The disclosure regime for money laundering and terrorist financing is run by the financial intelligence unit within the Serious Organised Crime Agency (SOCA). SOCA was created on 3 April 2006 by the Serious Organised Crime and Police Act 2005. It is a law enforcement body devoted to dealing with organised crime within the UK and networking with other law enforcement agencies to combat global organised crime.
All persons within the regulated sector and MLROs have obligations under POCA to make disclosures of suspicions of money laundering.
In addition any person may need to make an authorised disclosure about criminal property.
All persons are required to make disclosures to SOCA of suspected terrorist financing.
The name given to the making of a disclosure to SOCA under either POCA or the Terrorism Act is a suspicious activity report (SAR). Suspicious activity reports submitted by the regulated sector are an important source of information used by SOCA in meeting its harm reduction agenda, and by law enforcement more generally.
Businesses are required to have procedures which provide for the nomination of a person a () to receive disclosures (internal reports) under Part 7 of POCA and which require that everyone in the business complies with Part 7 of POCA in terms of reporting knowledge, suspicion or reasonable grounds for knowledge or suspicion of money laundering.
Failure to report in accordance with Part 7 of POCA where the relevant information or other matter has been obtained through the course of work in the regulated sector is a criminal offence which can be committed by any individual (Section 330), or by the MLRO (Section 331). There is a similar offence for MLROs outside the regulated sector in Section 332.
An individual other than the MLRO fulfils his reporting obligations by making an internal report to his MLRO.
The MLRO is responsible for assessing internal reports, making further inquiries if need be (either within the business or using public domain information), and, if appropriate, filing SARs with SOCA.
When reports are properly made they are 'protected' under Section 337 in that nothing in them shall be taken to breach any restriction on the disclosure of information, however imposed.
A person who considers he may have engaged or is about to engage in money laundering, should make an 'authorised' disclosure (Section 338). Such a disclosure, provided it is made (and SOCA's consent to the act is obtained) before the act is carried out, or is made as soon as possible on the initiative of that person after the act is done and with good reason being shown for the delay, may provide a defence against charges of money laundering. When properly made such reports shall not be taken to breach any restriction on the disclosure of information, however imposed.
Consent may be sought from SOCA under Section 335 (and confirmed to the business by the MLRO under Section 336) to carry out activity that would otherwise be money laundering under Sections 327 to 329. If granted, the consent provides complete protection against charges of money laundering but only in respect of the activity covered by the consent.
The Terrorism Act 2000 provides for broadly equivalent provisions regarding the reporting of knowledge, suspicion or reasonable grounds for such of terrorist financing.
Where an obligation to report arises, the required disclosure comprises:
Care is needed to ensure that any information held concerning identity (such as date of birth, passport number, address, registration numbers for companies and so on) is included within the report as well as details of the laundered property and its whereabouts, where known, and reasons for knowledge or suspicion.
Even if the name of a suspect is not known, any information available which may assist in identifying the suspect or the whereabouts of any of the laundered property must be included in the report. For example, even if the business does not have the name of the suspect, if the business is aware the client holds the detail the report needs to reflect this as information which may assist in identifying the suspect.
In cases where the suspect is not known, another subject should be included in the report, whether this is the victim or another subject associated with the activity. The fact that in these cases the subject of the report is not a suspect should be made clear in the report.
The disclosure requirement relates to any information coming to a person in the course of business in the regulated sector, and not just information relating to clients and their affairs. This means that reports made may be required on the basis of information not only about clients, but about potential clients, associates and counterparties of clients, acquisition targets and even employees of businesses in the regulated sector.
Reports made in accordance with the provisions of POCA are made under either Section 337 (protected disclosures) or Section 338 (authorised disclosures).
A protected disclosure is any report made by a person providing the required disclosure, based on information or other matter coming to their attention in the course of their trade, profession, business or employment, where this information has led to knowledge or suspicion (or reasonable grounds for such) that another person is engaged in money laundering.
A protected disclosure may be made by any person forming a money laundering suspicion, at work or carrying out professional activities, whether or not acting within the regulated sector. This means that any individual or business, or other organisation (such as a charity) meeting these conditions may make a voluntary report to SOCA in the public interest and benefit from the protections contained in Section 337 against allegations of breach of confidentiality. In the regulated sector, such reports are compulsory (save where an exemption such as the privilege reporting exemptionapplies).
An authorised disclosure is a report made by a person who makes the disclosure:
Any report properly made under the provisions of Sections 337 and 338 cannot be taken to breach any restriction on disclosure of information, however this is imposed.
The 2007 Regulations require businesses to maintain internal reporting procedures that allow any individual in the business to submit to the MLRO a report of knowledge or suspicion or reasonable grounds for such, of money laundering. Only by doing this can the individual fulfil his obligations under Section 330 (or in exceptional circumstances, reporting direct to SOCA). Sole practitioners who do not employ any staff will simply make their own SARs directly to SOCA.
