Question for Short Debate
My Lords, dinner hour debates in your Lordships' House are often a welcome interlude between two lengthy sessions devoted to the House’s primary function of rigorously scrutinising and, where necessary, amending the contents of the Government’s legislative programme, an interlude during which we can look at wider horizons and examine issues falling outside the purely legislative framework. I know that that is not the situation tonight but that is by happenstance rather than by design. However, this dinner hour debate is not one of those occasions. It is rather, as I will seek to show in a minute or two, the combination of a long process during which the European Union Select Committee has pressed the Government, eventually with some success, to modify the way in which they implement a particular legislative framework, in this case one based on an EU obligation to clamp down on money laundering. It is therefore in a way an example of that post-legislative scrutiny for which so many calls are made and of which there are few practical examples. It also involves an issue that concerns the balance to be achieved between the unquestionable need to take tough action against a form of criminal activity which has grown exponentially in recent years—namely, money laundering, with the liberalisation of capital movements on a global basis driving it—and the need to respect the protection of the individual against disproportionate action by the state and against the use of information for purposes other than those originally intended. It is therefore very much a piece, albeit a small piece, of that agenda for restoring freedom which the coalition Government have set as one of their principal objectives.
If these introductory remarks may seem a trifle self-congratulatory, I should point out that the whole process was initiated by my predecessor as the chair of the EU Select Committee’s sub-committee on home affairs, the noble Lord, Lord Jopling, and brought to fruition, with rather more delay than we would have wished, only under my own chairmanship. The purpose of this short debate is not simply to ask a question but to receive a detailed answer setting out the changes in the implementation of the rules against money laundering which the Government are now introducing. With that in mind, I look forward with anticipation to the reply of the noble Lord, Lord Henley.
Many of the matters the sub-committee looks at are concerned with the use of personal data in the fight against terrorism and other serious organised crime. The use of personal data is essential for these purposes, and the committee has always said as much. We have been quite clear on that point, but we have also been concerned that personal data should be properly used and not in any circumstances abused. The balance between the interests of national security and data protection is not an easy one to strike. It is something we have considered a number of times, among others in the context of the Schengen Information System and of the proposed EU legislation on passenger name record data, which is currently under consideration in Brussels. Tonight we are considering how that balance is best achieved in the fight against money laundering.
The committee’s involvement arose in the context of our inquiry in 2009 into money laundering and the financing of terrorism. Under the Money Laundering Regulations 2007, which implement the third money laundering directive, banks, other financial institutions, lawyers, accountants, auditors, insurers and many others are required to report to the Serious Organised Crime Agency (SOCA) any transaction or activity which seems to involve funds which are the proceeds of criminal activity. Knowledge is unnecessary. It is a suspicion based regime, and the reports are known as suspicious activity reports, or SARs. As the bankers told us in the evidence we took, “If you smell a rat, you must report it”. We did not then, and I do not now, question the utility of this; it is central to the fight against money laundering. However, we did, and still do, have concerns about the handling of the data. SARs are entered by SOCA onto a database known as ELMER, which is in effect a database of suspects, and, given the number of reports, a very large database indeed. At the time of our 2009 report, there were 1.5 million entries, and the number increases by 200,000 every year. Access to the ELMER database is available, as one might expect, to police forces and others responsible for prosecuting serious crime. However, we discovered that the data were much more widely available; for example, to trading standards authorities, and to Nottinghamshire County Council to investigate housing benefit fraud. This seemed to us to be an unwarranted use of information collected for a quite different purpose.
The committee recommended that the Information Commissioner should review and report on the operation and use of the ELMER database. I pay tribute to the noble Lord, Lord Marlesford, who was then a member of the committee, and who is unfortunately unable to be present tonight, for the persistence with which he pursued this with the Government. Eventually they agreed and the matter was referred to the Information Commissioner. The Information Commissioner conducted a full investigation and prepared a report which he sent to the chairman of the European Union Committee on 29 November 2010—slightly more than a year ago. We published it in January 2011 as an appendix to the report which we are now debating.
The Information Commissioner made four detailed recommendations as to how SOCA might improve the data protection regime of ELMER. Over the past year, we have been monitoring how those recommendations have been implemented. We have had letters from SOCA and from James Brokenshire MP, the Home Office Minister, and in October we held a very useful oral evidence session with the Information Commissioner and the Director of SOCA. Since then, we have received further information from SOCA.
