Memorandum by the Home Office
CRIMINAL RECORDS BUREAU
This memorandum briefly outlines the background
to the establishment of the Criminal Records Bureau, and describes
recent developments and current plans for establishing the Bureau.
2. In 1990, the Home Affairs Committee inquired
into various issues with regard to criminal records, including
complaints that records were inaccurate, and that there were difficulties
in obtaining criminal records for the courts and the Probation
Service. The recommendations in the Committee's report included
the creation of a statutory agency independent of the police to
maintain the National Collection of Criminal Records, which would
be responsible for providing criminal records for vetting purposes,
in accordance with prescribed principles as to who might have
access to such information, and in what circumstances.
3. The Committee's report further recommended
that the police should pay for the service that it received from
the new agency, and Government Departments and other users should
also contribute towards the cost, according to their use of the
4. In its reply, the then Government said
that it was not yet persuaded of the need to establish a statutory
agency. But it did accept that, before the National Collection
was computerised, arrangements for the collection, recording and
provision of criminal records should be reviewed, to ensure that
the needs of the police, courts and others were adequately served.
It was already the stated intention of the Home Office to examine
the arrangements for the maintenance of, and disclosure from,
the national collection of criminal records, and the outcome of
this would inform consideration of where responsibility should
lie. The funding of any new arrangements would be among the issues
5. A 1991 report of an Efficiency Scrutiny
similarly concluded that the disclosure of criminal records should
be extended, within limits and subject to safeguards. Again, the
report recommended that an agency should be responsible for maintenance
of criminal records and for disclosure, and that this should be
self-financed by means of charges made of its customers.
6. The then Government welcomed the report.
It noted that a great deal of more detailed work needed to be
done and announced its intention to publish a consultation paper
on disclosure arrangements.
7. The subsequent consultation paper set
out a package of proposals for wider disclosure of information
from criminal records.
Referring back to the Home Affairs Committee report and the Efficiency
Scrutiny, the paper envisaged that an independent agency would
be responsible for disclosure, self-financed by payments by those
requiring checks. Applications would be made by individuals rather
than by employers, in the interests of confidentiality.
8. Finally, firm Government proposals were
published in a White Paper.
The main elements were again the establishment of an agency to
be responsible for disclosure of information in a wider range
of circumstances. The agency would be self-financed by means of
charges made for checks.
9. Part V of the Act defines the framework
for disclosures to be made, on application by the individual subject
of a check. It provides for three levels of disclosure, according
to the circumstances of the case:
criminal conviction certificates
are appropriate in the generality of cases in which no special
circumstances arise. Such certificates will contain details of
convictions which are held centrally on the Police National Computer
(PNC) and which are not "spent" under the terms of the
Rehabilitation of Offenders Act 1974;
criminal record certificates
relate principally to people in professions (such as barristers
and accountants) and in sensitive posts (such as working with
young people under 18 and other vulnerable persons). Such positions
are covered by the Exceptions Order under the Rehabilitation of
Offenders Act and employers are entitled to ask for information
about spent convictions. These certificates will therefore show
both spent and unspent convictions, as well as cautions, reprimands
and warnings, recorded centrally on the PNC.
In addition, where an application concerns a
position working with young people under 18 or vulnerable adults,
then, by virtue of subsequent amendments made by the Protection
of Children Act 1999 and the Care Standards Act 2000, these certificates
will also show whether the applicant appears on lists maintained
by the Department for Education and Employment, of people barred
from working in schools, or by the Department of Health, of people
considered unsuitable to work with children or with vulnerable
adults. These checks will be carried out under a "one-stop
shop" arrangement; and
enhanced criminal record certificates
relate to a subset of people covered by the Exceptions Order
who are in positions of special sensitivity. These include judicial
appointments, certain licensing functions in relation to gaming
and lotteries, and persons who are regularly involved in caring
for, training, supervising or being in sole charge of young people
under the age of 18, or of vulnerable adults. In these cases,
in addition to information available on criminal record certificates,
enhanced criminal record certificates will include relevant information
held in local police records.
