Financial institutionsoperating in the EU must comply with GDPR and AML directives, ensuring a balance betweenprivacy and AML compliance.
Option B (Correct):Data minimization is a key GDPR principle, ensuring that only necessary data is collected and processed.
Option D (Correct):Strict guidelines apply to AI and machine learning models used in AML complianceto prevent bias and ensure transparency.
Why Other Options Are Incorrect:
Option A (Incorrect):FIs cannot use third parties to supplement missing customer identification unless proper KYC measures are followed.
Option C (Incorrect):Customers cannot be informed about ongoing AML investigations due to “tipping off” restrictions under AML laws.
Best Practices for AML Compliance Under GDPR:
Limit data collection to what is necessary for AML compliance.
Ensure AI and machine learning models comply with transparency regulations.
Prevent unauthorized data access through strict internal controls.
[Reference:, EU GDPR Article 5 (Principles for Data Processing), 6th EU AML Directive (6AMLD) on Data Protection in AML, Wolfsberg Group Guidance on AI in AML Compliance, , , , ]
