First published on Thomson Reuters Regulatory Intelligence on 24th June 2022.
Whilst historically there have been relatively low levels of sanctions enforcement in the UK, in light of recent developments, in the coming months we expect to see more scrutiny in this area and increased enforcement activity in relation to sanctions breaches. This article looks at some of the key recent updates for regulated firms in relation to sanctions enforcement and sets out some practical steps that firms can take now to reduce enforcement risk.
Key updates
Office of Financial Sanctions Implementation (OFSI)
OFSI is the organisation with primary responsibility for financial sanctions implementation and enforcement and it is a criminal offence not to comply with sanctions without an appropriate licence or authorisation from OFSI. This month, as a result of the Economic Crime (Transparency and Enforcement) Act 2022, changes have come into force with regards to OFSI’s enforcement powers and, in light of these, OFSI has updated its Monetary Penalty guidance1. An important change is that, for sanctions breaches occurring after 15 June 2022, when considering civil liability and the imposition of a monetary penalty, OFSI no longer has to prove that a person had knowledge or reasonable cause to suspect that they were in breach of financial sanctions; it can impose civil monetary penalties on a strict civil liability basis, bringing this aspect of the UK sanctions regime more in line with the US.
In terms of other developments, OFSI has also: (i) gained the power to publicise details of financial sanctions breaches committed after 15 June 2022 where a monetary penalty has not been imposed by it; and (ii) introduced flexibility in the review process for monetary penalties.
OFSI has said that it will not necessarily impose a monetary penalty in every case where it establishes a breach of financial sanctions (indicating that actual knowledge or reasonable cause to suspect may still be a factor that is weighed in certain cases), and that the updated Monetary Penalty guidance does not represent a change to OFSI’s overall enforcement approach.
National Crime Agency (NCA)
In terms of other agencies which also play a role in relation to sanctions and related enforcement, OFSI reports the most serious sanctions breach cases to the NCA for investigation. A new ‘Kleptocracy’ Cell based in the NCA was announced in February and was implemented immediately to investigate sanctions evasion2. The Cell’s primary focus is on seeking criminal justice outcomes, but it has said that it will also use civil tools to freeze and recover suspected criminal finances and so, as a consequence, financial services firms should be prepared for this type of activity. These civil tools include Account Freezing Orders, Account Forfeiture Orders, Unexplained Wealth Orders and wider civil recovery powers3.
Given this focus on asset tracing and recovery, we anticipate that regulated firms may become involved in investigations relating to the new Russia sanctions earlier than we would normally see, with potential exposure for firms if they have not frozen funds of designated persons or restricted trading activity as they should have done pursuant to applicable prohibitions and/ or issues come to light suggesting their systems and controls relating to complying with financial sanctions obligations are (or were) not sufficient (whether or not an actual breach of sanctions has occurred).
These developments mirror what we are currently seeing in other jurisdictions. For example, in March the US announced the launch of Task Force KleptoCapture, an interagency law enforcement task force dedicated to enforcing the sweeping sanctions and economic countermeasures that the US has imposed in response to events in Ukraine. The mission of the Task Force includes using civil and criminal asset forfeiture authorities to seize assets belonging to sanctioned individuals or assets identified as the proceeds of unlawful conduct.
Financial Conduct Authority (FCA)
As the anti-money laundering and counter-terrorist financing supervisor for regulated firms in the UK, the FCA also plays a key role in relation to the evolving sanctions landscape. In response to the recent Russian sanctions, the FCA has made it clear that it expects regulated firms to include as part of their systems and controls to mitigate the risk of financial crime controls that enable firms to meet their financial sanctions obligations and it has reminded firms that, where it identifies failings in financial crime systems and controls, it can impose restrictions and/ or take enforcement action4. The FCA also expects authorised firms to notify it if they are subject to sanctions, directly or indirectly 5.
In May, the FCA published a new webpage on reporting in this area6; it wants to hear about sanctions evasion or weaknesses in sanctions controls where they relate to companies with UK listed securities or to any firm or person listed on the FCA’s Financial Services Register or other registers, such as the Mutuals Register or the Investment firms register. There are a number of ways to report this information to the FCA such as through its whistleblowing team, making a formal report under the notification provisions in the FCA Handbook or by filling out its online reporting form.
The FCA has said7 that it is working closely with partners in government and law enforcement both in the UK and abroad to share intelligence and act to prevent sanctions evasion and that it remains ready to act in the event of sanctions breaches.
Practical steps to reduce enforcement risk
In terms of the actions regulated firms can take now to reduce enforcement risk in relation to sanctions, OFSI, the FCA and the Bank of England released in March a joint statement on sanctions and the cryptoasset sector8. Whilst the key focus of this statement is crypoassets, some of the steps set out in relation to reducing the risk of sanctions evasion are of general relevance to regulated firms. The statement emphasises that controls developed to identify customers and monitor transactions under the Money Laundering Regulations 2017 can help with compliance, but that firms will also need to implement additional sanctions specific controls as appropriate.
Particular areas of focus for firms with a view to reducing their enforcement risk include:
(i) updating risk assessments to account for changes in the nature and type of sanctions measures, which now cover a broad range of activity;
(ii) ensuring that customer onboarding and due diligence processes identify customers who make use of corporate vehicles to obscure ownership or source of funds;
(iii) ensuring that effective re-screening is in place to identify activity that may indicate sanctions breaches, including customers and counterparties who are closely connected to or are potentially owned and/or controlled by designated persons; and
(iv) identifying activity that is not in line with the customer profile or is otherwise suspicious, and ensuring that these are reported quickly to the nominated officer.
In this context, firms should reflect on the extent to which they would be able to evidence the steps they are taking in relation to the above if necessary, including through the internal governance process such as by tracking and recording the basis for decisions and in meeting agendas and minutes.
It is worth noting that, from an FCA enforcement risk perspective, regulated firms should be thinking not only about systems and controls issues, but also their disclosure obligations under the UK Market Abuse Regulation where relevant9 given the significant impact that Russia’s invasion of Ukraine is having on financial markets. This includes continuing to assess carefully what information constitutes inside information, recognising that both the invasion and responses to it by governments globally may alter the nature of information that is material to a business’ assets, operations and prospects. In May, the FCA released Market Watch 6910 which contains some observations for firms on market abuse surveillance and which acts as a reminder to firms that, for effective surveillance, firms need to review and update their systems as necessary to ensure that they remain effective.