which however present deeply different level of safeguards for the persons affected by the intrusive measures.140 On this basis, the Court of Justice (e.g. in Digital Rights Ireland, Schrems, Google Spain, and Tele2-Watson) acknowledged that the legislature’s discretion is reduced in case of serious interference with the right to respect for private life.141 Nonetheless, the Court, mirroring the textual ambivalence of Article 8 CFREU, refrained so far from expressing any conclusive preference on whether such an independent control should be better carried out by a judicial rather than by an administrative body.142 At first glance, the wording of Article 8 ECHR adds only a limited contribution to the matter, as it makes no explicit reference to the need of having an overseeing authority at all. This parameter, however, has been elaborated by the Court in Strasbourg, in some cases concerning secret surveillance. In particular, in the aforementioned Klass and others v Germany (1978), where an “independent” oversight was guaranteed by “an official qualified for judicial office”, a Parliamentary Board and a special Commission, the Court considered that “in a field where abuse is potentially so easy in individual cases and could have such harmful consequences for democratic society as a whole, it is in principle desirable to entrust supervisory control to a judge”.143 Similar conclusion was reached again in the Zackharov (2015), where the ECtHR further specified that “in view of the risk that a system of secret surveillance set up to protect national security may undermine or even destroy democracy under the cloak of defending it”, national systems are also required to provide further effective guarantees against abuses,144 “judicial control offering the best guarantees of independence, impartiality and a proper procedure”.145 Nevertheless, in Klass the Court had admitted that “the exclusion of judicial control does not exceed the limits of what may be deemed necessary in a democratic society”, as long as, in the specific circumstances of the case, the (administrative) authorities entitled with the supervision are independent, and “vested with sufficient powers and competence to exercise an effective and continuous control”.146 According to the ECtHR, however, judicial control remains necessary, if not during the execution of the surveillance, “at least in the last resort”, that is after the

 Cf. above Sects. 6.3 and 6.3.1.  Idem. 141  Cf. Joined cases Tele2 Sverige AB (C-203/15) and Watson (C-698/15), § 123. 142  Cf. Joined cases Tele2 Sverige AB (C-203/15) and Watson (C-698/15), § 114 and 120; Digital Rights Ireland Ltd, Case C-293/12, §§ 48-62.; but see also Schrems, Case C-362/14, § 95. 143  Klass and Others, § 56. 144  Zakharov v. Russia, § 232. 145  Cf. Zakharov v Russia, § 233; Klass and Others, §§ 55–56. 146  Klass and Others, § 56. 139 140

354

8  Introducing a Regulation on (Banking) Data Surveillance in the EU: Some Proposals

measure has ceased.147 Such a control shall be effective in the particular circumstances of the case,148 allowing the court not only to assess the legality of the limitation but also its appropriateness, duration and scope.149 In light of the equivalence clause of Article 53 CFREU, when intrusive investigative techniques such as real-time monitoring of banking data are at stake, involving a judge with jurisdiction on the facts–which should guarantee a prior exam to grant the authorization or, in the absence of the latter, a subsequent control with an ex post judicial review–seems a necessary solution to guarantee the compliance of the investigative measures with the ECtHR case-law and in general with the proportionality principle. Indeed, as previously discussed with regard to the definition of impartial and independent tribunal,150 only the judiciary—in combination with a legal framework providing for effective exclusionary rules—can guarantee an adequate level of protection in case of limitations affecting fundamental rights, not only with regard to fair trial rights, but also to privacy and data protection.151 Applying this case-law to real-time monitoring of banking records, the seriousness of the interests at stake would certainly require also for this investigative technique the highest possible level of guarantees, that is a prior judicial control, similarly to what usually established for wiretapping. The fact that, however, no textual link to this solution can be found neither in the Charter, nor in the Convention is especially critical considering how the current European panorama also on this profile is far being uniform. Taking into account the available sources, among those Member States that do provide for some form of banking real-time monitoring within their jurisdiction, some (such as AT, BE, NL, UK, and partially IT152) conferred the power to request such measures to prosecutorial or law-enforcement authorities and established the need to seek for a judicial authorization to carry out the surveillance. Other countries are instead being reported to have identified authorities competent to apply such measure in national FIUs (BG, CZ, EE, LV, SI153; LU, and IE and IT154): In these cases, therefore, the kind of authority in charge for real-time monitoring is strictly related to the type of FIU adopted at the domestic level. In light of the diverse framework in this sector, for few of these countries this choice implies the conferral of real-time monitoring powers to authorities within the traditional area of criminal justice (EE and IE: Law-enforcement-type of FIU; LU:  Klass and Others, § 57; Zakharov v. Russia, § 233–234; Heino v Finland, 15.02.2011, Application no. 56720/09, § 45. 148  Smirnov v. Russia, 7.06.2007, Application no. 71362/01, § 45. 149  Delta Pekárny A.S. v Czech Republic, 2.10.2014, Application no. 97/11, § 91. 150  See above, Sects. 6.3 and 6.3.1. 151  Heino v Finland, 15.02.2011, Application no. 56720/09, § 45. 152  According to the country analysis provided in Ligeti (2012), that includes also FR, PT, RO. In IT the power may also be activated by the Administrative FIU. Cf. Sect. 7.5. 153  According to MONEYVAL (2013), p. 37 et seq. 154  According to the country analysis provided in Ligeti (2012), see country profiles of LU and EI. 147