10. In the case of criminal conviction certificates,
the individual will be able to apply direct. But, as regards the
other levels of certificate, an application must be countersigned
by a person who is registered for this purpose. The registered
person must confirm that the application meets the relevant criteria
for the level of certificate requested. The registered person
is to be provided with a duplicate copy of a criminal record certificate
or an enhanced criminal record certificate, as issued to the individual
11. Regulations are to be made to prescribe
such matters as the form of application, the details to be shown
in certificates, the maintenance of the register of persons authorised
to countersign applications for higher-level certificates, and
the levels of fees to be charged.
12. Provision is made for the publication
of a code of practice in connection with the use of information
provided to registered persons. The code is to be laid before
Parliament as soon as practicable after publication.
13. Provision is made for a range of offences
concerned with the falsification, alteration or misuse of certificates,
with the making of false statements, and with the disclosure of
information except to prescribed persons.
THE 1997 ACT
14. On 14 December 1998, the Government
announced that it had decided to implement Part V of the 1997
Act by establishing the Criminal Records Bureau.
The Bureau was to be under the management of the United Kingdom
Passport Agency, and was to be set up under public private partnership
15. On 16 December 1999, the Government
made a further announcement following a review of the timetable
and the management arrangements for the CRB.
This stated that the Bureau would operate as a separate business
unit, with its own Business Plan and Annual Report. The Chief
Executive of the Passport Agency would be the Chief Executive
of the Bureau also, and some administrative support functions
would be provided by the Passport Agency. The Bureau would operate
within the framework of a Public Private Partnership. The target
was to award a contract to the private sector partner around the
middle of 2000, and to begin issuing higher level certificates
around July 2001 and to be issuing all three levels of certificates
by around July 2002.
16. The contract with the private sector
partner, Capita, was signed on 4 August 2000. This followed a
rigorous tender process.
17. The CRB's operations will be heavily
reliant on IT. Although it is probably inevitable that, initially,
many applications will be in paper form, the aim will be to move
as quickly as possible towards electronic processes.
18. Capita's role will be to deliver, manage
and own the technical solution, and eventually to operate a large
proportion of the application process. The latter will include
running a call centre to deal with applicants' queries and to
initiate the application procedure itself; receiving and processing
applications and handling the associated fees; and, at the end,
printing and despatching the disclosure document.
19. Alongside, a core staff of civil servants
will handle more sensitive enquiries, and cases that throw up
policy issues or other problems needing judgement and resolution,
and will be responsible for managing and monitoring the overall
20. Accommodation for the CRB has been identified
in Liverpool and a lease has been signed. Capita staff and the
core CRB team of civil servants will be co-located.
21. The next major milestone in the programme
is the commencement of registration, in April.
22. It remains the aim to begin issuing
higher level certificatesboth criminal record certificates
and enhanced criminal record certificatesin the summer.
23. Work on developing the CRB is being
undertaken under PRINCE principles for project management. The
work is steered, supported and monitored by a committee structure.
The Programme Board, chaired by the Chief Executive, is the senior
executive committee responsible for planning the establishment
of the Bureau. The Management Board, alongside it and also chaired
by the Chief Executive, is responsible for matters concerning
the staffing of the Bureau, and for finance, and will become the
executive board responsible for the CRB once it becomes operational.
An Advisory Board, on which are represented key stake-holders
including the police, the DfEE, the DoH and the voluntary sector,
and which includes two non-executive members from the private
sector, is responsible for overseeing and advising Ministers on
the programme as a whole.
24. Other committees include a regular liaison
group with the police; and a Customer Forum, on which are represented
a wide range of interested organisations and which provides a
bridge between the CRB and its future clients.
25. Information and marketing are important
facets of the process of establishing the Bureauensuring
that future users of the CRB's services, potential registered
persons, and other interested parties are kept fully informed
of progress. Information leaflets have been producedspecimens
of a corporate brochure, and a brochure targeted more specifically
at potential registered persons, are at annex A and annex B respectively.
