We aim to make this site as accessible as possible and therefore have provided the settings below to use if you are finding it difficult to view this website. See the SFO Accessibility Statement for more information.

Where it is appropriate to provide a Welsh translation, you can switch to Cymraeg. See the Welsh Language Commissioner website for more information.

Use the settings button in the bottom right corner of the page to access these settings again.

We would like to use Analytics Cookies on our website. 

Turn these on below if you are happy with us collecting information on how our site is used, in order for us to improve the overall experience of our website. 

All other cookies are necessary and therefore by continuing to browse this website, you are agreeing to the usage of these cookies.

 See the SFO Privacy Policy for more information. 

Analytics Cookies

Information Gateways and MoUs

Part A sets out the circumstances in which information obtained by a person in his or her capacity as a member of the SFO may be disclosed to an individual or body outside the SFO.

Part B briefly addresses memoranda of understanding (“MoUs”).


This part applies to the intended disclosure of information that is protected by a duty of confidence (“protected information”) which, for the avoidance of doubt, includes disclosures to other law enforcement bodies for “intelligence purposes” or on a “police-to-police” basis. A duty of confidence may arise under contract or from the relationship between the communicator and recipient or on account of the circumstances of the particular communication. Information protected by a duty of confidence includes:

  • information obtained by the SFO in response to a section 2 notice or seized by the SFO as a result of the execution of a search warrant
  • information voluntarily provided to the SFO in circumstances where the SFO knew, or ought to have known, that it was to be treated confidentially
  • information provided to the SFO in an interview (whether by a potential witness or a suspect interviewed under caution)
  • Information provided by another public body which is already protected by a duty of confidence (such as where a police force provides the SFO with information obtained under PACE).

So long as the duty of confidence applies, the SFO is subject to legal restrictions in respect of the disclosure of the information to a third party. But the nature of the restrictions varies depending on the identity of the proposed recipient and/or the reason for the intended disclosure. Further, the duty of confidence does not apply to prevent a disclosure if the information has entered the public domain (e.g., because the document was read in open court) or the person entitled to consent has consented to the disclosure.

If the duty of confidence applies, the SFO can disclose the information only if:

  1. there is a specific statutory provision (“information gateway”) which permits the information to be provided to the particular recipient for the contemplated / known purpose; or
  2. the common law limitation on the scope of the duty of confidence applies to the extent that this limitation is available (on which, see below) – this limitation, where available, would allow a disclosure on the basis that the public interest in disclosing the information outweighs the public interest justifying non-disclosure; or
  3. there is an obligation to disclose the information to a third party for a particular purpose (for example, an obligation imposed by a court order).

With regard to (1), above, the SFO’s principal basis for disclosing protected information to a third party is section 3(5) of the Criminal Justice Act 1987 (“CJA87”), which permits (but does not require) disclosures to be made by members of the SFO “designated” by the Director for this purpose. In addition, information obtained by the SFO in connection with the exercise of any of the Director’s functions under, or in relation to, Part 5 or Part 8 of the Proceeds of Crime Act 2002 (“POCA”) may be disclosed under section 438 of POCA if the disclosure is for a purpose specified in subsection (1).

If the SFO is under a legal obligation to provide protected information to a third party, for example pursuant to a court order, section 3(5) does not need to be considered.

With regard to (2), above, Parliament has provided the SFO with a clear and comprehensive statutory framework for disclosure of protected information, certainly for information obtained under section 2 CJA87 (and, by analogy, any other statutory power of compulsion). The SFO should therefore always rely on a specific, statutory information gateway (principally section 3(5) of the CJA87, but also section 438 of POCA) and not purport to rely on the common law limitation for any information obtained under section 2 or some other power of compulsion. In other words, Parliament itself has determined where the balance lies as between the public interest in non-disclosure and the public interest in disclosure for information obtained under a statutory power of compulsion. Further, it is SFO policy that SFO staff should use the same process for disclosing protected information which the original source provided voluntarily. In short, the SFO should rely on a specific, statutory information gateway if the intention is to make voluntary disclosure of protected information to a third party. That gateway will usually be section 3(5) of the CJA87 (or section 438 of POCA).

Section 3 of the CJA87

Section 3(5) of the CJA87, the SFO’s principal information gateway, permits SFO disclosures of protected information to third parties, so long as (a) the disclosures are made by a “member” of the SFO who is “designated” by the Director for this purpose and (b) there is no separate statutory provision prohibiting disclosure.

SFO policy draws a distinction between operational disclosures and non-operational disclosures.

  • An operational disclosure is one made for the SFO’s own purposes (e.g. showing documents to a witness in interview).
  • A non-operational disclosure is one made for another organisation/individual’s purposes (e.g. sending documents to Financial Reporting Council for their own regulatory enquiry).

Non-operational disclosures can only be made by a member of SCS.