Our first concern was the period for which the data are retained on the database. This used to be 10 years. The Information Commissioner suggested that five years might be more appropriate, but agreed on six years. In his latest letter, the director of SOCA has told us that as of 31 October this year SOCA had deleted some 119,000 records and intended to delete a further 600,000 by the end of this year. This would leave some 1.3 million records on the database—still a very large number. It compares unfavourably with the number on the database at the end of September 2007, which was 932,324. I hope the Minister can tell me when he expects that all records over six years old that are not being used for investigations will have been deleted, how many records he estimates will then remain on the database, and whether the number is likely then still to be increasing every year.
Our other main concern was the range of persons and bodies with access to the database, and the purposes for which the SARs data could be used. I am relieved to hear that all the arrangements for local authorities to have direct access to the database have been terminated. I note that local authorities can still have indirect access to SARs by requesting SOCA to search the database. I should be happier if the Minister could assure the House that local authorities will never have access in any other way, even if they meet the new and more stringent requirements for direct access.
In all the detailed criteria for direct access to suspicious activity reports, I could not find any limitation on the purposes for which the data can be used once they have been accessed. Could they still be used to investigate housing benefit fraud? This is not something that most people would class as serious organised crime. These are still matters about which I and the committee have some reservations, but overall the position has greatly improved over the past year. The hundreds of thousands of people who do not know that their financial transactions are listed on this database have reason to be grateful to the Information Commissioner for his review and his proposals, to SOCA for its implementation of them, although it is still incomplete, and, dare I say it, perhaps even to this committee and to this House for having set the ball rolling. We hope to receive from SOCA over the coming months further details of its implementation of the Information Commissioner’s proposals.
There is one other matter arising out of the committee’s report on money laundering, which has been the subject of correspondence with a number of government departments—the assembling of ransoms for ships and crews seized by Somali pirates. The committee recognises that this activity is not, in the present state of British law, in any way illegal. However, we can see no justification at all for the view that appears to be taken by the Government that those assembling such ransoms do not need to file a suspicious activity report. After all, the money involved is quite certainly set to become the proceeds of crime. The people to whom that money is being paid are certainly criminals and the chances that the money will subsequently be laundered must be very high, even if there is not also at least a risk that it will end up financing terrorist activities. In those circumstances, it seems to me and to my committee odd, to put it mildly, that the Government do not make it clear that an SAR should be filed, particularly since that would in no way constitute an admission of wrongdoing by those assembling the ransoms.
I am afraid that our attempts to address this point through correspondence have been met by evasion and obfuscation. I hope that the Minister can give the House a clearer and more convincing response when he replies to my Question.
My Lords, I am sure that the whole House will very much appreciate the sensible comments of the noble Lord, Lord Hannay of Chiswick. It has been some time between the publication of the report in January and this debate. Perhaps there is an important point there about the need for greater speed on a matter of enormous interest to large numbers of people. I commend the report in every way and, on these Benches, we give full support to the main points to which the noble Lord, Lord Hannay, referred and to the other details in the report.
I must declare an interest as a member of the full European Union Committee, which by implication and by asserting itself in the background has given its support to this report. Sub-committees’ reports are always published as reports of the whole committee. I hope that the Minister will respond positively to some of the important points made by the noble Lord, Lord Hannay. I add my support to his comments at the end of his speech about the problem of ship ransoms, which needs to be dealt with.
The need to find a balance in these matters is always difficult, as the noble Lord declared. I agree, and the balance will be a question of continued supervision and surveillance as time goes on, and is not an easy matter. However, we live in a world where not only technology but international capital transactions and flows have improved. As has been said, there has been the removal of national and collective exchange controls of one kind or another—particularly in this country many years ago. There have also been other developments on a rapid scale in the use of the internet and communications systems. People with crime as their intention and activity, rather than just ordinary citizens in different countries, use the same systems and technologies as others to pursue their very evil objectives in the field of terrorism and the organisation of serious crime, which is in many ways a worldwide phenomenon on a gigantic scale. The statistics are very chilling indeed when one begins to examine those matters in depth.
Therefore, that balance and government rules on access to details on any database that is growing exponentially have, as has been said, produced a great deal of anxiety among the highly educated citizens of advanced countries and others in the world who are wondering how this balance will be maintained in the future. It is very difficult.
