See how we helped Michael

"Fantastic! The legal document I used was so comprehensive and easy to complete. It is very reassuring to know my business now has this level of protection"

Michael S, London




The disclosure regime for money laundering and terrorist financing is run by the financial intelligence unit within the Serious Organised Crime Agency (SOCA). SOCA was created on 3 April 2006 by the Serious Organised Crime and Police Act 2005. It is a law enforcement body devoted to dealing with organised crime within the UK and networking with other law enforcement agencies to combat global organised crime.

Outline of the disclosure regime

All persons within the regulated sector and MLROs have obligations under POCA to make disclosures of suspicions of money laundering.

In addition any person may need to make an authorised disclosure about criminal property.

All persons are required to make disclosures to SOCA of suspected terrorist financing.

The name given to the making of a disclosure to SOCA under either POCA or the Terrorism Act is a suspicious activity report (SAR). Suspicious activity reports submitted by the regulated sector are an important source of information used by SOCA in meeting its harm reduction agenda, and by law enforcement more generally.

Businesses are required to have procedures which provide for the nomination of a person a (Money laundering reporting officer) to receive disclosures (internal reports) under Part 7 of POCA and which require that everyone in the business complies with Part 7 of POCA in terms of reporting knowledge, suspicion or reasonable grounds for knowledge or suspicion of money laundering.

Failure to report in accordance with Part 7 of POCA where the relevant information or other matter has been obtained through the course of work in the regulated sector is a criminal offence which can be committed by any individual (Section 330), or by the MLRO (Section 331). There is a similar offence for MLROs outside the regulated sector in Section 332.

An individual other than the MLRO fulfils his reporting obligations by making an internal report to his MLRO.

The MLRO is responsible for assessing internal reports, making further inquiries if need be (either within the business or using public domain information), and, if appropriate, filing SARs with SOCA.

When reports are properly made they are 'protected' under Section 337 in that nothing in them shall be taken to breach any restriction on the disclosure of information, however imposed.

A person who considers he may have engaged or is about to engage in money laundering, should make an 'authorised' disclosure (Section 338). Such a disclosure, provided it is made (and SOCA's consent to the act is obtained) before the act is carried out, or is made as soon as possible on the initiative of that person after the act is done and with good reason being shown for the delay, may provide a defence against charges of money laundering. When properly made such reports shall not be taken to breach any restriction on the disclosure of information, however imposed.

Consent may be sought from SOCA under Section 335 (and confirmed to the business by the MLRO under Section 336) to carry out activity that would otherwise be money laundering under Sections 327 to 329. If granted, the consent provides complete protection against charges of money laundering but only in respect of the activity covered by the consent.

The Terrorism Act 2000 provides for broadly equivalent provisions regarding the reporting of knowledge, suspicion or reasonable grounds for such of terrorist financing.

Where an obligation to report arises, the required disclosure comprises:

  • The identity of the suspect (if known)
  • Information or other matter on which the knowledge or suspicion of money laundering (or reasonable grounds for such) is based
  • The whereabouts of the laundered property (if known)

Care is needed to ensure that any information held concerning identity (such as date of birth, passport number, address, registration numbers for companies and so on) is included within the report as well as details of the laundered property and its whereabouts, where known, and reasons for knowledge or suspicion.

Even if the name of a suspect is not known, any information available which may assist in identifying the suspect or the whereabouts of any of the laundered property must be included in the report. For example, even if the business does not have the name of the suspect, if the business is aware the client holds the detail the report needs to reflect this as information which may assist in identifying the suspect.

In cases where the suspect is not known, another subject should be included in the report, whether this is the victim or another subject associated with the activity. The fact that in these cases the subject of the report is not a suspect should be made clear in the report.

The disclosure requirement relates to any information coming to a person in the course of business in the regulated sector, and not just information relating to clients and their affairs. This means that reports made may be required on the basis of information not only about clients, but about potential clients, associates and counterparties of clients, acquisition targets and even employees of businesses in the regulated sector.

Types of report

Reports made in accordance with the provisions of POCA are made under either Section 337 (protected disclosures) or Section 338 (authorised disclosures).

