Managing your responsibilities in the ever-changing world of “Sanctions”.

Sanctions against companies and individuals are constantly changing and the pace of change over the last 12 months has been unprecedented.

A major reason is Russia’s invasion of Ukraine, which led to the UK, US, EU and other countries imposing sanctions against certain entities and individuals in Russia. These lists continue to be updated and, as of March 2023, 1,550 Russian individuals and 180 entities were subject to UK sanctions.

This places an increased workload on financial services companies operating in the UK, who must screen customers and third parties against various sanctions lists on an ongoing basis. A sanctions breach could be costly, resulting in financial fines, reputational damages and up to seven years of jail for individual executives.

Fred McDowell, Associate Director in the financial crime team at fscom, recently led a webinar on the sanctions risks and how firms should respond. This blog summarises his advice for firms.

What are sanctions?

Economic sanctions are a coercive measure or action resulting from a failure to comply with a law or rule, or a threatened penalty for disobeying a law. Their aims include stopping an unlawful action, often by coercing a regime or individuals to change their behaviour, and signalling disapproval.

There are three main types of sanctions:

• Targeted asset freezes, which aim to restrict a sanctioned target’s access to funds and economic resources.
• Restrictions on a wide range of financial markets and services.
• Direction to cease all business. This could apply to a sector as a whole, or a group of entities and individuals.

What sanctions should UK firms monitor?

Sanctions are often imposed by the United Nations and then implemented by member states. Countries also impose their own sanctions in addition to those raised by the UK/OFAC etc.

In the UK, the Sanctions and Anti-Money Laundering Act of 2018 empowers the Office for Financial Sanctions Implementation (OFSI) to enforce sanction breaches. Regulated firms should ensure their sanction screening systems have the mandatory listings uploaded and very often will support that with additional sanction listings which are recognised worldwide and reflect jurisdictions where they do business.

How should firms assess and detect sanction risk?

Firms are expected to screen their clients and third parties against sanctions lists. The screening process should alert the compliance team of an apparent match to a client or third party. Firms must then establish whether this is simply a “name match”, or a “target match” whose information matches that information on the OFSI listing. Indicators of a target match include the company’s address, its formation date, and its directors.

Firms should consider five areas to guide and improve their sanctions risk monitoring:

• Ownership: Understanding clients’ and third parties’ control and ownership structures is important. It may be that a third party is not on a list, but is owned to a significant degree by another company who is sanctioned.
• Document: It is imperative to record the steps taken when reviewing if a client or third party is sanctioned. The regulator will expect to see evidence of the steps followed to consider an apparent risk of a sanctions breach.
• Check the reliability of sanctions screening systems: Firms occasionally outsource sanctions screening to external providers. Firms should check, at least annually that fuzzy logic calibration is set at the correct levels.
• Risk-based: The frequency of sanctions screening should be adapted according to the level of risk that each firm’s operations model presents, this will reflect such consideration as industry sectors supported and jurisdictions dealt with.
• Consult: Individuals involved in sanctions screening and decision-making should seek advice from their Money Laundering Reporting Officer, an external expert, or OFSI when appropriate.

What should firms do in case of a sanctions breach?

Sanctions alerts should be addressed instantly. Firms should follow five steps:

• Understand the sanction and its requirements by reading about it on the OFSI website. If a payment to a firm isn’t related to an area for which an entity is sanctioned, there may not be a breach. A firm could also have a license for activity which would otherwise breach financial sanctions, such as delivering humanitarian aid – although these can be revoked at any time.
• Inform OFSI that a client appears to be a target match as soon as possible using the form on the government website, and list the sanctioned entity’s identifier which can be found on the sanctions listing.
• Provide OFSI with the information and knowledge upon which the firm has based your suspicion, and the information it holds on the client to identify them. Firms should disclose the nature and amount of their funds or economic resources that they hold.
• Consider other reporting obligations under, for example, the Proceeds of Crime Act. It may be applicable to consider raising Suspicious Activity Report to the National Crime Agency.
• If a sanctions target has been placed on OFSI’s frozen assets list and a firm holds resources for them, the company should not deal with those funds or make them available to the client but freeze them and report their existence to the regulator.

Meanwhile, sanctions continue to change rapidly. On 27 March, the UK government introduced new sanctions targeting those who supply the Myanmar regime with military equipment to bomb civilians. The following day, the UK and US imposed sanctions on individuals linked to trade which funds the Syrian regime.

Contact fscom today to discuss how to improve your sanctions monitoring.