SARs as information-sharing triggers?

Earlier this week, the head of the National Crime Agency, Keith Bristow, announced that his agency had entered into an information-sharing agreement with the ten largest British banks.  I have tried without success to find an official press release on the NCA website, but taking as my source an article in the Evening Standard and another in the Guardian, it seems that:

  • If the NCA receives a SAR from “another institution” (ES article), it will contact the ten banks concerned and they will pass on “account information” (ES article again) about the subject of the SAR – I’m not sure if the SAR-submitting institution has to be one of the ten banks party to the agreement or not
  • The legal powers governing the new agreement are contained in Schedule 7 to the Crime and Courts Act 2013
  • According to the ES, this Schedule gives banks (and other organisations) the legal right to disclose otherwise confidential information to the NCA to help it carry out its tasks (including the investigation of money laundering) – in other words, they can hand over the information without a court order
  • This month heralds the start of a year-long pilot of the scheme.

As the ES article says, “both the NCA and the banks expect to face legal challenges as a result”.  I should cocoa.

I am still deciding how I feel about this (not that it matters, of course, but these blog posts tend to contain my view on something or other).  While I have a dither (I tend to support information-sharing in the battle against money laundering, but I’m wary of giving those who hate AML such good ammunition as seeing banks – not in great favour at the moment – being able to bypass the courts in deciding what information to share….), please do share your views, comments and observations.  And if any of you is better at reading (well, deciphering) legislation than I am, I would be grateful if you could read that Schedule 7 and tell us how it works – I can’t seem to pinpoint quite where it says that the NCA can in effect reveal to ten banks that a SAR has been made, when SARs are supposed to be confidential.

This entry was posted in AML, Legislation and tagged , , , , , , , , , . Bookmark the permalink.

12 Responses to SARs as information-sharing triggers?

  1. Guy Hardill says:

    Interesting times Susan. I know in Guernsey, as a small place and MLROs of the major institutions are familiar with officers of the FIS on a working basis, the FIS are often able to ascertain whether information may be held on an intelligence basis on a known subject, but you can never do anything evidential with that information unless you follow up with an Order. I would hope if one of the ten say they have information, then the NCA will approach them with an Order thereafter.

    Is this similar to changes in Guernsey legislation, whereby if one entity files a SAR to the FIS, the FIS are now legally able to approach a third party institution linked to the SAR to obtain information from them also…

    Guy Hardill Int.Dip(Comp); Int.Dip (FinCrime); FICA; Certified Professional
    Compliance Associate

    Apax Partners Guernsey Limited
    Third Floor Royal Bank Place 1 Glategny Esplanade St Peter Port
    Guernsey
    GY1 2HJ

    t: +441481810041
    e: guy.hardill@apax.gg

    • Thank you, Guy, for suggesting the similarity to recent changes in Guernsey – as does Jon in the next comment. I have less difficulty with the Guernsey changes (again, my difficulty or otherwise is of no concern except in the context of this blog!) because they seem to fit with other legal obligations around reporting, data protection, etc.

      As you say, one would expect that the consideration of future evidential value of the information would prompt the NCA to get an Order – but what I have read does not mention this step in the process. Perhaps a clear press release from the NCA would help – I’ll keep looking.

      Best wishes from Susan

  2. Jonathan Richards says:

    Sue, whilst I am sure you have already discussed this in your blogs (and for which I apologise for having missed) this does remind of the position in Guernsey following the change to the Disclosure Law Regulation in 2104 so that now if the FIU get a disclosure which alerts them to the fact that a third party possesses relevant information they can seek that information under section 2 of the regulations as they would have been able to do from the disclosing institution. I would imagine that in most cases the original disclosing party would become obvious to the third party, for example, a bank disclosed on a trust company client!

    Could make for some interesting legal challenges, especially around grounds for disclosure where one institution has disclosed and another related party hasn’t (obviously depending on what information they hold).

    I had a look through schedule 7 and like you could not see how this could be achieved other than possibly by way of a general consent between the parties courtesy of some arrangement under Part 6 of schedule 7?

    Kind regards

    Jon

    Jonathan Richards | Int.Dip(AML) | Head of Regulation & MLRO | The Channel Islands Securities Exchange Authority Limited – Registered Number 57527

    PO Box 623, One Lefebvre Street, St Peter Port, Guernsey GY1 4PJ | T Guernsey (+44) (0) 1481 713831 Ext 127 | T Jersey (+44) (0) 1534 737151 | F (+44) 01481 714856

    The information contained in this e-mail is intended for the named recipients only. It may contain privileged and confidential information and if you are not an intended recipient, you must not copy, distribute or take any action in reliance on it. If you have received this e-mail in error, please notify us immediately by either telephone 44 1481 713831 or e-mail to the above address. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of The Channel Islands Securities Exchange Authority Limited

    • Many thanks for your thoughtful comment, Jon – and it’s not something we have discussed before, so no apology needed. You raise a very interesting point about “SAR arbitrage” – where one institution has reported and another has not… The NCA (or indeed the FIS in Guernsey) might start to wonder, or even ask questions about a lack of SARs.

