Money laundering: data
protection for suspicious activity reports|
1. In July 2009 we submitted to the House a report
on Money laundering and the financing of terrorism.
On 7 December 2009 the House debated that report. In this further
report we explain developments following some of the recommendations
in our first report.
2. The authorities of Member States rely in their
fight against money laundering largely on information supplied
by the private regulated sector. Banks, insurers, lawyers, accountants
and many other persons and bodies who handle money on behalf of
others are required to report any suspicious transactions to the
authorities. Chapter III of the Third Money Laundering Directive
imposes on the regulated sector a duty to report to the national
Financial Intelligence Unit (FIU) any transaction or activity
which seems to involve funds which are the proceeds of criminal
activity. These reports are suspicious activity reports, or SARs.
3. The FIU for the United Kingdom is the Serious
Organised Crime Agency, SOCA. The SARs are entered onto a database
maintained by SOCA known as ELMER. In evidence given to our inquiry
in March 2009 the Director of the FIU said that there were then
about 1.5 million entries on the database.
The number increases by more than 200,000 each year.
On that basis there are likely now to be some 400,000 more SARs
on the database than there were then.
4. We do not question the purpose of the SARs
regime in the fight against money laundering and the financing
of terrorism. Examples are given each year in the SARs Regime
Annual Report published by SOCA. But the wide access to what is
in effect a database of suspects led us to have serious concerns
about data protection issues, which are set out in full in paragraphs
174-181 of our first report.
5. We recommended that the Information Commissioner
should review and report on the operation and use of the ELMER
database, and should consider in particular whether the rules
for the retention of data were compatible with the jurisprudence
of the European Court of Human Rights. In their response
the Government told us that SOCA had invited the Information Commissioner
to meet its board to discuss taking this recommendation forward.
The Government stated that access to the database would be limited
to adequately trained staff from "appropriate public bodies",
an expression which did little to reassure us. We raised the issue
again when the report was debated, and Lord Brett replied that
the Information Commissioner was planning to implement our recommendation
in the form of a review.
The report of the Information
6. On 29 November 2010 the Information Commissioner
wrote to the Chairman enclosing his report to this Committee on
SOCA's operation and use of the ELMER database. We are grateful
to the Commissioner and his staff for his very full report, plainly
the culmination of a thorough review of all the matters which
7. On 28 July 2010 Baroness Neville-Jones, the
Minister of State at the Home Office, stated in reply to a written
question: "It is proposed that the [Information Commissioner's]
report will be made available in the first instance to the House
of Lords EU Committee that commissioned it. Arrangements for its
wider publication will be considered after the Committee has had
an opportunity to consider it."
We print the Commissioner's report as Appendix 2 to this report
to give it the wider publicity which in our view it deserves and
8. From our perspective, the most significant
finding of the Commissioner is his conclusion (paragraph 5.7)
that "there are several aspects of the operation of ELMER
which raise concerns about compliance with the Data Protection
Act"concerns which the Commissioner then sets out
in full. In paragraph 6.1 of his report he makes "a number
of recommendations to help ensure that the processing of personal
data on the ELMER database complies with the requirements of the
Data Protection Act
" The first four of these recommendations
are addressed to SOCA, the fifth to the Government. Accordingly
on 15 December 2010 the Chairman wrote to Lord Sassoon, the Commercial
Secretary to the Treasury, enclosing a copy of the Commissioner's
report, and asking for his reaction to the Commissioner's recommendations.
We print the text of that letter in Appendix 3. Responsibility
for money laundering is divided between the Treasury and the Home
Office, and the Chairman's letter was copied to Baroness Neville-Jones.
Access to the database
9. At this stage we wish to make only two comments.
The first relates to access to the database. Our statement in
paragraph 175 of our first report that access to ELMER is available
to "agencies such as trading standards, and some county councils"
is a direct quotation from the evidence which the Director of
the FIU gave us on 18 March 2009.
Our further statement that "Nottinghamshire County Council
uses ELMER to investigate housing benefit fraud" is taken
from a reply to a question from Lord Marlesford given by Lord
West of Spithead, then Parliamentary Under-Secretary of State
at the Home Office.
10. A year after the publication of our report,
Baroness Neville-Jones stated that "Direct access to the
Elmer database by Neath Port Talbot County Borough Council has
been suspended while SOCA carries out a review of end-user access."
We infer from this that Neath Port Talbot County Borough Council
had direct access to the database until shortly before then.
