Speed read: In the first of a two part information sharing update, Anita Clifford examines the new framework for information sharing in the UK regulated sector.
On 31 October 2017, the new anti-money laundering (‘AML’) information sharing regime will be incorporated into the regulated sector in the United Kingdom.[1] Section 11 of the Criminal Finances Act 2017 inserts sections 339ZB – 339ZG into the Proceeds of Crime Act 2002 (‘POCA’) enabling regulated persons to request and share information with their regulated peers. Insulation from resulting claims of breach of confidence or contravention of data protection laws is ensured by section 339ZF which provides that a relevant disclosure ‘made in good faith’ does not breach any duties of confidence or ‘any other restriction on the disclosure of information, howsoever imposed.’ A formal information sharing channel for the regulated sector represents another string to the UK’s AML bow. Against this background, this piece examines the new sharing provisions and their objectives.
A formal channel
The Explanatory Notes to the Bill which introduced the new sharing framework highlight that its key objective is to encourage the flow of information between the regulated sector and bring together information from multiple reporters into a single Suspicious Activity Report (‘SAR’). Under section 330 of POCA, the regulated sector is required to disclose suspicions of money laundering to enforcement authorities, a duty which, as the number of SARs processed by the National Crime Agency (‘NCA’) suggests, has been embraced. Whilst there is no way of identifying quite how many persons are repeat SAR submitters or the number of SARs which relate to a single matter, a Europol report published on 5 September 2017 identified that of all the regulated sectors in the European Union it is the UK that produces the most SARs. Between 2006 and 2014 UK SARs accounted for 36% of all SARs submitted across all EU Member States. Dutch SARs accounted for 31%. SARs submitted from each of the remaining states accounted for between 1% and 5%. [2] In its 2017 Annual Report, the National Crime Agency (‘NCA’) reported that in the 18 month period between October 2015 to March 2017, 634,113 SARs were submitted – a record number of which, 43,290, were received in March 2017 and 82.85% of the SARs submitted were from credit institutions. [3]
The recent data is surprising but the sophistication of the UK’s financial sector and its status, at least for the moment, as a European transactional hub, offers some explanation. The commission of a criminal offence where there is a failure to disclose a money laundering suspicion and the consequential regulatory effect is also a consideration that looms large for business in the UK.
The rise of the SAR, however, necessarily impacts on the workload of enforcement authorities and thought has turned to how best to make SARs more comprehensive and promote the disclosure of quality intelligence. Accordingly, introducing a formal channel for the regulated sector to share information, without fear of breaching confidentiality or data protection restrictions as may have previously existed, furthers this objective. The new channel is also not without benefits to the regulated sector. Although the duty to disclose when the suspicion arises remains absolute, the sharing framework presents an opportunity to confer with other regulated professionals involved in a matter over whether a money laundering suspicion is founded. Access to more intelligence necessarily means better ability to manage risk. The autonomy of a regulated business is also preserved as acceding to an information request which has come from within the regulated sector is voluntary.
Or a cumbersome process?
When the detail of the new information sharing regime is explored, the user-friendliness of the new framework is questionable. A regulated person is only able to disclose information if four conditions are satisfied. The first, which is uncontroversial, is that both the discloser and recipient must be regulated and that the information has been obtained by the discloser in the course of carrying on regulated business. The second condition is that a disclosure request has been made by either the NCA or the regulated would-be recipient. The third condition is that the NCA has been notified that the disclosure will be made. Finally, the would-be discloser must be satisfied that the disclosure of information “will or may assist in determining any matter in connection with a suspicion that a person is engaged in money laundering.” [4] Accordingly, the satisfaction threshold is low. In essence, information may be disclosed if it could have a bearing on determining a matter which may then confirm or simply relate to a money laundering suspicion.
A raft of procedural requirements then attaches to the disclosure request and the required NCA notification. Notably, notification to the NCA that a disclosure is about to be made requires full details of the disclosure, including details that “the person giving the notification would be required to give if making the required disclosure for the purposes of section 330…”. [5] In other words, all the details that would be required to be inserted into a SAR must be disclosed. As for the potential to be ‘caught out’ – such as where the NCA is notified that a disclosure is about to be made to another in the regulated sector bearing on a suspicion but the would-be discloser has not submitted a SAR in relation to the said suspicion – section 339ZD(2) provides comfort:
“The making of a required notification in good faith is to be treated as satisfying any requirement to make the required disclosure…”
Beyond this, the sharing regime contemplates the submission of joint SARs after a disclosure request has been satisfied. However, this too is subject to technicalities – a joint SAR must be made within either the timeframe set by the NCA, if indeed the NCA has requested the disclosure, or within 84 days of the date the NCA was notified of a pending disclosure. [6] And, if no joint SAR is coming, the NCA must also be notified as soon as practicable. [7]
On one hand, keeping the NCA informed every step of the way means a level of oversight and militates against confidential information being shared for inappropriate or non-AML reasons. On the other hand, the requirement for the NCA to be notified at every turn before information is disclosed and, indeed, before a joint SAR is even contemplated, seems at odds with the reduction objective. At its simplest, the NCA will potentially review the same information twice – when disclosed in advance to the NCA as part of the notification process and if and when it appears in a subsequent defensive SAR. More broadly, the extent of the procedural requirements applicable to what is a voluntary framework also seems counterintuitive to encouraging cooperation within the private sector in the fight against money laundering. Smaller regulated businesses without dedicated compliance teams and cautious about maintaining good client relationships may be reluctant to participate.
Part two of this awareness update explores the challenges that could arise as private entities are drawn further into the investigation of money laundering.
[1] Persons falling into this category include credit institutions, financial institutions, auditors, insolvency practitioners, external accountants and tax advisers, trust or company service providers, estate agents, high value dealers and casinos, see Regulation 8 of the Money Laundering Regulations 2017.
[2] Europol, ‘From Suspicion to Action: Converting financial intelligence into greater operational impact’ (2017) available at: https://www.europol.europa.eu/publications-documents/suspicion-to-action-converting-financial-intelligence-greater-operational-impact.
[3] National Crime Agency, ‘Suspicious Activity Reports (SARs) Annual Report 2017’ (2017) available at: http://www.nationalcrimeagency.gov.uk/publications/suspicious-activity-reports-sars/826-suspicious-activity-reports-annual-report-2017.
[4] Section 339ZB(5).
[5] Section 339ZC(5).
[6] Section 339ZD(6).
[7] Section 339ZE(8)(b).
