Overview

Financial sanctions are imposed by the UK and other national governments. Requirements may result in asset freeze or block, to prevent asset movement by a sanctioned person, a sanctioned body/entity, or a body/entity which may not itself be named on a sanctions list, but which if it is owned or controlled by a sanctioned person, would nevertheless be subject to the same asset freeze or blocking measures.

Depending on the law/regulation implementing a particular blocking measure, it may be possible to progress with a transaction or arrangement, subject to licensing (or approval to proceed). In general terms, Financial Sanctions relate to:

• Action initiated via United Nations Security Council Resolutions (‘UNSCR’), the European Union or from UK sanctions initiatives (e.g., linked to concerns about human rights abuses or other violations of international norms of behaviour, or to minimise the risk of terrorism within the UK).
• Individuals, entities and governments, who may be resident in the UK or abroad.
• Restrictions might also be imposed to prohibit providing or performing financial services to (or for the benefit of) designated individuals or governments.

United Kingdom

The UK uses sanctions to support UK foreign policy and national security objectives, as well as maintaining international peace and security, and preventing terrorism:

• The UK left the EU on 31 January 2020 – A Withdrawal Agreement between the EU and the UK involved a ‘transition period’ which ended on 31 December 2020. During transition the UK adopted EU sanctions, with UN and EU sanctions being implemented in the UK through EU law.
• At 11pm on 31 December 2020 the UK implemented a range of UK sanctions regimes through regulations made under the Sanctions and Anti-Money Laundering Act 2018 (‘SAMLA’), which provides the legal basis for the UK to impose, update and lift sanctions.
• Financial sanctions which relate to a specific country or terrorist group are known as ‘regimes’. See the UK Gov website for specific regulations and designated persons for each regime imposed in the UK.
• SAMLA does not contain powers to impose sanctions. It enables Ministers to create sanctions regimes via secondary legislation (regulations). The sanctions regimes allow Ministers to impose sanctions on designated persons.

United Nations

Sanctions issued by the United Nations Security Council (‘UNSC’) take different forms.

• Comprehensive economic and trade sanctions, or targeted at arms embargoes, travel bans, and financial or commodity restrictions.
• Sanctions support peaceful transitions, deter non-constitutional change, constrain terrorism, protect human rights or promote non-proliferation (e.g., in relation arms, nuclear and/or chemical weapons).
• For more information, see: UNSC Sanctions.

European Union

Restrictive measures or Sanctions issued by the European Union are determined under the EU's Common Foreign and Security Policy (‘CFSP’).

• For more information on how and when the EU adopts restrictive measures, see EU Sanctions.
• A person or entity designated under EU Sanctions Regulations may not necessarily be designated under UK legislation.

United States of America

When transacting in U.S. Dollar, or if a UK business has a U.S. nexus, consideration must be afforded to economic sanctions administered by the U.S. Office of Foreign Assets Control (‘OFAC’); which administers and enforces economic sanctions programs - primarily against countries and groups of individuals, such as terrorists and narcotics traffickers, but these can also apply to certain aircraft and vessels – with an extra-territorial impact, such as:

• U.S. persons must comply with OFAC regulations, including all U.S. citizens and permanent resident aliens regardless of where they are located, all persons and entities within the United States, all U.S. incorporated entities and their foreign branches.
• For certain OFAC programs, foreign subsidiaries owned or controlled by U.S. companies must also comply.
• Certain OFAC programs also apply to foreign persons in possession of U.S.-origin goods.

For more information on OFAC, click: ’here’.

Overview

Financial sanctions apply to all transactions, without de minimis financial limit:

• UK nationals and UK legal entities established under UK law, including any of their branches, must comply with UK financial sanctions that are in force, irrespective of where their activity takes place.
• UK financial sanctions apply within the UK and to all UK persons, wherever they are in the world.
• All individuals and legal entities who are within or undertake activity within UK territory must comply with UK financial sanctions that are in force.

Extra territorial consideration

• E.U. financial sanctions apply within the E.U. and to all E.U. persons, wherever they are in the world.
• E.U. nationals and legal entities established under EU law must comply with EU financial sanctions that are in force, irrespective of where their activity takes place.
• U.S. persons must comply with OFAC regulations, including all U.S. citizens and permanent resident aliens regardless of where they are located, all persons and entities within the United States, all U.S. incorporated entities and their foreign branches.
• When operating in the U.K., non-E.U. or non-U.S. entities/businesses should consider establishing recusal policies to require any of their E.U. or U.S. directors (where applicable), to exclude themselves from engaging in any activities that might implicate E.U. or U.S. sanctions and wall them off from discussions, meetings or other dealings related to such activities.

The Office of Financial Sanctions Implementation

The Office of Financial Sanctions Implementation (‘OFSI’) is the lead authority with responsibility for ensuring UK financial sanctions are properly understood, implemented and enforced.

OFSI maintains two lists of those subject to financial sanctions:

• The Consolidated List of Asset Freeze Targets (the Consolidated List), which lists all asset freeze targets listed under UK autonomous financial sanctions legislation and UN sanctions; and
• The list of persons named in relation to financial and investment restrictions, which is a separate list of entities subject to specific capital market restrictions.

