Information disclosure Gateways with other government departments: Anti-terrorism, Crime and Security Act 2001 (ATCSA): standard procedure for disclosing any information for criminal purposes
When not to use this procedure
If you are in the department’s Criminal Investigation, Detection or Risk & Intelligence Service directorates (‘Enforcement’) and
- there is a time critical need for information, or
- you are in a joint working situation with the recipient of the information, or
- you have an established working relationship with the recipient of the information
then you should follow the procedure outlined at IDG50130. In all other situations you should use the procedure outlined on this page.
When to use this procedure
Enforcement authorities (such as the police, Trading Standards, the Serious Fraud Office) may request information about a HMRC customer from you to assist in their criminal investigations or proceedings. Information may be supplied to them if HMRC has signed a memorandum of understanding with the body, as listed in IDG50140.
Alternatively you may sometimes have information which you think such enforcement bodies could use for the purposes of any criminal investigation or proceedings, or for the initiation or bringing to an end of any criminal investigation or proceedings. If the body in question has not actually requested this information, HMRC may be able to make a pro-active disclosure of the information.
What information may be disclosed
In the case of enforcement authorities, any information which will be used by the organisation for the purposes of any criminal investigation or proceedings, or for the initiation or bringing to an end of any criminal investigation or proceedings, may be disclosed.
Procedure to follow
If the intelligence agency or enforcement authority makes a request for information from any part of HMRC, the request should immediately be referred to the RIS Gateway Exchange Team (GET). Provide the organisation with GET contact details (see below), and instruct them to contact the team directly. You may also refer them to the Code of Practice for the ATCSA (COP-AT), which is a publicly available document that formally outlines the procedure for ATCSA disclosures. This document is available on the internet via the HMRC external website Code of Practice page.
Changes to the ATCSA legislation mean that this gateway cannot be used to disclose information to the intelligence services. Instead, HMRC may disclose information to the intelligence services through a legal gateway provided by section 19 of the Counter-Terrorism Act 2008. However, the same procedures apply for disclosures to the intelligence services as enforcement bodies outlined in this guidance.
If you have information which you wish to pro-actively disclose, you should also refer the information to GET with an explanation of why you consider it will support criminal investigations or proceedings by the recipient.
GET will handle the disclosure and liaise with the requesting body. If GET need any information from you, they will request it.
If in exceptional circumstances an immediate ATCSA disclosure is required in respect of live operational work outside of office hours you should follow the guidance at IDG50110 if you work in the Criminal Investigation, Detection or Risk & Intelligence Service directorates. If you cannot use the procedure at IDG50110 (for example because you do not work in one of the specified directorates), you should contact the National Co-ordination Unit (NCU), who are able to provide out-of-hours cover for GET, see below for contact details.
Offices other than GET or NCU may not disclose information directly to law enforcement authorities.
This guidance applies to the whole of the United Kingdom.
Code of Practice for the ATCSA
The COP-AT sets out what the department can do when making disclosures to enforcement bodies. Please read the COP-AT for further information on disclosures using ATCSA legislation. The COP-AT is publicly available via the HMRC external website’s Code of Practice page.
If you receive a request for information and are unsure how to proceed, please contact your Data Guardian.
Contact details for the Gateway Exchange Team (GET) Centre for Exchange of Intelligence (CEI) and the National Co-ordination Unit can also be found at IDG80100.