Bank ordered to disclose suspicious activity reports to customer

Suspicious Activity Reports – a reminder

A bank may protect itself from committing a money laundering offence under the Proceeds of Crime Act 2002 by making a SAR to the National Crime Agency and obtaining appropriate consent.  When a SAR has been submitted a bank will freeze the suspicious accounts. If it has not received a ‘notice of refusal’ from the NCA within seven working days it may unfreeze the account.  The level of suspicion required to attach criminal liability to a bank for money laundering is low – and, in part, is a subjective test.  Banks are responsible for 82.85% of SARs submitted to the NCA². 

Bank submits SARs and freezes accounts

In March 2017 the bank froze a joint account belonging to one of its customers, a barrister, for eight days and in December it froze seven other accounts of the same customer – a personal account, another joint account and four accounts for businesses in which he was a director. The customer requested access to documents relating to the freezing of his accounts.  The bank provided limited documentary evidence, and did not disclose the SARs. 

Customer does not believe bank held genuine suspicion

The customer launched a multi-pronged attack on the bank’s actions, including making claims for breach of contract, defamation, breach of the Data Protection Act 1998 (the acts took place pre-GDPR) and also an application for disclosure of the SARs.  

Implicit in all these claims was the customer’s belief that the bank did not hold a genuine suspicion that the money in his accounts was the proceeds of crime, that his accounts had been unnecessarily suspended and his reputation damaged.

The customer wanted to see the SARs and information held by the bank relevant to its decision to make the SARs and freeze (and unfreeze) his accounts. He sought summary judgment on his claims (summarised below). 

Impact of decision

This was a summary judgment/strike out application, so is of limited precedent value.  The case has settled,  so we will not see the issues that arose fully resolved. 

We are not expecting this decision to cause a rush by customers to bring claims of this sort against banks:

• Courts have historically provided banks with considerable protection and discretion relating to SARs due to the fact that banks are merely seeking to help law enforcement and avoid criminal liability. The courts would not want to encourage civil claims of this sort.  

• It is hard to imagine why a bank would file a SAR without a genuinely held suspicion (even if that suspicion turns out to be unfounded).    

• Many customers would be deterred by the potential cost.  The claimant in this case was a barrister, who represented himself, so this aspect was less of an issue for him.  

The ruling does however provide a reminder that should a bank be faced with a similar claim, it is very unlikely to be able easily and quickly to defeat it (by way of strike out).  The ruling makes clear that the question of whether a bank has a genuine suspicion that money in an account was criminal property is a primary fact for the bank to prove at trial³.  

Banks may start receiving data subject access requests for personal data relating to SARs. The judge’s view on this summary judgment application was that there was a “strong case” that a bank’s deliberations and decision to submit SARs and freeze accounts constituted personal data, and that the bank had demonstrated “a flawed understanding of the scope of that concept”. Since it was a summary judgment application, the judge felt unable to address whether the exemption relating to the prevention or detection of crime was available stating “[t]here is no evidence before me regarding the likelihood of the provision of further personal data to Mr Lonsdale prejudicing the prevention and detection of crime.”  It is difficult to imagine that the rules relating to tipping-off would not prevail since it seems to be a paradigm example of what the crime exemption was aimed at (provided the bank held a genuine suspicion). It is a shame that the judge did not feel able to make this finding even on a summary basis. 

Looking ahead

There is a call for reform to the UK’s SARs regime. The OECD has criticised the UK for the low level of corruption enforcement activity from the current regime.  A UK Law Commission consultation states that there are on average 2000 SARs filed per day with the NCA, many of ‘low quality’, making it hard for investigation authorities to detect where the real risks are.

The low level test for suspicion for the substantive money laundering offences in the UK has also been criticised in the consultation. “A majority of stakeholders expressed the view that suspicion remains ill-defined, unclear and inconsistently applied by banks and businesses.” This leads to defensive reporting where reports are made more because of concerns regarding a failure to comply with POCA than because of genuine suspicion. 

The Law Commission recommends improvements to the SARs regime, in particular suggesting that better guidance on ‘suspicion’ would lead to better quality SARs.

If you would like to discuss the issues arising from this case, including how to respond to data subject access requests in the SARs context, please contact Arnondo Chakrabarti, Eve Giles or your normal Allen & Overy contact.