As the threat level for cybercrime and cyberattacks has been rising over recent years, auditors across the European Union have been paying increasing attention to the resilience of critical information systems and digital infrastructures. The Audit Compendium on cybersecurity, published today by the Contact Committee of EU supreme audit institutions (SAIs), provides an overview of their relevant audit work in this field.
Cyber incidents may be intentional or unintentional and range from the accidental disclosure of information to attacks on businesses and critical infrastructure, the theft of personal data, or even interference in democratic processes, including elections, and general disinformation campaigns to influence public debates. Cybersecurity was already critical for our societies before COVID-19 hit. But the consequences of the pandemic we are facing will further exacerbate cyber threats. Many business activities and public services have moved from physical offices to teleworking, while ‘fake news’ and conspiracy theories have spread more than ever.
Protecting critical information systems and digital infrastructures against cyberattacks has thus become an ever-growing strategic challenge for the EU and its member states. The question is no longer whether cyberattacks will occur, but how and when they will occur. This concerns us all: individuals, businesses and public authorities.
“The COVID-19 crisis has been testing the economic and social fabric of our societies. Given our dependence on information technology, a ‘cyber crisis’ could well turn out to be the next pandemic“, said European Court of Auditors (ECA) President Klaus-Heiner Lehne. “Seeking digital autonomy and facing challenges posed by cyber threats and external disinformation campaigns will undoubtedly continue to be part of our daily lives and will remain on the political agenda in the next decade. It is therefore essential to raise awareness of recent audit findings on cybersecurity across the EU member states.”
European SAIs have therefore geared up their audit work on cybersecurity recently, with a particular focus on data protection, system readiness for cyberattacks, and the protection of essential public utilities systems. This has to be set in a context in which the EU is aiming to become the world’s safest digital environment. The European Commission and the Union’s High Representative for Foreign Affairs and Security Policy, in fact, have just presented a new EU Cybersecurity Strategy, which aims to bolster Europe's collective resilience against cyber threats.
The Compendium published on 17 December provides background information on cybersecurity, main strategic initiatives and relevant legal bases in the EU. It also illustrates the main challenges the EU and its member states are facing, such as threats to individual EU citizens´ rights through misuse of personal data, the risk for institutions of not being able to deliver essential public services or facing limited performance following cyberattacks.
The Compendium draws on the results of audits carried out by the ECA and the SAIs of twelve EU member states: Denmark, Estonia, Ireland, France, Latvia, Lithuania, Hungary, the Netherlands, Poland, Portugal, Finland and Sweden.
This audit Compendium is a product of co-operation between the SAIs of the EU and its member states within the framework of the EU Contact Committee. It is designed to be a source of information for everyone interested in this important policy field. It is currently available in English on the EU Contact Committee website, and will later be available in other EU languages.
This is the third edition of the Contact Committee’s Audit Compendium. The first edition on Youth unemployment and the integration of young people into the labour market was published in June 2018. The second on Public health in the EU was issued in December 2019.
The Contact Committee is an autonomous, independent and non-political assembly of the heads of SAIs of the EU and its member states. It provides a forum for discussing and addressing matters of common interest relating to the EU. By strengthening dialogue and co-operation between its members, the Contact Committee contributes to an effective and independent external audit of EU policies and programmes
Beating financial crime: Commission overhauls anti-money laundering and countering the financing of terrorism rules
The European Commission has presented an ambitious package of legislative proposals to strengthen the EU's anti-money laundering and countering terrorism financing (AML/CFT) rules. The package also includes the proposal for the creation of a new EU authority to fight money laundering. This package is part of the Commission's commitment to protect EU citizens and the EU's financial system from money laundering and terrorist financing. The aim of this package is to improve the detection of suspicious transactions and activities, and to close loopholes used by criminals to launder illicit proceeds or finance terrorist activities through the financial system.
