The Home Office has issued a guidance setting out the principles for sharing information within the regulated sector, and between the regulated sector and an authorised officer of the National Crime Agency (NCA).
The Criminal Finances Act 2017 introduces new sections 339ZB-339ZG into the Proceeds of Crime Act 2002 (POCA), and new sections 21CA to 21CF into the Terrorism Act 2000. These new provisions will allow businesses in the regulated sector to share information with each other on a voluntary basis in relation to a suspicion that a person is engaged in money laundering, in the commission of a terrorist financing offence, or in relation to the identification of terrorist property or its movement or use. It should be remembered that, whilst information sharing is entirely voluntary and members of the regulated sector are entitled to refuse to undertake such sharing, filing a Suspicious Activity Report (SAR) when required is not voluntary (even when information sharing has been refused by a peer). In fact, the information sharing provisions run in parallel with the existing SARs regime.
The Guidance includes details on the types of information sharing, roles and responsibilities, and different procedures to follow. It also includes a self-explanatory flowchart of the possible steps, that can support Nominated Officers when deciding the best course of action.
Whilst the principle behind the introduction of this new process aims to achieve better and more complete intelligence, the procedure for initiating the information sharing and submitting notifications and joints disclosures to the NCA appears to be very bureaucratic and to require several notifications stages. In practice, it could result in entities being discouraged by the new mechanism and opt for a standard SAR as done so far. In addition, the Home Office has reminded that those using the information sharing will need to take appropriate steps to ensure that any disclosures made comply with the Data Protection legislation and the General Data Protection Regulation (GDPR) which will come into force in May 2018. This point could make firms reluctant to share clients’ confidential information with their peers.
The Home Office has said that “while the legislation is designed to support information sharing across the regulated sector, there will be a phased approach to implementation, starting with financial institutions. This will allow the provisions to be tested, and lessons learned, with a sector that has experience of cooperative working between the banks and law enforcement agencies”. It is therefore interesting to see how this new process will develop and whether the number of joint SARs will validate the rightness of the theory and the feasibility of the practice.