It is not right for us automatically to begin to criticise the authorities and the Government for how they deal with this because, for them, it is a difficult balance. They must support the agencies of protection for us—the secret services as well as the police authorities, our other security agencies and the military—in how they defend this country by their resistance to the ominous developing activities in serious organised crime and worldwide terrorism. But they must protect the sacred freedom of the individual citizen from the ever-more intrusive snooping that public authorities can easily slide into if they do not have the necessary legislative and administrative controls and fierce determination by Ministers to ensure that that control is exercised practically to help the citizens of this country dealing in innocent transactions which are wrongly put onto a database for reasons that need to be explained.
I was very impressed with some of the suggestions made in the latest report which, as the noble Lord, Lord Hannay, said, followed the original report under the noble Lord, Lord Jopling, from the same Sub-Committee on Home Affairs. In the recommendation for future action on page 19, paragraph 6.1 states:
“The Commissioner makes a number of recommendations to help ensure that the processing of personal data on the ELMER database complies with the requirements of the Data Protection Act and on the legislative approach to the reporting of suspicious financial activity”.
There is a mention below in the subsequent parts of paragraph 6. In paragraph 6.1.5, the sub-committee suggests:
“That the Government considers whether, in the light of experience, the current arrangements for reporting of SARs continue to be justified, whether they are both effective and proportionate and whether they could be improved. Consideration should be given to whether there is a pressing social need to justify the requirement to report any transaction which is based on a very low threshold of suspicion that handling criminal property or money laundering is taking place”.
In relation to the accumulation of names and information on the database at a very rapid rate, the exclusions announced by the Information Commissioner have been very modest. I should have thought that the number could be greater and I look forward to the Minister’s response on how he thinks that process is developing.
In the original July 2009 report on money-laundering and the finance of terrorism, the wider subject, rather than the more narrow one on money-laundering and data protection for suspicious activity, the definitional base of what is money-laundering was set out very clearly. That, too, needs more attention to detail as experience has developed of the phenomenology of money laundering, the detail of how it is done. The knowledge of public authorities about that is not perfect; they need to investigate more and share information with other Governments and collective bodies such as the European Union. We need to consider future EU legislation to strengthen the European basis for the control system without, as I said, denting significantly the precious freedom of the individual citizen, which I hope is dear to everyone in this House.
We strongly support the contents of the report and the suggestions made by the noble Lord, Lord Hannay, tonight, particularly his final remarks on ships’ ransom construction, and hope that they will be met with agreement in all parts of the House, subject to what my noble friend can say to us to guide us on how the Government will deal with those matters with the Information Commissioner.
My Lords, this is an opportunity for me to share with the House what a joy it is to serve on this committee under the chairmanship of the noble Lord, Lord Hannay. He is a tough chairman, a firm chairman, never short of his own ideas; but it is really stimulating to work with him. For me, this is not a new experience because more than 30 years ago, when I was a Minister of State in the Foreign Office, he was one of the young, immensely able, talented civil servants with whom it was good to be able to work. I am therefore having another exposure to what he brings to public affairs, which is altogether good. I say thank you.
On the report itself, with which the noble Lord has dealt as well as anyone possibly could, I have just two general points to make which struck me during our deliberations. The first is how dealing with this kind of crime and others which we considered has become immensely more challenging and complex because of the impossibility of seeing a clear dividing line between legitimate and illegitimate business. This must be a huge challenge to all those who try to police what goes on in international operations. Therefore, I think that a tribute to those who are involved in that work is timely.
The second thing that strikes me equally is the vast amount of personal information which is now available to those involved in government at a national and local level. It is a matter of not just the amount of information and how it is kept secure for the purposes for which it has been gathered but the very large number of people who are involved in the operation. I am always brought back to the old adage that “confidential” means telling other people one at a time. I find it very difficult to imagine that we can have a really watertight situation in which all this information is preserved simply for the purposes for which it was gathered. That is not to call into question the good faith of the people concerned, but inevitably, with the number of people involved and the number of conversations that take place, then again at times the dividing line between the specialists working for a particular purpose and those with whom they talk must be very difficult to keep clear. There are very big issues here that we all have to watch like hawks if we are to preserve the context of freedom and human dignity, let alone human rights, as we have come to understand them in this country.
