Sanctions are normally used by the international community for one or more of the following reasons:

• To encourage a change in the behaviour of a target country or regime
• To apply pressure on a target country or regime to comply with set objectives
• As an enforcement tool when international peace and security has been threatened and diplomatic efforts have failed
• To prevent and suppress the financing of terrorists and terrorist acts
• Financial sanctions are normally one element of a package of measures used to achieve one or more of the above
• Financial sanctions measures can vary from the comprehensive - prohibiting the transfer of funds to a sanctioned country, freezing the assets of a government, corporate entities and or residents of the target country, regime, group or target

‍

Sanctions can be imposed by a number of bodies or other relevant countries, for example

• HM Treasury
• Office Foreign Assets Control
• United Nations Security Council
• European Union

Control risks

Common deficiencies that can allow for failures in your sanctions controls:

• Risk Assessments do not adequately cover the risk of sanctions
• Customer identification and due diligence is not thorough or robust
• Ongoing monitoring does not identify high-risk clients
• Transaction monitoring does not consider the rules or scenarios
• Employee training is not relevant or up to date
• OFAC / sanctions screening lists are not updated, manual or use of the correct

‍

Sanctions Screening

Screening your customers for sanctions is a mandatory requirement for UK regulated entities across all sectors and is a critical step to know your customer (KYC).

Given the urgency and speed with which sanctions were implemented against Russia by the UK Government, the FCA and the Office of Financial Sanctions Implementation (OFSI) initially agreed to show some forbearance as firms reacted to the UK’s new sanctions environment.

The FCA has recently written a letter to the Treasury Select Committee inquiry on “Russia: Effective Economic Sanctions”, that this period of forbearance is now over.

The FCA’s sanctions supervision and enforcement program

The FCA has started a program for sanctions control assessments; this includes:

• On-site reviews
• Deployment of a new assessment tool for selected firms
• Communicating instructions to firms to screen an extensive list of entities, this enables the FCA to test the effectiveness of firms’ sanction screening
• Introducing targeted sanction assessments - the tool allows the FCA to review a much greater number of firms compared to what could be covered by supervision visits
• Increasing the use of data analytics as part of supervision

In the event of a sanction breach

A breach of financial sanctions by a firm generally leads to enforcement action by OFSI.

The breach may also trigger separate action by the FCA for a material weakness in a firm’s financial crime systems and controls.

The FCA:

1. Expects to be informed by firms if they have submitted a breach OFSI. This is in accordance with their legal obligations, regarding: suspected sanctions breaches, the identification of designated persons with which firms are dealing or that firms have identified they are holding assets subject to an asset freeze.
2. Expects firms to consider their Principle 11 obligations as well. This would also dictate the action that is required (i.e. to inform the FCA of matters of which it would reasonably expect notice).
3. Wants to encourage whistle-blowers to report sanctions breaches and sanctions control weaknesses directly to the FCA’s whistleblowing team.

Better information sharing between regulators

The FCA and OFSI are committed to sharing information between them. They will do this either via formal information exchange mechanisms and/or via secondments of financial crime experts from the FCA to OFSI.

Firms should expect that the FCA may issue information requests to understand details of potential sanctions breaches and on some occasions be prepared for the potential parallel investigations by the FCA and OFSI.

Key priority for firms going forward

The FCA identified potential weaknesses in firms’ onboarding and ongoing screening processes, as well as the effectiveness of real time payment screening. In addition, complying with sectoral sanctions was identified as an area which can pose real challenges for firms.

You should consider the following:

• Manual sanctions screening may not be fit for purpose: The FCA reported that during 2019-2020, over 25% of firms responding to its Financial Crime Data Return reported using a manual sanctions screening process. It is not prohibited to operate a manual process, however, the FCA has warned firms to consider whether this remains appropriate given the current Russia-related sanctions regime.
• Automated screening processes must have sufficient oversight: Even when using automated screening processes, it is important for firms to understand how the screening tools work and to check that the automated tool has been properly calibrated and subject to effective oversight and governance. Unexpectedly low hits must be investigated.
• Ensure you have a good understanding of your firm's sanction screening process: As a Financial institution you are on the front line of sanctions compliance. If sanction breaches are identified by customers, you must be prepared for questions by regulators and law enforcement agencies around the systems and controls in place that should have prohibited the transaction to take place.