The Consolidated List consists of the names of people, businesses, organisations and financial institutions which are specifically subject to restrictions under UK law. Other business or organisation names may not be included on the consolidated list, but they also could be subject to financial sanctions restrictions. For example, where they are:

• More than 50% owned by a person or organisation on the Consolidated List
• Controlled by a person or organisation on the Consolidated List

OFSI’s list of persons subject to specific financial and investment restrictions (i.e., via the Capital Markets) is not included in the consolidated List. These are linked to, for example, restrictions on dealing with transferable securities or money-market instruments, or the granting or entering-into arrangements to grant loans or credit.

The Office of Trade Sanctions Implementation

The Office of Trade Sanctions Implementation (‘OFSI’) is responsible for strengthening the United Kingdom’s implementation and enforcement of trade sanctions.

OTSI supports businesses with compliance, including by issuing licences, but also to take action where businesses are breaching sanctions or seeking to circumvent them.

Depending on jurisdictions in (or through which) a company transacts or does business, multiple country list sources might need to be considered, where each respective country might maintain its own local list(s).

United Kingdom

OFSI publishes lists on U.K. financial sanctions relating to specific countries or terrorist groups (i.e., known as ‘regimes’). Regulations and Designated Person lists for each regime are accessible via the UK Government website – Click: ’Financial sanctions targets by regime’

OFSI also provides:

• A web-based search function to aid identify UK financial sanctions targets - Click ’here’
• Downloadable lists of asset freeze targets (in various formats) - Click ’here’.
• A list of persons named in relation to financial and investment restrictions – Click ’here’

United Nations Security Council Consolidated List

As a member of the United Nations Security Council, the U.K. is obliged to implement measures for each listed name (as specified by the U.N. Sanctions Committee).

• UN Consolidated List – Click ’here’

European Commission

• Consolidated List of persons, groups and entities subject to EU financial sanctions – Click ’here’
• Consolidated List of persons subject, under EU sanctions, to travel restrictions – Click ’here’
• The EU sanctions map provides a visual overview of sanctions adopted by the Council, with links to the respective country lists – Click ’here’.

U.S. OFAC (examples)

• Specially Designated Nationals (‘SDN’) and Blocked Persons List – Click ’here’.
• Consolidated Sanctions List (Non-SDN) - Click ’here’
• Sanctions Programs and Country Information – Click ’here’.
• Other lists, including the Sectoral Sanctions Identifications (‘SSI’) List, imposed on specified persons operating in sectors of the Russian economy (e.g. Ukraine-/Russia-related Sanctions) – Click ’here’

Note: The SSI list is not part of the SDN list, although individuals and/or companies on the SSI list may also appear on the SDN list.

Other country (examples)

• Hong Kong Monetary Authority. See: HKMA.
• Monetary Authority of Singapore. See: MAS.
• State Secretariat for Economic Affairs, Switzerland (SECO). See: MAS.
• Other…

Introduction

The U.K. sanctions regime requires absolute compliance. A person who breaches an obligation under a relevant Statutory Instrument or Act of Parliament will be guilty of a criminal offence unless a defence is available, relevant to circumstances of the breach. A person guilty of an offence is liable on conviction to imprisonment and/or a fine.

Firms should consider carrying out an assessment, to understand which parts of their business might carry a greater likelihood of breaching financial sanctions and embargoes. Such assessment may, inter-alia, include:

• Assessment of the firm’s view of its business profile in specific business areas.
• Information on periodic CDD, transaction screening and other risk-based checks.
• Controls in place to prevent, prohibit and detect attempts to circumvent sanctions.

Where a firm believes it holds funds or assets for a sanctioned party, this must be reported to OFSI as soon as practicable.

In limited circumstances, OFSI may issue a licence to allow arrangements or transactions to proceed and protect third parties who are not sanctions targets – for example, the payment of staff salaries, for humanitarian purposes, or to allow the assets of a Designated Person to be appropriately safeguarded and managed.

OFSI licences do not cover activities in other jurisdictions, nor trade imports or exports subject to trade sanctions. If the firm, or the activity it is seeking to have licensed, is subject to more than one sanctions regime (because of overseas ownership, for example) the firm may need to apply to the overseas authorities for a separate licence from them.

UK Financial Sanctions Guidance

Guidance published, includes:

• Office of Financial Sanctions Implementation - Financial sanctions: guidance, FAQs and information on monetary penalties. Click: ’here’
• Overview of UK sanctions. Click: ’here’
• Financial sanctions targets by regime – Details of U.K. financial sanctions imposed by country, administration, or terrorist group. Click: ’here’
• Trade sanctions, arms embargoes, and other trade restrictions – Details of arms embargoes, trade control restrictions, defence export policies and restrictions on terrorist organisations. Click: ’here’
• The Office of Trade Sanctions Implementation (OTSI) - Responsible for supporting businesses with trade sanctions compliance; Click: ’here’
• Current list of designated persons, terrorism and terrorist financing – Provides a list of those who are currently subject to financial sanctions for believed involvement in terrorist activity; and information regarding relevant legislation. Click: ’here’