The main point that I want to make is that, if I may say so, the noble Lord, Lord Hannay, has put the findings, feelings and discussions of the Select Committee extremely well tonight, and the whole House should be grateful to him for the work on which he leads so well.
My Lords, I, too, thank the noble Lord, Lord Hannay of Chiswick, and his committee for this report. It is clear from what he said that there has been some helpful progress over the past few months, and I hope that the Minister will be able to provide an update on exactly where we are now in relation to the Information Commissioner’s recommendations and the committee’s recommendations. As has already been said, the number of suspicious activity reports is considerable and appears to be growing by more than 500 a day, with nearly 2 million entries on the database.
As the noble Lord, Lord Hannay, said, this is the second recent report on money laundering. The first, in 2009, contained a recommendation that,
“The Information Commissioner should review and report on the operation and use of the … database, and should consider in particular whether the rules for the retention of data are compatible with the jurisprudence of the European Court of Human Rights”.
The second report, which we are considering tonight, includes the report from the Information Commissioner and the reiterated recommendation from the committee’s first report that,
“consideration should be given to amending the Proceeds of Crime Act 2002 to include a de minimis exclusion”,
which arises from the committee’s concerns about the requirement to report suspicions about the commission of trivial criminal offences and now the commissioner’s doubts about the justification of reporting transactions where there is a very low level of suspicion.
In their two letters of response in May and June this year—I do not know whether there have been further letters—the Government, as did the previous Government, rejected the introduction of a de minimis requirement,
“primarily due to the opportunities for criminals to exploit the threshold of any de minimis approach based on either the value or the seriousness of the crime”.
The Government state in their response that:
“Reports on the laundering of small amounts can and do help in identifying and tackling serious crime”.
That may well be the case but, when he responds, can the Minister provide some evidence to back up the statements in his department’s response of 17 May this year about the de minimis threshold?
The committee says that it is of the belief that,
“the Information Commissioner’s report justifies our view that the … database is not fully compliant with the Data Protection Act and the Human Rights Act”.
A considerable amount of information has to be provided, ideally in a suspicious activity report—namely, the subject’s full name, date of birth and addresses, as well as subject details, such as national insurance number, vehicle registration, driving licence, passport and phone numbers, website addresses, details of occupation and employer, details of any associates of the subject, and company details, including full legal name, designation, country of incorporation and contact details. The list does not end there.
Each suspicious activity report was assigned a deletion date of 10 years after receipt and was automatically deleted unless it had been amended or updated, in which case the deletion date was reset to six years following that event. There is also a procedure for earlier deletion of individual SARs where all necessary activity relating to an SAR has been undertaken, but it does appear that only a relatively small number of SARs compared with the total number have been permanently deleted from the database, although I understand from what the noble Lord, Lord Hannay, has said that some further progress appears to have been made in this regard.
The Information Commissioner queried whether there was any evidence of the value of data over time, such as SARs, being accessed which had been on the system for, say, longer than five years. Evidence was provided of the number of times that SARs received in 2004 or earlier were accessed by end-users during each month in 2009. What the figures showed was that the number of checks dropped substantially when records were over seven years old, and in addition it is possible that some of the older hits could have occurred when searching on similar names and not because of concerns about unlawful activity by that person. The Information Commissioner was not satisfied that there was currently sufficient evidence to support the long-term retention of SARs of no concern, and it raised concerns about compliance with the Data Protection Act.
Indeed, the committee was apparently also concerned that SARs were routinely retained for 10 years on a database to which there was wide access, especially in those cases where it could be shown that the initial suspicion was unfounded. The committee referred particularly to,
“the ruling of the European Court of Human Rights that the retention on the DNA database of the DNA of persons not convicted of a criminal offence could amount to a breach of their right to respect for private life under Article 8 of the European Convention on Human Rights”.
While, as I understand it, the Serious Organised Crime Agency has been considering this point with the Information Commissioner, does the Minister feel that there is any conflict between the Government’s intended change in policy on retention of DNA and the current revised policy, as I understand it, on retention of SARs as mentioned by the noble Lord, Lord Hannay of Chiswick—particularly bearing in mind the extent of information retained about an individual and their associates?
