Disclosure of Suspicious Activity Reports

11 Feb 2019

The U.K. case of Lonsdale v National Westminster Bank plc [2018] EWHC 1843(QB) has revealed that Suspicious Activity Reports (SARs) are not always confidential and may be disclosable under a Subject Access Request as well as to an opponent in court proceedings. There is also need for careful consideration to be given to the SARs’ content since they might be a basis for a claim, defamation or otherwise.

David Lonsdale, a London-based barrister, had seven accounts with NatWest Bank. In March 2017, this bank froze one of his accounts while making a money laundering suspicious activity report to the National Crime Agency and some months later, it froze all of them for the same reason. Afterwards, Mr. Lonsdale started court proceedings against the Bank for breach of contract, breach of the Data Protection Act 1998 and defamation.
Mr. Lonsdale applied within the court proceedings to inspect the SARs and sought disclosure of personal information pursuant to the applicable data protection laws.

High Court noted that the bank’s decision to submit SARs and freeze accounts were personal data and thus the bank should have considered whether the exemptions under the relevant data protection laws were applicable. It concluded that the bank did not prove that the inspections of SARs were a tipping-off offence under the Proceeds of Crime Act 2002 and that the SARs were required to be kept confidential considering that the SARs were plainly relevant to the claim so as to assess whether the Bank genuinely held the relevant suspicion, which was the key issue in the claim for breach of contract and since they were the primary communications that the Claimant alleged to be defamatory.

Therefore, Mr. Lonsdale was entitled to receive copies of them following a Subject Access Request and the Court ordered the Bank to disclose the SARs in question.

Conclusion
Suspicions of money laundering submitted to the relevant authorities may amount to personal data and be disclosable.

Companies should be careful when submitting a SAR and make sure that the requirements for doing so are fulfilled. They should also draft SARs carefully, as they are not always to be held to be confidential and may be disclosable in court proceedings and form the basis of a claim, in defamation or otherwise.

RELATED NEWS

Skalatimes interview with our partner, Iosif Frangos
Privacy due diligence in M & As - What Marriott Hotels’ cyber incident teaches us
One Year of GDPR: The Aftermath in Cyprus and abroad
Greek Oil Company Responsible for Data Leak

Location


10 Patron Street,
6051 Larnaca, Cyprus

Email


Contact us via email
info@privacyminders.com

Phone


Tel: +357 24812581/82
Fax: +357 24812583