Abstract
At a time when the boundaries between financial regulation, law enforcement and data protection are becoming increasingly blurred, public-private information sharing has become one of the most significant yet least clearly regulated tools of modern European financial crime control. As banks and other private actors are drawn ever more deeply into detecting and reporting suspicious activity, the question of how they should cooperate with public authorities has gained renewed importance.
The impressive volume on the Law of Public-Private Cooperation Against Financial Crime enters this discussion with striking timeliness. It offers the first systematic collective analysis of public-private cooperation in AML/CFT. It speaks directly to a structural ‘design flaw’ in the current system, in which information flows almost exclusively from the private sector to public authorities. In the introduction, Benjamin Vogel begins by recognising that this one-directional model is limited in its effectiveness, particularly when private actors are expected to detect financial crime without sufficient support from public authorities. The authors, throughout the volume, argue convincingly that a reciprocal exchange of information within clearly defined limits and robust safeguards is not only desirable but also necessary for an effective AML/CFT enforcement strategy.
At the same time, the book is attentive to the profound implications of public-private information sharing, both within existing law and through possible legal reforms. Expanding public-private cooperation challenges deeply rooted legal paradigms, above all, the traditional separation between public and private spheres that underpins the rule of law. While such cooperation is already widespread in practice, the current national and EU legal frameworks remain fragmented or lack clear guidance on key legal issues. The editors aim to systematically identify these gaps and offer conceptual and normative recommendations for the effective regulation of this rapidly developing field.
The book’s ambition is matched by the breadth of methods and materials it brings together. It builds on pioneering experiences in the Netherlands and the United Kingdom and examines the legal practices of four large EU Member States (France, Germany, Italy and Spain). It also places the discussion in the broader context of transatlantic data transfer, recognising that much of the relevant financial data is stored outside the EU. Considerations from socio-legal and legal-technological studies are added to the study to inform the recommendations formulated at the end of the volume.
The volume is organised into four parts and twelve chapters. The introductory chapter by Benjamin Vogel sets the scene by situating the project within broader developments in EU AML/CFT policy. He then provides a guide to the book by outlining the three pillars on which the concept is built: (1) categorising public-private information sharing, (2) analysing national legal frameworks and (3) understanding EU data protection constraints. These pillars are based on the core legal questions the book aims to address: how much existing EU and national laws allow private actors to engage in crime control; on what legal grounds public authorities can share information with private entities; and how such cooperation can be balanced with fundamental rights, especially data protection.
The first part of the book (Chapters 2–4), titled ‘The emergence of Public-Private Partnerships in criminal policy’, examines advanced collaborative models and their foundational structures. The chapters on the Dutch taskforces (Chapter 2 by Eleni Kosta, Magdalena Brewczyńska and Bart van der Sloot) and the UK’s Joint Money Laundering Intelligence Taskforce (Chapter 3 by Jonathan Fisher) seek to conceptualise existing public-private information sharing schemes within national laws. They highlight both the potential of public-private cooperation in detecting complex financial crime schemes and the tensions that arise when voluntary information sharing intersects with fundamental rights, offering important insights for possible EU-wide harmonisation. Chapter 4, authored by Nandor Knust, outlines the socio-legal basis of these partnerships, emphasising that their success depends not only on ‘hard’ contractual factors but also on ‘soft’ elements such as trust, voluntariness and shared objectives, as well as on the conflicts naturally arising from different institutional rationales.
The second part expands the analysis by offering a comparative overview of the legal systems in four major EU Member States: France (Chapter 5 by Maxime Lassalle), Germany (Chapter 6 by Benjamin Vogel), Italy (Chapter 7 by Giulia Lasagni) and Spain (Chapter 8 by Lorena Bachmaier Winter). By examining these existing practices, the contributors highlight functional similarities to modern public-private partnerships and explore how far current national laws acknowledge the autonomy of private actors in crime detection. The chapters show that, despite notable differences in procedural traditions and institutional cultures, all four institutions have gradually expanded the involvement of private entities in criminal procedure. Yet, they also show that this involvement has grown largely in an ad hoc and informal way, leading to the absence of coherent safeguards and the risk of exceeding the intended preventive function of the cooperation.