In his letter of 24 June of this year responding to the committee’s report, Mr James Brokenshire, the Parliamentary Under-Secretary for Crime and Security, said that he would provide an update on progress being made by the SARs committee towards the end of this year. Can the Minister say what progress has been made by this committee in seeking to improve the effectiveness of the regime, including considering whether legislative changes are necessary?
Apart from the committee’s own inquiry there has been very little in the way of post-legislative scrutiny of the relevant legislation that introduced the requirement to report suspicions over financial transactions to the Serious Organised Crime Agency. The law focuses on reporting, but there are no additional safeguards on the face of the legislation to prevent a disproportionate retention or to prevent reporting of cases likely to be of little, or indeed of no, interest. It seems that the Information Commissioner’s view is that any legislation which engages significant privacy concerns should include on the face of it a requirement on the Government to report to Parliament on how the measures have been deployed, including evidence of the extent to which the expected benefits and possible risks have been realised in practice, and the continued need for the measures in question. I simply ask the Minister: what is the Government’s view on that point?
The committee’s report also states that it is estimated—and I think I have got the figures right—that between 125,000 and 175,000 businesses could be subject to the SARs reporting requirements, but that apparently only approximately 5,000 actually report. No doubt there may be good reasons for that, but could the Minister say what interpretation the Government put on this piece of information and whether any checks are done to ensure that those who are subject to the reporting requirement are actually carrying out their responsibilities if they have suspicions of potentially questionable financial transactions?
The committee concludes its report by repeating its view that the Information Commissioner’s report justifies the view that the database is not fully compliant with the Data Protection Act and the Human Rights Act. It goes on to say that it looks forward to hearing from the Minister what steps the Government and SOCA will take to comply with the commissioner’s recommendations and the committee’s recommendations. As I said at the beginning, clearly some progress has been made on these issues over the past few months, but I hope that tonight the Minister will provide an updated response to the committee.
My Lords, as always, I am grateful to the noble Lord, Lord Hannay, and to other noble Lords who have spoken, particularly the noble Lord, Lord Judd, and my noble friend Lord Dykes who are members of the committee. I am grateful that we have had an opportunity to debate this report of the EU committee as well as, to some extent, the 2009 report and the Information Commissioner’s report which dealt with a number of these matters. I am also grateful to the noble Lord, Lord Hannay, for outlining the very important work that the House does in relation to its post-legislative scrutiny of these matters. I hope that I can give a reasonably detailed response to the various points that have been made.
The first important point is the Information Commissioner’s report. I am grateful to the noble Lord, Lord Rosser, for emphasising that. That made a number of findings, notably referring to the Elmer database. As someone rather new to this, I was fascinated to discover that the Elmer referred to in that name is not an acronym but the first name of the original head of the United States Department of the Treasury intelligence unit, back in the 1920s or 1930s, who was responsible for nailing or achieving the conviction of Al Capone on the famous occasion when they got him for tax evasion rather than for other matters. We must be grateful to that Elmer—I imagine in the United States they are even more grateful—for so doing.
The first point of call with the Information Commissioner’s report is access to the Elmer database. Secondly, the Information Commissioner referred to the retention of records, which are of no concern and which may not comply with data protection principles. Thirdly, the report also refers to how SOCA develops retention policies which are data protection and human rights compliant. I hope that I can deal with all those matters as I know that the noble Lord, Lord Hannay, as chairman of the committee, will have been particularly concerned about how SOCA had been actively working on these recommendations.
I start with access to Elmer. As recommended in the report, SOCA has continued to maintain its robust policies and procedures in respect of access. It must be remembered that Elmer is a very important intelligence tool, not just in respect of financial crime but in respect of all levels of all crime. The use of financial intelligence is not an addition but an essential part of the wider armoury of techniques to investigate criminality. That said, obviously access to Elmer has to be limited and those wanting direct access have to go through a user agreement which sets very strict criteria and which is kept under review. It is also of importance that these are individual financial investigators rather than bodies themselves. SOCA provides guidance to users and all users are required to undertake training which is generally delivered by the National Policing Improvement Agency or some other similarly approved agency before accessing the database.
Having said that, I cannot give any assurance about who may have access to Elmer in the future but, of course, concerns of this House will be considered very carefully as we develop these items.