Operational disclosures can be made through the gateways created by s.2.3(5) (c) CJA 1987 and s.438 (1) (a-c) POCA 2002 and by members of the SFO who have s.3(5) designation. See the “Designations” chapter for more information about who can be designated under s.3(5).

Factors to take into account when considering a section 3(5) disclosure

Although section 3(5) does not expressly set out the factors to be taken into account when considering a disclosure of SFO information, the following points must be applied:

  • the designated member of the SFO must understand the nature of what, potentially, is to be disclosed and the purpose of the potential recipient in receiving the information;
  • the disclosure must fall within the scope of section 3(5);
  • there must be no statutory prohibition on disclosure;
  • the decision to disclose must be reasonable and taken in good faith;
  • the decision to disclose may in some cases require the SFO to give notice to the owner of the documents, so that the owner can provide observations or make objections (see below).

Designated staff considering the disclosure of information under section 3(5) must familiarise themselves with the relevant guidance in the applicable general designation.

Designated members of the SFO should check to see whether there is any statutory bar to the onward disclosure of information provided to the SFO by another government department/agency or a regulatory body. A statutory bar is more likely to arise in relation to non-operational disclosures by SCS but the position should always be checked in advance of any onward disclosure of such information. The principal statutory prohibitions are listed in “ID31 Statutory Prohibitions”.

The relevant department, agency or regulatory body should be contacted for guidance if there is any uncertainty.

Of particular importance, principally for non-operational disclosures, is the judgment of the Court of Appeal in R (Kent Pharmaceuticals Ltd) v SFO [2004] EWCA Civ 1494, [2005] 1 WLR 1302. The case concerned a non-operational disclosure of information under section 3(5)(a) to another Government department for use by that department in civil proceedings.

Kent Pharmaceuticals principally addresses whether or not the “owner of documents” obtained by the SFO under section 2 ought to be given notice of the intention to disclose. The following principles can be derived from the Court of Appeal’s judgment:

  • section 3(5) must be exercised in a manner which is fair in all the circumstances, and what fairness demands is dependent on the context;
  • “fairness” will often (but not necessarily) require that the “owner of the documents” be notified sufficiently in advance of the proposed disclosure for representations or objections to be made (NB: this must be regarded as the default position for non-operational disclosures);
  • advance notice need not be provided for urgent disclosures (but fairness may require post-disclosure notification);
  • fairness does not require that the “owner of the documents” be notified in advance for disclosures where documents are to be “passed to another investigating or prosecuting authority, or are required for investigation which may be hampered if the owner knows that the documents have been further disclosed”[1] (but fairness may in some cases require post-disclosure notification).

Mutual Legal Assistance (MLA)

When drafting an MLA request, investigators and lawyers must consider the provisions of and guidance on section 3(5) of the CJA87.

When the SFO receives an MLA request (whether directly or via the UKCA) for information already in the possession of the SFO, a disclosure may be made under section 3(5) but authority to disclose must always be obtained from a designated SCS member of the SFO. Section 2 powers should not be used to re-obtain information already in the SFO’s possession.

If the UKCA sends a request to the SFO to obtain information for a foreign jurisdiction which the SFO does not already hold, section 3(5) does not apply. There is an obligation to disclose that information under section 2(8A) of the CJA87.

Sometimes it will be necessary to use section 3(5) for some information and rely upon section 2(8A) for the balance.

Gateways in the Proceeds of Crime Act 2002 (“POCA”)

Section 436 of POCA allows the SFO to disclose protected information (held by or on behalf of the Director) to the Director of Public Prosecutions (“DPP”) or to the DPP for Northern Ireland (“DPPNI”), but only if the disclosure is for the purpose of the exercise of the DPP / DPPNI’s functions under or in relation to Part 5 or 8 of POCA. Section 436(3) provides that any such disclosure must comply with the applicable requirements of data protection and investigatory powers legislation.

In addition, protected information obtained by or on behalf of the Director of the SFO in connection with the exercise of any of their functions under, or in relation to, Part 5 (civil recovery) or Part 8 (investigations) of POCA may be disclosed under section 438 of POCA if the disclosure is for any of the purposes specified in subsection (1). Section 438(8) provides that any such disclosure must comply with the applicable data protection and investigatory powers legislation; and section 442(1) provides that section 18 of the Anti-terrorism Crime and Security Act 2001 (restrictions on disclosure of information for overseas purposes) also applies if the disclosure is made under section 438(1)(a) or (b) (with section 18(2) of the 2001 Act to be read in accordance with section 442(2) of POCA and section 20 of the 2001 Act to be disregarded).

Operational disclosures may be made for the purposes of an SFO criminal investigation (or an SFO pre-investigation) under section 438(1)(a) or for ongoing or prospective SFO criminal proceedings under section 438(1)(b) or for the purpose of the exercise of the Director’s functions under, or in relation to, Part 5 or Part 8 of POCA under section 438(1)(c).

