SARs and confidentiality
SARs and confidentiality

The following Risk & Compliance guidance note provides comprehensive and up to date legal information covering:

  • SARs and confidentiality
  • Professional/regulatory duty of confidentiality
  • SAR confidentiality
  • Disclosure required by law
  • SuperSARs
  • NCA SAR confidentiality Breach Line
  • Protecting your SARs and staff

Issues of confidentiality arise in two different respects in terms of suspicious activity reports (SARs):

  1. your professional or regulatory duty of confidentiality to your customer (if you owe such a duty), and

  2. the confidentiality of the SAR itself

This Practice Note discusses both aspects. It provides guidance which is of general application. You should check whether the law or your regulatory body has any additional, sector specific requirements in relation to confidentiality.

Professional/regulatory duty of confidentiality

Where you are professionally or legally obliged to keep the affairs of your customers confidential. These obligations typically extend to all matters revealed to you from whatever source, including by a customer, or someone acting on their behalf.

In exceptional circumstances though, this general obligation of confidence may be overridden, either through customer consent or a legal obligation to make a disclosure.

Professional/legal duties relating to confidentiality are specifically overridden by law in the Proceeds of Crime Act 2002 (POCA 2002)—a disclosure (effectively a SAR to the National Crime Agency (NCA)) is not to be taken to breach any restriction on the disclosure of information (however imposed))

In other words, you do not breach any rule which would otherwise restrict a disclosure of confidential information.

SAR confidentiality

SARs are confidential documents, prepared after careful analysis by organisations to comply with POCA 2002 and in turn, alert authorities