8.3 The Authority in Charge of Real-Time Monitoring of Banking Records

355

Judicial-type of FIU); in others, such as BG, CZ, and SI (but also in IT), on the contrary, real-time monitoring of financial transactions appears to be assigned to administrative authorities without an explicit need to obtain a judicial authorization.155 This choice, considering the relevance of the data endangered by this invasive form of surveillance, appears inadequate to guarantee an effective impartial and independent review of the measure applied. This choice, however, seems also, at the same time, hardly challengeable as such against the current wording of Articles 7 and 8 CFREU, at least in lack of an explicit interpretation of the Court of Justice in this sense. The absence of supranational clear legal basis in this regard is even more alarming when considering those countries where no explicit regulation on real-time monitoring of banking records has been provided as yet. Indeed, as showed by the US example, this often does not really prevent the practical application of surveillance investigative techniques, but only reduces the possibility to invoke an effective remedy against violations of the rights at stake.

References ABA (2013) Standards for criminal justice: law enforcement access to third party records, 3rd edn. https://www.americanbar.org/groups/criminal_justice/standards/law_enforcement_access. html. Accessed 19 July 2018 Aterno S (2013) Le investigazioni informatiche e l’acquisizione della prova digitale. Giur merito, p 955 Balkin JM (2016) Information Fiduciaries and the first amendment. UC Davis Law Rev 49(4):1183 Balsamo A (2015) Il contenuto dei diritti fondamentali. In: Kostoris RE (ed) Manuale di procedura penale europea, II edn. Giuffrè, Milano, p 109 et seq Bernal P (2016) Data gathering, surveillance and human rights: recasting the debate. J  Cyber Policy 1(2):243–264 Brownsword R, Goodwin M (2012) Law and the technologies of the twenty-first century: text and materials. Cambridge University Press, Cambridge Bull HP, Giesen T, Kühling J, Leutheusser-Schnarrenberger S, Von Lewinski K, Robrecht B, Schaar P, Schramm J, Schulzki-Haddouti C, Seemann M, Spiecker Genannt Döhmann I, Stinner J, Trepte S (2016) Zukunft der informationellen Selbstbestimmung. ESV, Berlin Caianiello M (2014) To Sanction (or not to Sanction) procedural flaws at EU level? A step forward in the creation of an EU criminal process. Eur J Crime Crim Law Crim Justice 22(4):317 Camon A (1996) Le intercettazioni nel processo penale. Giuffrè, Milano Donini M (2016) Il diritto giurisprudenziale penale. Collisioni vere e apparenti con la legalità e sanzioni dell'illecito interpretativo. Riv trim dir pen cont, 3 Duhigg C (2012) How companies learn your secrets. In NYT, 16th February 2012. https://www. nytimes.com/2012/02/19/magazine/shopping-habits.html. Accessed 19 July 2018 Electronic Privacy Information Center (EPIC) (2017) Carpenter v. United States 16-402, Supreme Court (Fourth Amendment, Location Privacy) EPIC’s Amicus Brief. https://epic.org/amicus/ location/carpenter/Carpenter-v-US-amicus-EPIC.pdf. Accessed 19 July 2018

155

 Cf. Sect. 3.3.