Two series of a total of twenty seminars will be held throughout
England and Wales between February and June, to inform, and raise
awareness among, potential registered bodies about the registration
process. A major introductory event to launch this programme was
held in London on 11 January. The aim is that as many relevant
bodies as possible will have been registered in time for the process
of issuing certificates to begin.
26. Most registered bodies will be employers
and voluntary organisations. But for many smaller employers and
organisations, registering in their own right will not be the
most appropriate course. Discussions have therefore been held
designed to initiate the establishment of a network of organisations
prepared to act as registered bodies on behalf of smaller users
of the CRB's services. It is hoped that local authorities, and
lead organisations identified within the voluntary sector, will
be able to undertake this role.
27. The CRB's service will operate under
the "brand name" Disclosure. This has been arrived at
on the advice of marketing specialists. Most applicants for the
CRB's service will have no criminal convictions, and no other
information recorded against them. In the circumstances, it has
been considered preferable to avoid the use of the word "criminal",
and to adopt Disclosure as a term which, while capturing the essence
of the service, appears less judgmental.
28. In turn, alternative terminology has
been adopted for the documents that the CRB will issue:
criminal conviction certificates
will be known as Basic Disclosures;
criminal record certificates will
be known as Standard Disclosures; and
enhanced criminal record certificates
will be known as Enhanced Disclosures.
But the documents will make it clear that they
are being issued under the terms of the Police Act 1997.
29. The start-up costs of implementing the
Bureau are being funded partly through the Home Office vote and
partly by Capita.
30. The Department has planned provision
across the three financial years 1999-2002 for expenditure of
around 10 million.
31. Capita are responsible for funding all
their set-up costs (including capital investment) as well as on-going
operating costs, and will be paid a fee per disclosure processed.
32. The Bureau is funding the start-up costs
of police forces, in order to ensure that they can provide an
effective searching service on behalf of the CRB.
33. Fees will be set to recover the costs
of providing the services, once the processing of applications
commences. These will need to cover the costs of Capita, of data
sources (such as police forces, PNC, DfEE and DoH), core CRB staffing,
accommodation, IT and other costs. Demand is expected to be at
a low level initially and to build up; and basic disclosures will
not begin to be issued before 2002. Consideration is being given
to the fees regime and the length of time before full cost recovery
can be achieved given that income will build up progressively
from a low level initially. Discussions are also in progress with
Treasury over a "net" funding regime for CRB that will
enable receipts to be appropriated in aid of expenditure in a
way that will support the demand-led nature of the business.
34. Service levels have been set in the
contract with Capita, and are being set in service level agreements
with police forces and other data sources, in support of the overall
targets set out in the 5-year Corporate & Business Plans.
The Bureau's core resourcing will similarly be set at levels which
support the achievement of targets.
35. The level at which fees are set will
need to take into account continuing work to determine the Bureau's
costs. It is hoped to make an announcement about fee levels shortly.
36. As will be clear from the background
information earlier in this memorandum, it has always been intended
that the cost of arrangements for increased disclosure from police
records should not be an added burden on the taxpayer, but should
be met by charges made of those making use of the service. Concerns
about charges for the voluntary sector are well recognised and
are being considered. However, waiving or reducing fees for the
voluntary sector would inevitably mean imposing an additional
burden on the taxpayer, or on other users of the Bureau's services.
37. The Department noted with interest the
announcement in December that, in Scotland, volunteers working
with children in voluntary organisations will not be charged for
Standard and Enhanced disclosures, which, as explained later in
this paper, will be made by the Scottish Criminal Record Office
rather than the CRB. It is open to devolved administrations to
take a different view from the Government in Westminster. Decisions
in England and Wales must be taken in the light of circumstances
38. Some volunteers and voluntary organisations
are used to being charged for police checks. It is understood
that some organisations which have arranged checks through local
authorities have been charged a fee by the local authority. Some
organisations have taken advantage of the subject access provisions
under the Data Protection Act, under which a person can obtain
a printout showing spent and unspent convictions on police records,
for a fee of £10. Such enforced use of subject access provisions
will no longer be permissible once the full service is available
from the CRB since it can lead to inappropriate disclosure of
39. The Government has made clear its determination
that fees should be set no higher than the minimum level necessary
to recoup costs.
