Data Breaches Neutral 5

866k SARs at risk: Reform demands NCA probe into insider data leak

· 4 min read · Verified by 2 sources ·
Share

Key Takeaways

  • Amid 866,616 SARs flagged in a year, Reform UK claims the NCA may have suffered an insider data breach that exposed Richard Tice’s financial intelligence to the press.
  • The incident highlights cybersecurity vulnerabilities in handling highly sensitive anti-money laundering reports.

Mentioned

Richard Tice person National Crime Agency organization George Cottrell person Fiona Cottrell person Tisun Investment company Reform UK organization Britain Means Business organization The Guardian organization

Key Intelligence

Key Facts

  1. 1Richard Tice wrote to the NCA Director General calling for an inquiry into whether the agency leaked his Suspicious Activity Report data to the Guardian.
  2. 2Tisun Investment, Tice's company, received an £80,000 loan from George Cottrell in late 2024.
  3. 3Britain Means Business, a think tank owned by Tice, accepted a £1 million donation from Fiona Cottrell in June 2024 and donated £500,000 to Reform UK the same month.
  4. 4The NCA's SARs programme flagged 866,616 cases in 2024/25, underscoring the scale of the anti-money laundering reporting system.
  5. 5The NCA refuses to confirm or deny receipt of SARs, warning that breaching confidentiality risks a 'tipping off' offence under the Proceeds of Crime Act.

Who's Affected

National Crime Agency
organizationNegative
Richard Tice
personNegative
SARs Reporting System
systemNegative
Insider Threat Alert
SARs flagged in 2024/25
866,616

Total volume of suspicious activity reports that year, any of which could be vulnerable to a similar breach

Analysis

Leaking a Suspicious Activity Report is not just a legal violation – it’s a classic insider threat event. The Reform UK case points to a potentially severe cybersecurity failure at the NCA: an employee or third party may have exfiltrated one of the UK’s most sensitive classes of financial intelligence and fed it to a journalist. For CISOs and threat analysts, this scenario raises urgent questions about access controls, logging, and monitoring within law enforcement’s data-sharing ecosystems.

Reform UK Deputy leader Richard Tice has formally written to the National Crime Agency (NCA) Director General, requesting an investigation into whether the agency itself is the source of a leak of his private financial information to the Guardian newspaper. The alleged leak concerns Suspicious Activity Reports (SARs) filed under the UK's anti-money laundering regime – a system designed to flag potential money laundering in complete confidence. Tice claims he only learned that his organisations' payments had been flagged when approached by the Guardian, and Reform UK believes the newspaper's information likely originated from within the NCA.

In late 2024, his company Tisun Investment received a £80,000 loan from George Cottrell, a close ally of Reform leader Nigel Farage.

The payments in question involve two entities linked to Tice. In late 2024, his company Tisun Investment received a £80,000 loan from George Cottrell, a close ally of Reform leader Nigel Farage. Separately, in June 2024, Tice's think tank Britain Means Business received a £1 million donation from Cottrell's mother, Fiona. The same month, the think tank donated £500,000 to Reform UK, according to Electoral Commission data. These transactions triggered SARs notifications to the NCA – one of 866,616 such reports received in 2024/25. The SARs system is foundational to the UK's financial crime detection infrastructure, yet its effectiveness depends on absolute confidentiality; breaching that confidentiality constitutes a 'tipping off' offence under the Proceeds of Crime Act (POCA), which can itself be a criminal matter.

The NCA's response has been one of firm institutional opacity: "The NCA does not confirm or deny the receipt of suspicious activity reports, nor comment on how any SAR is used. SARs are confidential and breaching that confidentiality risks committing a tipping off offence under the Proceeds of Crime Act." This standard posture, while legally proper, leaves unanswered the question of whether an internal breach occurred. If the leaked information did come from the NCA, it would represent a serious violation of POCA and could undermine confidence in the SARs regime among the financial institutions, lawyers and accountants required to file reports. It would also expose the agency to potential legal liability and reputational damage.

What to Watch

The political context magnifies the sensitivity. George Cottrell, who provided the £80,000 loan, is at the centre of a separate row over allegations that he supplied Nigel Farage with security and social media staff before Farage became an MP, which may have declaration implications under parliamentary rules. The leak connects a web of donations, loans and party funding that touches the leadership of a major political party. For the NCA, an investigation into itself would be politically charged; for Reform, the leak comes amid heightened scrutiny of its funding sources and transparency. If the NCA declines to investigate, Tice may escalate the matter to an independent body such as the Investigatory Powers Commissioner's Office or the Information Commissioner's Office, raising questions about oversight of law enforcement agencies' handling of SARs data.

Looking ahead, the incident will likely fuel calls for a review of SARs confidentiality safeguards and internal access controls within the NCA. For the financial services industry, it serves as a stark reminder of the fragile trust underpinning the anti-money laundering disclosure regime. For politicians, it signals that private financial information held by state agencies can surface in the media with damaging consequences. Whether the NCA opens an internal inquiry, refers itself to an external watchdog, or dismisses the request altogether will shape the next phase of this unfolding story. In any case, the episode highlights the tension between the state's investigative powers and the privacy rights of individuals caught in the SARs net.

Sources

Sources

Based on 2 source articles

How we covered this story

Every story in our cybersecurity coverage is assembled from multiple primary sources, cross-referenced for factual consistency, and scored along three independent dimensions: sentiment, operational impact, and source-cluster confidence. Single-source rumors and unverifiable claims do not pass our editorial gate. When a story shows "Verified by N sources" with N≥2, the development is independently corroborated; when N=1, we mark it explicitly so readers can weigh the signal accordingly.

Impact scoring uses a 1-10 scale weighted toward regulatory, financial, and operational consequence rather than coverage volume. A topic that runs in every outlet but moves no real decisions ranks lower than a niche regulatory filing that reshapes how operators in the cybersecurity space have to behave. Read our full methodology for the scoring rubric, our glossary for term definitions, and our trends index for the longitudinal view across the beat.