356

8  Introducing a Regulation on (Banking) Data Surveillance in the EU: Some Proposals

Filippi L (2003) Le Sezioni Unite decretano la morte dell'agente segreto “attrezzato per il suono” see also G. Fumu, Registrazione di colloqui tra presenti effettuata a cura della polizia giudiziaria: insuperabili i limiti alla testimonianza indiretta. Riv pol, p 762 Fontanelli F (2011) The European Union Charter of fundamental rights two years later. Perspect Federalism 3(3):22 Fumu G (2003) Registrazione di colloqui tra presenti effettuata a cura della polizia giudiziaria: insuperabili i limiti alla testimonianza indiretta. Riv pol, p 762 Giordano L, Venegoni A (2016) La Corte Costituzionale tedesca sulle misure di sorveglianza occulta e sulla captazione di conversazioni da remoto a mezzo di strumenti informatici. Dir pen cont, 8 maggio 2016 Gray D (2014) The ABA standards for criminal justice: law enforcement access to third party records: critical perspective from a technology-centered approach to quantitative privacy. Okla Law Rev 66:919 Gray D (2017) The fourth amendment in an age of surveillance. Cambridge University Press, New York Gray D, Keats Citron DK (2013) Addressing the harm of total surveillance. A Reply to Professor Neil Richards. Harv Law Rev F 126:262 Greer S (2000) The margin of appreciation: interpretation and discretion under the European Convention on human rights. Council of Europe Publishing. https://www.echr.coe.int/ LibraryDocs/DG2/HRFILES/DG2-EN-HRFILES-17(2000).pdf. Accessed 19 July 2018 Harris DJ, O’Boyle M, Beates EP, Buckley M (2014) Law of the European Convention on human rights, 3rd edn. Oxford University Press, Oxford Hill K (2012) How target figured out a teen girl was pregnant before her Father Did, in Forbes, 16th February 2012. https://www.forbes.com/sites/kashmirhill/2012/02/16/how-target-figured-outa-teen-girl-was-pregnant-before-her-father-did/#6a7ed7b96668. Accessed 19 July 2018 Iovene F (2014) Le c.d. perquisizioni online tra nuovi diritti fondamentali ed esigenze di accertamento penale. Riv trim dir pen cont 3–4:329 Kerr OS (2010) Applying the fourth amendment to the internet: a general approach. Stanford Law Rev 62:1005 Klip A (2016) European criminal law: an integrative approach, 3rd edn. Intersentia, Cambridge Knierim TC (2008) BverfG: Reichweite und Grezen der Online-Durchsuchung, in Fachdienst Strafrecht, 253764 Kostoris RE (2017) Diritto europeo e giustizia penale. In: Id (ed) Manuale di procedura penale europea, 3rd edn. Giuffrè, Milano, p 51. Kudlich H (2008) Enge Fesseln für «Landes- und Bundestrojaner»  - Anforderungen an die Zulässigkeit einer (sicherheitsrechtlichen) Online-Durchsuchung, in Juristische Arbeitsblätter, p 475 Lamandini M, Ramos Muñoz D, Solana Alvarez J (2015) Depicting the limits to the SSM’s supervisory powers: the role of constitutional mandates and of fundamental rights’s protection, in Quad. Ricerca Giuridica, Banca d’Italia, p 79 Lasagni G (2018) Tackling phone searches in Italy and in the US. Proposals for a technological re-thinking of procedural rights and freedoms. NJECL 9(3):386–401 Ligeti K (ed) (2012) Toward a prosecutor for the European Union Volume 1: a comparative analysis. Hart, Oxford Logan WA (2001) An exception swallows a rule: police authority to search incident to arrest. Yale Law Policy Rev 19:381 Maioli C, Sanguedolce E (2012) I “nuovi” mezzi di ricerca della prova fra informatica forense e L. 48/2008. http://www.altalex.com/documents/news/2012/05/03/i-nuovi-mezzi-di-ricerca-dellaprova-fra-informatica-forense-e-l-48-2008. Accessed 20 July 2018 Maisch MM (2015) Informationelle Selbstbestimmung in Netzwerken. Duncker & Humblot, Berlin Martinico G (2017) Commento all’art. 7. In: Mastroianni R, Pollicino O, Allegrezza S, Pappalardo F, Razzolini O (eds) Carta dei diritti fondamentali dell’Unione europea. Giuffrè, Milano, p 114