40. The Department has made clear that,
before regulations are made which, amongst other things, will
set the level of fees to be charged by the CRB, a regulatory impact
assessment will be conducted. This will address the implications
for voluntary organisations and others using the Bureau's services.
41. The initial stage in this process was
to circulate questionnaires to a cross-section of voluntary organisations
and others, in order to obtain detailed information about their
circumstances. A list is given at annex C of organisations contacted
directly. Some of these have cascaded the questionnaire form to
others who have completed and returned it.
42. The information in these returns will
be drawn upon in preparing the regulatory impact assessment. Work
on this is underway and the aim is to have the main document ready
for issue for wider consultation by around the middle of February.
43. The Department has attached particular
importance to consulting voluntary organisations and others who
will be users of the CRB's services, or who have a wider interest
in the service that the CRB provides.
44. The main channel of communication has
been the Customer Forum. This brings together representatives
of a wide range of interests, including the voluntary sector (such
as the National Council for Voluntary Organisations, the National
Council for Voluntary Child Care Organisations, and the National
Council for Voluntary Youth Services), childcare organisations
(the National Society for the Prevention of Cruelty to Children,
and NCH Action for Children), the statutory sector (the Local
Government Association, the NHS Executive), the TUC, sports bodies
(represented by Sport England and the Amateur Swimming Association),
NACRO, the Chartered Institute for Personnel and Development,
the Financial Services Authority, and Liberty.
45. Meetings of the Forum provide an opportunity
to update the members on recent and forthcoming developments and
to obtain their reactions. The Forum has met on six occasions
since its inaugural meeting in October 1999. In addition, members
are encouraged to feed in written comments on papers.
46. The Forum has been consulted on a number
of issues such as service standards for the Bureau, the contents
of disclosure documents, the acceptability and portability of
such documents, and guidance for employers.
47. The draft code of practice for registered
bodies (see, further, paragraphs 64-65 below) and the definition
of the term "vulnerable" in relation to enhanced level
disclosures have been the subject of wide consultation, with over
500 organisations invited to comment.
48. As already noted, a number of organisations
including the Local Government Association and the National Council
for Voluntary Organisations have been consulted about the development
of a network of registered bodies to meet the needs of smaller
users of the CRB's service.
49. There is continuing dialogue with NACRO,
the Chartered Institute for Personnel and Development, the APEX
Trust and others, about the development of guidance for employers
about the use of the CRB's services in the recruitment process.
50. In addition, there have been ad hoc
meetings at both Ministerial and official levels with the National
Council for Voluntary Organisations, and with individual bodies
such as the Central Council for Physical Recreation, the Scout
Association, the Guide Association, and the National Association
of Clubs for Young People. The NCVO represents the voluntary sector
on the Advisory Board which oversees and advises Ministers on
the CRB programme as a whole.
51. Consultation is also undertaken by other
departments. For example, the DfEE regularly consults teacher
unions and representatives of employers in the education service
about the new arrangements and progress towards implementing the
CRB. The DfEE is also consulting groups representing school governors
and teacher training institutions.
52. The PNC will be the main source of data
upon which the CRB will draw. The principal source will be Phoenix,
the national criminal records database, which is an application
of the PNC and which contains personal data about offenders and
details of convictions.
53. The Department is fully aware of concerns
that have been expressed about delays in inputting data onto the
PNC, and about possible inaccuracies. Indeed, Home Office reports
have drawn attention to this. The Department welcomes action that
has been initiated by the Association of Police Officers to address
54. In the light of a report by the then
Police Research Group,
the ACPO Standing Sub-Committee on Records set up a working group
to examine the issue. This produced a Compliance Strategy designed
to improve data quality on the PNC. It includes quantified performance
indicators as to both timeliness and accuracy. For example, the
standard is for the police to enter all court case results within
72 hours of the information reaching the police. Hitherto, performance
on such aspects by individual police forces has varied considerably.
55. The Strategy has since been ratified
within ACPO and it was distributed to all forces in June 2000.
