Money laundering: data protection for suspicious activity reports - European Union Committee Contents

Money laundering: data protection for suspicious activity reports


1.  In July 2009 we submitted to the House a report on Money laundering and the financing of terrorism.[1] On 7 December 2009 the House debated that report. In this further report we explain developments following some of the recommendations in our first report.[2]

2.  The authorities of Member States rely in their fight against money laundering largely on information supplied by the private regulated sector. Banks, insurers, lawyers, accountants and many other persons and bodies who handle money on behalf of others are required to report any suspicious transactions to the authorities. Chapter III of the Third Money Laundering Directive[3] imposes on the regulated sector a duty to report to the national Financial Intelligence Unit (FIU) any transaction or activity which seems to involve funds which are the proceeds of criminal activity. These reports are suspicious activity reports, or SARs.[4]

3.  The FIU for the United Kingdom is the Serious Organised Crime Agency, SOCA. The SARs are entered onto a database maintained by SOCA known as ELMER. In evidence given to our inquiry in March 2009 the Director of the FIU said that there were then about 1.5 million entries on the database.[5] The number increases by more than 200,000 each year.[6] On that basis there are likely now to be some 400,000 more SARs on the database than there were then.

4.  We do not question the purpose of the SARs regime in the fight against money laundering and the financing of terrorism. Examples are given each year in the SARs Regime Annual Report published by SOCA. But the wide access to what is in effect a database of suspects led us to have serious concerns about data protection issues, which are set out in full in paragraphs 174-181 of our first report.

5.  We recommended that the Information Commissioner should review and report on the operation and use of the ELMER database, and should consider in particular whether the rules for the retention of data were compatible with the jurisprudence of the European Court of Human Rights. In their response[7] the Government told us that SOCA had invited the Information Commissioner to meet its board to discuss taking this recommendation forward. The Government stated that access to the database would be limited to adequately trained staff from "appropriate public bodies", an expression which did little to reassure us. We raised the issue again when the report was debated, and Lord Brett replied that the Information Commissioner was planning to implement our recommendation in the form of a review.[8]

The report of the Information Commissioner

6.  On 29 November 2010 the Information Commissioner wrote to the Chairman enclosing his report to this Committee on SOCA's operation and use of the ELMER database. We are grateful to the Commissioner and his staff for his very full report, plainly the culmination of a thorough review of all the matters which troubled us.

7.  On 28 July 2010 Baroness Neville-Jones, the Minister of State at the Home Office, stated in reply to a written question: "It is proposed that the [Information Commissioner's] report will be made available in the first instance to the House of Lords EU Committee that commissioned it. Arrangements for its wider publication will be considered after the Committee has had an opportunity to consider it."[9] We print the Commissioner's report as Appendix 2 to this report to give it the wider publicity which in our view it deserves and requires.

8.  From our perspective, the most significant finding of the Commissioner is his conclusion (paragraph 5.7) that "there are several aspects of the operation of ELMER which raise concerns about compliance with the Data Protection Act"—concerns which the Commissioner then sets out in full. In paragraph 6.1 of his report he makes "a number of recommendations to help ensure that the processing of personal data on the ELMER database complies with the requirements of the Data Protection Act …" The first four of these recommendations are addressed to SOCA, the fifth to the Government. Accordingly on 15 December 2010 the Chairman wrote to Lord Sassoon, the Commercial Secretary to the Treasury, enclosing a copy of the Commissioner's report, and asking for his reaction to the Commissioner's recommendations. We print the text of that letter in Appendix 3. Responsibility for money laundering is divided between the Treasury and the Home Office, and the Chairman's letter was copied to Baroness Neville-Jones.

Access to the database

9.  At this stage we wish to make only two comments. The first relates to access to the database. Our statement in paragraph 175 of our first report that access to ELMER is available to "agencies such as trading standards, and some county councils" is a direct quotation from the evidence which the Director of the FIU gave us on 18 March 2009.[10] Our further statement that "Nottinghamshire County Council uses ELMER to investigate housing benefit fraud" is taken from a reply to a question from Lord Marlesford given by Lord West of Spithead, then Parliamentary Under-Secretary of State at the Home Office.[11]

10.  A year after the publication of our report, Baroness Neville-Jones stated that "Direct access to the Elmer database by Neath Port Talbot County Borough Council has been suspended while SOCA carries out a review of end-user access." We infer from this that Neath Port Talbot County Borough Council had direct access to the database until shortly before then.[12]

11.  However in paragraph 4.14 of his report the Commissioner states: "The review team's findings suggest that access is not in fact as wide as suggested in the [Committee's] report. The review team were advised that no Local Authorities or Trading Standards bodies have direct access to ELMER as yet although agencies that have investigative and enforcement powers such as the Financial Services Authority, Trading Standards Investigation Units and local authorities' Fraud Investigation Units may request SAR derived information from SOCA. These requests are risk assessed before information is disclosed." If the only change since we reported is that local authorities no longer have direct "desk-top" access (the expression used by the Director of the FIU) or access "from a terminal in a local police unit" (Lord West's answer) but still have indirect access, again this does little to reassure us.

