ECSH120500 - Sharing information: introduction

HMRC is home to significant amounts of sensitive information and intelligence.

As the UK’s tax authority, tax information is closely guarded, and disclosure of tax information is subject to significant safeguards and controls.

HMRC is a statutory anti-money laundering (AML) supervisor, which means that as well tax-related information, HMRC also collects and stores information in relation to its responsibilities as an AML supervisor.

HMRC’s data is subject to the UK General Data Protection Regulations (UK GDPR), Data Protection Act (DPA) and the disclosure conditions set out in both the Commissioners for Revenue and Customs Act 2005 (CRCA), and the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. GDPR and DPA set out general legal parameters for the handling, storing and purpose of information, while the legislation which governs HMRC’s activities sets out, among other things, the departments power to ‘tell other people about it’.

All sharing (disclosure) of information must be facilitated through a ‘legal gateway’ – a provision in legislation that permits sharing of information in certain circumstances. However, the fact that a legal gateway exists does not in itself permit information sharing. In instances where sharing intelligence and information has a lawful purpose, is proportionate to the need and is the minimum amount of information required to fulfil the intended purpose of the disclosure, then the legal gateway provides the legal means by which the information transmission can take place. Gateways do not in themselves provide justification for information disclosure.

All Economic Crime-Supervision (EC-S) officers need to be aware of their obligations under GDPR, DPA and how to deal with disclosure of information that HMRC holds.

The Gateway Team in EC-S Intelligence & Risk handle all EC-S’s disclosure obligations and can be contacted for advice and the facilitation of data sharing.