LHV referred to an opinion from Chancellor of Justice Ülle Madise issued at the start of this month, in which she stated that the FIU had unlawfully accessed various data in banks through the enforcement register. This included bank account statements, i.e., information on all transactions.

LHV says to its best current knowledge, the FIU had actively obtained and unlawfully accessed its clients' bank account statements 1,289 times, between January 1, 2020, and July 18, 2025.

"For the purpose of thoroughly protecting its own and its clients' rights, [the bank] hereby issues this notice of intent to claim a contractual penalty in the amount of €247,500,000 euros," LHV stated in a letter sent to the FIU on July 24.

LHV Pank is integrated with the enforcement register, the bank said. "It is of utmost importance to us that the retrieval and further processing of data containing banking secrecy by state institutions is conducted transparently, legally, and purposefully. For a credit institution, maintaining client trust is of paramount importance. When an individual entrusts their data, they have a justified expectation that such data will not be abused by the state," the bank wrote. "Every instance where the use of data is vague, unchecked, or unjustified undermines trust."

The bank stated the situation as identified by the justice chancellor raises a justified question as to whether these principles have been upheld in the enforcement register's operations so far.

According to LHV Pank's general terms and conditions, the bank may claim a contractual penalty of €100,000 per violation — i.e., each unlawful inquiry — from the FIU, the bank explained in its claim to the FIU.

"The use of the register for making inquiries has been shaped by the state as an automatic data exchange," the bank added.

LHV stated that according to § 4 point 3 of the enforcement register's statutes, the Ministry of Justice and Digital Affairs, as the controller, grants permission to integrate the system mentioned in § 63(2) of the Enforcement Procedure Act after verifying the legal basis, ensuring data access is legal and avoids unjustified processing, though the criteria for assessing legal basis and relevance remain unclear.

According to the explanatory memorandum of the enforcement register's statutes, the Ministry of Justice evaluates "not only the technical prerequisites but also to what extent granting access to data is permissible" based on the agency's duties, while LHV Bank states that under the Credit Institutions Act, "a credit institution is not obligated to verify the legality of an inquiry" and emphasizes that "the inquiry handling process is fully automated and allows no bank-side intervention."

In light of the above, statements by the Ministry of Justice made in the media that banks independently regulate how and when to respond to information inquiries made by investigative bodies are clearly misleading, LHV Pank indicated.

Swedbank 'monitoring developments'

ERR asked Olavi Lepp, the CEO of Estonia's largest bank, Swedbank Eesti, whether his bank plans to file a similar claim to LHV's.

"We are monitoring developments on this matter as a bank. However, at this point it is too early to speculate about our potential future steps," Lepp said in response.

According to a spring review by Madise, between January 1, 2024, and February 28, 2025, state institutions made tens of thousands of inquiries to banks via the enforcement register, with some of these being clearly unlawful. The investigation revealed that authorities accessed bank secrecy data without proper legal grounds or account holder consent, prompting a request for information from the Centre of Registers (RIK) and Information Systems and the Ministry of Justice and Digital Affairs.

The FIU announced the day after receiving the Chancellor's address that their agency would no longer use the enforcement register to inquire about bank accounts, and would instead contact each bank directly via email.

"If the chancellor says there is no legal basis for retrieving data via the enforcement register, then that's how it is," said FIU head Matis Mäeker on July 2.

--

Follow ERR News on Facebook, Bluesky and X and never miss an update!