The Protected Disclosure

A protected disclosure is any report made by a person providing the required disclosure, based on information or other matter coming to their attention in the course of their trade, profession, business or employment, where this information has led to knowledge or suspicion (or reasonable grounds for such) that another person is engaged in money laundering.

A protected disclosure may be made by any person forming a money laundering suspicion, at work or carrying out professional activities, whether or not acting within the regulated sector. This means that any individual or business, or other organisation (such as a charity) meeting these conditions may make a voluntary report to SOCA in the public interest and benefit from the protections contained in Section 337 against allegations of breach of confidentiality. In the regulated sector, such reports are compulsory (save where an exemption such as the privilege reporting exemption (Privileged circumstances) applies).

The Authorised Disclosure

An authorised disclosure is a report made by a person who makes the disclosure:

  • Before he has carried out a prohibited act (i.e. done something which would constitute a money laundering offence); or
  • Whilst he is doing the prohibited act, or after he has done such an act provided that when he started to do the act he didn't realise that it was money laundering (i.e., did not realise that criminal property was involved) and made the report on his own initiative as soon as he knew or suspected criminal property was involved; or
  • After he has done the prohibited act, provided that there was good reason for not reporting before he committed the act, and he made the report on his own initiative as soon as it was practicable to make it. There is no guidance in POCA as to what might constitute 'good reason', but this is likely to be applied narrowly.

Any report properly made under the provisions of Sections 337 and 338 cannot be taken to breach any restriction on disclosure of information, however this is imposed.

How to report

Internal reports to the MLRO

The 2007 Regulations require businesses to maintain internal reporting procedures that allow any individual in the business to submit to the MLRO a report of knowledge or suspicion or reasonable grounds for such, of money laundering. Only by doing this can the individual fulfil his obligations under Section 330 (or in exceptional circumstances, reporting direct to SOCA). Sole practitioners who do not employ any staff will simply make their own SARs directly to SOCA.

Under Section 330, the internal report must reach the MLRO – a report to a line manager or other colleagues is not enough to comply with the legislation. An individual may discuss his suspicion with managers or other colleagues to assure himself of the reasonableness of his conclusions but, other than in group reporting circumstances, the responsibility for reporting to the MLRO remains with him. It cannot be transferred to anyone else, however junior or senior they are.

Where a group (more than one individual) arrives at knowledge or reasonable suspicion together by consolidating their thoughts, a single internal report may be submitted, in terms agreed by those forming the suspicion and in the names of them all. This may occur, for example, where an engagement team has a reason to be suspicious.

There is no prescribed form of internal report.

Reports to SOCA

The MLRO will be responsible for making decisions on whether the information contained in an internal report needs to be relayed to SOCA in the form of a SAR, and compiling and despatching the SAR to SOCA. The MLRO will also be responsible for determining whether consent is required to continue with the engagement or any aspect of it, and will usually be responsible for decisions on how business should be conducted pending receipt of consent.

SOCA has issued a preferred form to be completed when making a SAR, which is likely to become mandatory in the near future. SOCA has provided information on completing the preferred SARs form, where a link can be found to a glossary of codes to be used in the reasons for suspicion of the report, and from which SAR Online can be accessed.

Businesses should use SAR Online where possible. This securely encrypted system provided by SOCA allows businesses to register themselves and relevant contact persons, submit a SAR at any time of day and receive email confirmations of each SAR submitted.

SARs can still be submitted in hard copy, although they should be typed and on the preferred form. No acknowledgement is provided of any SARs sent this way. Where a business requires consent, it should send by fax not by post.

Hard copy SARs should be sent to:


PO Box 8000

London SE11 5EN

Fax: 020 7238 8256

Further information on making suspicious activity reports is contained below.

Assessing internal reports

When first approached by a colleague with an internal report, there are two matters that an MLRO must consider immediately; whether an application for consent is required (see below) and whether or not the privilege reporting exemption (Privileged circumstances) may apply, as this exemption significantly affects not only whether a SAR must be made under the legislation, but also whether it may be made.