References

357

Mazzacuva F (2015) L'incidenza della definizione “convenzionale” di pena sulle prospettive di riforma del sistema sanzionatorio. Riv trim dir pen cont 3:6 Mitsilegas V (2015) The transformation of privacy in an era of pre-emptive surveillance. Tilburg Law Rev 20:35–57 Mitsilegas V (2016) Surveillance and digital privacy in the transatlantic ‘War on Terror.’ the case for a global privacy regime. Columbia Hum Rights Law Rev 47(3):1–77 MONEYVAL (2013) The Postponement of Financial Transactions and The Monitoring of Bank Accounts, April 2013. https://rm.coe.int/research-report-the-postponement-of-financial-transactions-and-the-mon/168071509b. Accessed 19 July 2018 Murphy T, Ó Cuinn GO (2010) Works in progress: new technologies and the European Court of Human Rights. Human Rights Law Rev 10(4):601–638 Nicolicchia F (2017) I limiti fissati dalla Corte costituzionale tedesca agli strumenti di controllo tecnologico occulto: spunti per una trasposizione nell’ordinamento italiano. Arch pen 2 Orlandi R (2009) Questioni attuali in tema di processo penale e informatica. Riv dir proc, p 129 Orlandi R (2014) La riforma del processo penale fra correzioni strutturali e tutela “progressiva” dei diritti fondamentali. Riv it dir e proc pen, pp 1133–1164 Orlandi R (2018) Usi investigativi dei cosiddetti captatori informatici. Criticità e inadeguatezza di una recente riforma. Riv it dir proc pen Pica G (1999) Diritto penale delle tecnologie informatiche. UTET, Torino Pollicino O (2017) Commento all’art. 8. In: Mastroianni R, Pollicino O, Allegrezza S, Pappalardo F, Razzolini O (eds) Carta dei diritti fondamentali dell’Unione europea. Giuffrè, Milano, p 132 Richards NM (2013) The danger of surveillance. Harv Law Rev 126:1934 Sanchez SI (2012) The court and the charter: the impact of the entry into force of the Lisbon treaty on the ECJ’s approach to fundamental rights. Common Mark Law Rev 49(5):1565 Sarmiento D (2013) Who’s afraid of the Charter? Common Mark Law Rev 50:1267–1304 Sayers D (2014) Sub art. 48 (Criminal law). In: Peers S, Hervey TK, Kenner J, Ward A (eds) The EU Charter of Fundamental Rights. Hart, Oxford, p 1303 et seq Schulhofer SS (2012) More essential than ever: the Fourth Amendment in the twenty-first century. Oxford University Press, Oxford Signorato S (2017) Le indagini penali informatiche, I, Giappichelli, Torino Torre M (2015) Il virus di Stato nel diritto vivente tra esigenze investigative e tutela dei diritti fondamentali. Dir pen e proc, p 1167 Torre M (2017) Il captatore informatico. Giuffrè, Milano Tricot J, Martìn AN (forthcoming) Monitoring of banking transactions and traffic data. In: Ligeti K (ed) Toward a prosecutor for the European Union-Draft rules of procedure, vol 2. Hart, Oxford

