Regulations 22(2), 23(1) and 34(3)
Modifications etc. (not altering text)
C1Sch. 4 applied (E.W.S.) (6.4.2016) by The Limited Liability Partnerships (Register of People with Significant Control) Regulations 2016 (S.I. 2016/340), regs. 1(3), 4, Sch. 2 para. 4 (as amended (26.6.2017) by The Information about People with Significant Control (Amendment) Regulations 2017 (S.I. 2017/693), regs. 2, 31 (with Sch. Pt. 2))
1. The specified public authority has delivered to the registrar a statement that it intends to use the information only for the purpose of facilitating the carrying out by that specified public authority of a public function (“the permitted purpose”).U.K.
2. Subject to paragraph 3, the specified public authority has delivered to the registrar a statement that, where it supplies a copy of the information to a processor for the purpose of processing the information for use in respect of the permitted purpose, the specified public authority will—U.K.
(a)ensure that the processor is one who carries on business in the European Economic Area;
(b)require that the processor does not transmit the information outside the European Economic Area; and
(c)require that the processor does not disclose the information except to that specified public authority or an employee of that specified public authority.
3. Paragraph 2 does not apply where the specified public authority is the National Crime Agency, Secret Intelligence Service, Security Service or Government Communications Headquarters.U.K.
4. The specified public authority has delivered any information or evidence required by the registrar for the purpose of enabling the registrar to determine in accordance with these Regulations whether to disclose the information.U.K.
5. The specified public authority has complied with any requirement by the registrar to confirm the accuracy of the statements, information or evidence delivered to the registrar pursuant to this Part of this Schedule.U.K.
6. The credit reference agency—U.K.
(a)is carrying on in the United Kingdom or in another EEA State a business comprising the furnishing of information relevant to the financial standing of individuals, being information collected by the agency for that purpose;
(b)maintains appropriate procedures—
(i)to ensure that an independent person can investigate and audit the measures maintained by the agency for the purposes of ensuring the security of any information within section 790ZF(2) of the Act disclosed to that agency; and
(ii)for the purposes of ensuring that it complies with its obligations under the Data Protection Act 1998 M1, or, where the agency carries on business in an EEA State other than the United Kingdom, with its obligations under legislation implementing Directive 95/46/EC M2 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data; and
(c)has not been found guilty of an offence under—
(i)section 1112 of the Act (general false statement offence);
(ii)section 2 of the Fraud Act 2006 M3 (fraud by false representation); or
(iii)section 47 of the Data Protection Act 1998 (failure to comply with enforcement notice) in circumstances where it has used the information within section 790ZF(2) of the Act for purposes other than those described in sub-paragraphs (a) to (e) of paragraph 8.
7. The credit reference agency has delivered to the registrar a statement that it meets the conditions in paragraph 6.U.K.
8. The credit reference agency has delivered to the registrar a statement that it intends to use the information within section 790ZF(2) of the Act only for the purposes of—U.K.
(a)providing an assessment of the financial standing of a person;
(b)meeting any obligations contained in—
(i)[F1the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017];
(ii)any rules made pursuant to section 137A of the Financial Services and Markets Act 2000 M4 which relate to the prevention and detection of money laundering in connection with the carrying on of regulated activities by authorised persons; or
(iii)any legislation of another EEA State implementing [F2Directive 2015/849/EU of the European Parliament and of the Council on the prevention of the use of the financial system for the purpose of money laundering or terrorist financing];
(c)conducting conflict of interest checks required or made necessary by any enactment;
(d)providing information within section 790ZF(2) of the Act to—
(i)a specified public authority which has satisfied the conditions of paragraphs 1 and 2 of Part 1 of this Schedule; or
(ii)a credit reference agency which has satisfied the requirements of this Part of this Schedule; or
(e)conducting checks for the prevention and detection of crime and fraud.
Textual Amendments
F1Words in Sch. 4 para. 8(b)(i) substituted (26.6.2017) by The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (S.I. 2017/692), reg. 1(2), Sch. 7 para. 34(a) (with regs. 8, 15)
F2Words in Sch. 4 para. 8(b)(iii) substituted (26.6.2017) by The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (S.I. 2017/692), reg. 1(2), Sch. 7 para. 34(b) (with regs. 8, 15)
Marginal Citations
M42000 c.8; section 137A is in Part 9A which was substituted for sections 138 to 166 by section 24(1) of the Financial Services Act 2012 (c.21).