Once the MLRO receives an internal report, he must assess it and determine whether it meets the criteria laid down in Section 331, i.e.:

  • Does he know, suspect or have reasonable grounds to know or suspect that another person is engaged in money laundering; and
  • Did the information or other matter giving rise to the knowledge or suspicion come to him in a disclosure made under Section 330; and
  • Does he know the name of the other person or the whereabouts of any laundered property from the Section 330 disclosure; or
  • Can he identify the other person or the whereabouts of any laundered property from information or other matter contained in the Section 330 disclosure; or
  • Does he believe, or is it reasonable for him to believe, that the information or other matter contained in the Section 330 disclosure will or may assist in identifying the other person or the whereabouts of any laundered property.

In each case the MLRO should ensure the report contains all the relevant information known to the individual(s) making the report and records all necessary aspects as follows:

  • Who is making the report
  • The date of the report
  • Who is suspected or information that may assist in ascertaining the identity of the suspect (which may simply be details of the victim and the fact that the victim knows the identity but this is not information to which the business is privy in the ordinary course of its work)
  • Who is otherwise involved in or associated with the matter and in what way
  • What the facts are
  • What is suspected and why
  • Information regarding the whereabouts of any criminal property or information that may assist in ascertaining it (which may simply be the details of the victim who has further information but this is not information to which the business is privy in the ordinary course of its work)
  • What involvement does the business have with the issue in order that requirements for consent, the need for consideration of tipping off issues, basis of continuance of work and any other necessary guidance for engagement staff may be considered

The MLRO may also wish to make reasonable enquiries of other individuals and systems within the business. Such enquiries may either have the effect of confirming the knowledge or suspicion, or reasonable grounds for such, or may provide additional material which enables the cause of suspicion to be eliminated at which point the matter may be closed without a SAR being issued.

Making external reports

Once an MLRO has concluded a report is required, it should be prepared and submitted promptly to SOCA.

The requirement as to timing of reports is that a report should be made 'as soon as is practicable' after the information required is received. In practical terms, the interval between receiving an internal report and making a SAR will vary quite widely. Some matters may be disposed of very rapidly where all the information required to make a SAR is received with the first contact, and where this occurs a quick turnaround should be achieved. It is particularly important to work rapidly in matters where consent is required, or where 'money laundering in action' is suspected, i.e., another is engaged in current criminal activity which may provide law enforcement with opportunities to intervene. In other cases, where not all the required information is immediately to hand, or where there is material uncertainty as to whether the matter is reportable or not, the MLRO may reasonably choose to await further expected developments, and/or seek further information before making a reporting decision.

In preparing SARs, MLROs should seek to present information in a way that is clear and succinct. In particular:

  • The full name of the reporting business must be provided and the internal reference for the report should be provided in each case
  • Identification information held by the business (name, address, date of birth, registration numbers etc.) must be presented in the appropriate fields of the preferred form
  • Where it assists in explaining the matter being reported, it may be appropriate to include a number of subjects in the report, providing such identification information as is known in the manner above for each of them
  • For each subject their role, as far as it is known, in the matter should be made clear and the options of flagging each subject as suspect/victim/unknown used as appropriate
  • Where bank account/transaction details are available and relevant, these should be included in the appropriate fields
  • The activity observed should be explained clearly in the reasons for suspicion field, without using jargon or terms which might not be readily understood and, as far as known, giving details of when events occurred
  • Features of the activity which are unusual or are considered to denote either a predicate offence to money laundering, or money laundering, should be highlighted as such
  • Such information held as to the whereabouts of any laundered property should be given
  • The information given in the reasons for suspicion field should be succinct
  • The report should be submitted without any supporting documents and accordingly should be able to stand alone to explain the suspicion through provision of the information comprising the required disclosure


If a business or an individual believes an activity they are going to undertake would constitute a money laundering offence under Sections 327 to 329 then they must make an authorised disclosure under Section 338 (or have a reasonable excuse for not having made such a report); and if the authorised report was made before the money laundering activity took place, the reporter must receive an appropriate consent (Section 335) before proceeding with the activity or an offence will be committed.

There is a similar consent defence to Sections 15 to 18 of the Terrorism Act 2000 if a disclosure is made to an authorised person before becoming involved in a transaction or an arrangement, and the person acts with the consent of an authorised officer.

