EG 19.5 1Regulation of Investigatory Powers Act 2000 (RIPA)

1RIPA provides methods of surveillance and information gathering to help the FCA in the prevention and detection of crime. RIPA ensures that, where these methods are used, an individual's rights to privacy under Article 8 of the European Convention of Human Rights are considered and protected.

1Under RIPA the FCA is able to:

• acquire data relating to communications;
• carry out covert surveillance;
• make use of covert human intelligence sources (CHIS); and
• access electronic data protected by encryption or passwords.

1The FCA is not able to obtain warrants to intercept communications during the course of transmission.

1The FCA is only able to exercise powers available to it under Parts I and II of RIPA where it is necessary for the purpose of preventing or detecting crime. All RIPA authorisations for the acquisition of communications data, the carrying out of directed surveillance and the use of CHIS must be approved by a Head of Department in the Enforcement Division. Authorisation will only be given where the authorising officer believes that the proposed action is necessary and proportionate in the specific circumstances set out in the application. Consideration will be given to any actual or potential infringement of the privacy of individuals who are not the subjects of the investigation or operation (collateral intrusion) and to the steps taken to avoid or minimise any such intrusion. When considering whether the proposed action is necessary and proportionate the following non-exhaustive list of factors is likely to be relevant:

• the seriousness of the offence;
• the amount of material that might be gathered;
• the nature of the material that might be gathered;
• whether there are other less intrusive ways of obtaining the same result;
• whether the proposed activity is likely to satisfy the objective; and
• where surveillance is proposed, the location of the surveillance operation.

1Under Part III RIPA the FCA is able to require a person who holds “protected” electronic information (that is, information which is encrypted) to put that information into an intelligible form and, where the person has a key to the encrypted information, to require the person to disclose the key so that the data may be put into an intelligible form. The FCA may impose such a requirement where it is necessary for the purpose of preventing or detecting crime or where it is necessary for the purpose of securing the effective exercise or proper performance by the FCA of its statutory powers or statutory duties. In order to serve a notice under Part III RIPA, the FCA must obtain written permission from an appropriate judicial authority. The FCA does not anticipate using powers under Part III very often as it expects firms and individuals to provide information in intelligible format pursuant to requirements to provide information under the Act.

1In exercising powers under RIPA the FCA has regard to the relevant RIPA codes of practice. The Codes are available on the Home Office website: https://www.gov.uk/government/collections/ripa-codes2.

1RIPA provides for the appointment of Commissioners to oversee the compliance of designated authorities with RIPA requirements, and the establishment of a tribunal with jurisdiction to consider and determine, amongst other things, complaints and referrals about the way in which the FCA and other public bodies use their RIPA powers.