This article was originally published in Thomson Reuters Regulatory Intelligence and can be accessed here.
Kartik Mittal, Partner
Stephanie Limaco, Foreign Lawyer
UK sanctions regime emerges post-Brexit
Since the start of this year, European Union (EU) sanctions no longer apply in the UK. Instead, the UK’s new sanctions regime is based entirely on its foreign policy. The new UK sanctions regime may ultimately lead to divergence: even when the UK’s foreign policy is similar to the EU, or indeed the US, its sanctions’ regulations will not automatically follow the same course.
Accordingly, compliance officers in banks and other financial services regulated by the Financial Conduct Authority (FCA) need to consider the UK sanctions regime in addition to those of the US and EU in their compliance reviews. This is necessary to prevent breaches which could lead to fines, restrictions, potential criminal liability, and reputational damage. This will undoubtedly increase compliance costs.
The relevant legislation relating to sanctions was established before Brexit, primarily under the Sanctions and Anti-Money Laundering Act 2018 (“the Sanctions Act”). Further sanctions powers exist under the Export Control Order 2008 (“ECO 2008”), the Counter Terrorism Act 2008 (“CTA 2008”) and the Anti-Terrorism, Crime and Security Act 2001 (“ATCSA 2001”). UK sanctions have been implemented through approximately 40 Statutory Instruments, which are related either to a particular issue (thematic) or to a particular country or region (geographic).
The government has already signalled its readiness to implement sanctions autonomously, which makes it more likely that the FCA and the Office of Financial Sanctions Implementation (OFSI) will tighten its grip on compliance. Guidance for financial sanctions under the Sanctions Act was published last December here by OFSI. This outlines obligations under financial sanctions as well as OFSI’s approach to licensing and compliance issues.
Who is obliged to comply with UK sanctions?
UK sanctions are enforceable against all persons within the UK, and all UK persons abroad - people and entities carrying out activities in the UK, or in UK territorial waters, must comply with the UK sanctions regime, irrespective of their nationality or where they are incorporated. Furthermore, UK nationals or entities (incorporated or constituted under the law of any part of the UK) must comply with UK Sanctions irrespective of where they conduct their activities. Therefore, Banks and other financial institutions who are within, or undertake activities within, the UK’s territory must comply with them. So do financial institutions established under UK law, including their branches, irrespective of where their activities take place.
Authorities that implement and monitor UK sanctions
UK sanctions are implemented and monitored by different authorities, depending on the type of sanctions involved. Perhaps most relevant to the financial sector, OFSI supervises the compliance of financial sanctions and evaluates any suspected breaches, as well as issues licences.
OFSI also provides extensive guidance and alerts to help with compliance responsibilities. But sometimes, these are not observed. On January 2020, OFSI fined Standard Chartered Bank £20.5 million for alleged breaches of the “Russia/Ukraine Sanctions” - the largest sanctions penalty since OFSI was established in 2016.
The Department for International Trade (DIT) implements trade sanctions and related licences. Transport sanctions are implemented and enforced by the Department of Transport, while the Home Office deals with immigration sanctions.
How the regime applies to financial services and steps to take
A cornerstone of the new sanctions regime is the list of those entities and individuals who are subject to them. The government publishes the names of sanctioned persons or organisations here. The OFSI also maintains two lists of persons subject to financial sanctions here.
But a sanctions list is only as good as its implementation. Banks and other financial services therefore need to ensure that their systems and processes are updated to include the UK Sanctions List for sanctions screening. They must regularly screen new and existing clients against these lists. They must also undertake AML and KYC due diligence checks so they know exactly who they are dealing with - directly and indirectly - looking at an organisation’s ownership and control.
It is worth to note that some sanctions may apply to entities that do not appear in the published sanctions lists. This could be because such entities are owned or controlled, directly or indirectly, by a designated person, or because they fit in a prescribed description (designations by description are now allowed). The OFSI Guidance mentioned above provides advice on which entities are owned or controlled indirectly by another person. These provisions in the sanctions regulations are likely to cause difficulties to the sanctions screening programs.
The FCA’s Financial Crime Guide includes as examples of good practices: considering what mixture of manual and automated screening is most appropriate, screening customers’ directors and known beneficial owners on a risk-sensitive basis, and quality control checks over manual screening.[1]
If a relevant firm has a reasonable suspicion or knowledge of a breach of financial sanctions, that a person is a designated person or that it holds frozen assets, and this suspicion or knowledge is received in the course of its business, this must be reported to OFSI. The definition of “relevant firm” appears in the “information and records” part of the statutory instrument for each sanctions regime (sanctions regimes are available at: https://www.gov.uk/government/collections/uk-sanctions-regimes-under-the-sanctions-act). An example of relevant firm included in the sanctions regulations is a person who has permission under Part 4A of the Financial Services and Markets Act 2000 to carry on a regulated activity (such as banks, building societies, insurers, investment firms, companies that provide financial services, etc).
Finally, financial institutions could apply for a licence if they want to carry out a specific transaction that otherwise would be prohibited (for instance, to comply with an obligation concluded before the designated person was sanctioned). It is now also possible to issue general licences, which will permit multiple parties to carry out specified activities without needing a specific licence.
Conclusion
Banks and financial services companies doing business in the UK, and incorporated under the laws of any part of the UK, should ensure that they are complying with the new UK sanctions regime. They should also be aware of its differences from the EU and US sanctions regimes and adapt their policies and procedures to incorporate the UK sanctions system in their compliance reviews, due diligence, and KYC checks.
[1] “Financial Crime Guide: A firm’s guide to countering financial crime risks”, available at: https://www.handbook.fca.org.uk/handbook/FCG.pdf
