The case of Lonsdale v National Westminster Bank plc  EWHC 1843 (QB) has been widely reported and has caused some consternation as to whether those making Suspicious Activity Reports (SARs) could potentially find themselves subject to a claim for defamation. In this blog we will look at what happened in that case and the potential implications for MLROs before giving some practical tips about what sort of information to include when making SARs.
What was Lonsdale about?
David Lonsdale was a barrister specialising in property law. He owned several properties in London and, together with others, was a director of various property management and development companies. He was also a longstanding customer of the Nat West bank, holding 7 accounts with them, both business and personal. In March 2017 one of those accounts was frozen for a period of 8 working days (consistent with the period the NCA have to give consent when making a SAR) then on 27 December 2017, all 7 accounts were frozen. It was accepted by the bank that they had made several SARs in relation to these accounts. Mr Lonsdale made an application the following day for an injunction to reinstate those accounts. On 29 December Nat West wrote to Mr Lonsdale saying they would be closing all of his accounts within 60 days. The letter offered no reason and stated that the bank would not enter into a discussion with him about this decision. Mr Lonsdale made an application to the bank under the Data Protection Act 1998 (DPA 1998 – since replaced by DPA 2018 but the relevant law at the time) for the disclosure of all documents relating to the decision to close the account. The bank responded but the SARs were not disclosed. Mr Lonsdale therefore brought a claim against the bank relying on 3 causes of action – breach of contract, breach of the DPA 1988 and worryingly defamation. The Bank's defence made reference to the SARs and Lonsdale made an application to inspect the SARs. The bank declined to allow access. Mr Lonsdale therefore made the application to the court. The bank asserted that it was not obliged to grant access to the SARs and applied for summary judgment/strike out of the claim on the basis that none of the causes of action applied. The court rejected the bank's application and found in favour of Mr Lonsdale's application for access to the reports, as well as holding that the grounds for suspicion within SARs constitute personal data and hence, on the face of it, are disclosable under the DPA 1998.
Implications of Lonsdale for MLROs
It is important to bear in mind that Lonsdale's case was not that the bank had submitted the SARs without any suspicion. His case was that the bank failed to act on his instructions and the bank's defence to that was its suspicion of money laundering. The court held that this was a fact to be proved by evidence, hence the requirement to disclose the reports. We do not know, and we are never likely to, what those reports actually said and whether the bank was justified in making them. What the case does establish is that there will be circumstances in which customers/clients may be legally entitled to view the SARs that have been made about them, and that, depending on the contents of those SARs, the subject would not be precluded from bringing a defamation claim against the maker of that SAR.
Is this something that should strike fear into the hearts of MLROs? Whilst it is likely that a SAR may satisfy the requirement of reputational damage, it is worth remembering that for a statement to be defamatory, it needs to be intentionally false. However, the case does show that SARs are not sacrosanct and that the subject of them may well be entitled to see them under the Data Protection legislation. It also suggests that the author of the SAR will not be provided with immunity from legal action merely because he or she is obliged under the law to complete it. It is therefore vitally important that the SAR sets out the basis for the suspicion held as clearly as possible not only because of the potential for legal action but also because ultimately it may be read by a subject who remains a client of the firm.
What Do I Need to Include in a SAR about Suspicion?
In practice, therefore, what sort of things should be included in the SAR? The starting point is to look at what “suspicion” actually means in the context of reporting under the Proceeds of Crime Act 2002. Suspicion is not defined in the legislation, but it has been considered by the courts on various occasions. The judge in the case of Lonsdale summed up the position as being that “The [person that suspects] must think that there is a possibility, which is more than fanciful, that the relevant facts exist. A vague feeling of unease would not suffice. But the statute does not require the suspicion to be "clear" or "firmly grounded and targeted on specific facts", or based upon "reasonable grounds".
It is clear therefore that suspicion is a relatively low-threshold, that it is subjective and, while it must be genuine, there is no requirement for it to be reasonably held or based on specific facts. How should this be set out in the SAR? The NCA has published detailed guidance on the information to be included when making SARs. Although this Guidance predates the Lonsdale case (last being revised in August 2017) it has not been revised in the light of it (in fact to date the NCA has made no comment on the case). Looking at that guidance in the context of the Lonsdale case here are ten tips on how to set out the grounds for suspicion and what sort of information to include:
- Write clearly and concisely, using simple language and avoiding legal jargon. The section of the SAR for “reasons for suspicion” is limited to 8000 characters, which equates to approximately 1500 words.
- Describe fully the reasons for suspicion of money laundering. The NCA recommends “as a basic guide, wherever you can, try to answer the following six basic questions to make the SAR as useful as possible: Who? What? Where? When? Why? How?”
- Identify all individuals, businesses and suspected criminal property with as much detail as possible. If you do not possess certain details make this clear.
- Explain the information giving rise to the suspicion and how this information came to your attention.
- Ensure you distinguish between what you know and what you suspect.
- Set out the sequence of events chronologically, being as specific as possible with regard to dates.
- If the suspicion relates to financial transactions, ensure you justify the basis of your suspicion, don't simply state that it is a cause for concern. For example, if an inspection of a client's bank account shows large third-party transfers, explain if the client has been contacted (and if not why not), any explanation offered and why this has not allayed your concerns. Provide information about the pattern of transfers/withdrawals which makes the circumstances suspicious.
- If the report does not relate to a financial transaction, explain the activity you consider to be suspicious.
- If you are suspicious because the activity in question deviates from the normal activity for that customer/business sector, explain how the activity differs.
- If the report relates to a professional enabler (for example an accountant, insolvency practitioner, conveyancer etc), state whether they appear to be wittingly or unwittingly facilitating the money laundering you suspect (i.e. set out if your suspicion relates to the transactions only or whether it extends to the professional involved).
It is important to recognise that it is not always easy to define what gives rise to suspicion and the low-level threshold in the proceeds of crime legislation is not without its critics, particularly given that the NCA itself says that a large proportion of the reports it receives are premature or unjustified. The Law Commission is currently looking at the SARs regime, and has already suggested that better quality guidance as to what constitutes suspicion may lead to a better quality of reporting. Its Report is expected later on this year. Whilst the case of Lonsdale does not fundamentally change the current approach to SARs, nor is it expected to give rise to a flurry of access requests under the Data Protection legislation, it does serve a reminder about the importance of being clear and logical when setting out the grounds for suspicion and of considering whether the circumstances meet the current threshold.
 It is probably worth mentioning here that the court rejected any assertion that SARs were subject to absolute privilege, although did concede that they may be subject to qualified privilege, but that it would be for the bank asserting the privilege to prove the facts and circumstances necessary for its existence.
 See NCA publication - Guidance on submitting better quality Suspicious Activity Reports (SARs)