I move on to the question of record retention and deletion policy. SOCA has introduced a new retention regime that will delete suspicious activity reports that are more than six years old. It expects to complete this task very soon. I will add one further remark. I need not even say “very soon” because the task was completed today. I can assure the noble Lord that as of today there are 1,384,477 entries on the Elmer database, and that 584,351 entries were deleted in a recent exercise. All entries that were more than six months old were deleted today, so we achieved the aim of deleting them by the end of the year.
My third point on the Data Protection Act is that SOCA will implement a Data Protection Act and Human Rights Act-compliant retention policy in three months. It is important to note that the Elmer database does not focus specifically on collecting information relating to individuals. It is essentially an assembly of reports submitted in the light of the Proceeds of Crime Act, the Terrorism Act and associated regulations. SOCA has introduced processes that will provide for the immediate deletion of SARs that are confirmed as being not linked to criminality, and for the deletion of others after six years. That is why I was pleased to make the remark about what we achieved today.
The report also asked if there was a justification for the current arrangements for reporting SARs. We feel that setting a suspicion threshold would send the wrong signal to reporters, who may reduce their scrutiny. Experience shows that criminals will attempt to find ways to circumvent controls in order to avoid arousing suspicion—for example, by breaking down large deposits. Reports that may look minor may take on a much larger significance to law enforcement when matched with intelligence both within Elmer and beyond. A threshold might have the unintended and unwanted effect of causing us to miss vital intelligence opportunities.
I will deal with a couple of further questions. The first, which was raised by the noble Lord, Lord Hannay, referred to Somali piracy. We recognise the committee's concerns regarding possible links between the payment of ransoms and terrorist finance in Somalia. There is currently no evidence of any formal organisational relationship between pirates and terrorist organisations operating in Somalia. However, we are keeping this assessment under review. My honourable friend Mr James Brokenshire, who was referred to by the noble Lord, Lord Rosser, is in receipt of the letter on this matter from the noble Lord, Lord Roper, and will provide an appropriate reply in due course. I cannot take that further and say precisely when it might appear.
The second point I will deal with, which concerns money-laundering and the Financial Action Task Force, was raised by my noble friend Lord Dykes.
The noble Lord is moving on from the question of Somali piracy, so I must draw his attention to the fact that he has not answered the main point that I made. One can have two views about whether it is meaningful to say that there is no direct evidence of ransom moneys reaching terrorists. However, I am not pressing the point and did not press it in my introductory question. The question that I pressed, to which he did not reply, was why the Government do not consider that the assembling of such ransoms should give rise to the filing of suspicious activity reports, because the ransoms concerned will undoubtedly be the proceeds of crime and will undoubtedly end up in the hands of criminals? In all our correspondence it has been impossible to get an answer on this point. That is why I used the somewhat unparliamentary term, “obfuscation”. Why are the Government not simply telling people who put together these ransoms that if they have reason to believe that these will end up in the hands of criminals—and I cannot believe that they do not have that—then they should file an SAR? That does not mean that the person who files the SAR is committing or admitting any wrongdoing at all. However, I find it hard to believe that since the British Government are, I assume, trying to prevent the laundering of the proceeds of ransoms around the world, are working with many other countries to do that, and have, I believe, an intelligence operation based in the Seychelles to compare evidence and to try to find out where this money goes to—
My Lords, the noble Lord would never expect any obfuscation from me. He is a very distinguished former civil servant from the Foreign Office, a department which also has never obfuscated in any way whatever. I would prefer it if he would wait for a response from my honourable friend Mr James Brokenshire, which I am sure will be provided in due course. I think that that is as far as I can go on these matters, and I hope that the noble Lord will accept that. I am also mindful of the intervention of my noble friend the Chief Whip that I must move on.
I was briefly touching on the question of the Financial Action Task Force, and briefly making it clear to my noble friend Lord Dykes that it is reviewing global standards on countering money-laundering and terrorist financing. In February 2012 the FATF member countries will approve changes to the standards following this review. I hope that my noble friend will be prepared to wait for that review.
I hope that I have given a number of assurances that will satisfy noble Lords, even the noble Lord, Lord Hannay. I hope that he will be prepared to await the response from my honourable friend Mr Brokenshire. Again, I am grateful to all noble Lords for their interventions in this debate. I feel that we have had a useful discussion on these matters.
House adjourned at 8.37 pm.