Chapter 9

Conclusion

The comparative research in this work has been driven by two leading questions: (a) In the field of banking investigations, what is a balance between the need to fight crimes and that of protecting human fundamental rights which can be fairly accepted in a democratic society?, and (b) under this perspective, is the current legal framework in the EU adequate? If not, what can be done about it? These issues are today particularly pressing, as traditional balances of interests in criminal law and procedure are increasingly challenged by phenomena whose origin is poorly controllable by criminal law operators, such as global financial crises, the development of digital technology, the existence of supranational multilevel supervisory systems, and the growth of administrative punitive powers. These new scenarios bring with them risks, to which criminal law can represent only a part of the solution, first of all the risk that abuses in the application of new technologies may lead to the creation of forms of new digital totalitarianism. Like every (first of all) cultural revolution, however, this search for new balances can be also a source of new opportunities, and provide a fertile ground for structural reforms which can hardly be imagined in more stable times: The very creation of the Single Supervisory Mechanism, or of the European Public Prosecutor Office (regardless of all their critical profiles) in a Union deeply affected by occurrences of nationalism bears witness to it. Among these cultural, economic, and legal changes, financial and banking investigations (the sector which, it is no coincidence, both the SSM and the EPPO belong to), due to their intrinsic multidisciplinary and transnational dimension, represent a forefront in the research for a new equilibrium able to keep pace with old and recent demands for fundamental rights protection. Dealing today with the question of how to ensure an adequate level of protection to the financial system and to personal data in a world far more extended and complicated that it was only a few decades ago, means therefore not only to face critical issues arising from a technical branch of criminal law, but also to reflect on new power structures whose impact © Springer International Publishing Switzerland and G. Giappichelli Editore 2019 G. Lasagni, Banking Supervision and Criminal Investigation, Comparative, European and International Criminal Justice 1, https://doi.org/10.1007/978-3-030-12161-7_9

359

360

9 Conclusion

and results are likely to influence criminal law and procedure far beyond the mere financial field. With this perspective, this work analysed, with a comparative approach, today’s most critical and at the same time the most dynamic areas of banking investigations: The creation of supranational centralised investigative and sanctioning powers, which cover also profiles of substantial criminal liability, and the development and deployment of financial surveillance techniques forms of surveillance also in lack of a clear legal framework. Besides for the specific problems emerging from each of these profiles, a first critical common consideration can be drawn with regard to the very definition of financial and banking institution. The existence and development of “alternative” banking operators (such as Hawala, or e-currency providers) indeed underlines the inadequacy of anchoring the definition of credit institution to an “institutional”, rather than to a substantive perspective. This approach in fact leaves wide areas of financial operations and operators free from adequate forms oversight for supervisory, tax and also, as extrema ratio, criminal law purposes.1 “Alternative” financial operators are indeed today some of the top financial channels used to perform illicit operations, like tax fraud, money laundering, or terrorist financing. Against this composite background, it could appear more appropriate to broadly interpret the definition of banking institution2 to include in it, at least for supervisory purposes, any form of activity “the business of which is to take deposits or other repayable funds from the public and to grant credits for its own account”, besides for the existence of a formal banking license to do so. However, this extensive interpretation would not be cost-free: Identifying and then supervising “alternative” financial institutions is a difficult task, which requires to create new sets of tools and expertise (as in the case of e-currency) and, notable resources. Such an extension may even in some cases, drastically undermine the added value of certain business activities (such as in the case of crowdfunding or again, even more, e-currency). Establishing new forms of supervision, moreover, is also likely to produce a mere shift of the grey areas towards potentially even less detectable financial platforms. This dilemma, in itself rather typical of any criminal law policy choice, is further complicated by the increasing questionability of maintaining strictly separated forms of control between banking and financial institutions, without, at the same time, really abandoning the notion of “universal banking”. Indeed, in a context in which banks are allowed (to a lesser or greater degree, according to contingent historical circumstances) in trading with a large number of activities (such as securities, or insurance), separated oversights depending on the activities carried out by credit institutions may risk to miss the big picture or, in the worst case, as it happened in the US before the last financial crisis, to encourage detrimental forms of passive and active rivalry among supervisors, which sensibly reduce the effectiveness of their tasks (and accordingly the level of protection). Separating banks and financial institutions might result less effective also in criminal investigations, as the formal reference to “banks” in most criminal regulations generates uncertainties as  Cf. Sect. 2.1.  And in the EU, in particular, the notion of “undertaking” established by Article 4(1)(1) CRR.

1 2

9.1  The Compliance with Fair Trial Rights in the Single Supervisory Mechanism

361

whether the tools there provided may be applied also towards financial non-banking institutions. In this sense, it is no coincidence that the regulations which are possibly most effective in fighting forms of financial crimes, like AML/CFT legislation, are precisely those which embrace a comprehensive notion of “financial institution”.

