Outcomes - Selected Case Summaries



Enhanced due diligence by a financial services provider

Informal Resolution | 23 June 2021

A complainant was unhappy with a request from his financial services provider for personal data as part of their due diligence obligations under the Anti-Money Laundering Regulations (AMLR). He alleged that the demand was excessive and therefore violated the third data protection principle.

Our investigation found that the requested personal data was consistent with the requirements of the AMLR, as part of enhanced due diligence grounded in a risk-based approach to assessing clients’ financial activities. Therefore, the provider had a legal basis for the processing under the DPA, and the requested documentation was not excessive.  No further action was required.