answer text |
<p>There are 2.11 million suspicious activity reports (SARs) on the Elmer database.
These SARs remain on the system either as result of ongoing activity from a law enforcement
agency, or because the SAR is within the six year period for which data can be held
on Elmer, in line with the ECHR and Data Protection legislation. In 2015/16 the UKFIU
received over 400,000 SARs. Each SAR may include detail of the activities of a number
of persons, and it is therefore not possible to determine how many nominal subjects
are within the database.</p><p> </p><p>Following the House of Lords European Union
Committee Inquiry into Money Laundering and the Financing of Terrorism in July 2009,
and the Information Commissioner’s review of the ELMER database in 2010, the UK Financial
Intelligence Unit (UKFIU) has implemented the Retention and Deletion policy for Suspicious
Activity Reports. This sets the following criteria for the removal of SARs:</p><p>
</p><p>o If definitive feedback is received from law enforcement end users that states
a SAR is not connected with criminality, that SAR is deleted.</p><p>o Otherwise, the
retention period for SARs is six years from the date of submission. After that time
they are automatically deleted from the SARs database (ELMER) and other derivative
systems, on a rolling daily deletion programme.</p><p>o When a SAR is deleted, an
audit record showing the SAR Unique Reference Number (URN), date of creation and date
of deletion is retained for all SARs. This record contains no personal data, but is
used to confirm, if necessary, that a SAR has been submitted.</p><p>o There are occasions
when, after six years, a SAR still forms part of an on-going case, investigation or
appeal and is entirely the responsibility of the end user to ensure that copies of
the required SARs are transferred to the investigating agency’s ‘case record’. The
data control responsibility for those records is then transferred from the NCA to
that agency.</p><p> </p><p>The UKFIU has access to the entire Elmer database, which
includes ‘sensitive’ SARs such as those submitted on terrorism, integrity and some
politically exposed persons.</p><p> </p><p>SARs are only directly available to agencies
with officers with powers under the Proceeds of Crime Act, or under the Terrorism
Act (for terrorist finance), and only with officers who have an accreditation enabling
them to see SARs. All such access is governed by user agreements at both an agency
and individual level. For other organisations to qualify for access to the non-sensitive
version of ELMER, they must accept the terms of ‘The Organisation Agreement for Direct
Access to Suspicious Activity Reports (SARs)’ which sets the objectives, responsibilities
and conditions within which both the NCA and the end user must comply.</p>
|
|