9.1  T  he Compliance with Fair Trial Rights in the Single Supervisory Mechanism The creation of the Single Supervisory Mechanism (SSM) certainly represents an important step forward for the protection of EU (and especially Eurozone) citizens’ rights through the safety and soundness of the credit market. The establishment of supranational supervisory authorities however also opens, or amplifies structural critical issues already present at the national level that remain currently unaddressed, for instance concerning the degree of independence and accountability of these administrative bodies, in light of potential conflicts of interest with governments (especially in the US, where banking supervision is also constantly threated by occurrences of deregulation3), or the banking industry.4 Critical concerns have also been raised regarding the effectiveness of cooperation networks, both within supranational systems, and at the international level, where too often the lack of clear legal basis and the (un)willingness of regulators substantially impair the supervisory results, while financial operations (and related abuses, also criminally relevant) are daily carried out by and through economic actors that take full advantage from the global dimension of their activities.5 On the other side, it has also been highlighted how the lack of common minimum procedural standards regulating the exchange of information in diagonal (i.e. multi-­ disciplinary) cooperation contexts bears significant shortcomings for the defence rights of the parties involved, especially when the information collected in the (less safeguarding) banking administrative supervisory proceeding is used as evidence in criminal investigations.6 In the EU, the investigative and above all sanctioning powers of the Single Supervisory Mechanism also raise further critical profiles with a direct impact to the criminal matter. Applying the Engel doctrine to the SSM legal framework, in fact, several of the sanctions imposable upon credit institutions by the European Central Bank seem to reveal a substantial criminal nature. Similarly to other fields of EU and national punitive law, for instance concerning anti-market abuse or VAT fraud regulations (but also, arguably, antitrust7), also  Cf. Sect. 5.4.  Cf. Sect. 6.1.1 for an analysis in light of the Basel Committee’s Core Principles. 5  Cf. Sects. 6.1.2 (for the US regulatory system) and 6.1.3 (for the Eurozone-Single Supervisory Mechanism). 6  Cf., especially in the EU, Sect. 6.1.3. 7  See above Sects. 6.2–6.3. 3 4

362

9 Conclusion

banking supervision therefore confirms the trend of progressive expansion of the substantial criminal matter, which increasingly seems to have abandoned its vocation as extrema ratio among the vast range of potential responses that may be used by public authorities. Substantial criminal nature, in particular, may be recognised to: The severe pecuniary penalties directly applicable by the SSM (Article 18(1) SSM R and Article 4a Regulation 2532/98 as referred to by Article 18(7) SSM R), by the National Competent Authorities, directly or upon request of the SSM (Articles 66(2) let. c, d, e and 67(2) let. e, f, g CRD IV/V); the related “naming and shaming” publication sanctions established by Articles 18(6) SSM R, 1a(3) Regulation 2532/98, and 66(2)(a), 67(2)(a) and 68 CRD IV/V; and finally, to the more ambiguous but not less detrimental supervisory measures consisting in the withdrawal of the banking authorisation (Article 14(5) SSM R, but also, without prejudice to the national transposition, Article 67(2)(c) CRD IV/V) and in the removal of members from the credit institutions’ management body (Article 16(2)(m) SSM R). The acknowledgement of a substantial criminal nature to these supervisory penalties and measures has a major relevance since in light of the jurisprudence of the Court in Strasbourg, as adopted by the Court of Justice, their application shall comply with the fair trail rights established for the criminal matter. The analysis carried out with regard to the SSM rules and procedures8 showed that some of these fundamental rights appear to have been duly regulated in the SSM legal framework, also thanks to the clause of Article 47 CFREU which applies to all proceedings affecting rights protected by the Charter.9 This is the case of the principle of the equality of arms; the right to have all the material evidence used for the accusation disclosed; the right of access to files; the right to be assisted with legal counselling; and (at least partially) the right to be heard. Severe concerns, on the other side, emerge for other fundamental fair trial rights, which play an essential role in criminal investigations. This is the case of the independence and impartiality of the decision-making body (tribunal), especially with regard to the separation between the investigative and adjudicating phases,10 of the right to an oral hearing,11 and of the privilege against self-incrimination.12 Under the first profile, in particular, serious concerns arise not only in the application of what the SSM Regulations define as “penalties”, given the limited degree of independence of the Investigating Units, but even more so when the assessment regards supervisory measures with substantive criminal nature, as in this case the

8  The analysis of the national regulations and different authorities acting in this field fall instead out of the remit of this work, cf. Sect. 6.2. 9  Although not necessarily so well protected in case of procedures developed before the entry into force of the Charter, like antitrust proceedings. See Sect. 6.2. 10  For an analysis of the notion of tribunal in administrative punitive matters and the independence requirement, see Sect. 6.3; for the impartiality requirement, see Sect. 6.3.1. 11  Cf. Sects. 6.3.2 and 6.3.3. 12  Cf. Sect. 6.3.5–6.3.6.

