Technical helpsheet issued to help ICAEW members consider confidentiality requirements in the context of disclosure of confidential information to the police and other enforcement agencies such as HMRC and the National Crime Agency.
This helpsheet has been issued by ICAEW’s Ethics Advisory Service to help ICAEW members consider confidentiality requirements in the context of disclosure of confidential information to the police and other enforcement agencies such as HMRC and the National Crime Agency. This helpsheet has been issued for information only. Where there is any doubt on legal obligations, members should seek appropriate legal advice.
Members may also wish to refer to the following related helpsheets:
- Disclosure of confidential information (for members in business)
- Disclosure of confidential information (for members in practice)
- Disclosure of confidential information to insolvency practitioners
- GDPR – Lawful basis for processing
- GDPR – Client files
- Production and Disclosure Orders
Requests for information from law enforcement agencies can be particularly difficult to handle, so this helpsheet provides guidance on dealing with these, should they occur. It is written in the context of disclosure of confidential information to the police, however the same principles would apply to other enforcement agencies such as HM Revenue & Customs (HMRC), the National Crime Agency (NCA) and other police forces including the British Transport Police (BTP) and Royal Military Police (RMP).
The principle of confidentiality
As chartered accountants, members have a duty to uphold the fundamental principle of confidentiality which is discussed in section 114 of the ICAEW Code of Ethics. Paragraph R114.1 states:
A professional accountant shall comply with the principle of confidentiality, which requires an accountant to respect the confidentiality of information acquired as a result of professional and business relationships.
The requirement to comply with the principle of confidentiality applies equally to prospective, current and former clients or employers.
Members must not only keep information confidential, but also to take all reasonable steps to preserve confidentiality.
Whether information is confidential or not will depend on its nature. A safe and proper approach to adopt is to assume that all unpublished information about a client or employer’s affairs, however gained, is confidential.
Disclosure of confidential information
Paragraph R114.1(d) of the ICAEW Code of Ethics confirms that a professional accountant must:
Not disclose confidential information acquired as a result of professional and business relationships outside the firm or employing organisation without proper and specific authority, unless there is a legal or professional duty or right to disclose.
Such circumstances would normally include:
- Where disclosure is required by law;
- Where disclosure is permitted by law and authorised by the client or employing organisation; and
- Where there is a professional duty or right to disclose and it is not prohibited by law.
It is important to note that the police have no automatic rights to confidential information. It is therefore inappropriate to disclose information in response to such a request without first considering the implications.
In all cases where disclosure of confidential information is considered, members are advised to carefully document their considerations in case the appropriateness of the decision is challenged at a later date. Notes should include a record of any consent received from the employer, details of legal or other advice obtained, a schedule showing what has been disclosed and to whom, and copies of the information disclosed.
Disclosure is permitted by law and authorised by the client or employing organisation
Information may be disclosed to the police with the consent of a client/employer. On receipt of a request for information from the police, a member should first explain that they have a duty of confidentiality (referring to the ICAEW Code of Ethics as appropriate) and should be prepared to take a firm stance if necessary.
As the police may not wish for the client/employer to be alerted to their investigation, before requesting consent to disclose information from the client/employer, a member should confirm with the police whether they agree to the client/employer being contacted. If the police ask for the client/employer not to be contacted, this instruction should be followed.
Disclosure required by law
Where there is a legal requirement to disclose confidential information, that overrides the duty of confidentiality. In some circumstances a requirement to disclose confidential information is set out in the legislation itself. In other circumstances a legal requirement to disclose information may arise from a court order.
Anyone who knows or believes that information they hold would be material in preventing an act of terrorism, or apprehending, prosecuting or convicting a terrorist has an obligation to disclose that information as soon as reasonably practicable to the police by virtue of the Terrorism Act 2000 section 19. Where information comes to a member in the course of business in a regulated sector a similar requirement applies in section 21A, however the member may discharge their responsibilities by making such a disclosure to the firm’s nominated officer.
The Proceeds of Crime Act 2002 and the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR17) require external accountants, auditors, tax advisors, insolvency practitioners and trust or company service providers to report knowledge or suspicion of money laundering (i.e. criminal acts involving criminal proceeds) to the National Crime Agency (NCA) (or the MLRO within the firm as appropriate). This applies not only in relation to clients but their suppliers, customers, employees and anybody else encountered during the conduct of business. Further guidance can be found in the CCAB Anti-Money Laundering guidance for the accountancy sector.
Members in business may fall within the scope of the money laundering regulations if they work within a regulated sector and their employer should provide appropriate training if this is the case. Where a member in business is not within a regulated sector, the duty to make a report does not automatically apply and members should therefore seek appropriate advice before making any disclosure.
Disclosure set out in legislation
A member may be required to disclose confidential information to the police by other specific requirements set out in legislation. Where there is any doubt, legal advice should be obtained.
Disclosure required by court order
It is possible that the police may obtain a court order to access confidential information that a member holds. Failure to comply with a court order may be an offence and subject a member to possible fines or imprisonment. Care must be taken to comply therefore.
Members should always read the terms of the court order carefully before complying with the request and if in doubt as to its validity should seek legal advice. Only the information covered by the terms of the court order should be provided.
The police may ask a member to provide a witness statement in relation to a case they are investigating. Although a member might find such a request disconcerting, it is important to remember that it is not compulsory to comply. The same considerations apply to volunteering a witness statement as apply to any other disclosure of confidential information. Members are advised to give careful consideration to the circumstances and take appropriate legal advice before providing a voluntary statement
Professional duty or right to disclose
Members may disclose confidential client or employer information to the proper authorities in order to protect their own interests. In general, members should only disclose information which is adequate, relevant and necessary in order to protect their interests (see paragraph 2.33 of Professional conduct in relation to defaults and unlawful acts guidance). For example, it may be appropriate for a member to make such disclosure to the police in order to defend themselves against a criminal charge or to clear themselves of suspicion. In such circumstances a member should seek legal advice before any disclosure is made.
Members may also disclose confidential information to the police in relation to non-compliance or suspected non-compliance with laws and regulations (NOCLAR) if that disclosure can be justified with reference to section 260 or 360 of the ICAEW Code of Ethics for professional accountants in business and professional accountants in public practice respectively. Members should seek legal advice as to whether such disclosure is justified and appropriate in the particular circumstances concerned and the relevant protections offered by the Public Interest Disclosure Act 1998.
If, after seeking appropriate legal advice, a member determines disclosure is appropriate, they will need to take care to ensure that the information disclosed is factual and complete and doesn’t include any unsubstantiated conclusions or judgements.
Further guidance is available in the helpsheets Disclosure of confidential information (for members in practice) and Disclosure of confidential information (for members in business).
Data protection considerations
In addition to the fundamental principle of confidentiality set out in the ICAEW Code of Ethics, members should also consider requirements of relevant data protection legislation including the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
The Data Protection Act 2018 contains a number of exemptions within Schedule 2 from specified provisions of the UK GDPR where personal data is processed for the purposes of:
- the prevention or detection of crime;
- the apprehension or prosecution of offenders; or
- the assessment or collection of tax or duty
These purposes are collectively known as the ‘crime prevention and taxation purposes’.
The exemptions to the specified provisions apply only if they are necessary and only to the extent that application of the provisions would be likely to prejudice any of the crime prevention and taxation purposes.
The Act does not explain ‘likely to prejudice’ however guidance issued by the Information Commissioner’s Office (ICO) (albeit issued under the Data Protection Act 1998 which contained similar provisions) highlights the case of R (Lord) v Secretary of State for the Home Department in which the judge said the test of likelihood requires, “a degree of probability where there is a very significant and weighty chance to prejudice to the identified public interests”. This is therefore a higher bar than being merely ‘possible’. As such the exemptions must be applied on a case by case basis and a data controller should be able to demonstrate why this is the case each time the exemption is applied.
These exemptions mean that data controllers do not have to fulfil their obligations to tell individuals how their data is being processed or respond to a subject access request, to the extent that doing so would be likely to prejudice the crime prevention and taxation purposes. Additionally, data controllers can disclose personal data without applying the usual data protection principles, if the disclosure is necessary for the crime and taxation purposes.
These exemptions do not in themselves place an obligation for the member to make a report through to the police (they merely keep a member within data protection law if they decide to disclose the information in the circumstances in which the exemptions apply).
Members should consider the above guidance in considering whether they have an obligation or right to disclose such information as the confidentiality requirements of section 114 of the ICAEW Code of Ethics still apply and legal advice should be obtained prior to making such disclosure.
If in doubt seek advice
ICAEW members based in England and Wales have access to a free legal signposting service provided by CABA. The 24 hour helpline can be contacted on +44 (0)1788 556 366.
ICAEW members, affiliates, ICAEW students and staff in eligible firms with member firm access can discuss their specific situation with the Technical Advisory Service on +44 (0)1908 248 250 or via webchat.
© ICAEW 2023 All rights reserved.
ICAEW cannot accept responsibility for any person acting or refraining to act as a result of any material contained in this helpsheet. This helpsheet is designed to alert members to an important issue of general application. It is not intended to be a definitive statement covering all aspects but is a brief comment on a specific point.
ICAEW members have permission to use and reproduce this helpsheet on the following conditions:
- This permission is strictly limited to ICAEW members only who are using the helpsheet for guidance only.
- The helpsheet is to be reproduced for personal, non-commercial use only and is not for re-distribution.
For further details members are invited to telephone the Technical Advisory Service T +44 (0)1908 248250. The Technical Advisory Service comprises the technical enquiries, ethics advice, anti-money laundering and fraud helplines. For further details visit icaew.com/tas.
- 01 Jun 2017 (12: 00 AM BST)
- First published
- 16 Dec 2020 (11: 00 AM GMT)
- Changelog created, helpsheet converted to new template
- 16 Dec 2020 (11: 01 AM GMT)
- Minor changes, including Brexit impact on references to GDPR.
- 21 Oct 2021 (10: 00 AM BST)
- Added link to another piece of guidance in introduction ‘Production and Disclosure orders’, updated links.
Download this helpsheet
Access a PDF version of this helpsheet to print or save.Download