Under Section 330, the internal report must reach the MLRO – a report to a line manager or other colleagues is not enough to comply with the legislation. An individual may discuss his suspicion with managers or other colleagues to assure himself of the reasonableness of his conclusions but, other than in group reporting circumstances, the responsibility for reporting to the MLRO remains with him. It cannot be transferred to anyone else, however junior or senior they are.
Where a group (more than one individual) arrives at knowledge or reasonable suspicion together by consolidating their thoughts, a single internal report may be submitted, in terms agreed by those forming the suspicion and in the names of them all. This may occur, for example, where an engagement team has a reason to be suspicious.
There is no prescribed form of internal report.
The MLRO will be responsible for making decisions on whether the information contained in an internal report needs to be relayed to SOCA in the form of a SAR, and compiling and despatching the SAR to SOCA. The MLRO will also be responsible for determining whether consent is required to continue with the engagement or any aspect of it, and will usually be responsible for decisions on how business should be conducted pending receipt of consent.
SOCA has issued a preferred form to be completed when making a SAR, which is likely to become mandatory in the near future. SOCA has provided, where a link can be found to a glossary of codes to be used in the reasons for suspicion of the report, and from which SAR Online can be accessed.
Businesses should use SAR Online where possible. This securely encrypted system provided by SOCA allows businesses to register themselves and relevant contact persons, submit a SAR at any time of day and receive email confirmations of each SAR submitted.
SARs can still be submitted in hard copy, although they should be typed and on the preferred form. No acknowledgement is provided of any SARs sent this way. Where a business requires consent, it should send by fax not by post.
Hard copy SARs should be sent to:
PO Box 8000
London SE11 5EN
Fax: 020 7238 8256
Further information on making suspicious activity reports is contained below.
When first approached by a colleague with an internal report, there are two matters that an MLRO must consider immediately; whether an application for consent is required (see below) and whether or not the privilege reporting exemptionmay apply, as this exemption significantly affects not only whether a SAR must be made under the legislation, but also whether it may be made.
Once the MLRO receives an internal report, he must assess it and determine whether it meets the criteria laid down in Section 331, i.e.:
In each case the MLRO should ensure the report contains all the relevant information known to the individual(s) making the report and records all necessary aspects as follows:
The MLRO may also wish to make reasonable enquiries of other individuals and systems within the business. Such enquiries may either have the effect of confirming the knowledge or suspicion, or reasonable grounds for such, or may provide additional material which enables the cause of suspicion to be eliminated at which point the matter may be closed without a SAR being issued.
Once an MLRO has concluded a report is required, it should be prepared and submitted promptly to SOCA.
The requirement as to timing of reports is that a report should be made 'as soon as is practicable' after the information required is received. In practical terms, the interval between receiving an internal report and making a SAR will vary quite widely. Some matters may be disposed of very rapidly where all the information required to make a SAR is received with the first contact, and where this occurs a quick turnaround should be achieved. It is particularly important to work rapidly in matters where consent is required, or where 'money laundering in action' is suspected, i.e., another is engaged in current criminal activity which may provide law enforcement with opportunities to intervene. In other cases, where not all the required information is immediately to hand, or where there is material uncertainty as to whether the matter is reportable or not, the MLRO may reasonably choose to await further expected developments, and/or seek further information before making a reporting decision.
In preparing SARs, MLROs should seek to present information in a way that is clear and succinct. In particular:
If a business or an individual believes an activity they are going to undertake would constitute a money laundering offence under Sections 327 to 329 then they must make an authorised disclosure under Section 338 (or have a reasonable excuse for not having made such a report); and if the authorised report was made before the money laundering activity took place, the reporter must receive an appropriate consent (Section 335) before proceeding with the activity or an offence will be committed.
There is a similar consent defence to Sections 15 to 18 of the Terrorism Act 2000 if a disclosure is made to an authorised person before becoming involved in a transaction or an arrangement, and the person acts with the consent of an authorised officer.
The MLRO needs to consider carefully when preparing to make a SAR whether continuation of activity by the business in respect of the subject matter of the SAR may potentially involve the business in carrying out an act which would constitute a relevant offence.
Before applying for consent it is important to consider whether the proposed activity is a matter to which SOCA is empowered to consent. SOCA's power is strictly limited to being able to consent to activity that would otherwise be an offence under any of Sections 327 to 329 POCA or Sections 15 to 18 Terrorism Act 2000.
Some of the more common instances where consent may be required include:
Consent may only be requested on the basis of a properly submitted SAR, made under the provisions of Section 338. The 'consent required' option should be selected on all methods of submission to alert SOCA to the request and enable them to prioritise appropriately. In cases of real urgency, a telephone call may also be made to alert SOCA to any special circumstances.
The consent request should be clear as to the reasons for knowledge or suspicion, the intended activity, and the nature of the consent requested. Great care is needed when requesting consent to cover the extent of the intended activity in a way that makes it clear to SOCA exactly what is being requested. Too narrow a consent request may mean repeated requests will be required causing issues of cost and efficiency to the business and possibly unnecessary client service impact. Too broad or ill-defined a consent may well result in SOCA having to refuse consent or possibly even determining the request is not validly made as it does not show clearly the act or acts to be undertaken which would otherwise be a relevant offence.