9.1  The Compliance with Fair Trial Rights in the Single Supervisory Mechanism

363

personnel in charge with the “investigations” (Joint Supervisory Teams) clearly belongs to the same body that is subsequently adopting the final decision.13 Under the last profile, on the other end, especially problematic appears the duty for undertakings to cooperate with the SSM investigations established by Articles 10 and 11(a)(b)(c) SSM R and 142 SSM FR, which should be restrictively interpreted so as to exclude the possibility for the ECB or NCAs to sanction refusal to provide self-incriminating information which involve an admission of the existence of an infringement incumbent upon the ECB to prove. In this sense, it seems appropriate to introduce in the SSM Regulations a provision similar to that of Article 9(2) OLAF Regulation, imposing a duty to inform the undertakings subject to supervisory investigations, and particularly to interviews under Article 11(1)(d) SSM R, of their rights, including the privilege against self-incrimination. This amendment seems necessary even though legal persons (among which banks) are not yet recognized a level of protection for the right to remain silent equal to that of natural persons, as showed by Directive 2016/343. Indeed, this discrimination appears, in a long-term perspective, increasingly inconsistent both with the widespread application of criminal liability upon legal persons in the EU, and with the case-law of the Court in Strasbourg, which has so far opted for an extensive application of the rights provided by Article 6 ECHR.14 These procedural lacunas in the SSM enforcement system which risk to cause major repercussion to the fairness of its sanctioning proceedings, and accordingly also to the efficiency of the new Eurozone centralised supervision, appear even more severe considering that currently, contrary to other comparable fields of law (such as antitrust proceedings), the SSM Regulations do not provide clear legal basis in the meaning of Article 261 TFEU for the Court of Justice to exercise unlimited jurisdiction over the merit of the sanctions applied by the Mechanism. Indeed, in light of the ECtHR case-law, as adopted by the CJEU, the existence of an effective remedy before a body with full judicial review represents the condition upon which it is possible to deem fair also proceedings which do not fully comply with all the parameters required by Article 6 of the Convention. The need for this gap to be addressed is therefore paramount for the resilience of the whole SSM supervisory sanctioning system, to avoid a scenario in which not only credit institutions (and related natural persons)’ rights are systematically violated when substantially criminal sanctions are imposed, but also in which each and every sanction imposed by the ECB, even with the best reasons on the merit, could be invalidated due to procedural shortcomings.15 Critical considerations regarding the jurisdiction of the Court could be also drawn with regard to the innovative powers granted to the SSM under Article 9(1) SSM R, according to which the ECB may instruct competent national authority to exercise their powers (apparently, from the wording of the provision, without any  Cf. Sect. 6.3.1.  Cf. Sect. 6.3.6. 15  Cf. Sect. 6.3.3. 13 14

364

9 Conclusion

room for discretion for the latter).16 This feature, basically the first case in which such prerogative has been granted to a European institution, poses substantial issues concerning the judicial review of the decisions so adopted as, in application of the CJEU case-law on the matter of composite proceedings, that could bring the Court of Justice to adjudicate not only upon national law (already a somehow “borderline” option but present in other European bodies as well17) but also upon acts issued by national authorities: A step which might even jeopardise the very mechanism of preliminary ruling.18 Finally, the substantial criminal nature of relevant sanctions imposable by the SSM according to the Engel criteria raises also critical issues concerning the application of the principle of ne bis in idem to double-track punitive systems. This profile remains problematic, although the scope of the double jeopardy clause results today severely downsized by the ECtHR jurisprudence following the notorious case A and B v Norway, and, perhaps even more worryingly, by the three 2018 CJEU decisions that (with a few divergences) seemed to follow its path. Also under this perspective, indeed,19 the SSM sanctioning powers trigger relevant critical issues concerning the transnational application of ne bis in idem and again the potential extension of the CJEU jurisdiction when it is the judge competent to deal with violations of double jeopardy.20