Section 1(4) of the CJA87

Section 1(4) empowers the Director to conduct an investigation “in conjunction … with the police or with any other person who is, in the opinion of the Director, a proper person to be concerned in” the investigation.

It is implicit in this provision that information may be disclosed by SFO staff to police officers with whom the SFO is working in conjunction or to other “proper persons” (e.g., individuals from another EU member state working with the SFO as a Joint Investigation Team) on the basis that such individuals are working with or within the SFO as part of a single investigation team, authorised by the Director. Accordingly, section 3(5) does not need to be used for such disclosures. The disclosures are internal transfers of information within a single team for the purposes of the joint investigation rather than disclosures of information to an external third party.

But where the SFO is using the services of a police force for a specific purpose (for example, to arrest a suspect), and it cannot be said that the SFO and the police are conducting a joint investigation in the sense described above, the section 3(5) gateway should be used, applying the guidance for operational disclosures.

National Crime Agency (NCA)

Section 7(1) of the Crime and Courts Act 2013 (“CCA 2013”) provides a gateway to disclose information to the NCA if the disclosure “is made for the purposes of the exercise of any NCA function”

For information on the NCA’s functions, see sections 1, 5 and 8 of the CCA 2013. Subject to restrictions in Schedule 7 of the Act, the NCA may make onward disclosure to a third party for a permitted purpose under section 7(4).

Anti-fraud Organisations

Section 68(1) of the Serious Crime Act 2007 provides that a “public authority may, for the purposes of preventing fraud or a particular kind of fraud, disclose information as a member of a specified anti-fraud organisation or otherwise in accordance with any arrangements made by such an organisation”. By section 68(8), an “anti-fraud organisation” means any unincorporated association, body corporate or other person which enables or facilitates any sharing of information to prevent fraud or a particular kind of fraud or which has any of these functions as its purpose or one of its purposes.

The summary of the HRA 1998 and the DPA 2018 in the ID87/88/89/105/106 s3(5) Designations applies equally to disclosures made through other SFO gateways.


Memoranda of Understanding

A Memorandum of Understanding (MoU) is a formal agreement between two or more bodies regarding how they will work together. MoUs often include provisions on the handling and sharing of information.

Staff should be aware that section 3(4) of the CJA87 does not empower the Director of the SFO to create new gateways for the disclosure of information to third parties, whether in an MoU or elsewhere.

Section 3(4) allows the Director to frame an agreement in respect of information which can already be disclosed through an existing statutory gateway.

Any provision in a MoU on the extent to which the SFO may disclose information protected by a duty of confidence must be founded on an existing gateway and must comply with the limitations imposed by that gateway.

For information on existing MoUs, to suggest a new MoU, or to discuss whether an MOU can be disclosed to a third party, please contact the Strategy and Policy Division.

Operational Memoranda of Understanding

An Operational Memorandum of Understanding (OMoU) is a case-specific document drawn up between the SFO and another agency or body in order to facilitate a defined piece of work or joint operation.

Whilst no MoU can legally bind the signatory parties, OMoUs may set out for the sake of clarity the procedures or areas of responsibility to be undertaken in specific circumstances.


A typical OMoU will set out the objective of the document and detail the legal status by which the two (or more) parties are able to enter into the MOU.

Inclusion of a background to the investigation is not necessarily required; it depends on the value it would provide to the understanding of an OMoU.

Named suspects, associated companies, or personal information including details of victims should not be included.

An OMoU will often benefit from the inclusion of the objectives of the investigation, including highlighting roles and responsibilities in order to provide clarity to what each partner should expect from the other.

Depending on the scope of the OMoU paragraphs relating to the exchange and disclosure of information, exhibit management, risk management and the process by which problems arising from the activity should be resolved, may be included.

An OMoU would normally contain paragraphs regarding disclosure, freedom of information and data protection, costs/charges and engagement with the media. There is standard wording for these sections, which can be obtained from the Strategy and Policy Division (S&PD).

Drafting Process

OMoUs are drafted by operational divisions, according to their requirements, in collaboration with the S&PD. Before drafting commences S&PD will provide information on previously drafted MOUs and offer guidance/advice as required.

Once drafted S&PD will review the OMoU in order to ensure consistency in line with other OMoUs and SFO policy and to give the document legal assurance.

The MOU will be sent to the General Counsel for consideration, copying in the Head of Division and other relevant persons. The General Counsel will sign all OMoUs, with the responsibility delegated to Heads of Division if the General Counsel is unavailable.

S&PD will retain a copy of the OMoU for the corporate record.

[1] Judgment at para [27]

Version OGW 3, Published May 2020 © Crown Copyright, 2020.

This information is licensed under the Open Government Licence v3.0. To view this licence, visit http://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/ or write to the Information Policy Team, The National Archives, Kew, Richmond, Surrey, TW9 4DU.

Any enquiries regarding this publication should be sent to the Serious Fraud Office, 2-4 Cockspur Street SW1Y 5BS email: information.officer@sfo.gov.uk