Single Register of Individual Accounts: What the State Will Know About Your Money and Who Will See the Data

In December 2025, Ukraine began actively discussing the creation of the Unified State Register of Individual Accounts (USRIA), a new tool designed to consolidate information on citizens’ bank accounts, e‑wallets and other financial identifiers in a single database. Its purpose is to strengthen financial monitoring, counter money laundering, increase the transparency of tax flows and simplify public authorities’ access to necessary information.​

Data to be collected.  According to the concept underlying the draft project, the Unified Register of Individual Accounts will collect information on all bank accounts, electronic wallets and accounts with non‑bank payment institutions belonging to individuals (both residents and non‑residents) who use the Ukrainian financial system.​

The data structure to be included is expected to cover:

• Full name of the account holder, date of birth, and taxpayer registration number.
• Unique account number (IBAN or other identifier).
• Type of account (current, deposit, card, investment, e‑wallet, etc.).
• Account status (active, closed, blocked).
• Date of opening and closing of the account.
• Identifier of the financial institution that opened the account.

At the same time, the register will not contain direct information on account balances, transactions or financial operations. It will have a reference nature and serve as a quick confirmation of the existence or absence of accounts held by a particular person.​

Administrator and data providers.  It is envisaged that the administrator and owner of the register will be the National Bank of Ukraine (NBU), which holds the most complete databases of banking institutions and has the technical resources to ensure cybersecurity and continuous information exchange.​

Banks, payment institutions, non‑bank financial intermediaries and e‑money issuers will be obliged to regularly provide the NBU with information on the opening and closing of individuals’ accounts. Such data exchange is planned to occur automatically via secure communication channels. In turn, the NBU will provide technical support for the register, update the software, maintain access logs and monitor the accuracy of data supplied by financial institutions.​

Access to the register.  The most debated issue is the circle of entities entitled to access the new database. The draft law envisages several levels of access:

1. Tax authorities (STS) – to obtain information about individuals’ accounts for tax control and financial monitoring purposes.​
2. Bureau of Economic Security – to investigate financial crimes, including tax evasion, money laundering or potential terrorist financing.​
3. National Anti‑Corruption Bureau and State Bureau of Investigation – within criminal proceedings.​
4. Courts and law‑enforcement bodies – upon request, where a person has already been formally notified of suspicion.​
5. The NBU itself – as technical administrator and controller of banks’ reporting obligations regarding opened accounts.​

Direct access to the register will not be granted to banks, financial companies or individuals; they will only be able to submit data, not retrieve it, which should reduce the risk of personal data leaks.​

Citizen access and data protection.  Under the concept, an individual will be able to access information on their own accounts via an NBU e‑cabinet or through the Diia application. This mechanism will help verify which accounts are registered to a person and promptly detect cases of accounts being opened without their consent.​

Thus, the register will also serve to protect clients’ rights, given that fraudsters or unscrupulous financial institutions sometimes open accounts without the owner’s knowledge. The collected information will clearly fall into the category of sensitive personal data, as it allows identifying a person’s financial activity, so administration of the register will be accompanied by strict information‑security requirements.​

Security measures and legal liability.  The following safeguards are envisaged:

• Encryption of all data transmitted between institutions.
• Maintenance of detailed access logs indicating which authority accessed the register and when.
• Periodic cybersecurity audits under the supervision of the Security Service of Ukraine.
• The possibility to challenge unlawful access or disclosure of information in court.

In addition, the Law “On Personal Data Protection” provides for administrative and criminal liability for unlawful use or dissemination of such information.​

Risks and expected impact.  Experts note that, despite clear benefits for supervisory authorities, several risks remain:

• Mass collection of personal data may create a potential threat of information leakage.
• Access by several state bodies at once increases the risk of abuse of powers.
• Lack of a clear mechanism to inform citizens about queries to their data may weaken the right to privacy.
• The system may become an instrument of excessive control over citizens without sufficient guarantees of judicial protection.​

For businesses, the creation of the USRIA will have an indirect effect: obtaining and reconciling information by tax authorities will become faster, reducing the possibility of using fictitious individuals for tax optimisation schemes. For citizens, a key positive effect should be the reduction of bureaucratic procedures, for example in court proceedings, inheritance, divorce or tax audits, since instead of addressing several banks, authorities will receive data from a single source.​

In the long term, the register may become a basis for automatic tax filing, where information on accounts and income will be partially pulled from official sources, aligning with the European model of tax reporting and minimising the human factor.

Author – Yuliia Popadyn, attorney in the tax and housing law practice of the law firm.   If you have questions or issues related to the application of legislation on financial monitoring, banking secrecy or personal data protection, the WINNER Law Firm team can help assess risks, develop internal privacy policies and prepare your business for the new requirements.