As recalled in the EU's Security Union Strategy for 2020-2025, enhancing the EU's framework for anti-money laundering and countering terrorist financing will also help to protect Europeans from terrorism and organised crime.
The measures greatly enhance the existing EU framework by taking into account new and emerging challenges linked to technological innovation. These include virtual currencies, more integrated financial flows in the Single Market and the global nature of terrorist organisations. These proposals will help to create a much more consistent framework to ease compliance for operators subject to AML/CFT rules, especially for those active cross-border.
Today's package consists of four legislative proposals:
- A Regulation establishing a new EU AML/CFT Authority;
- A Regulation on AML/CFT, containing directly-applicable rules, including in the areas of Customer Due Diligence and Beneficial Ownership;
- A sixth Directive on AML/CFT (“AMLD6”), replacing the existing Directive 2015/849/EU (the fourth AML directive as amended by the fifth AML directive), containing provisions that will be transposed into national law, such as rules on national supervisors and Financial Intelligence Units in Member States;
- A revision of the 2015 Regulation on Transfers of Funds to trace transfers of crypto-assets (Regulation 2015/847/EU).
An Economy that Works for People Executive Vice President Valdis Dombrovskis said: “Every fresh money laundering scandal is one scandal too many – and a wake-up call that our work to close the gaps in our financial system is not yet done. We have made huge strides in recent years and our EU AML rules are now among the toughest in the world. But they now need to be applied consistently and closely supervised to make sure they really bite. This is why we are today taking these bold steps to close the door on money laundering and stop criminals from lining their pockets with ill-gotten gains.”
A new EU AML Authority (AMLA)
At the heart of today's legislative package is the creation of a new EU Authority which will transform AML/CFT supervision in the EU and enhance cooperation among Financial Intelligence Units (FIUs). The new EU-level Anti-Money Laundering Authority (AMLA) will be the central authority coordinating national authorities to ensure the private sector correctly and consistently applies EU rules. AMLA will also support FIUs to improve their analytical capacity around illicit flows and make financial intelligence a key source for law enforcement agencies.
In particular, AMLA will:
- Establish a single integrated system of AML/CFT supervision across the EU, based on common supervisory methods and convergence of high supervisory standards;
- directly supervise some of the riskiest financial institutions that operate in a large number of member states or require immediate action to address imminent risks;
- monitor and coordinate national supervisors responsible for other financial entities, as well as coordinate supervisors of non-financial entities, and;
- support co-operation among national Financial Intelligence Units and facilitate coordination and joint analyses between them, to better detect illicit financial flows of a cross-border nature.
A Single EU Rulebook for AML/CFT
The Single EU Rulebook for AML/CFT will harmonize AML/CFT rules across the EU, including, for example, more detailed rules on Customer Due Diligence, Beneficial Ownership and the powers and task of supervisors and Financial Intelligence Units (FIUs). Existing national registers of bank accounts will be connected, providing faster access for FIUs to information on bank accounts and safe deposit boxes. The Commission will also provide law enforcement authorities with access to this system, speeding up financial investigations and the recovery of criminal assets in cross-border cases. Access to financial information will be subject to robust safeguards in Directive (EU) 2019/1153 on exchange of financial information.
Full application of the EU AML/CFT rules to the crypto sector
At present, only certain categories of crypto-asset service providers are included in the scope of EU AML/CFT rules. The proposed reform will extend these rules to the entire crypto sector, obliging all service providers to conduct due diligence on their customers. Today's amendments will ensure full traceability of crypto-asset transfers, such as Bitcoin, and will allow for prevention and detection of their possible use for money laundering or terrorism financing. In addition, anonymous crypto asset wallets will be prohibited, fully applying EU AML/CFT rules to the crypto sector.
