Making SARs safely - preserving confidentiality for yourself and your clients
The Serious and Organised Crime Agency (SOCA) takes the need to protect the confidentiality of reporters very seriously. Access to Suspicious Activity Reports (SAR) information is conditional on compliance with Home Office issued guidance.
For more information on the full situation on the ability of NCA to preserve the confidentiality of SARs see the Institute technical release TECH 07/06 (PDF 81kb/8 pages) . To guard against inadvertent or erroneous disclosure of a SAR, appropriate reporting procedures can also be adopted by the accountancy practice making the report. Read these tips for making SARs safely.
What to do to reduce the chances of inadvertent disclosure
To guard against inadvertent or erroneous disclosure of a SAR, appropriate reporting procedures should be adopted by the accountancy practice making the report. Such procedures might include:
Putting the details of the firm and/or its Money Laundering Reporting Officer (MLRO) only in the "front sheet" of a standard SAR reporting form or the equivalent fields on SAR Online, and not elsewhere, such as in the "reasons for suspicion" box. This will help enable Law Enforcement Agencies (LEAs) to pass information to investigation teams which does not include the identity of the reporter, and reduce the likelihood of inadvertent disclosure. It is important to give accurate contact information to guard against you or your firm being confused with another firm with a similar name, which might result in enquiries being directed to the wrong person
Wherever possible, use SAR Online to submit reports as this is more secure than post or fax as risks of interception or loss in transmission are reduced
In respect of any further information requested, or information required to support the intelligence provided in a SAR for use in a prosecution, only release the information in response to a properly served Production Order or other order that effectively compels the disclosure. This shows to any persons involved in the prosecution or defence that the reporter was acting only in response to a binding legal duty
Where there is particular reason to fear that a suspect might be motivated to try and discover whether a SAR had been made and by whom, and take revenge (for example where a SAR might involve a suspect with a known history of violence, or where organised crime or a terrorist organisation might be involved) bring this to the attention of Law Enforcement. This might be done by the inclusion of a note (in bold type, at the top) in the SARs reporting box on reason for suspicion setting out any concerns over safety or confidentiality
Maintain proper records, to ensure that Personal Data (as defined under the Data Protection Act) is only retained where it continues to have information value likely to be useful for the prevention or detection of crime. Where disclosure of information would be likely to be prejudicial in that context, it is exempted from the requirements for disclosure in response to a subject access request under the Section 29 Data Protection Act 1998. Guidance on this point has been issued by the Information Commissioner on the definition of personal data (PDF)
Don't keep copies of SARs on the client files, or anywhere else where they are available to clients, the general staff of the firm, or third parties. It is safer for them to be kept securely by the MLRO and access restricted to the MLRO and any appropriate deputies
Don't include any superfluous detail in the "reasons for suspicion" about the circumstances in which information is obtained, and provide only that information necessary to explain the information on which the suspicion or knowledge is based, the suspected predicate offence (if known) and the nature of the suspicion. Do not include the names of accountancy practice personnel in the description of information and suspicion.