On 3rd July, Allen & Overy published a useful and interesting briefing saying that a recent case throws up some interesting issues concerning when it is OK (and when it is not OK) to breach confidence in order to report suspected criminality. The case concerned some private investigators who decided to report their clients for suspected criminal conduct, rather than keep confidential the results of their investigation. The private investigators had signed a retainer containing strict confidentiality provisions with another entity acting on behalf of the FBME bank. They relied on the public interest defence, and it was common ground that the starting point when looking at the public interest defence is the ‘defence of iniquity’. However, the court drew a distinction between regulators and law enforcement agencies in the UK and US, finding that disclosures to law enforcement agencies were not capable of attracting the defence of public interest and were therefore a breach of confidence – on the other hand, disclosures to regulators in the relevant countries (Tanzania and Cyprus in this case) would have been capable of falling within the defence. The private investigators were also found in breach for failing to notify the supply of information to a third party, and failing to deliver up confidential documents if requested. A problem highlighted was the wide-ranging scope of the disclosure made – the “dumping” of all the information obtained on law enforcement – if the disclosure had been more focused, the court felt some of it might have been justified on public interest grounds. The article concludes that there is no general duty to report suspicions or knowledge of criminality by a third party – though those who operate in a regulated sector may have specific requirements upon them to report suspicions of money laundering or terrorist financing. For others, whether or not to report suspicions is a matter of choice, and in any case, disclosure should be targeted and must evidence the allegation(s) made.