The Court ruled that a Suspicious Activity Report filed by the defendant bank was relevant to the breach of contract, defamation and Data Protection Act claims brought by the customer against the bank. Disclosure should not be refused on grounds of confidentiality. It is an important reminder to financial crime and compliance practitioners that SARs may be disclosable in litigation both to customers and potentially to third parties.
The Suspicious Activity Report (SAR) regime
There are three substantive money laundering offences (sections 327-329) in the Proceeds of Crime Act 2002 (the Act). Essentially, a person may commit a money laundering offence if they deal in property, which they know or suspect represents the benefit from criminal conduct. The test is entirely subjective. The suspicion does not need to be reasonable provided that it is genuinely held. A bank may therefore commit a money laundering offence if it complied with a customer’s instruction suspecting that it is transferring criminal property held in their bank account.
A person may obtain a defence to a money laundering offence by making an Authorised Disclosure, commonly called a SAR, to the National Crime Agency (the NCA) seeking consent to carry out the suspect transaction. Once a SAR is filed the customer’s bank accounts are frozen pending receipt of a “Defence Against Money Laundering” consenting to the transaction. The NCA has seven working days, which can be extended, in which to refuse consent, in order to obtain a court order to freeze the funds.
Once a SAR is made, a bank may commit an offence if it discloses that a SAR has been made and that disclosure is likely to prejudice an investigation. There is an additional offence, applicable to anyone, where a disclosure is made which is likely to prejudice an investigation (as defined in the Act).
Mr Lonsdale was a customer of Natwest Bank, holding seven personal and business accounts with the bank, both in his sole name and jointly with business partners. On 10 March 2017, the bank had grown suspicious about the activity on the account he held jointly. The account was frozen for eight days while Natwest obtained consent from the NCA to process transactions on the account. On 27 December 2017, the bank this time froze all of his accounts having once again become suspicious about the activity on the accounts.
Litigation immediately followed, and the bank served notice that it would close the accounts within 60 days. Mr Lonsdale filed a Data Subject Access Request (DSAR) and sued the bank for:
- breach of contract, when it froze his accounts and failed to execute his instructions
- breach of the Data Protection Act 1998 relating to the Bank’s failure to provide Mr Lonsdale with his personal data following his DSAR, and
- defamation, by stating, it was assumed by Mr Lonsdale in the SAR and internal communications that the money in his accounts derived from crime.
The bank defended the allegations. In its defence it referred to the SARs. Since the content of the SARs, and the background communications, were likely to be central to Mr Lonsdale’s claims and particularly whether the bank’s employees held a genuine suspicion that he was a money launderer, he applied to inspect the SARs pursuant to CPR 31.14 (since the documents were referred to in the bank’s statement of case). The bank argued that that the Court should exercise its discretion in its favour to withhold the SAR on the basis that: the SARs were disclosed in strictest confidence to the NCA, and disclosure may cause the bank to commit both or either of the tipping off offences.
The bank also applied for Mr Lonsdale’s claims to be struck out and/or summary judgment made.
The Court held in Lonsdale’s favour that all the three causes of action were substantive issues that could not be summarily dismissed. The content of the SARs were relevant to the determination of the issues at trial.
In terms of the inspection of the SARs, the Court held in Lonsdale’s favour there was no evidence before it that should make it depart from the ordinary position to order inspection. The bank had not supported its concerns that it would commit either of the tipping off offences with any evidence. Disclosure of the SARs was proportionate and necessary for the fair disposal of the claim and should not be refused on grounds of confidentiality.
Further to a Home Office circular regarding the disclosure of SARs, the bank had notified the NCA that it may be required to disclose the SAR published in June 2015. The NCA considered it “inappropriate” and “premature” to attend the hearing but indicated that it had an interest in the disclosure of the SARs and requested time to assess its position should the Court be minded to order disclosure. Accordingly, the Court allowed the NCA a period of 14 days to apply to the Court for a variation of the order. It does not appear that the NCA applied to challenge the order on the basis that the disclosure would “damage the public interest” (CPR 31.19) or otherwise prejudice an investigation.
Practical implications of the judgment
Since the case has now been settled it is somewhat unfortunate, if only for practitioners in this area, that we will not see how these intertwined and parallel issues were resolved.
While the bank argued that there was “clear evidence that the bank employees held a suspicion”, the Court disagreed and considered that it had not, at this interim stage, expressly pleaded or provided evidence that staff held a genuine suspicion that the money in the accounts was criminal property. Further to Shah v HSBC Private Bank (UK)  EWCA Civ 31 (§24), the burden will be on the bank to prove, and adduce evidence, that it held a genuine suspicion that the customer was money laundering. This will be an issue for the bank to prove at trial. It is therefore imperative for bank employees to record clearly its suspicion underlying the SAR and retain these documents. Staff should also be prepared to provide witness statements to support their suspicion.
The Court held that the bank’s approach to determining whether information it held on Lonsdale was personal data was “clearly flawed”. Firms should be aware, if they were not already, that data concerning their suspicions about a customer and decisions to freeze and close accounts are likely to be held to relate to a customer and hence may be disclosable both as personal data and also as part of a defamation claim.
This document (and any information accessed through links in this document) is provided for information purposes only and does not constitute legal advice. Professional legal advice should be obtained before taking or refraining from any action as a result of the contents of this document.