EU-wide limit of €10,000 on large cash payments
Large cash payments are an easy way for criminals to launder money, since it is very difficult to detect transactions. That is why the Commission has today proposed an EU-wide limit of €10,000 on large cash payments. This EU-wide limit is high enough not to put into question the euro as legal tender and recognises the vital role of cash. Limits already exist in about two-thirds of Member States, but amounts vary. National limits under €10,000 can remain in place. Limiting large cash payments makes it harder for criminals to launder dirty money. In addition, providing anonymous crypto-asset wallets will be prohibited, just as anonymous bank accounts are already prohibited by EU AML/CFT rules.
Money laundering is a global phenomenon that requires strong international cooperation. The Commission already works closely with its international partners to combat the circulation of dirty money around the globe. The Financial Action Task Force (FATF), the global money laundering and terrorist financing watchdog, issues recommendations to countries. A country that is listed by FATF will also be listed by the EU. There will be two EU lists, a “black-list” and a “grey-list, reflecting the FATF listing. Following the listing, the EU will apply measures proportionate to the risks posed by the country. The EU will also be able to list countries which are not listed by FATF, but which pose a threat to the EU's financial system based on an autonomous assessment.
The diversity of the tools that the Commission and AMLA can use will allow the EU to keep pace with a fast-moving and complex international environment with rapidly evolving risks.
The legislative package will now be discussed by the European Parliament and Council. The Commission looks forward to a speedy legislative process. The future AML Authority should be operational in 2024 and will start its work of direct supervision slightly later, once the Directive has been transposed and the new regulatory framework starts to apply.
The complex issue of tackling dirty money flows is not new. The fight against money laundering and terrorist financing is vital for financial stability and security in Europe. Legislative gaps in one Member State have an impact on the EU as a whole. That is why EU rules must be implemented and supervised efficiently and consistently to combat crime and protect our financial system. Ensuring the efficiency and consistency of the EU AML framework is of the utmost importance. Today's legislative package implements the commitments in our Action Plan for a comprehensive Union policy on preventing money laundering and terrorism financing which was adopted by the Commission on 7 May 2020.
The EU framework against money laundering also includes the regulation on the mutual recognition of freezing and confiscation orders, the directive on combating money laundering by criminal law, the directive laying down rules on the use of financial and other information to combat serious crimes, the European Public Prosecutor's Office, and the European system of financial supervision.
Fraud against the environment: OLAF and Spanish authorities bust traffic in illicit F-gases
The European Anti-Fraud Office (OLAF) and the Spanish authorities dismantled a criminal organization trafficking in illicit refrigerant gases, which are notoriously harmful for the climate. Operation Verbena led to the seizure of 27 tonnes of illicit refrigerant gases – also called F-gases or hydrofluorocarbons (HFCs) – and to the arrest of five people.
Operation Verbena was the biggest operation yet at EU-level against the trafficking of refrigerant gases. In addition to the 27 tonnes seized, investigations discovered 180 tonnes of illicit HFCs that were smuggled before the intervention of the Spanish authorities and OLAF. According to estimates, the criminal group is responsible for the emission of over 234,000 tonnes of carbon dioxide into the environment – that is roughly equivalent to a car driving all the way around the globe almost 9,000 times. Operation Verbena – which put a halt to these activities – was carried out by the Spanish Police and the Spanish Tax Agency, with support from OLAF.
HFCs are commonly used in refrigerated units and while importing them into the EU is allowed, given their significant carbon footprint imports are subject to strict quotas and regulations. According to investigations, the criminal group smuggled the gases into Spain from China by providing false information in the relevant customs documentation. The HFCs were then sold on to companies in Spain, Germany, France, Portugal and Senegal.
OLAF Director-General Ville Itälä said: "As we have been witnessing with increasing frequency, fraud and smuggling can have collateral victims such as the environment or people’s health and safety. OLAF has been working against illicit refrigerant gases for a few years now. A key element of our work is the cooperation with national authorities, with whom we continuously share our intelligence. I am pleased that we could support this successful operation by the Spanish authorities. Our cooperation with them has been, as ever, excellent and I would like to congratulate them on their results."
More information is available (in Spanish) in the press release of the Spanish Police.
