The Court of Appeal in London ruled on 13 October that HSBC Private Bank did not have to disclose the identity of employees who had made internal reports which had led to suspicious activity reports (“SARs”) being filed with the authorities unless there was a firm suggestion on bad faith on their part.

The judgment is the result of satellite litigation arising from the more famous 2010 case of Shah v HSBC, in which the Court of Appeal ruled that parties which had suffered loss as a result of SARs being filed were entitled to demand proof from the regulated institution responsible that the suspicion on which the SAR was founded existed.

On the particular facts of the original case, the High Court ordered HSBC to identify the employees by function, but not by name. The Shahs appealed the court’s refusal to order the disclosure of the names of the employees, and HSBC cross- appealed against the court’s finding that its obligation to make standard disclosure required their names to be revealed in the first place (with the names only being protected by PII, and not as of right).

The Judgement of the Court of Appeal
Within HSBC there were three stages of AML reporting:
1. The relationship manager with a particular client would report any AML suspicion to the compliance department;
2. The compliance department would report the matter internally to the MLRO;
3. The MLRO would then, if appropriate, file an SAR with SOCA.

HSBC had disclosed a series of memos, internal reports, and similar documents. With the exception of the MLRO, the identity of all employees concerned had been redacted; they were identified only by the department (client relationship, compliance or MLRO) that they worked for. The documents did however reveal the information based on which the MLRO formed his suspicion.

The Test for Disclosure

The court found that the redacted identities of the employees concerned was not material on which HSBC relied to prove its case. As a result, the relevant question was: is the material either material which would adversely affect HSBC’s case or material which would support the Shahs’ case?
In answering the question it was important to remember that the issue remaining in the wider case of Shah v HSBC after the previous decision of the Court of Appeal was a narrow one: did HSBC have a genuine suspicion at the time when the SARs were filed? Accordingly, the Shahs did not put forward a positive “case”; they simply sought to test the bank’s case that it did have such a suspicion. For that reason, the court ruled that the only circumstance in which the employee identities would be disclosable was if they adversely affected HSBC’s case.
The Shahs had stated that two employees of HSBC (“Ms S” and “Mr J”) might have had the motivation to make an internal AML report in bad faith. One had asked for a loan from Mr Shah and been refused; the other had received an abusive email from him after a transaction had been delayed. The Shahs submitted to the court that if any of the anonymous employees concerned in making an internal report turned out to be Ms S or Mr J, they might be able to allege bad faith.

Refusing disclosure, Lord Justice Lewison commented:
The more I listened to the explanation of why the claimants wanted the names, the more convinced I became that, to use the familiar cliché, this was a fishing expedition… [the Shahs] did not say that even if Ms S’s name was revealed as one of the sources [the Shahs] would be able to assert bad faith; merely that they might be able to do so. Even that possibility was only tentatively advanced. It is all speculation and surmise.

The court concluded that, absent a firm suggestion of bad faith by the Shahs, HSBC was entitled to withhold the identity of the staff concerned as being irrelevant to the matter under dispute. For that reason, the bank did not have to rely on the doctrine of public interest immunity.
Conclusion

This important judgment provides reassurance to employees of firms in the regulated sector of England and Wales that their identities will be protected if they make internal AML reports, unless there is a firm suggestion that in doing so they acted in bad faith. It also makes clear that there is no absolute requirement to disclose the identity of the MLRO who makes an external SAR, although as a regulated firm is now required to show that it had suspicion if its reporting is challenged, it may be that it will be necessary for the MLRO (if no one else) to come to court and explain why he made the report that he did.

Firstly, the FATF 4th round of evaluation, which proposes changes to the way we approach PEP’s and beneficial owners, reinforcing the risk based approach and importantly, including tax evasion, of both direct and indirect taxation as predicate reportable offences of the money laundering regime. These changes will be formally approved at the February 2012 Plenary. It is expected the EEC will have the 4th European directive passed by the end of 2012 to reflect the changes, prompting the UK to adopt the 2013 or 2014 Money Laundering Regulations. 

Further to these changes HM Treasury will shortly issue there proposals for changes to the UK’s own regime following their ‘call for evidence’ and other reviews of the regime. These proposals will be made available for review and consultation by all interested parties and on finalisation will be included with the implementation of the 4th directive. 

The proposed changes will include amendments such as including into the regime businesses that offer high value services for cash and a tightening up of how to demonstrate compliance to a supervisor through formal policies and procedures, amongst other adjustments to the regime.

Also included will be the two proposals made by the Chancellor in his budget speech which caused a bit of a debate. Firstly, it will be the Governments intent to remove criminality from the Regulations aimed at the private sector. This approach was confirmed by the Attorney General and further expanded to aspects of PoCA, namely sections 330 to 332, for the failure to report SAR’s it would not generally be in the public’s interest to take criminal action against the private sector, but instead make a referral to the relevant supervisor for them to deal with or commence civil proceedings for the breach. S336 concerning consent, is also an area on concern which will see an overhaul making life easier for the reporter.  

