Full disclosure: Where can documents disclosed to the regulator end up?

Confidential and highly sensitive information is routinely shared with the financial services regulators to enable them to perform their statutory functions. But with whom can the regulators share the information they receive? And how can those parties use the information?

There is a statutory prohibition (section 348 FSMA) restricting disclosure of confidential information shared with the Financial Conduct Authority (or other primary recipients, such as the Prudential Regulation Authority). However, the protection is not absolute, as illustrated in a decision published the other month by the Office of the Complaints Commissioner. Despite the prohibition, information was legally shared by the regulator with another government body via a statutory gateway, without consultation with the disclosing firm, to ultimately end up in the public domain.

What is the ambit of the statutory prohibition?

Section 348 generally restricts the FCA from disclosing "confidential information". This is information received by the FCA for the purposes of its statutory functions which relate to the business or affairs of any person. While very broad, the prohibition does not extent to information that is:

• already lawfully publicly available; or
• published by the FCA in the form of a summary or collection of information, so that it is not possible to ascertain information relating to any particular person (for example, anonymised or aggregated information).

There are, however, a number of circumstances where the FCA is permitted to disclose confidential information – including:

• with consent of the person who provided the information and, if different, the person to whom the information relates; or
• most importantly, where there is a statutory 'gateway' between the FCA and the third party recipient permitting the disclosure of information "for the purpose of carrying out a public function".

How did information end up before a Tribunal?

The complainant firm had commenced an appeal against HM Revenue and Customs in the First Tier Tribunal in relation to its tax assessment. In the context of that proceeding, HMRC asked the FCA for confidential information it held relating to the firm.

The FCA lawfully provided the information to HMRC, relying on the relevant statutory gateway. Following its own internal guidance, given the good quality of its relationship with the HMRC and the Memorandum of Understanding between them, the FCA did not consult the firm before doing so.

HMRC then sought the FCA's permission to put the information before the Tribunal as relevant evidence in the proceeding. The FCA granted the request. In exercising its discretion, the FCA gave weight to the fact that the firm would be able to make representations at trial as to whether (and to what extent) the Tribunal should consider the confidential information.

Ultimately, the information in question was found by the Tribunal to be irrelevant, and had no bearing on its decision (which was in favour of the firm). However, the firm suffered "permanent reputational damage" from the fact that the published Tribunal's decision referred to the confidential information.

No right to consultation

The complaint was not about the legality of the FCA's initial provision of the confidential information to the HMRC. Rather, the complainant firm argued that: (1) the FCA had a duty to take into account its views on disclosure of the information to the HMRC; and (2) the decision to allow HMRC to use the information in the Tribunal was unreasonable and reached without appropriate consideration.

The Commissioner rejected the complaint: he was satisfied that the FCA gave proper consideration to HMRC's request and applied its discretion in deciding not to inform the firm of the request, following its own policies and guidelines. There was no obligation on the FCA to consult the firm.

Statutory gateway

The decision offers an interesting insight into the FCA's approach when using the statutory gateway to disclose confidential information:

• The FCA’s view is that its use of a gateway is discretionary: availability of a gateway permits but does not mandate disclosure by the FCA in response to a voluntary request. However, the FCA would not consider itself able to rely on the section 348 prohibition to refuse a compelled request to provide information.
• The FCA does not consider that FSMA imposes any duty on it to consult the subject of the information where use of a gateway is being considered.
• The FCA has internal (privileged) guidance setting out various factors to be taken into account when determining whether or not to consult with the subject of the information to be disclosed. That guidance refers to a 'fairness' test. A relevant consideration for the FCA will be whether the recipient of the confidential information will be obliged to provide the subject of the information with an opportunity to make representations as to whether it should rely on the disclosed information.

Reading between the lines, it is clear that the FCA may in some cases choose to consult the subject of the information request before exercising its discretion to provide confidential information under a gateway. However, firms should be conscious that this will not always be the case – particularly in circumstances where the FCA is dealing with a regulator well known to it. For the narrow category of reports voluntarily provided by the firm, some additional comfort may be taken from Handbook guidance stating that the FCA will give careful consideration to the appropriateness of onward transmission of such a report, and the firm will normally be notified and given the opportunity to make representations about the proposed disclosure.