Placeholder Picture

SYSC326 may acquire sensitive information concerning your business or affairs in the course of delivering Services. We maintain strict controls over access to information and comply with obligations imposed by The Data Protection Act (DPA) 2018, as amended by The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (providing alignment with requirements of the EU General Data Protection Regulation ('GDPR')).


This policy relates to personal data provided to SYSC326:


For all data protection enquiries, including Subject Access Request ('SAR'), please contact our Data Protection Officer ('DPO'):

  • By post: SYSC326, Fergusson House, 124 City Road, London, EC1V 2NX.
  • Email: 
  • If you would prefer to speak to us by phone, please call 020 7060 2780

What is personal data?
Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

What does processing mean?
Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Useful links
Personal data - ICO Guidance
Data Protection Register - SYSC326

Subject Access Request - Form


SYSC326 takes privacy seriously and is committed to protecting your data:

Where we store personal data

Information is stored securely and usually on encrypted media:

Personal data you provide

This relates to information about you (provided voluntarily), such as, via:

Personal data received from other sources

We might receive personal data from a third party or open source:

  • Third parties might include current or former employers, persons providing character references, clients and their advisors, etc.
  • Open-source includes media and press-reporting, public information published by regulatory bodies, public registries (e.g., Companies House, Land Registry, etc.)
  • Information is assessed for relevance to a particular client engagement.

Others who might receive or access personal data

We might disclose personal data to a third party, agent, or sub-contractor, where relevant and reasonable:

Retention period of personal data before disposal

The following is a general guide. Details applicable to a particular client engagement may differ:

  • If civil or criminal proceedings are not anticipated (e.g. industrial tribunal, civil suit or criminal prosecution linked to a data subject) - Data is usually deleted 6 months after completion of service delivery.
  • If civil or criminal proceedings are anticipated - Data retention periods may be influenced by the timeframe for concluding proceedings.
  • Responding to an information request might also influence normal retention periods (e.g. Client insurers or legal advisors in asset tracing matters).
  • Any request to extend the retention period in a particular instance must be submitted in writing to SYSC326, with a relevant supporting rationale.

Accessing your personal information
Data protection law entitles you to ask to see a copy of the personal data that we hold about you, via a Subject Access Request ('SAR') - See above link

Who can submit a SAR
To ensure we only disclose details of data held to the Data Subject (or appointed representatve), applications must be accompanied by proof of identity and address.

Proof of identity & address
To ensure any disclosure of data is to the appropriate person, you will need to provide a copy of identification (e.g. Passport, Driving Licence,etc.) and proof of address (e.g. utility bill).

Our Specialist Focus
Placeholder Picture
Useful links
SYSC326 Home Page
FCA - Financial Crime Guide

OFSI - Sanctions Guidance 

HMRC - AML Guidance

JMLSG Guidance

Law Society - AML Guidance

Frequently Asked Questions