11. However in paragraph 4.14 of his report the
Commissioner states: "The review team's findings suggest
that access is not in fact as wide as suggested in the [Committee's]
report. The review team were advised that no Local Authorities
or Trading Standards bodies have direct access to ELMER as yet
although agencies that have investigative and enforcement powers
such as the Financial Services Authority, Trading Standards Investigation
Units and local authorities' Fraud Investigation Units may request
SAR derived information from SOCA. These requests are risk assessed
before information is disclosed." If the only change since
we reported is that local authorities no longer have direct "desk-top"
access (the expression used by the Director of the FIU) or access
"from a terminal in a local police unit" (Lord West's
answer) but still have indirect access, again this does little
to reassure us.
Proportionality of the SARs system
12. The Commissioner's last recommendation is
"That the Government considers whether, in the light of experience,
the current arrangements for reporting of SARs continue to be
justified, whether they are both effective and proportionate and
whether they could be improved. Consideration should be given
to whether there is a pressing social need to justify the requirement
to report any transactions which is based on [a] very low threshold
of suspicion that handling criminal property or money laundering
is taking place."
13. In paragraphs 101-110 of our first report
we expressed our concern that the current reporting arrangements
were disproportionate. In particular we criticised the "all
crimes" approach, which requires an activity suspected to
involve property which might be laundered to be reported no matter
how trivial the underlying criminal offence. We pointed out that
Recommendation 1 of the Financial Action Task Force does not require
this; nor does Article 20 of the EU Directive, since money laundering
is defined by reference to "criminal involvement in the commission
of a serious crime".
We suggested a de minimis exclusion for the reporting of
14. In their response, the Government strongly
defended the "all crimes" approach, and argued that
a de minimis exclusion would be unworkable. They did however
undertake to work with the Law Society to review ways of re-focusing
the definition of money laundering and money laundering offences.
15. We hope that, when the Government consider
the Commissioner's doubts about the justification of reporting
transactions where there is a very low level of suspicion, they
will also give further consideration to our own concerns about
the requirement to report suspicions about the commission of trivial
criminal offences. We recall and reiterate the recommendation
in our first report
that consideration should be given to amending the Proceeds
of Crime Act 2002 to include a de minimis exclusion.
16. We believe that the Information Commissioner's
report justifies our view that the ELMER database is not fully
compliant with the Data Protection Act and the Human Rights Act.
We look forward to hearing from ministers what steps the Government
and SOCA will take to comply with the Commissioner's recommendations,
17. We make this report to the House for debate.
1 19th Report, Session 2008-09, HL Paper 132-I and
This report was prepared by the Home Affairs Sub-Committee, whose
members are listed in Appendix 1. The members of the Sub-Committee
who prepared our first report are listed in Appendix 1 to that
Directive 2005/60/EC of the European Parliament and of the Council
of 26 October 2005 on the prevention of the use of the financial
system for the purpose of money laundering and terrorist financing,
OJ L309 of 25 November 2005. Back
A full description of the SARs regime is given in Chapter 4 of
our first report. Back
19th Report, Session 2008-09, HL Paper 132-II, Q 193. Back
There were 210,524 new SARs in the year to end September 2008;
228,834 to September 2009; and 240,582 to September 2010: SARs
Regime Annual Reports for 2008 (page 40), 2009 (page 45) and 2010
(page 55). Back
Cm 7718, 6 October 2009. Back
HL Deb 7 December 2009 col 976. Back
HL Deb 28 July 2010 col WA 362. Back
For the very full reply, reference should be made to our first
report: 19th Report, Session 2008-09, HL Paper 132-II, Q 193.
The relevant extract reads: "At the same time that entire
database is made available to over 75 different UK agencies. When
I say 'made available', it is now desk-top accessed to investigators
from every police force in England and Wales, Scotland and Northern
Ireland, all of the national agencies that have prosecution powers-HMRC,
DWP, the Serious Fraud Office, together with other agencies such
as trading standards, and some county councils." Back
HL Deb 2 April 2009 cols 287-288. The full answer reads: "There
is an accredited financial investigator in Nottingham [sic] County
Council who is able to access and use the Serious Organised Crime
Agency's database of Suspicious Activity Reports (SARs) from a
terminal in a local police unit. The financial investigator uses
SARs when investigating housing benefit fraud. No other local
authority currently has access to the SARs database. Accredited
financial investigators were established in the Proceeds of Crime
Act 2002. The Proceeds of Crime Act 2002 (References to Financial
Investigators) (Amendment) Order 2005 (SI 2005/386) added local
authority fraud investigators to the list of financial investigators
who could use various powers in the Act." Back
HL Deb 28 July 2010 col WA 362. Back
Articles 1(2)(a), 3(4) and 3(5). Back
Supplementary memorandum by the Law Society of England and Wales,
paragraph 2.12: 19th Report, Session 2008-09, HL Paper 132-II,
page 34. Back
Ibid, paragraph 110. Back