FOI Standard and Procedure

1. Purpose & Objective

This procedure sets out the British Business Bank Group’s (BBB) approach to managing Freedom of Information (FOI) requests. For the purpose of this procedure, the term BBB refers to British Business Bank plc and its subsidiaries.

The key objectives of this procedure are to:

  • Advise colleagues what is expected of them.
  • Help ensure colleagues comply with the legal and regulatory obligations under the Freedom of Information Act 2000 (FOIA).
  • Establish a consistent approach to managing FOI requests within BBB.

2. Scope

This procedure applies to all teams and functions of BBB and all individuals operating under the control of BBB, including employees, directors, interns, contractors, secondees, agents and board members.

It also applies to all recorded information held by BBB, regardless to where the information is located, its age, or format, e.g., printed documents, information held on computers, letters, emails, handwritten documents, photographs, images and sound or video recordings.

3. Freedom of Information Act

The FOIA applies to all public bodies in England, Wales, and Northern Ireland (similar provisions apply in Scotland under the Freedom of Information (Scotland) Act 2002). As BBB is wholly owned by HM Government, it is subject to the FOIA.

The FOIA provides public access to recorded information in two ways:

  • Proactively publishing information (transparency) via its Publication Scheme; and
  • Responding to FOIA requests

4. Publishing Information (Publication Scheme)

Section 19 of the FOIA requires public authorities to be transparent and to publish information in accordance with the Information Commissioner’s model publication scheme.
The Bank’s publication scheme is on the BBB Transparency webpage at Transparency – British Business Bank ( and individual Business Units are responsible for ensuring the relevant information is published where appropriate.

5. Making an FOI Request

Any person or company (an applicant) from anywhere in the world may ask to see any information held by public authorities and it must be disclosed unless an exemption applies. If a 3rd party holds information on behalf of a public authority, that information is regarded as held by the authority and subject to FOIA.

6. Identifying an FOI Request

Valid FOI Requests

A valid FOI request must be:

  • In writing (email, letter or social media)
  • Give a real name and the return email/postal address
  • Clear and meaningful

If a request does not have the above, the Bank can ask the requester for clarification before accepting and progressing the request further.

Business as Usual

For practical purposes, if a request can be answered as a business-as-usual enquiry (in full and quickly), then there is no need to treat it as a formal FOIA request, for example a question about a particular scheme, social media tweets, etc.

However, if a request explicitly refers to FOI or any of the following factors apply, it must be treated as an FOI:

  • information is held by more than one Business Unit
  • if you cannot provide the requested information straight away
  • the requester makes it clear they expect a response under the Act
  • some (or all) of the requested information may be refused to the applicant

More guidance on identifying an FOI request is available on the ICO’s website.

7. Vexatious or Repeated FOI Requests

We are under no obligation to comply with a request which is vexatious or repeated.

A vexatious request is a request intended to be annoying or disruptive or which has a disproportionate impact on a public authority. Examples of a patently obvious vexatious request might be where threats have been made against employees, or racist language used.

The FOI Officer is responsible for identifying cases where a request may be vexatious.

For further information on vexatious requests, please consult ICO’s guidance or speak to the FOI Officer.

8. Time Limits and Clarification

Our obligation under the Act is to respond to requests promptly and not later than 20 working days from receipt of the request; counting the first working day after the request is received as the first day.

The exceptions to the 20 working days include:

  • If the FOI Officer has asked the applicant for further information (clarification), the request is not yet valid and the 20 working days deadline only starts when sufficient clarification has been received.
  • If the FOI Officer has agreed to the public interest test extension that provides the Bank a further maximum 20 working days to consider the public interest when using a qualified exemption; this is expected to be rare.

9. Internal Reviews

If an applicant is dissatisfied with the handling of their FOI Request, they can request an internal review within 2 months of receiving our response to their FOI request. This may happen when an applicant:

  • believes we hold more information than we have disclosed
  • is still waiting for a response and is unhappy with the delay
  • disagrees with the use of an exemption

It is best practice, wherever possible, for the internal review to be undertaken by someone other than the person who took the original decision to re-evaluate their handling of the request and pay particular attention to concerns raised by the applicant (e.g., how the request was handled, what searches were made, information checked, colleagues involved, reasons for the decisions and response).

Internal reviews are expected to be completed within 20 working days, but the maximum time is 40 working days for more complex cases; delays must be communicated to applicants.

An internal review can have the following outcomes:

  • Where the original decision is reversed the applicant must be told and the information provided to them.
  • Where the original response is upheld, and the internal review decides against release, the applicant must be made aware of their further rights of appeal to the ICO. You must also ensure that full contact details for the ICO are provided to the applicant.
  • Where the original response is revised, both approaches discussed above should be applied to the appropriate sections of the request.
  • If the internal review upholds the original decision (as at the date of the request, the information was exempt from disclosure), you may wish to release further information if circumstances have changed and your original concerns about disclosure no longer apply. You are not obliged to do this, but it may resolve matters for the applicant and reduce the likelihood of them making a complaint to the ICO if you do.

10. Complaints to the ICO

The ICO has a duty to investigate complaints made by members of the public who believe that an authority has failed to respond correctly to an information request. Complaints made to the ICO should be dealt with in the same way as an internal review and in each case in accordance with any specific instructions/deadlines agreed with the ICO on a case by case basis.

11. Record Keeping

The FOI Officer retains the records on behalf of the Bank, which includes the FOI Register, the request, associated templates, and final response. These records will be kept for 3 years, from the end of the financial year the request was closed. In the case of the FOI Register, the details will either be deleted or anonymised.

Do you have a Freedom of Information Act (FOIA) request?

View our archive of previously answered Freedom of Information Act enquiries or use our contact us form to submit your own.