It was quoted with approval in a subsequent report of a thematic
inspection carried out by HM Inspectorate of Constabulary,
which also contained examples of good practice in the operation
and management of IT systems. All forces have been required to
submit, by February, position statements and action plans for
implementing the ACPO Compliance Strategy.
56. This raises two issuesnamely,
the measures to be taken to authenticate an applicant's true identity
to avoid fraud by misrepresentation, and the security measures
of the Disclosure document itself to prevent forgery and tampering.
(a) Measures to authenticate an applicant's
57. As to the first, the aim is to put in
place arrangements for identity authentication which will provide
a high level of confidence that an applicant is who he or she
purports to be, in order to reduce vulnerability to fraud through
misrepresentation. The arrangements need to be viable for a service
that will handle high volumes of transactions, and strike an appropriate
balance between the needs of security, data protection and privacy.
58. The CRB's arrangements are primarily
based upon electronic sources of data, and aim to deliver a level
of confidence through both width of information (ie, how many
other data sources also record this identity?) and depth (ie,
how far back is it possible to confirm this identity?). The CRB
will access data held within the public domain, such as the electoral
roll, as well as private sources of data through a commercial
relationship with a company which provides similar services to
the credit and retail industries
59. For high-level Disclosures (Enhanced
and Standard), employers will be able to assist in the process.
It is reasonable to expect that employers engaging staff for sensitive
positions such as working closely with children or vulnerable
adults will wish to seek corroborative evidence of identity, such
as passport or driving licence.
60. The CRB has also recognised the problems
associated with the re-direction of mail (so-called "piggy
backing of identity") and is designing processes to reduce
the risk of this type of fraud.
61. The CRB is keeping in touch with the
Office of the Data Protection Commissioner, and draws on the expertise
there in designing arrangements to detect and prevent identity
(b) Security of the Disclosure document
62. The Disclosure document is designed
as a secure document and incorporates a number of security features
to combat forgery and tampering. The advice of private and public
sector experts has been taken in determining the security features
of the Disclosure document.
63. Fundamentally important aspects of the
arrangements that will operate under the CRB, compared to those
that apply under current arrangements for police checks, are that:
it is the individual to be checked
who must initiate an application to the CRB. Employers, voluntary
organisations and others have no right to do so; and
the individual applicants will receive
the Disclosure document and will thus know exactly what information
the document contains in relation to them. If an error has occurred,
they will be able to challenge it at once, and the CRB is putting
in place arrangements to enable such disputes to be resolved speedily.
64. It is important that conviction and
other sensitive personal information in the possession of registered
bodies or employers is handled, stored and used sensibly, and
is only seen by those people who are entitled to see it. Employers
wishing to receive information in Standard and Enhanced Disclosures
will need to register with the Bureau in advance, or use the services
of another body which is registered. Those registering with the
CRB will be expected to comply with the code of practice that
is currently being prepared by the Bureau.
65. The most recent version of the draft
code, and accompanying explanatory notes, has been the subject
of extensive consultation, with copies circulated to some 500
interested parties. A copy of the consultation documents is attached
at annex D. The draft code places a number of obligations upon
employers or registered bodies in connection with the use of information
released by the Bureau. Employers are required to:
observe guidance issued by the Bureau
to weigh carefully the relevance of conviction or other details
provided in making recruitment decisions;
have a written policy on the recruitment
guide recruitment staff on the provisions
of the Rehabilitation of Offenders Act;
satisfy themselves about the identity
of job applicants;
have a written policy on the security
and handling of Disclosure information; and
destroy copies of Disclosure documents
once the recruitment process has been completed.
The responses to the consultation exercise are
currently being considered.
66. The Government is firmly committed to
a policy that no-one should be unfairly discriminated against,
in terms of employment, the provision of services, and amenities
because they have been convicted in the past. This policy underpins
the approach followed by the CRB. The Department maintains close
contact with the DfEE, the Employment Service, the Probation Service,
the Prison Service and other interested parties in this matter.
