The Register of Citizens’ Accounts: the first step towards digital transparency or a new tool for surveillance
Cabinet of Ukraine confirmed the draft law that starts the creation of a centralized register of bank accounts and safes of individuals. The appropriate initiative by the government passed, adapting the legislation to the norms of the European Union and the standards of the European Payment Council. As reported representative of the government in the parliament, Taras Melnychuk, the processing and storage of this data will be handled by the State Tax Service.
They are planning change rules that determine which institutions (for example, banks) must pass on information about people’s bank accounts and safe deposit boxes to the tax authorities. They will also specify who exactly can get access to this information – either through electronic systems or according to special rules.
In addition, they want to create a register with data on the real owners of trusts and other forms of legal ownership. The tax service will monitor these data and check whether they correspond to reality.
They also plan to officially define who are “whistleblowers” — people who report attempts to hide the true owners of companies — and how to protect their rights. And also update the punishment for lying or delay in submitting data about company owners.
The controversy arises because some see it as an intrusion into bank secrecy. But how explained head of the financial committee of the parliament Danylo Hetmantsev, it is not about full access to accounts. It is about building a modern infrastructure that is needed for Ukraine to join the European SEPA payment system.
What exactly is changing and who does it affect?
The draft law obliges banks and electronic money services to inform the tax office only about whether someone opened or closed an account or an individual safe. The tax office will not receive any information about how much money is in the account, what income or expenses, without a separate court decision or a special request. That is, full access to your finances, this law does not give.
The draft law clearly states: this applies to natural persons. This means that we are talking about people as citizens, not as entrepreneurs. But there is an ambiguity here: FOPs are also natural persons, but with the right to engage in business. Their accounts are a separate type of personal accounts. Therefore, there is a risk that FOP accounts may also be included in the register, if the banks so decide. This has not yet been clarified, and additional explanations are needed from the NBU or the tax office.
Law covers all currency accounts – in hryvnias, dollars, euros, etc., electronic wallets, if they are registered in Ukraine (for example, EasyPay, Portmone and others).
And crypto wallets for now are not covered, because they are not yet legally recognized as full-fledged financial accounts. The law on virtual assets has not yet been fully implemented. So information about cryptoassets will not enter the registry – at least not yet.
So, the IRS will know where you opened or closed the account, but won’t know how much money is there or what you did with it, unless there is a separate court decision or request.
The head of the financial committee of the Council is Danylo Hetmantsev explained: there is no law that would allow the tax office to see all your accounts or remove bank secrecy, and there will not be until the end of the work of this parliament.
The tax office says that such registers will help it is better to fight tax evasion and find income that people have not declared.
They also plan to create another register: with the names of the real owners of trusts or other legal forms of ownership, in order to check who is really behind these or other assets.
So, the state wants make make the financial system more transparent and better fight the shadow economy, but at the same time promises not to violate citizens’ rights to privacy.
Who will have access to information and to what extent
When an official puts his hand on his heart and says: “Trust me, we just keep records, we won’t see anything extra“, – I want to check whether there is a tool for breaking into your personal space hiding under that hand.
The government draft law on the creation of a register of bank accounts and citizens’ safes is formal he says a simple thing: the tax office will receive administrative powers to keep a single register. Banks must inform her about the opening or closing of accounts and safes – no more, no less. So far, no numbers, movements, remnants. But the devil does not lie in what is written directly, but in what is not denied.
Because as soon as we look deeper, in particular, into the text of the explanatory note, let’s see the phrase about “the list of users who will have access to the register through a special procedure or electronic interaction between the registers”. It is said dryly, in a governmental manner, but she has the key. Because the “special procedure” is a screen. But what’s behind her?
Data will not be touched by human hands. This is automated access through state information systems. And therefore, the circle of users is not limited to only one tax. According to the logic of electronic interaction, this information can be accessed be connected pre-trial investigation bodies — SBU, NABU, BEB. And when it comes to preventing the financing of terrorism, it is one thing. But if this information starts to be used for financial pressure, blackmail or political game — that is a completely different story.
Currently in no open document not specified it is clear who exactly is included in this list of users, who decides on access, who controls the amount of viewing, and most importantly, whether the action logs of each of those who “looked” are kept. There is no question of appellate or public control.
