Ants Soone, head of compliance control at LHV, which took the Financial Intelligence Unit (FIU) to court, said the decision to file the case was prompted by earlier observations from Chancellor of Justice Ülle Madise.

"This court ruling shows that the chancellor of justice's observations are correct — that Estonia's current legal framework does not allow the Financial Intelligence Unit to request bank account statements from banks," he said.

Unlike other Estonian banks, LHV decided to defend its client's data in court, citing the risk of violating the law.

"If we release bank account information in a situation where there is no legal basis for doing so, then we ourselves are breaking the law. The key point is that safeguarding bank account data is actually the foundation of trust between a bank and its client," Soone emphasized. According to him, the state must always have a lawful basis when requesting such data.

During the court dispute, the bank refused to hand over the data to the FIU.

"After the chancellor of justice's analysis, we asked the FIU not to request this data until the legal framework had been put in order. However, the FIU still demanded the data from us and we then asked that the order be suspended until a court ruling, specifically in the part requesting account statements," Soone explained about the process.

The Financial Intelligence Unit maintained a consistent interest in the data, requesting it from LHV multiple times over the period in question. "The court has now resolved four of our complaints at once — meaning that in these four cases, which were combined into one proceeding, the court found that the FIU does not have the right to obtain the data," Soone confirmed, adding that several more rulings are still pending.

While other banks have, to Soone's knowledge, continued to provide the data, the sector is now waiting for lawmakers to act. The state has so far made two attempts to amend the law, but both have drawn strong criticism from the chancellor of justice and various stakeholder groups.

"The first attempt failed — the chancellor of justice and several other interest groups criticized both the draft bill and its explanatory memorandum. The second attempt has now received criticism of a similar scale, but as far as we know there is still an intention to move forward with amending the law based on that second version. Exactly what form it will take, I cannot say," Soone said, describing the legislative situation.

"Our position remains the same: the chancellor of justice analyzed this situation very thoroughly, clearly pointed out the shortcomings in the current legal framework and also gave guidance on exactly what must be done to fix it. Unfortunately, not all of those observations have been taken into account and that is also reflected in the chancellor's criticism of the first amended version of the law. The state actually has the opportunity to consider all the feedback received and fix the framework," Soone said.

Soone emphasized that the issue is broader than bank secrecy alone — it is fundamentally about privacy.

"I think this is not only a question of bank secrecy but of privacy. One issue is certainly what has happened around bank secrecy, but there have been other cases as well — there has been discussion about number recognition and other matters," he said. According to Soone, privacy is critically important for society: "Privacy is an important issue for society, among other reasons because protecting privacy allows us to exercise many fundamental rights."

Soone added that a bank account statement is far from a simple document: "An account statement paints a fairly detailed picture of how someone lives their daily life."

FIU: We have the right and we will appeal

Matis Mäeker, head of the Financial Intelligence Unit, told ERR that the ruling was only a first-instance court decision, which the FIU will certainly appeal.

"We do not agree with the court's interpretation and hopefully at some point the court will issue a final decision clarifying exactly where that right lies," Mäeker said.

Mäeker noted that the FIU's main argument in the next court instance will be that the bureau has had the right to access bank accounts since 2000.

"The legislator has established this in law and the amendments made to the legislation in the meantime did not restrict the bureau's rights, but instead placed them under a different access mechanism, namely the enforcement register. We do not see in any legal provision, explanatory memorandum or committee documents that parliament intended to limit this right," Mäeker said.

Another argument, he added, is that international standards and a European Union directive provide the FIU with the broadest possible access.

"A directive that must be transposed by July next year also states very clearly that the Financial Intelligence Unit must have access to bank accounts. There is simply no other way to combat money laundering — when money is stolen from someone, the only way to catch the criminals is by seeing where that money ends up. That is exactly the task of the Financial Intelligence Unit: to track that money, impose restrictions on it and map criminal organizations," Mäeker said.

According to Mäeker, the second version of a draft bill currently being prepared at the Ministry of Finance is satisfactory.

"It clarifies the Financial Intelligence Unit's rights, as the Ministry of Finance writes in the draft: that the bureau has already had the right of access, but the draft spells it out word for word," Mäeker said.

Mäeker explained that this differs from the approach applied to other institutions — no other authority currently has it explicitly written into law that they can access bank accounts.

"For example, no law explicitly states that an investigative authority must have access to a bank account, but they must have access to bank secrecy information. The law currently in force also says that the Financial Intelligence Unit must have access to bank secrecy, but society expects the word 'bank account' to be explicitly included there as well. That is what the Ministry of Finance is currently doing and hopefully the draft bill will soon move forward to parliament," Mäeker said.

Ruling: Confusing legislation leaves people at the state's mercy

The dispute began when the Financial Intelligence Unit demanded that LHV provide full account statements for several clients. The FIU based its request on its everyday work — detecting money laundering and the financing of terrorism. In its view, a bank account statement is information it has the right to request.

The Tallinn Administrative Court and LHV took a different position. LHV argued that an account statement is not merely a series of numbers. It is a personal profile. It shows where you live, which stores you visit, which political parties you support, which health services you purchase and whom you interact with. According to the case law of the European Court of Human Rights, this constitutes an interference with a person's right to privacy. Such interference must therefore have a very weighty justification and a clear legal basis.

The court analyzed Estonian legislation and found a gap. Estonia's Money Laundering and Terrorist Financing Prevention Act (RahaPTS) states that the FIU may request information. At the same time, the Credit Institutions Act (KAS) stipulates that bank secrecy may be disclosed to state authorities only when there is explicit authorization in law. The court found that the two laws do not align. The current wording is so unclear that even legal experts cannot definitively determine when and how much data may be requested. In a state governed by the rule of law, however, neither citizens nor companies should be left subject to the discretion of the state.

The FIU argued that since European Union directives require rapid access to financial information, this should also apply in Estonia. The court recalled a basic principle of constitutional law: a directive is an instruction to the state to enact legislation, but it does not replace the law itself. If the Riigikogu has not clearly written the directive's requirements into Estonian law, officials cannot rely on it to restrict people's rights.

The court also highlighted an important distinction: when the police investigate a specific crime in criminal proceedings, there are clear rules and judicial authorization for obtaining data. The FIU, however, conducts administrative supervision, which is preventive in nature. The court found that in preventive oversight, the state cannot have automatic and unlimited access to all data without clearly identifying the specific threat being prevented.

The court also noted that even if the goal is noble — fighting crime — the end does not justify the means. If the state wishes to view people's bank accounts, the Riigikogu must adopt a law that states precisely who may do so, when and under what conditions. The court ultimately ordered the state to reimburse LHV more than €25,000 in legal costs.

The ruling has not yet entered into force.

--

Follow ERR News on Facebook and X and never miss an update!