9. The credit reference agency has delivered to the registrar a statement that it intends to take delivery of and to use the information within section 790ZF(2) of the Act only in the United Kingdom or in another EEA State.U.K.
10. The credit reference agency has delivered to the registrar a statement that it will, where it supplies a copy of the information within section 790ZF(2) of the Act to a processor for the purpose of processing the information for use in respect of the purposes referred to in paragraph 8—U.K.
(a)ensure that the processor is one who carries on business in the European Economic Area;
(b)require that the processor does not transmit the information outside the European Economic Area; and
(c)require that the processor does not disclose the information except to the credit reference agency or an employee of the credit reference agency.
11. The credit reference agency has delivered any information or evidence required by the registrar for the purpose of enabling the registrar to determine in accordance with these Regulations whether to disclose the information within section 790ZF(2) of the Act.U.K.
12. The credit reference agency has complied with any requirement by the registrar to confirm the accuracy of the statements, information or evidence delivered to the registrar pursuant to this Part of this Schedule.U.K.
Textual Amendments
F3Sch. 4 Pt. 2A inserted (26.6.2017) by The Information about People with Significant Control (Amendment) Regulations 2017 (S.I. 2017/693), regs. 2, 19(2) (with Sch. Pt. 1)
12A. The credit institution or financial institution maintains appropriate procedures—U.K.
(a)to ensure that an independent person can investigate and audit the measures maintained by that institution for the purposes of ensuring the security of any information disclosed to it; and
(b)for the purpose of ensuring that it complies with its obligations under the Data Protection Act 1998, or, where the institution carries on business in an EEA State other than the United Kingdom, with its obligations under any other legislation implementing Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
12B. The credit institution or financial institution has delivered to the registrar a statement confirming that it is a credit institution or, as the case may be, a financial institution, and that it meets the conditions in paragraph 12A.U.K.
12C. The credit institution or financial institution has delivered to the registrar a statement that it intends to use information only for the purpose of applying customer due diligence measures to the company in relation to which the information is secured, in accordance with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.U.K.
12D. The credit institution or financial institution has delivered to the registrar a statement that confirms the name and registered number of the company it is entering a transaction with which requires the institution to apply customer due diligence measures under those Regulations.U.K.
12E. The credit institution or financial institution has delivered to the registrar a statement that it intends to take delivery of and to use the information only in the United Kingdom.U.K.
12F. The credit institution or financial institution has delivered to the registrar a statement that it will, where it supplies a copy of the information to a processor for the purpose of processing the information for use in respect of the purpose referred to in paragraph 12C—U.K.
(a)ensure that the processor is one who carries on business in the European Economic Area;
(b)require that the processor does not transmit the information outside the European Economic Area; and
(c)require that the processor does not disclose the information except to the credit institution or financial institution.
12G. The credit institution or financial institution has delivered any information or evidence required by the registrar for the purpose of enabling the registrar to determine in accordance with these Regulations whether to disclose the information.U.K.
12H. The credit institution or financial institution has complied with any requirement by the registrar to confirm the accuracy of the statements, information or evidence delivered to the registrar pursuant to this Part.]U.K.
13. In this Schedule—U.K.
(a)“processor” means any person who provides a service which consists of putting information into data form or processing information in data form and any reference to a processor includes a reference to the processor's employees;
(b)“public function” includes—
(i)any function conferred by or in accordance with any provision contained in any enactment M5;
(ii)any function conferred by or in accordance with any provision contained in the EU Treaties or any EU instrument;
(iii)any similar function conferred on persons by or under provisions having effect as part of the law of a country or territory outside the United Kingdom; and
(iv)any function exercisable in relation to the investigation of any criminal offence or for the purpose of any criminal proceedings;
(c)any reference to an employee of any person who has access to information within section 790ZF(2) of the Act includes any person working or providing services for the purposes of that person or employed by or on behalf of, or working for, any person who is so working or who is supplying such a service; and
(d)any reference to the disclosure for the purpose of facilitating the carrying out of a public function includes disclosure in relation to, and for the purpose of, any proceedings whether civil, criminal or disciplinary in which the specified public authority engages while carrying out its public functions.
Marginal Citations
M5See section 1293 of the Act for the meaning of “enactment”; section 1293 was amended by section 90(4) of the Small Business, Enterprise and Employment Act 2015 (c.26).