Deputy Secretary General for Judicial Administration Policy Mari-Liis Mikli and head of the ministry's liberal professions unit Kairit Kirsipuu spoke to ERR on the topic, which has been under scrutiny following claims of mass access to account holders' banking information without the legal basis required. Mikli and Kirsipuu shed light on what the enforcement register is, who uses it, and how inquiries involving banking confidentiality are restricted.

Official: 'Enforcement register' may be a misleading term

Mikli acknowledged that the term "enforcement register" might be somewhat misleading. "The automatic assumption is that it relates only to enforcement proceedings. Being an information channel is just one of its additional purposes. There had been various versions of the name, to make it clearer that the name covers everything, but the legislator decided that 'enforcement register' was best, as it conveys the main goal, which is indeed for enforcement proceedings," Mikli said. As an information exchange channel, the register allows for forwarding a query to a credit institution, and how or whether the institution responds — be it automatically or manually — is up to that institution itself, she went on.

"Most have automated this task as this is more economical. But the response doesn't come instantly after submitting a query. It comes within 24 hours. The system merely mediates the queries between one party and another," Mikli went on to explain.

Ultimately, Mikli said the enforcement register's purpose is to hold and maintain information collected during enforcement proceedings, such as the debtor, bailiff, and actions being carried out. It also tracks the number of principal claims and their balances. Since 2024, the name "enforcement register" has referred to both the register itself and to its e-arest component. E-arest is a system that facilitates the exchange of information between banks, bailiffs, and other authorized parties, such as the Financial Intelligence Unit (FIU), for enforcement proceedings. It allows bailiffs to send orders and make balance inquiries, with responses from banks mediated through the system.

The deputy secretary general also pointed out that once every 24 hours, a credit institution retrieves all queries that have arrived via the e-arest system over the past 24 hours. Then, a "package" is given to the institution containing, for instance, bailiffs' attachment orders, previous cancellations or changes of those orders, balance inquiries, etc.

"Also included in the package are inquiries from investigative bodies, which are relayed as one bundle. The credit institution responds on what actions it took in response," Mikli said. "A reply may be sent within 24 hours, but that is not an obligation. Some replies may take several days. The timing of responses is regulated by the bank itself," she added.

Communication with banks takes place via e-arest

Mikli stated that e-arest itself has no user interface or place where a user can log in. It merely provides X-Tee services. "We communicate with banks and investigative bodies via X-Tee services, don't manage the interface developed by the Police and Border Guard Board (PPA) or Internal Security Service (ISS) that triggers these calls, and retain query information for only 30 days before deleting it, including account statements," Mikli explained.

Meanwhile, Kirsipuu noted that communication with banks takes place via the e-arest component, while the enforcement register relates to enforcement proceeding data. She also said that only a limited number of institutions can make queries through the enforcement register.

However, the Credit Institutions Act includes a list of about 25 institutions and individuals who, by law, are entitled to request data from a bank. A large number request this data via traditional channels, by letter, partly because they lack a suitable interface. These include, for example, courts and bankruptcy trustees, the official noted.

To the question of how many institutions are unable to re-register according to the new rules, Kirsipuu replied: "Institutions are making efforts, they document all the expected points, justify the need to interface, outline the legal grounds for each type of query — why they need to make such a query, what the legal basis is for it — and then describe their internal control measures and how they ensure that all queries are made lawfully."

Kirsipuu emphasized that institutions must already have internal controls for personal data processing in place and now just need to describe their oversight practices.

Justice ministry keeps logged query on file for three years

Kirsipuu stated that institutions using the system are expected to meet the requirements and, once they clarify their operations, can continue using it, as this has long been an obligation. "The issue isn't the enforcement register as such — the so-called right of institutions to access banking secrecy has in fact been in place for years. Now the related institutions just need to make this more clearly and understandably explicit," Mikli added.

Kirsipuu said that the Ministry of Justice keeps logs of the fact of a query being made for a three-year period.

Mikli also noted that the Code of Enforcement Procedure does not grant the right to access banking secrecy, which is actually regulated by the relevant credit institutions act and specific laws.

Kirsipuu added that, for example, the bailiffs' own information system allows them to request the account balance only of a debtor who is a party to an open enforcement proceeding.

"They can't ask in any other way. The system doesn't allow inserting a random person into the query. Only the subject of the proceeding, namely the debtor. If a bailiff wanted to snoop on a random person, they would first have to initiate an enforcement proceeding concerning that person, designate that person as a party, and only then could they make a query regarding them. But undoing all of that later is not very easy," Kirsipuu summed up.

Only select agencies now have full access to register

Minister of Justice Liisa Pakosta (Eesti 200) on Tuesday clarified the restrictions on the enforcement register, stating that only certain agencies like the PPA, Kapo, and the Foreign Intelligence Service (Välisluureamet) have the necessary controls in place to continue using it. Meanwhile, the Tax and Customs Board (MTA) and the Financial Intelligence Unit (FIU) have had their access limited until further legislative clarification. The Minister also emphasized that any future expansion of access would require clear legislative amendments, prepared by the Ministry of Finance.

The Office of the Chancellor of Justice Ülle Madise found, during a recent inspection, that authorities had access to account holders' banking information via the enforcement register without the requisite legal basis. The justice chancellor put the figure of state institutions having made banking inquiries over the span of just over a year in the tens of thousands.

--

Follow ERR News on Facebook, Bluesky and X and never miss an update!