The MLRO needs to consider carefully when preparing to make a SAR whether continuation of activity by the business in respect of the subject matter of the SAR may potentially involve the business in carrying out an act which would constitute a relevant offence.

Before applying for consent it is important to consider whether the proposed activity is a matter to which SOCA is empowered to consent. SOCA's power is strictly limited to being able to consent to activity that would otherwise be an offence under any of Sections 327 to 329 POCA or Sections 15 to 18 Terrorism Act 2000.

Some of the more common instances where consent may be required include:

  • Acting as an insolvency officeholder where there is knowledge or suspicion either that the assets may in whole or in part represent criminal property, or where the insolvent entity may enter into or become concerned in an arrangement under Section 328
  • Designing and implementing trust and company structures for clients, including acting as trustees or company officers, where there is knowledge or suspicion that these structures are being, or may be about to be, used to launder money
  • Acting on behalf of the client in the negotiation and implementation of transactions where these involve an element of criminal property being either bought or sold by a client, for example corporate acquisitions
  • Handling money in client accounts which is suspected to be of criminal origin
  • Providing outsourced business processing for clients where money is suspected to be of criminal origin

Consent may only be requested on the basis of a properly submitted SAR, made under the provisions of Section 338. The 'consent required' option should be selected on all methods of submission to alert SOCA to the request and enable them to prioritise appropriately. In cases of real urgency, a telephone call may also be made to alert SOCA to any special circumstances.

The consent request should be clear as to the reasons for knowledge or suspicion, the intended activity, and the nature of the consent requested. Great care is needed when requesting consent to cover the extent of the intended activity in a way that makes it clear to SOCA exactly what is being requested. Too narrow a consent request may mean repeated requests will be required causing issues of cost and efficiency to the business and possibly unnecessary client service impact. Too broad or ill-defined a consent may well result in SOCA having to refuse consent or possibly even determining the request is not validly made as it does not show clearly the act or acts to be undertaken which would otherwise be a relevant offence.

Consent will frequently be received initially over the telephone from SOCA, and the name and contact number of the officer, and the consent reference should be noted on the MLRO records with the date and time of the call. Written confirmation ordinarily follows in due course but this may take several days and MLROs may rely on the telephone consent.

Once consent has been received by the MLRO under the provisions of Section335, he should then (under the provisions of Section 336) promptly inform the persons affected and give them clearance to continue their work, and any other guidance they might require as regards money laundering matters.

If a period of 7 working days, starting the first working day after the consent request is made (the notice period), has elapsed with no refusal having been received, consent is deemed to have been given and the activity may be allowed to continue.

If consent is refused during the notice period, then a further 31 days must elapse, starting with the day on which the consent is refused, before the activity may continue (the moratorium period). It may be that during either the notice period, or the moratorium period, action is taken by law enforcement which means that the activity may no longer be able to be continued (e.g. confiscation or other enforcement action may occur).

If no action has been taken to restrain the activity during the moratorium period, the activity may continue as planned.

Once a consent request has been made, the process must be adhered to and the activity that would otherwise be a relevant offence refrained from unless and until consent has been received (or the notice period expired), or in the event consent has been refused, until the moratorium period has expired. Failure to do so risks prosecution.

It is extremely difficult, in some cases, to explain to clients and other parties why activity has ceased in an unexpected fashion. Whilst SOCA will make every reasonable effort to deliver a rapid consent, in some cases the full 7 working days will be taken before a decision is reached whilst the matter is considered with law enforcement, and the potential for intervention in terms of confiscation, arrest etc. is considered.

There is nothing in the legislation which provides for how a business may/may not deal with the issues arising from delay. There is nothing which requires a business to lie to clients or other parties, and clearly to lie would be unacceptable conduct for a professional, but businesses must take into account the provisions of the offences concerning tipping off and prejudicing an investigation when informing parties of delays. If the delay is such as to cause the client or other parties to question the business as to the reasons for delay, businesses may be well advised simply and persistently to refuse to enter into any discussion of the matter and explain that, with regret, they are unable at this point to discuss the matter further. Clearly, this is not a form of behaviour or communication with clients that would normally be engaged in, but the period after a request for consent has been made is an exceptional period, although frequently of very short duration and manageable in the normal course of business.