Video footage of the seizure for media use is also available for download.
OLAF mission, mandate and competences
OLAF’s mission is to detect, investigate and stop fraud with EU funds.
OLAF fulfils its mission by:
· carrying out independent investigations into fraud and corruption involving EU funds, so as to ensure that all EU taxpayers’ money reaches projects that can create jobs and growth in Europe;
· contributing to strengthening citizens’ trust in the EU Institutions by investigating serious misconduct by EU staff and members of the EU Institutions;
· developing a sound EU anti-fraud policy.
In its independent investigative function, OLAF can investigate matters relating to fraud, corruption and other offences affecting the EU financial interests concerning:
· all EU expenditure: the main spending categories are Structural Funds, agricultural policy and rural
development funds, direct expenditure and external aid;
· some areas of EU revenue, mainly customs duties;
· suspicions of serious misconduct by EU staff and members of the EU institutions.
Once OLAF has completed its investigation, it is for the competent EU and national authorities to examine and decide on the follow-up of OLAF’s recommendations. All persons concerned are presumed to be innocent until proven guilty in a competent national or EU court of law.
Parliament approves rules to tackle child sexual abuse online
Parliament has approved new rules enabling online providers to continue to voluntarily detect, remove and report child sexual abuse material online, Society.
According to Europol, the COVID-19 pandemic has led to a considerable increase in child sexual abuse online, which was already at high levels.
Online child abuse and cyber-grooming during the pandemic
As a result of the lockdown measures, children have been spending more time online, often unsupervised, making them more vulnerable to exploitation. Sexual abuse offenders have taken advantage of the situation to access potential victims. There has also been a rise in sextortion incidents and cyber-grooming, which consists in befriending a child online with the aim of committing sexual abuse.
Enabled by digital technologies, offenders can reach children via webcams, connected devices and chat rooms in social media and video games, while remaining anonymous thanks to technologies like cloud computing and the dark web. The use of such technologies by offenders has made it more difficult for law enforcement authorities to detect, investigate and prosecute child sexual abuse online.
According to the Internet Watch Foundation’s annual report, internet service providers in Europe have become the largest hosts of child sexual abuse material in the world.
Tackling online child abuse, while protecting privacy
On 6 July, Parliament backed termporary rules allowing the providers of web-based email, chats and messaging services to detect, remove and report child sexual abuse online on a voluntary basis, as well as to use scanning technologies to detect cyber grooming.
Online material linked to child sexual abuse could be detected through so-called hashing technologies that scan content, such as images and videos, while artificial intelligence could be used to analyse text or traffic data and detect online grooming. Audio communications are excluded from the rules.
According to the report, the material will have to be processed using technologies that are the least intrusive to privacy and will not be able to understand the substance of the content but only to detect patterns. Interactions that are covered by professional secrecy, such as between doctors and their patients, will not be interfered with.
In addition, when no online child sexual abuse has been detected, all data will have to be erased immediately after processing and all data with be permanently deleted within three months.
The rules’ approval follows an informal agreement with the Council on 29 April 2021. The legislation will apply for a maximum of three years. In July 2020, the Commission announced that it will propose a more permanent solution to combat child sexual abuse online in the course of 2021.
Find out more
Iran3 days ago
Raisi versus Jansa - obscenity versus courage
China3 days ago
More Tibetan Buddhists behind bars in July
Israel4 days ago
Slovenian Prime Minister Jansa’s remarks on human rights violations in Iran draw reaction from EU’s Borrell
France5 days ago
European Commission appoints two new Heads of Representation in Paris and Luxembourg
Alcohol4 days ago
Top brewers toast easing of pandemic curbs with zero alcohol beer
Brexit4 days ago
UK demands EU agrees to new Northern Ireland Brexit deal
coronavirus4 days ago
EU begins real-time review of Sanofi-GSK COVID-19 vaccine
Antarctic3 days ago
G20 commits to protecting the Antarctic