The Home Office, HM Treasury, Ministry of Justice, Companies House, Serious Fraud Office, and Department for Business and Trade have updated the guidance on the information sharing measures in the Economic Crime and Corporate Transparency Act 2023 (ECCTA).

The guidance concerns rules that came into force at the beginning of last year which made it easier for firms subject to anti-money laundering regulation to share customer information with each other for the purposes of preventing, detecting, or investigating economic crime.

Before the change, there was evidence that firms were reluctant to share such information out of fear of incurring liability for breaches of confidentiality. Now, the new rules provide for AML regulated firms – subject to certain conditions – being able either to share customer information directly with each other or undertake indirect sharing though a third-party intermediary.

The guidance has been updated to, among other things, take into account changes brought about by the passage of the Data (Use and Access) Act 2025, and provides detailed information about the conditions that must be met for both direct and indirect sharing of information, as well as ‘practical considerations’ for AML regulated firms. For example, whilst stopping short of setting out what technical solutions should be adopted by AML regulated firms, the guidance ‘strongly’ advises that services have clear security protocols, transparent governance arrangements, and act in compliance with the UK GDPR. Similarly, firms are advised to undertake pilot exercises with support from external bodies before rolling out new technology for direct and indirect sharing.

The guidance also contains sections on law enforcement reporting, UK GDPR compliance, and customer redress. These include a reminder to firms of the need not to breach provisions relating to tipping-off and/or prejudicing investigations, advice on how to ensure that the sharing of information complies with the UK GDPR (noting the new recognised legitimate interest under the Data (Use and Access) Act 2025 of detecting, investigating or preventing crime and apprehending or prosecuting offenders), and a recommendation to keep an audit of all information shared.

To read the updated guidance in full, click here.