Consent will frequently be received initially over the telephone from SOCA, and the name and contact number of the officer, and the consent reference should be noted on the MLRO records with the date and time of the call. Written confirmation ordinarily follows in due course but this may take several days and MLROs may rely on the telephone consent.
Once consent has been received by the MLRO under the provisions of Section335, he should then (under the provisions of Section 336) promptly inform the persons affected and give them clearance to continue their work, and any other guidance they might require as regards money laundering matters.
If a period of 7 working days, starting the first working day after the consent request is made (the notice period), has elapsed with no refusal having been received, consent is deemed to have been given and the activity may be allowed to continue.
If consent is refused during the notice period, then a further 31 days must elapse, starting with the day on which the consent is refused, before the activity may continue (the moratorium period). It may be that during either the notice period, or the moratorium period, action is taken by law enforcement which means that the activity may no longer be able to be continued (e.g. confiscation or other enforcement action may occur).
If no action has been taken to restrain the activity during the moratorium period, the activity may continue as planned.
Once a consent request has been made, the process must be adhered to and the activity that would otherwise be a relevant offence refrained from unless and until consent has been received (or the notice period expired), or in the event consent has been refused, until the moratorium period has expired. Failure to do so risks prosecution.
It is extremely difficult, in some cases, to explain to clients and other parties why activity has ceased in an unexpected fashion. Whilst SOCA will make every reasonable effort to deliver a rapid consent, in some cases the full 7 working days will be taken before a decision is reached whilst the matter is considered with law enforcement, and the potential for intervention in terms of confiscation, arrest etc. is considered.
There is nothing in the legislation which provides for how a business may/may not deal with the issues arising from delay. There is nothing which requires a business to lie to clients or other parties, and clearly to lie would be unacceptable conduct for a professional, but businesses must take into account the provisions of the offences concerning tipping off and prejudicing an investigation when informing parties of delays. If the delay is such as to cause the client or other parties to question the business as to the reasons for delay, businesses may be well advised simply and persistently to refuse to enter into any discussion of the matter and explain that, with regret, they are unable at this point to discuss the matter further. Clearly, this is not a form of behaviour or communication with clients that would normally be engaged in, but the period after a request for consent has been made is an exceptional period, although frequently of very short duration and manageable in the normal course of business.
In exceptional circumstances, where an unexpected delay in carrying out a service for a client is likely to alert a money launderer, in a way that could bring harm to an individual or the business or could materially undermine a criminal investigation, MLROs are recommended to ask SOCA to be put in touch with the law enforcement authority dealing with the situation, to discuss the circumstances.
Where client assets or monies are held, and in forming knowledge or suspicion of a relevant offence, businesses become concerned about potential third party claims to the assets or monies, appropriately qualified legal or professional advice should be sought. This is a complex area of law and any SOCA consent will not protect a business against the claims of a third party, but only against any accusation of a relevant offence. However, SOCA are aware of the need to avoid any unwarranted disadvantage accruing to the regulated sector, arising from issues of constructive trusts. Where constructive trusts could be an issue, businesses are strongly advised to draw this to the attention of SOCA when making a SAR, so that this can be taken into account in the way SOCA deals with the application for consent.
If clients or third parties become aware that an individual or business has made a SAR, this can have adverse effects on client relationships and may ultimately endanger the security of staff members. SOCA is required to treat your SARs confidentially. Where information from a SAR is disclosed for the purposes of law enforcement, care is taken to ensure that the identity of the reporter and their firm is not disclosed to other persons. Further, access to SAR information is now provided to end-users in law enforcement and similar agencies by SOCA only on condition that undertakings are taken as to compliance with Home Office guidance on preserving the confidentiality of SARs.
SOCA has provided a reporting line for concerns over breach of confidentiality by end-users of reports and details may be found on.
Whilst it is reasonable for the regulated sector to expect SOCA to make strenuous efforts to protect the confidentiality of those who make SARs, reporters should also take such steps as are available to them to protect the confidentiality of individuals and businesses and the information reported.
In making reports, MLROs should disclose information relevant to the suspicion or knowledge of the relevant offence and information necessary to allow the reader to gain a proper understanding of the matters reported. It is recommended that reporters:
Whilst it is reasonable for an MLRO to answer questions from a SOCA officer or a law enforcement officer aimed simply at clarifying the content of a SAR, any further disclosure to SOCA or law enforcement or prosecuting agencies should normally only be undertaken in response to the exercise of a power to obtain information contained in relevant legislation, or in compliance with professional guidance on the balance of confidentiality and making disclosures in the public interest. This provides protection for the MLRO and the business against any allegation of breach of confidentiality.
The Financial Intelligence Helpdesk can be contacted on 020 7238 8282. Businesses can contact SOCA on this number for: