On 6 April 2023, the Home Office started data sharing with the financial sector again. This was foreshadowed in a speech by Prime Minister Rishi Sunak on 13 December 2022.

Sections 40A to 40H of the Immigration Act 2014 requires banks to carry out immigration checks on all customers with a current account. If the bank discovers the person has no immigration status, they must report this to the Home Office. The Home Office can then require the bank to close the account.

These provisions came into force on 30 October 2017 but they didn’t last long. Following the Windrush scandal in 2018, use of the power was suspended. Having learned lessons from the Windrush scandal (or perhaps not), the Home Office are now re-introducing these checks. On 18 April 2023 an equality impact assessment was published providing further details on how the powers will be exercised.

So, beyond making a complaint to the Home Office when they get it wrong, what safeguards have been introduced to prevent lawful migrants, and inadvertent overstayers, from being penalised by these provisions?

Windrush safeguard

The equality impact assessment highlights that, in 2018, an age restriction was applied. Data is shared with banks only for those born on or after 1 January 1989. This is to prevent a repeat of the Windrush scandal.

However, this doesn’t go far enough. It does not protect other people who were born in the UK, have lived here all of their life, and only discover as an adult that the Home Office do not accept that they are a British citizen.

Take the following example:

Antoine is born in the UK on 20 October 2000. His mother is a French citizen lawfully resident in the UK under EU free movement law. Antoine believes he was born a British citizen. His mother was working in the UK and had been here for 4 years, which was sufficient at that time to remain permanently. Antoine later discovers that he is not a British citizen because his mother had not applied for a residence permit prior to his birth.   

There is nothing to prevent Antoine’s current account from being closed. This is not a fictional example. Antoine was refused a passport in April 2021 and judicially reviewed this decision in the High Court (Roehrig v Secretary of State for the Home Department [2023] EWHC 31 (Admin)). On 20 January 2023 his application for judicial review was refused.

The position of children born in the UK to EU citizens before October 2000 is also unclear (see Capparrelli (EEA Nationals – British Nationality: Italy) [2017] UKUT 162 (IAC)). However, this problem will soon be fixed by new legislation.

Safeguards may have been introduced to prevent the very specific circumstances of the Windrush scandal re-occurring. However there are no safeguards to prevent a very similar scandal relating to the children of EU citizens occurring in the future. 

Safeguard for people with a pending application

Breaching UK immigration law can often be perfectly innocent and inadvertent. Unfortunately, this does not prevent it having dire consequences. Visa expiry reminders aren’t sent. Applicants may only be informed that an application is invalid after their visa expires. Or the wrong type of application may be submitted.   

There is a degree of cognitive dissonance when it comes to the Home Office’s attitude towards overstaying. Visa applications from overstayers can be accepted under the immigration rules in certain circumstances. Yet, this does not shield the person from the consequences of overstaying (i.e., exposure to the hostile environment).

The equality impact assessment states that:

“Migrants who have made an immigration application or have an outstanding appeal against that application, are excluded from data-sharing. Those applying to stay in the UK on protection or humanitarian grounds, such as those seeking asylum, are also excluded from data-sharing.”

This is a significant caveat that will ensure that people in the UK without immigration status – but who have made an application to the Home Office which has not yet been determined – are not penalised.

However, again, it doesn’t quite go far enough. It only protects people who have already made an application. It doesn’t protect inadvertent overstayers. A person may not realise that they need to make an application. Perhaps they are an EU citizen who has failed to make an application under the EU Settlement Scheme. Perhaps a visa expiry date has passed without the person realising. The first sign they may have that there is a problem could be their current account being closed. There are no safeguards for people in this situation. 

Accuracy of the data being shared

Another concern many have raised is the accuracy of the date being shared with banks. As Colin highlighted in December 2022, the data on the Home Office’s system is notoriously unreliable. If the Home Office have not recorded receipt of an application, or the grant of a visa, on their system this could lead to a person’s bank account being closed when it shouldn’t be. 

In his Annual Report for 2021-2022 published on 22 March 2023, the Independent Chief Inspector of Borders and Immigration (ICIBI) highlighted that:  

“Poor recording and use of data is another longstanding theme in ICIBI inspections. My inspectors regularly find Home Office units relying on insufficient and often inconsistently maintained local spreadsheets, that legacy IT systems are overdue for upgrades and replacement, and that information in electronic case files is incomplete and difficult to access. Though the introduction of a new caseworking system (Atlas) to replace the legacy Case Information Database (CID) is held up as a major step forward, many units lack confidence that the new system will fully meet their needs. And while Atlas’s lack of free-text fields may allow for a cleaner, simpler interface, I am concerned that caseworkers’ inability to record specific details on individuals will lead to important information being lost, hindering the department’s ability to meet its post-Windrush commitment to seeing “the face behind the case” (at p.12)

But don’t worry, the equality impact assessment assures us that:

“…significant advances in the Home Office’s digital agenda have been made, building additional layers of assurance and safeguards into the data-sharing arrangements.”

These safeguards:

“…reduce the risk of any individual with permission to stay in the UK being impacted by our data-sharing.”

We aren’t told what those safeguards are or how the risk of inaccurate or incomplete data being shared has been reduced. I guess we’ll just have to trust the Home Office on that one!