      And I’m glad that it’s not just me failing to make the leap from Schedule 7 to the new powers!

      Best wishes from Susan

  3. For readers unfamiliar with Guernsey legislation, the 2014 amendments that both Guy and Jon mention are found here: http://www.guernseylegalresources.gg/CHttpHandler.ashx?id=87841&p=0

  4. Robert James Long says:

    I am midway through digesting these changes myself and in the lucky position that in the future I may be able to quiz folk at the relevant agency for what precisely they are playing at.

    My prima facie reading of the cited legislation leads me to believe that IF one of the ten institutions made a disclosure (perhaps not a SAR, I am coming to that) to the NCA about potential money laundering then the NCA would be able ask the other nine institutions in the agreement for relevant account information which they would voluntary submit without the need for a production order..

    Now I am not sure if I am A) right about that or B) if that would legally hold up if there some court challenge or C) what the long term consequences for the institutions would be. I mention point C as I note in the Evening Standard Article it states that the institutions do not want to be named in case it results in a “commercial disadvantage” which might be a tacit acknowledgement that for some customers sharing of their information like this is a bit much and they would prefer to do business with a bank that is not part of this agreement. Also from my reading of the act I can’t see anything which protects the bank from claims that arise from their voluntary disclosure.

    I do wonder if this is separate to the SARS regime to get round the obvious issue that your not supposed to disclose their existence.

    As I say I have no idea if I am right at all but I may get a chance to find out more…

    • You raise some interesting points, Robert – particularly the one about protection from claims. As far as I know, making a sensible, suspicion-based SAR as obliged to under PoCA protects the reporting institution from being sued for breach of client confidentiality (as agreed by Supperstone J in Shah v HSBC). But what will happen in this new situation, where it is a voluntary submission that applies only to selected banks? What if the submission is made while the bank is part of the agreement, but later it leaves the group of ten? All sorts of (to my probably legally naive mind) unresolved issues.

      I appreciate that you won’t be able to share on this forum anything confidential that flows from your meeting with the NCA, but any general clarification would be most gratefully received.

      Best wishes from Susan

  5. Lorraine says:

    In Jersey, new, similar legislation is also being developed. The Draft Proceeds Of Crime (Financial Intelligence) (Jersey) Regulations 201-, state that the draft regulations have been developed to address a point that has arisen out of the development of the interpretation of FATF former Recommendation 26 by MONEYVAL. R.26 and deals with the Financial Intelligence Unit (FIU).

    The relevant requirement of R.26 is “The FIU either directly or through another competent authority, should be authorised to obtain from reporting parties additional information needed to properly undertake its functions.”

    The functions of the FIU are outlined in R.26.1, where it states – “Countries should establish an FIU that serves as a national centre for receiving (and if permitted, requesting), analysing, and disseminating disclosures of STR and other relevant information concerning suspected ML or FT activities.”

    “It has become apparent from recent MONEYVAL plenaries that criterion 26.4 of former FATF R.26 is understood to mean that the FIU have the power to obtain information generally from all entities that are subject to an obligation to report suspicions (rather than to obtain additional information from just those entities that have actually made a particular report). For the avoidance of doubt, it is considered that this represents a development of MONEYVAL policy.”

    The draft can be found here: http://www.statesassembly.gov.je/AssemblyPropositions/2015/P.6-2015.pdf

    • This is very helpful, Lorraine – thank you. It starts to seem as though all FIUs have been given the same message, and are seeking to clarify/augment their local legislation so that they can get prompt access to further information surrounding a suspicion. It’s just that some jurisdictions seem to handle the proposed change better than others!
      Best wishes from Susan

  6. ddd4182 says:

    I am aware of a number of financial institutions including High Street Banks, merchant services and online banks, working with the Metropolitan police on a new cash seizure process that starts with the refusal of consent requests made to NCA. (am I the only one who thinks the consent regime only returns the funds to the those we suspect of criminal conduct and lets the financial institution meet the “letter of the law”?)

    If upon investigation, the legal threshold for a Proceeds of Crime Act 2002 (POCA) cash seizure has been reached the Proactive SARS Unit (PSU) will submit a DPA request to the originator of the consent request. The information the Police then get from the DPA is their starting point so as to provide a firewall between the SAR intelligence and their investigation.

    Maybe this is the approach to take with the result that shields the originator of the SAR from disclosing its existence.

  7. This is really interesting, ddd4182 – thank you. (For overseas readers, DPA is the Data Protection Act.) It seems like a good, safe approach – any lawyers out there who’d like to comment? And I had never heard of the PSU, so you learn something every day!
    Best wishes from Susan

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s