Lastly, the one that got everybody excited, is there going to be an exemption to the Regime for smaller businesses? Yes, they want to propose a £15,000 annual turnover exemption from the requirements of the regulations.  This will help many in the accountancy sector who are caught by the regime, such as part time bookkeepers, semi-retired practitioners and those staff members who do a bit extra on weekends and evenings in their own name.  This will also allow new business to get started, before firstly having to the implement ML Regulations.

I would suggest that the accountancy sector more than any other would benefit from this piece of deregulation.

HMRC has published its Code of Practice for supervisory purposes for visits to businesses under Money Laundering Regulations (COP28). This Code of Practice tells you what you can expect from HMRC Supervisory staff and what they expect of you when they visit your business under the Money Laundering Regulations 2007.

This is a simple but very helpful document for preparing for a supervisory visit under the Regulations, however one item contained within the documents raised concern for Steve O’Neill of BTC, namely;

 Examples of business records the officer is likely to want to see include:

“Records/copies of suspicious transactions, action taken, copies of any Suspicious Activity Reports (SAR’s) submitted to the Serious Organised Crime Agency and any correspondence from them concerning consent.  We will look at Suspicious Activity Reports for anti-money laundering legislation purposes only and not for tax purposes”.

It is Steve O’Neill’s (Business Tax Centre’s BTC) understanding that SAR’s are an individual’s obligations covered under the Proceeds of Crime Act and not covered under the Money Laundering Regulations which covers a ‘Firms’ obligations to put into place appropriate policies and procedures for the prevention, detection and reporting of suspicious activity, and not the actual SAR itself which has a subjective test  and offences which are covered in PoCA.

When HMRC regulatory team was asked about their powers to view a SAR, they responded by way of reference to two sections of the Regulations. One of these references was to CDD only and the other to refers to the ‘Policy and Procedures’ for reporting.

These correspondences have been passed on to other supervisory authorities who can confirm that their opinion also states that the ML Regulations do not give authority for a supervisor to view a SAR, which should only be done by an accredited and trained financial investigator.   

We understand from a response received from these bodies that this subject will be raised with HMRC at the next ‘affinity group’ meeting of accountancy and taxation supervisors.

If HMRC point of view is upheld, then the Treasury approved CCAB guidance and the notes of each professional boy will need to be updated accordingly. We will post updates as we receive them.

Visit the BTC website for compliance help and support for firms in the regulated sector.

A SAR should be made as soon as the knowledge or suspicion that criminal proceeds exist has arisen, especially if consent may be required, or at the earliest opportunity thereafter.

SOCA’s preferred method for reporters to submit their suspicion is the SOCA Suspicious Activity Report Form. SOCA prefers these forms to be submitted electronically but hardcopy versions of the forms (including Limited Intelligence Value Reports) can be found on the SOCA website or obtained directly from SOCA. These can then be posted to the address below. Hardcopy consent requests should be faxed to 0207 238 8286.

If you currently submit by post but would like to report electronically visit the SAR Online System or alternatively contact the Money.web support team

Acknowledgement Letters
SOCA will not acknowledge any SAR sent by fax, post, or by letter. Electronic submissions through money.web, bulk submission or through the SAR Online system, will receive an acknowledgment which will include an automatically generated ELMER reference number.

If you have submitted a consent request, the Consent Team will contact you directly with the decision by telephone within the seven day notice period, and then post the appropriate letter to you as confirmation.

If you have any queries relating to acknowledgments please write to the SAR Team at UKFIU, PO BOX 8000, London, SE11 5EN.

Visit the BTC website for compliance help and support for firms in the regulated sector.

Those cases that are currently the responsibility of ARA will be transferred to SOCA and the current casework will continue to be supported. Whilst other agencies are developing their civil recovery capabilities, SOCA will continue to provide support to law enforcement agencies by taking on cases referred to it, where the use of civil recovery and tax powers would be in the public interest.

What Remains the Same?

Where a law enforcement agency or prosecution authority has a criminal case after 1st April, which it has been unable to prosecute successfully; it will be able to refer it to SOCA to consider adopting it for civil recovery and/or assessing for tax. It must meet the following criteria:
• Recoverable property must have been identified and have an estimated value of at least £10,000
• Recoverable property must include property other than cash or negotiable instruments (although cash is recoverable if it is in addition to other property)
• There must be evidence of criminal conduct that is supported to the civil standard of proof, i.e. on the balance of probabilities.

Civil Recovery and Taxation (through the Proceeds of Crime Act) in Northern Ireland will be undertaken by SOCA. SOCA will retain the capacity to provide support to partners in Northern Ireland to support the ministerial assurances that there will be no reduction in the resource available for asset recovery in Northern Ireland. In Scotland, Civil Recovery powers will still be exercised by the Civil Recovery Unit of the Crown Office.

The Confidential Hotline for Civil Recovery and Tax in Northern Ireland is 028 0931 5039.

ARA’s power to issue tax assessments where the income can be linked to criminality will also transfer to SOCA. This means that SOCA and HM Revenue and Customs will be able to co-ordinate their efforts to recover criminal profits and bring criminals within the tax system.

SOCA will also maintain the Joint Asset Recovery Database (JARD) which records asset recovery information for all law enforcement activity across the UK and provide support to financial investigators on using the service.

Visit the BTC website for compliance help and support for firms in the regulated sector.