Part 3 (Chapters 9–11) will be of particular interest to data protection scholars and practitioners, as it bridges the gap between financial crime enforcement and the protection of fundamental rights by analysing the legal and technological complexities of data-driven enforcement in the AML/CFT field. The chapters reveal the depth of the legal tensions created when collaborative mechanisms rely on large-scale, often automated, processing of personal data, and how this strains the boundaries of the General Data Protection Regulation (GDPR) and the Law Enforcement Directive (LED). In Chapter 9, Eleni Kosta and Magdalena Brewczyńska extensively examine the information-sharing mechanisms in the EU AML/CFT framework and the EU data protection framework, rightfully raising attention to affected persons’ right to be informed about the processing of their personal data and the dangers of automated data processing. A small detour towards a more technical chapter is made in Chapter 10 by Aaron Martin, Silvia de Conca, Eleni Kosta and Manos Roussos, where the integration of data-driven technologies into AML/CFT practices is examined, and the complex legal issues these tools pose for fundamental rights, such as non-discrimination, transparency and privacy, are analysed in depth. In Chapter 11, Maxime Lassalle analyses the fragile legal foundation of EU-US financial data exchanges and proposes an adequacy-like international agreement to ensure lawful and accountable transatlantic public-private cooperation.
Finally, in Part 4 (Chapter 12), Benjamin Vogel and Maxime Lassalle synthesise the previous findings into clear legal recommendations for an EU legal framework for public-to-private information sharing. They argue that correcting the current one-way flow of information is essential to improve the performance of AML/CFT efforts, but that this must be done in a way that preserves legal clarity and prevents the blurring of public and private responsibilities. To this end, they distinguish five forms of cooperation (threat warnings, risk notifications, risk indicators, financial analysis requests and financial monitoring requests) and assess each category in light of necessity and proportionality. Particular attention is given to procedural safeguards aimed at reducing the risks of state-induced de-risking or disproportionate financial surveillance, such as prior independent authorisation and ex post notification. Finally, the authors close the analysis with thought-provoking cautions on the fact that enhanced information sharing is no substitute for adequately resourced public authorities, and that any move towards broader public-to-private data flows must confront the long-term implications of an ever-greater reliance on private intermediaries in the fight against financial crime.
Overall, the volume edited by Benjamin Vogel, Eleni Kosta and Maxime Lassalle provides the first comprehensive legal and doctrinal map of public-to-private information sharing in AML/CFT, at a time when practice is running ahead of regulation and the EU is actively promoting such cooperation without a fully articulated normative framework. One of its main strengths lies in its ability to combine breadth with depth. The comparative country studies are detailed enough to highlight structural similarities and differences, yet are constantly tied back to the EU-level questions. The authors’ engagement with data protection law is meticulous, treating the GDPR and LED not merely as obstacles but as central benchmarks against which different forms of cooperation are tested.
The socio-legal and technology dimensions further increase the book’s value. By tracing how information actually flows between public and private actors and how risk-management practices and technological frameworks influence that flow, the editors effectively challenge simple narratives of ‘more cooperation equals more security’. They demonstrate that partnerships can easily develop into prolonged forms of financial surveillance with limited avenues for contestation or redress. In this regard, the emphasis on transparency and effective remedies provides an important counterbalance to a discourse focused solely on operational efficiency.
Taken together, these contributions establish the volume as a particularly authoritative reference point for ongoing debates on AML/CFT cooperation in the EU, not least because it moves beyond diagnosis to advance ambitious, carefully reasoned recommendations for reconciling effectiveness in fighting financial crime with fundamental rights and the rule of law. For scholars of EU criminal law, data protection or financial regulations, as well as for policymakers and practitioners involved in implementing the new EU AML framework, this book will be an essential point of reference in the years to come.