In exceptional circumstances, where an unexpected delay in carrying out a service for a client is likely to alert a money launderer, in a way that could bring harm to an individual or the business or could materially undermine a criminal investigation, MLROs are recommended to ask SOCA to be put in touch with the law enforcement authority dealing with the situation, to discuss the circumstances.

Constructive trusts

Where client assets or monies are held, and in forming knowledge or suspicion of a relevant offence, businesses become concerned about potential third party claims to the assets or monies, appropriately qualified legal or professional advice should be sought. This is a complex area of law and any SOCA consent will not protect a business against the claims of a third party, but only against any accusation of a relevant offence. However, SOCA are aware of the need to avoid any unwarranted disadvantage accruing to the regulated sector, arising from issues of constructive trusts. Where constructive trusts could be an issue, businesses are strongly advised to draw this to the attention of SOCA when making a SAR, so that this can be taken into account in the way SOCA deals with the application for consent.

Confidentiality of SARs

If clients or third parties become aware that an individual or business has made a SAR, this can have adverse effects on client relationships and may ultimately endanger the security of staff members. SOCA is required to treat your SARs confidentially. Where information from a SAR is disclosed for the purposes of law enforcement, care is taken to ensure that the identity of the reporter and their firm is not disclosed to other persons. Further, access to SAR information is now provided to end-users in law enforcement and similar agencies by SOCA only on condition that undertakings are taken as to compliance with Home Office guidance on preserving the confidentiality of SARs.

SOCA has provided a reporting line for concerns over breach of confidentiality by end-users of reports and details may be found on Breach Line.

Whilst it is reasonable for the regulated sector to expect SOCA to make strenuous efforts to protect the confidentiality of those who make SARs, reporters should also take such steps as are available to them to protect the confidentiality of individuals and businesses and the information reported.

In making reports, MLROs should disclose information relevant to the suspicion or knowledge of the relevant offence and information necessary to allow the reader to gain a proper understanding of the matters reported. It is recommended that reporters:

  • Refrain from including other confidential information where this is not required for compliance with obligations under POCA
  • Show the name of the business, individual, or MLRO submitting the report only once in the source ID field but nowhere else in the report
  • Do not include names of personnel who made internal reports to the MLRO
  • Only include parties as subjects where this information is necessary for an understanding of the report, or to meet the standards of the required disclosure
  • Highlight clearly in the reasons for suspicion/disclosure field any particular concern the reporter has about safety (in physical, reputational or other terms)

Whilst it is reasonable for an MLRO to answer questions from a SOCA officer or a law enforcement officer aimed simply at clarifying the content of a SAR, any further disclosure to SOCA or law enforcement or prosecuting agencies should normally only be undertaken in response to the exercise of a power to obtain information contained in relevant legislation, or in compliance with professional guidance on the balance of confidentiality and making disclosures in the public interest. This provides protection for the MLRO and the business against any allegation of breach of confidentiality.

Financial Intelligence Helpdesk

The Financial Intelligence Helpdesk can be contacted on 020 7238 8282. Businesses can contact SOCA on this number for:

  • Help in submitting a SAR or with the SARs Online system
  • Help on consent issues
  • Assessing the risk of tipping off so it knows whether disclosing information about a particular SAR would prejudice an investigation

Copyright © 2024 Epoq Group Ltd. All trademarks acknowledged, all rights reserved

This website is operated by Epoq Legal Ltd, registered in England and Wales, company number 3707955, whose registered office is at 2 Imperial Place, Maxwell Road, Borehamwood, Hertfordshire, WD6 1JN. Epoq Legal Ltd is authorised and regulated by the Solicitors Regulation Authority (SRA number 645296).

Our use of cookies

We use necessary cookies to make our site work. We would also like to set some optional cookies. We won't set these optional cookies unless you enable them. Please choose whether this site may use optional cookies by selecting 'On' or 'Off' for each category below. Using this tool will set a cookie on your device to remember your preferences.

For more detailed information about the cookies we use, see our Cookie notice.

Necessary cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Functionality cookies

We'd like to set cookies to provide you with a better customer experience. For more information on these cookies, please see our cookie notice.