IDG50120 - Information disclosure Gateways with other government departments: Anti-terrorism, Crime and Security Act 2001 (ATCSA): standard procedure for disclosing any information for criminal purposes

When not to use this procedure
When to use this procedure
What information may be disclosed
Procedure to follow
Devolved administrations
Further guidance

When not to use this procedure

If you are in the department’s Fraud Investigation Service (FIS) or Risk & Intelligence Service (RIS) directorates in Customer Compliance Group (CCG) and; 

  • there is a time critical need for information, or
  • you are in a joint working situation with the recipient of the information, or
  • you have an established working relationship with the recipient of the information

then you should follow the procedure outlined at IDG50130. In all other situations you should use the procedure outlined on this page.

When to use this procedure

Enforcement authorities (such as the Police, Trading Standards, the Serious Fraud Office) may request information about a HMRC customer from you to assist in their criminal investigations or proceedings. Information may be supplied to them if HMRC has signed a memorandum of understanding with the body, as listed in IDG50140.

Alternatively you may sometimes have information which you think such enforcement bodies could use for the purposes of any criminal investigation or proceedings, or for the initiation or bringing to an end of any criminal investigation or proceedings. If the body in question has not actually requested this information, HMRC may be able to make a pro-active disclosure of the information.

What information may be disclosed

In the case of enforcement authorities, any information which will be used by the organisation for the purposes of any criminal investigation or proceedings, or for the initiation or bringing to an end of any criminal investigation or proceedings, may be disclosed.

Procedure to follow

External Requests to HMRC

If the intelligence agency or enforcement authority makes a request for information from any part of HMRC, the request should immediately be referred to the National Co-ordination Unit (NCU). Provide the organisation with NCU contact details (see below), and instruct them to contact the team directly. You may also refer them to the Code of Practice for the ATCSA (COP-AT), which is a publicly available document that formally outlines the procedure for ATCSA disclosures. This document is available on the internet via the HMRC external website Code of Practice page.

Changes to the ATCSA legislation mean that this gateway cannot be used to disclose information to the intelligence services. Instead, HMRC may disclose information to the intelligence services through a legal gateway provided by section 19 of the Counter-Terrorism Act 2008. However, the same procedures apply for disclosures to the intelligence services as enforcement bodies outlined in this guidance.

Requests for HMRC information under ATCSA by law enforcement authorities and public bodies should be routed via the NCU.

Proactive Disclosures

If you have information which you wish to pro-actively disclose, you should refer the information on an Intelligence Report to the RIS Intelligence Bureau (IB),  intelligence.bureau@hmrc.gov.uk with an explanation of why you consider it will support criminal investigations or proceedings by the recipient.

The IB will handle the disclosure to the recipient. If IB need any further information from you, they will request it. 

If in exceptional circumstances an immediate ATCSA disclosure is required in respect of live operational work outside of office hours you should follow the guidance at IDG50110 if you work in the Fraud Investigation Service (FIS) or Risk & Intelligence Service (RIS) directorates.  FIS/RIS staff should also be aware of the detailed procedure for disclosure as outlined in the Criminal Justice Procedure in the section http://intranet.prod.dop.corp.hmrc.gov.uk/page/anti-terrorism-crime-security-act-2001-12.  You should refer to that detailed guidance before making a disclosure.   If you cannot use the procedure at IDG50110 (for example because you do not work in one of the specified directorates), you should contact NCU who are able to provide out-of-hours cover, see below for contact details.

Top of page

Devolved administrations

This guidance applies to the whole of the United Kingdom.

Top of page

Further guidance

If you receive a request for information and are unsure how to proceed, please contact your Security & Information Business Partner (SIBP).

Contact details for the National Co-ordination Unit can be found at IDG80100.