This article first appeared in slightly different form on 4 January 2008 in

The press recently reported that the Financial Services Authority’s investigation into the NatWest Three formed the “central thrust” of the case against the bankers. The bankers’ five-year battle against wire fraud ended in late November with each of the bankers entering a plea bargain with the US Department of Justice.

Reports stated that the evidence against the bankers came from an FSA investigation and that the FSA passed it on to the US Securities and Exchange Commission, which, in turn, passed it on to the US Department of Justice. Whether or not these reports are accurate, this is a clear example of why there is increasing concern about where information provided to the FSA may end up. Concerns will not usually relate to the possibility of such an alarming outcome, but there is a genuine need to understand the mechanisms that protect against disclosure of information given to the FSA.

This article looks at the Financial Services and Markets Act 2000 (Disclosure of Confidential Information) Regulations 2001 SI 2001/2188 (the so-called “Gateway Regulations”) and the disclosures that the regulations permit.

Statutory provisions

Section 348 of the FSMA provides protection against the FSA disclosing confidential information and by persons obtaining information directly or indirectly from the FSA (subject only to the consent of the person who provided the information or, if different, the person to whom the information relates). This section uses the definition “primary recipient”, which means not only the FSA, but also includes the secretary of state and various other categories of persons, such as those the FSA appoints or employs and the secretary of state (for the purpose of this article references will only be made to the FSA as the primary recipient).

“Confidential information” is widely defined and breach of Section 348 is a criminal offence; on the face of it, the protective provisions are solid. Section 349 of FSMA, however, provides exceptions to the protection provided by section 348. There are two requirements to the exceptions: The disclosure must be made for the purpose of facilitating the carrying out of a public function. Public function is defined in Section 349(5) and includes public functions conferred by the laws of countries and territories outside the UK.

The disclosure must be permitted by regulations the Treasury has made under this section. The Gateway Regulations are regulations that the Treasury has made under Section 349.

The Gateway Regulations

The Gateway Regulations are intended to provide a code that deals with all possible situations in which (and covering all possible persons to whom) the disclosure of confidential information may be necessary. For this reason they are wide-reaching and complex. It should be noted, however, that the Gateway Regulations are permissive, which enables the FSA to disclose information in certain circumstances, but does not compel the FSA to do so. Regulation 7 specifically provides that the FSA can make any disclosures pursuant to the regulations, subject to conditions as to how to use the information.

The Gateway Regulations define the persons to whom disclosure can be made and the purpose for which disclosure can be made in a number of different ways. In some instances, a particular person or body is specifically listed in the regulations, together with the purpose for which disclosures can be made to that person or body. In other instances, the regulations allow disclosure for a particular purpose without specifying any particular body. Three particular aspects of the Gateway Regulations are considered below: the “self-help” gateway, disclosures in relation to criminal matters and disclosures to other regulatory bodies (in the UK and abroad).

The ‘self-help’ gateway

Regulation 3(1)(a) states as follows: “A disclosure of confidential information is permitted when it is made to any person—(a) by the [FSA] or an [FSA] worker for the purpose of enabling or assisting the person making the disclosure to discharge any public functions of the [FSA] or (if different) of the [FSA] worker.”

This is known as the “self-help” gateway, as it essentially allows the FSA to disclose information to any person to help the FSA carry out its public functions. For example, the FSA may need to disclose some confidential information to a third party so it can obtain required information from that third party. The gateway is very widely drafted and it is unclear how close the nexus must be between the disclosure being made and the assistance this provides to the FSA. There are no specific criteria to apply and it is, therefore, difficult to interpret the limits to disclosures under this gateway.

Regulation 3(2) allows the FSA to share information with others internally, i.e., allows one division of the FSA that receives information to pass that information onto another division. There is, therefore, no limit to the disclosure of information internally within the FSA, although the disclosure must still be for the performance of public functions.

Disclosures in relation to criminal matters

Regulation 4 states as follows:

  • “[The FSA] is permitted to disclose [confidential] information to any person—
  • for the purpose of any criminal investigation whatever, which is being or may be carried out, whether in the United Kingdom or elsewhere
  • for the purpose of any criminal proceedings whatever, which have been or may be initiated, whether in the United Kingdom or elsewhere or
  • for the purpose of initiating or bringing to an end any such investigation or proceedings or of facilitating a determination of whether it or they should be initiated or brought to any end.”

this regulation is very widely drafted, particularly in respect of a criminal investigation, which may be carried out. It is, therefore, perfectly possible that the information the FSA provided will be the information that is the basis of a criminal investigation actually being initiated. There is no requirement for the criminal investigation to already be underway, although it should at least be the case that the criminal investigation is already under consideration on the basis of other information.

Disclosures to other regulatory bodies (in the UK and abroad)

Regulation 12 allows disclosures to persons named in the first column of schedules one or two to the regulations, for the purpose of enabling or assisting those persons to discharge the function set out next to their name in the second column of the schedules. The persons to whom disclosure is made will also be permitted to disclose the information provided to enable or assist them to discharge their stated functions. This includes disclosures to European Economic Area regulatory authorities and non-EEA regulatory authorities (which both have wide definitions). This is a very widely drawn gateway, however, the FSA will only make the permitted disclosures to overseas regulatory authorities where there is a cooperation agreement in place and an “equivalent” condition met that when received, the information will be subject to a specified level of guarantees of professional secrecy.


The Gateway Regulations are far more wide-reaching than the instances noted above, which simply provide examples of how the gateways operate. A common question is whether it is possible to stop the FSA making disclosures or even to find out when disclosures have been made. The simple answer is no: There is no mechanism to do so and no rights or obligations allowing this. Perhaps in some very specific and unusual circumstances, an objection may be conceivable (possibly under human rights legislation), but this is most unlikely.