That is, formally it is a register for fiscal purposes, and informally it is another tool of bureaucratic all-seeing. And if today it contains only the date of opening the account, then tomorrow there may also be a link to declarations, sanctions, tax discrepancies, and the day after tomorrow, justification for the extrajudicial seizure of assets. Just an idea so far. But that’s how it usually starts.
European standards and international experience
Some European countries, in particular, Germany, France and Poland, already have special systems that allow the fiscal to see information about citizens’ bank accounts. This is necessary to make it easier to fight tax evasion and financial crimes.
But to join the SEPA (a system that allows you to quickly and conveniently make non-cash payments in euros between EU countries), the creation of such a bank account base is not mandatory. The main thing is that payments meet technical standards (for example, used IBAN and BIC).
The EU itself has rules that oblige countries to exchange tax information among themselves. This means that the tax authorities of different countries can receive data on the accounts of foreigners from colleagues. But exactly how and how deeply fiscal authorities can see information about bank accounts is decided by each country separately, according to its law.
That is, Ukraine can aspire to European standards, but must find the right balance: so that the tax office can work effectively, but at the same time people’s rights to privacy are not violated.
Mechanism of operation of the register
A centralized database of your accounts is not a fantasy, but a reality to which we are approaching in leaps and bounds. And now the question is not only who will have access to it. And also in how it will work, how reliably it will be protected and whether it will one day turn into another “hole” in the state protection of personal data.
So far, the government has not published the exact technical regulations – neither in the explanatory note to the draft law, nor in the comments of the Ministry of Finance. But, according to Taras Melnychuk, the representative of the government in the Verkhovna Rada, it is said on the automatic transfer of data to the new register. That is, not weekly and not “on request”, but in real time, by analogy with how banks currently transfer data to the NBU or DPS within the framework of financial monitoring.
In EU countries, in particular in France or Germany, this happens every day — within the limits of payment discipline. In Ukraine, this will require significant modernization of bank ARIs and secure exchange channels.
The DPS has long since implemented an electronic office, an e-Check portal, and integration systems with banks. But the real state of cyber defense in the public sector is rarely spoken out loud. After hacking “Action”, attempted attacks on Prozorro and the state treasury, trust in the “stability” of Ukrainian information systems is an open question.
In reality, we are talking about terabytes of sensitive information that can be used as a tool for political pressure or banal blackmail. So the question is: does DPS have an independent audit of cyber security? Is there public liability for the leak? This is the most dangerous question, because the answer to it is either opaque or does not exist.
The government avoids details: neither the official project nor the explanatory note specifies who is the administrator of the database at the technical level, where it will be physically located, whether it will be duplicated on cloud servers, what security certificates it must use. And most importantly, will the SBU have access as a guarantor of cyber protection, or will everything remain “on the conscience” of the DPS itself?
Until we have an answer to that, we only have promises that everything will be fine. But the experience of leaks from the bases of the Ministry of Internal Affairs, “Diya”, “Naftogaz”, attacks on “Ukrzaliznytsia” and “Oshchadbank” does not give reason to believe in the digital steadfastness of the state infrastructure.
The register of accounts is not only digital accounting, but a mirror of trust in the state. And if there are no concrete walls of responsibility, technical transparency and independent control behind it, it will become not a guarantor of security, but another “black box” with a latch that opens only on one side.
…Next time, we’ll look at whether the State Tax Service can initiate a bank account freeze or check without a court order — and what that means for citizens. With the launch of new instruments of financial control, the question arises: where is the line between fiscal powers and human rights?
We will find out whether the number of tax audits and sanctions will increase, whether banks are ready to work in new conditions, and how this will affect trust in the banking system. What is the position of the NBU, the financial committee of the Council, banks, business associations (EBA, SUP, APU)? Is the opinion of the ombudsman and personal data protection authorities taken into account?
When exactly do you plan to launch the registry? Will customers be notified of the transfer of their data?
Let us dwell separately on the status of whistleblowers of hidden beneficiaries. What guarantees and protection mechanisms does the law provide them? Is there a possibility of appeal in case of abuse? And most importantly, will every citizen be able to see exactly what data is being stored and who accessed it?
Tetyana Viktorova