Proportionality of the SARs system

12.  The Commissioner's last recommendation is "That the Government considers whether, in the light of experience, the current arrangements for reporting of SARs continue to be justified, whether they are both effective and proportionate and whether they could be improved. Consideration should be given to whether there is a pressing social need to justify the requirement to report any transactions which is based on [a] very low threshold of suspicion that handling criminal property or money laundering is taking place."

13.  In paragraphs 101-110 of our first report we expressed our concern that the current reporting arrangements were disproportionate. In particular we criticised the "all crimes" approach, which requires an activity suspected to involve property which might be laundered to be reported no matter how trivial the underlying criminal offence. We pointed out that Recommendation 1 of the Financial Action Task Force does not require this; nor does Article 20 of the EU Directive, since money laundering is defined by reference to "criminal involvement in the commission of a serious crime".[13] We suggested a de minimis exclusion for the reporting of suspicious activities.

14.  In their response, the Government strongly defended the "all crimes" approach, and argued that a de minimis exclusion would be unworkable. They did however undertake to work with the Law Society to review ways of re-focusing the definition of money laundering and money laundering offences.[14]

15.  We hope that, when the Government consider the Commissioner's doubts about the justification of reporting transactions where there is a very low level of suspicion, they will also give further consideration to our own concerns about the requirement to report suspicions about the commission of trivial criminal offences. We recall and reiterate the recommendation in our first report[15] that consideration should be given to amending the Proceeds of Crime Act 2002 to include a de minimis exclusion.


16.  We believe that the Information Commissioner's report justifies our view that the ELMER database is not fully compliant with the Data Protection Act and the Human Rights Act. We look forward to hearing from ministers what steps the Government and SOCA will take to comply with the Commissioner's recommendations, and ours.

17.  We make this report to the House for debate.

1   19th Report, Session 2008-09, HL Paper 132-I and 132-II. Back

2   This report was prepared by the Home Affairs Sub-Committee, whose members are listed in Appendix 1. The members of the Sub-Committee who prepared our first report are listed in Appendix 1 to that report. Back

3   Directive 2005/60/EC of the European Parliament and of the Council of 26 October 2005 on the prevention of the use of the financial system for the purpose of money laundering and terrorist financing, OJ L309 of 25 November 2005. Back

4   A full description of the SARs regime is given in Chapter 4 of our first report. Back

5   19th Report, Session 2008-09, HL Paper 132-II, Q 193. Back

6   There were 210,524 new SARs in the year to end September 2008; 228,834 to September 2009; and 240,582 to September 2010: SARs Regime Annual Reports for 2008 (page 40), 2009 (page 45) and 2010 (page 55). Back

7   Cm 7718, 6 October 2009. Back

8   HL Deb 7 December 2009 col 976. Back

9   HL Deb 28 July 2010 col WA 362. Back

10   For the very full reply, reference should be made to our first report: 19th Report, Session 2008-09, HL Paper 132-II, Q 193. The relevant extract reads: "At the same time that entire database is made available to over 75 different UK agencies. When I say 'made available', it is now desk-top accessed to investigators from every police force in England and Wales, Scotland and Northern Ireland, all of the national agencies that have prosecution powers-HMRC, DWP, the Serious Fraud Office, together with other agencies such as trading standards, and some county councils." Back

11   HL Deb 2 April 2009 cols 287-288. The full answer reads: "There is an accredited financial investigator in Nottingham [sic] County Council who is able to access and use the Serious Organised Crime Agency's database of Suspicious Activity Reports (SARs) from a terminal in a local police unit. The financial investigator uses SARs when investigating housing benefit fraud. No other local authority currently has access to the SARs database. Accredited financial investigators were established in the Proceeds of Crime Act 2002. The Proceeds of Crime Act 2002 (References to Financial Investigators) (Amendment) Order 2005 (SI 2005/386) added local authority fraud investigators to the list of financial investigators who could use various powers in the Act." Back

12   HL Deb 28 July 2010 col WA 362. Back

13   Articles 1(2)(a), 3(4) and 3(5). Back

14   Supplementary memorandum by the Law Society of England and Wales, paragraph 2.12: 19th Report, Session 2008-09, HL Paper 132-II, page 34. Back

15   Ibid, paragraph 110. Back

previous page contents next page

House of Lords home page Parliament home page House of Commons home page search page enquiries index

© Parliamentary copyright 2011