Home Office Circular: Criminal Finances Act 2017 – Information Sharing within the Regulated Sector
The Home Office has issued guidance detailing Principles for Information Sharing within the Regulated Sector and between the Regulated Sector and an Authorised Officer of the National Crime Agency (NCA).
The Criminal Finances Act 2017 (CFA) introduced new sections 339ZB-339ZG into proceeds of Crime Act 2002 (POCA), and new sections 21CA to 21CF into the Terrorism Act 2000, allowing Banks and other Regulated Businesses to voluntarily share information in relation to a suspicion that a person is engaged in money laundering, suspicion that a person is involved in a terrorist financing offence, or in relation to the identification of terrorist property or its movement or use. This section details procedures surrounding money laundering in POCA. Information Sharing can be initiated by a Regulated Sector Entity or the NCA, where the disclosure of the information will or may assist in determining any matter in connection with a suspicion that a person is engaged in money laundering.
‘Suspicion’ has the same meaning in this context as for the other money laundering provisions in Part 7 of POCA. Under section 399ZB(3) it is the NCA’s decision whether or not to pursue NCA initiated information sharing. Information sharing under these provisions is entirely voluntary and any member of the Regulated Sector may refuse to undertake such sharing. It should be noted that whilst sharing of information within the regulated sector under these provisions is voluntary, filing required Suspicious Activity Reports (SARs) is not voluntary. Members of the regulated sector must consider whether they are obliged to submit a SAR in parallel with their consideration of whether to use the information sharing provisions. In the event that a request to share information is refused, the person in the Regulated Sector should therefore have considered whether they are obliged to submit a SAR in respect of the relevant matters, and any SARs should then be submitted as soon as possible. If a person fails to file a SAR, the person would not be availing themselves of a defence to an offence. Sharing information in good faith under these provisions does not breach any obligation of confidence owed by the person making the disclosure, or any other restriction on the disclosure of information, however imposed. Information provided by a UK Law Enforcement Agency may not, however, be shared without the Agency’s prior consent.
The CFA also amended the Data Protection Act 1998 (DPA), introducing new conditions for processing personal and sensitive personal data for the purposes of Schedules 2 and 3 to the DPA, where disclosures to other regulated sector entities are made in good faith under these provisions. However, persons utilising these provisions need to take appropriate steps to ensure that any disclosures made when sharing information with one another comply with the Data Protection Act 1998 and the General Data Protection Regulation (GDPR) effective, 25th May 2018. Where information is shared in good faith under section 339ZB of POCA, the ‘tipping-off’ offence under section 333A of POCA does not apply. There will be a phased approach to implementation, initially with Credit and Financial Institutions. A Credit Institution as defined in Article 4(1)(1) of the Capital Requirements Regulations; or b. A branch (within the meaning of Article 4(1)(17) of the Regulation) located in an EEA state of an Institution falling within paragraph (a) (or of an equivalent institution in any other State) wherever its head office is located.
A Financial Institution is defined as ‘an undertaking that carries on a business in the Regulated Sector by virtue of any paragraphs (b) to (i) of paragraph 1(1)” of Schedule 9 of POCA. Types of information sharing. There are two parts included in the provisions on information sharing:
- Regulated Sector initiated sharing: Permitting a Regulated Sector Entity to request information from other Regulated Sector Entities, providing protection from Civil Liability for breaches of confidence (assuming compliance with all data protection obligations), or other restrictions on disclosure of information, to these entities when they voluntarily choose to request and/or share information in relation to a suspicion of Money Laundering. Entities must also be compliant with their Data Protection obligations throughout the information sharing process.
- NCA initiated sharing: Permitting the NCA to request Regulated Sector entities to voluntarily share information in relation to a suspicion of Money Laundering, providing protection to the Regulated Sector Entities, as above.
Further information:
To read more, please follow this link:
Home Office Circular: Criminal Finances Act 2017 – Sharing information within the regulated sector
Contact us here
Please Note: This publication is not intended to be a comprehensive review of all developments in the law and practice, or to cover all aspects of those referred to. Readers should take legal advice before applying the information contained in this publication to specific issues or transactions.
Source and credit: FCA