Suppose you are involved in the damage or loss of our property, there is a suspicion of fraud or the government or the police are investigating you. There may also be certain outcomes of Customer Due Diligence (CDD) checks under the Wft and Wwft or you are not complying with agreements with the bank.
These are examples of occurrences that require the bank's particular attention. The bank must be able to record and remember them so that it can take appropriate action or follow-up steps. The bank has a legitimate interest in doing so.
Such occurrences are called events. They are recorded in a special internal administration of the bank, generally called Event Administration, which can only be accessed by authorised staff.
Linked to the Event Administration is an Internal Referral Register (IVR). This ensures that if we feel a customer's involvement in an event is serious enough, we can alert our relevant departments. This also applies to our group companies. This alert only has internal effect (within our organisation). Whether an event can be shared within our organisation via the IVR is tested against the GDPR rules. In that case, among other things, we explicitly inform about the reasons for inclusion, the consequences of the inclusion for the customer and his or her relationship with us and with our group companies. We also inform about the duration of the inclusion and the customer's rights, for example the right to object.
We also record when we have had to say goodbye to you if it follows from the Wwft that we have to end our contractual relationship with you. For example, when you have not adequately informed us where your money comes from, or you are involved in money laundering or terrorist financing. In these cases, we may include your data in what we call the CAAML list. This registration, like the IVR, only has internal effect. The purpose of this registration is that we, as a group, can remember that we have had to say goodbye to you because we cannot (anymore) comply with our Wwft obligations. We also have a legitimate interest for this. If you are included in the CAAML list, we will also explicitly inform you about this. In this communication, we will inform you, among other things, about the reasons for inclusion and how this affects your relationship with the bank and its subsidiaries. And also about the duration of inclusion and your rights, e.g. the right to object.
Additionally, financial institutions in the Netherlands, including ABN AMRO, have developed an alert system that, unlike the Event Administration, IVR and CAAML list, has external effect.
This allows them to test whether someone:
You can read more about this alert system and how it works on the Dutch Banking Association (NVB) site . The rules that determine how banks, and therefore also ABN AMRO, can use the external alert system have been approved by the Dutch Data Protection Authority. You can also read these rules on the NVB's site. If you are recorded on this external alert system, you will be informed about registration and how to exercise your (privacy) rights in accordance with these rules.
If you want to become a customer with us or you want to purchase a new product from us or one of our group companies, we test against these registers. Only those dealing with customer and product acceptance are allowed to test against these lists. These employees only receive a signal if you are registered. Only a limited number of authorised staff have the details of the reasons for inclusion on the lists. It is always considered from this information whether the bank can accept this customer or grant the product and if so - under what conditions.