The DfEE has commissioned research by the National Institute for
Economic and Social Research into barriers to employment for offenders
and ex-offenders. The study will be published in the summer. The
DfEE, in partnership with others, will use the results of the
research to help minimise any unfair discrimination against ex-offenders.
The Department will keep in close touch with this work, with initiatives
by the Prison Service and the Probation Service, and with work
which organisations such as NACRO, the Chartered Institute for
Personnel and Development and the APEX Trust have in hand to prepare
guidance for employers, in order to inform policy and practice
on the CRB.
67. The CRB will operate in England and
Wales. In Scotland, broadly equivalent arrangements are being
put in place by the Scottish Executive through the Scottish Criminal
Record Office (SCRO). Consideration is being given to the arrangements
to be made in Northern Ireland.
68. Arrangements are being made for the
CRB to be able to capture information in respect of the UK as
a whole to avoid the need for someone who has been resident in
different jurisdictions to make more than one application. The
CRB and the SCRO implementation projects are maintaining close
contact to ensure a commonality and consistency of approach and
customer interface wherever practicable. This includes collaboration
with regard to guidance, and the content and format of both application
forms and Disclosure documents. But there will inevitably be differences
of detail in the implementation arrangements.
69. Arrangements under which people can
obtain information for employment purposes operate in many other
countriesoften through the police or a local civic authority.
The CRB is not empowered under Part V to conduct enquiries of
authorities outside the United Kingdom. However, work will be
undertaken to build up information about contact points in other
countries, for the benefit of the CRB's own clients.
70. From a very early stage in the programme,
risk management arrangements have been in operation. A risk register
has been drawn up, risk review meetings have been held regularly,
and information has been submitted to the Programme Board.
71. The detailed arrangements have been
kept under review in the light of developments. For example, soon
after the contract was awarded to the private sector partner,
a new risk register was compiled which covered both the Agency
72. In the light of advice from PA Consultants,
new risk management procedures have taken effect this month under
which Project Managers are more clearly responsible for risk management
within their projects. There are now 10 projects within the CRB
Implementation Programme. Each project will have a Project Board,
which will meet twice monthly, focusing on risks to the project
concerned. Each project will produce risk and issues registers,
which will be reviewed regularly. (Most projects have such documents
already in place, but they require refinement.) Programme checkpoint
meetings will be held monthly to review programme risks. An Implementation
Management Board will meet weekly and will include within its
remit a high level review of programme risks and the management
of these risks.
73. The Programme Risk Register focuses
risks that cannot be managed within
a specific project;
significant project risks that will
impact upon the programme as a whole; and
risks in exception (ie not managed,
running late, etc).
74. Mitigation actions and contingency measures
to address significant risks are under continuous review and development.
Mitigation actions are included within project and programme plans.
75. A document has been produced to provide
a basis for development of Operational Business Continuity and
Programme Contingency Plans. This will be developed within a dedicated
project involving core CRB and Capita personnel.
76. Every effort is being made to ensure
that the CRB becomes operational on time. But it has always been
recognised that, in a complex programme of this type, delay is
possible. In broad terms, the consequences would be that the police
would have to continue to provide their current service to those
who are entitled to receive it. Those not currently able to gain
access to criminal record data would have to wait until the CRB
went live. There would also be financial consequences.
77. Delay is clearly undesirable. However,
the CRB service cannot and will not be allowed to go live until
systems have been fully developed and tested and there is a high
degree of confidence in the service being delivered to appropriately
24 January 2001
1 Third Report, Session 1989-90, HC 285, paragraphs
Paragraph 42. Back
Criminal Records, Cm 1163, July 1990, pp 6-7. Back
The National Collection of Criminal Records, report of an Efficiency
Scrutiny, Home Office, 1991. Back
Hansard, 22 October 1991, cols 531-532W. Back
Disclosure of Criminal Records for Employment Vetting Purposes,
September 1993, Cm 2319. Back
On the record, June 1996, Cm 3308. Back
Hansard, col 356W. Back
Hansard, cols 271-272W. Back
Phoenix Data Quality, Home Office, 1998. Back
On the Record, Home Office, July 2000. Back