Information Tribunal upholds OFSI reliance on NCND to protect sanctions licence applications
Information Law, Public Law and Judicial Review
In Hinkel v Information Commissioner & HM Treasury [2025] UKFTT 00611 (GRC), the First-tier Tribunal upheld HM Treasury’s decisions neither to confirm nor to deny (NCND) whether named legal professionals or entities had applied for financial sanctions licences from the Office of Financial Sanctions Implementation (OFSI), part of HM Treasury.
The request sought to establish whether various named legal professionals and insurers had applied for or received OFSI licences in connection with a failed property transaction.
The Tribunal accepted HMT’s position, advanced by Richard Hanstock, that confirming or denying the existence of any such application would reveal personal data relating to identifiable individuals (including sanctioned individuals) and was therefore exempt under section 40(5B) FOIA.
It rejected the Information Commissioner’s narrower approach and agreed that the same protection extends to corporate applicants where individuals are clearly associated with them (paras 54–55).
The Tribunal also affirmed the fundamental confidentiality of the sanctions licensing process. The existence (or otherwise) of an application was held to attract protection under section 41(2) as information provided in confidence. The decision emphasises that OFSI licences frequently involve sensitive personal, financial, and commercial information. The Tribunal endorsed HMT’s submission that sanctions licensing matters are “inherently […] highly confidential” (para 67) and warned that disclosure could undermine the candour and trust necessary to maintain the integrity of the UK’s sanctions regime, finding that-
“Confidentiality is essential to the proper functioning of the licensing system” (para 69).
The Tribunal also considered that a loss of control over confidential information may itself be sufficient to give rise to an actionable breach of confidence, reflecting a modern approach to information rights (see paragraph 56 of the ICO Guidance on section 41):
“It may be that the law now treats any unauthorised disclosure as inherently detrimental” (para 72).
The Tribunal was critical of the appellant’s motives, finding that his use of FOIA was aimed at advancing wide-ranging and repeatedly rejected allegations of fraud. Following an Extended Civil Restraint Order issued against him in related litigation, the Tribunal held that the requests no longer pursued any legitimate interest under data protection law. Even if such an interest could be shown, it found that FOIA was not the appropriate route:
“Use of FOIA as a procedural weapon in parallel litigation… seems to us to amount to an abuse of the process or something very close to that” (para 59).
This decision provides important guidance on the application of FOIA to sensitive regulatory licensing data. It confirms that NCND responses may be necessary to protect both privacy and the functioning of vital public regimes, particularly where confidentiality is essential to policy delivery.
Richard Hanstock represented HM Treasury/OFSI. He is a barrister with specialist expertise in information law, data protection, financial sanctions and cyber security.