9.2  T  he Protection of Fundamental Rights (Right to Privacy) in the Surveillance on Personal (Banking Digital) Data With their transnational dimension and the impact of digital technology, surveillance or real-time monitoring investigative techniques represent today one of the most debated frontiers in the evolution of criminal law and prosecutorial systems, both in the EU and in the US. Against a globalised financial and banking system, in which the dematerialization of services, encouraged and strengthened by the Internet, makes it extremely hard both to identify breaches of criminal law, and to collect evidence to prove the latter at trial without using digital technology, introducing a supranational legal framework regulating banking data surveillance appears increasingly necessary.

 Cf. Sect. 4.4.1.  Cf. Sect. 4.4.1, referring to the case of Article 4(3) SSM R. 18  Cf. Sect. 6.3.3. 19  For a reconstruction of the development, or rather the involution of the European case-law on the matter of ne bis in idem, see Sects. 2.3.2 and 2.3.3. 20  The critical situations arising under this profile in the SSM legal framework are analysed in Sect. 6.3.7. 16 17

9.2  The Protection of Fundamental Rights (Right to Privacy), in the Surveillance on…

365

Taking into account the pervasiveness of such surveillance measures, and their capacity to severely affect individual and collective fundamental rights, first of all the right to privacy, however, a cautious but also firm approach needs to be adopted to establish adequate procedural rules and guarantees.21 In the EU, where the current regulatory state of play appears dramatically inadequate and legal basis on the matter are scarce when not inexistent,22 already recognising full application to the criteria developed by the ECtHR under Article 8 of the Convention, and by the Court of Justice under Articles 7 and 8 CFREU would have a major impact. Indeed this would require to implement legal basis characterised by minimum “quality” standards, including a clear definition of: The offences, or the kind of offences for which a surveillance order may be applied, which should be limited to serious (also, and especially transnational) crimes; the potential subjective targets, that should be circumscribed but include legal persons as well (which also implies the recognition of corresponding defence and privacy rights to these subjects too); the maximum duration of banking surveillance measures; adequate guarantees for the storage and destruction of the collected data; public reporting duties to ensure transparency and accountability; anti-leaking precautions; and, above all, exclusionary rules in case procedural standards are violated.23 On the other side, the current jurisprudence of the European Courts needs to be strengthened (lacking a realistic option to change the wording of the Charter) on the profile of effective remedy. Article 8 CFREU merely requires limitations to the right to privacy to be supervised by an independent authority, including in this number not only judicial but also administrative bodies, which however, do not structurally provide an adequate level of safeguards when it comes to protect the defence rights of the individuals affected by surveillance measures, especially when information collected may be used in (substantially) criminal proceedings.24 On a last, but still central profile, an EU legislation on real-time monitoring of banking data should be guided by a content-shaped approach based on the principle of technical neutrality, that is the level of safeguards recognized to personal (banking) data in case of limitation to the right to privacy, should not depend on the specific technology used to carry out the surveillance, nor on the kind of device where the data is stored. This approach is today necessary in dealing with the matter of digital investigative measures, as it allows regulations to maintain their effectiveness also in times of great technological changes, preventing them from quickly becoming obsolete.25 Implementing these rules at the EU level—where so far it has been easier to agree on the free circulation of prisoners rather than of procedural rules—could find

 Cf. Sect. 7.3.  Cf. Sects. 7.5 and 7.6. 23  Cf. Sect. 8.2. 24  Cf. Sect. 8.3. 25  Cf. Sect. 8.2, sub 7). 21 22

366

9 Conclusion

today legal basis in the exigency to facilitate “mutual admissibility of evidence between Member States”, according to Article 82(2)(a) TFEU. The competence of the Union to establish “minimum rules” does not however imply that the latter should contain a “minimum” level of protection, as it too often occurs in case of extremely compromised solutions. Especially but not exclusively in the field of personal (banking) data collection, whose dissemination potentially knows no bounds, the Union and above all its citizens now need, more than ever, clear and effective safeguards that require the creation of common procedural rules. It is in this regard that the capability of the Union and of the Member States to develop an area which can truly be called of “Freedom, Security and Justice” is now at stake; a test whose results will be essential for the future of us all.