Regulatory / FCA Guidance

The FCA’s role is to ensure the firms it regulates have appropriate systems and controls to comply with the U.K. sanctions regime. Its guidance includes - Financial Crime Thematic Reviews (‘FCTR’); Chapter 8 (Financial services firms’ approach to UK financial sanctions) – Click ’here’. In particular:

• Senior management responsibility - FCTR 8.3.1G
• Risk assessment - FCTR 8.3.2G
• Policies and procedures - FCTR 8.3.3G
• Staff training and awareness - FCTR 8.3.4G

FCA regulated firms are also expected to notify the regulator about sanctions evasion issues, where they relate to firms on the Financial Services Register, the FCA’s other registers, or to companies with UK listed securities – Click ‘here’ .

Industry guidance

Guidance published by the Joint Money Laundering Steering Group (‘JMLSG’) recognises that international and UK legislative frameworks for financial sanctions do not prescribe the processes which firms have to adopt to achieve compliance with their legal obligations.

Chapter 5 in Part I of JMLSG Guidance describes the U.K regime facing persons and entities subject to financial sanctions [Sec. 5.3.54 to 5.3.62].

Chapter 4 in Part III of JMLSG guidance, provides an indication of controls and processes firms might adopt, to enable them to comply with sanctions obligations in an effective and proportionate manner. The guidance:

• Does not prescribe how a firm must comply with the financial Sanctions regime, as much will depend on the nature of a firm’s customer base and business profile; and
• Is intended to assist firms in designing their own processes.

JMLSG Guidance makes clear:

• ”Firms should keep a written record of their screening policy and be able to justify the timescales and frequency of screening, resolution of screening matches and regulatory reporting if required.” [Sec. 4.68]
• ”Firms should review, and update their processes periodically, so that they remain appropriate for their needs and ensure that any internal guidance is updated to reflect major changes to the sanctions regime, such as the addition of a new jurisdiction or regime. [Sec. 4.69]
• ”The sanctions prohibitions also apply to both indirect payments to and payments for the benefit of sanctions targets. Where practicable, screening should cover any other related parties, for example beneficial owners (including trustees, or company directors), that are identified by the firm in question as requiring verification under its risk-based approach to customer due diligence. A firm's judgement in these matters will need to be consistent with its approach for AML purposes, and whether or not full identity details are collected. [Sec. 4.83]
• ”Whether firms screen using automated systems or manually, an audit trail should be maintained for a period of no less than five years. This should record all relevant information to a likely match, how it was resolved and the rationale applied. Firms should ensure that their processes are kept under review, and remain up to date, and appropriate for the needs of the institution. [Sec. 4.94]
• ”Holding an account for a sanctioned party or rejecting or processing a transaction (whether or not in breach of financial sanctions prohibitions) which involves a sanctioned party, is not in itself grounds for filing a SAR under either POCA or the Terrorism Act. [Sec. 4.112]
• ”There is no formal legal requirement to report a true match other than to OFSI. [Sec. 4.114]
• ”Both the FCA and the PRA have indicated that they regard breaches (not true matches) of financial sanctions to be a matter that would be appropriate for firms to report to the FCA via their usual points of contact…. [Sec. 4.115]

To access JMLSG Guidance – Click ’here’.

Guidance is not a prescriptive rule or procedure. A key principle of the UK regulatory regime is the ability, generally, to implement a ‘risk-based approach’ to systems and controls, when mitigating money laundering and terrorist financing risk. But, it is important to note any transaction completed in breach of a sanction could lead to proceedings being taken against the transgressing firm and the person(s) (i.e. a firm and/or its employees) involved.

OFSI can impose a financial penalty on a person if it is satisfied, on the balance of probabilities, that a person breached a financial sanction and that they knew or had reasonable cause to suspect that they were committing a breach. Where a legal entity breaches a financial sanction, a monetary penalty can also be imposed on an officer of the entity if the officer consented or connived with the breach, or the breach was attributable to negligence of the officer.

OTSI has powers to investigate and enforce breaches related to trade sanctions measures, as well as to, enforce certain trade sanctions under the Trade, Aircraft and Shipping Sanctions (Civil Enforcement) Regulations 2024.

From a systems and controls perspective, the FCA might consider whether a transgressing firm followed OFSI guidance, relevant provisions of JMLSG Guidance and/or other recognised guidance.

Risk of Prosecution and/or Enforcement

If a person, body or organisation is identified on the consolidated list, it means their assets may be frozen or subject to specific restrictions. Instances arise where OFSI will consider issuing a general or specific licence, which would allow a specific transaction (or transaction type) to proceed. However, save where such license is in place:

• Failing to comply with a financial sanction can lead to a criminal offence unless you have an appropriate licence or authorisation to provide the transaction, services, or goods to (or for the benefit of) the sanctioned party.
• Penalties for breaching UK financial sanctions are set out in Statutory Instruments where, upon conviction, a person guilty of an offence may be liable to imprisonment and/or a fine.
• In addition, the Office of Financial Sanctions Implementation (‘OFSI’) and/or the relevant regulator (e.g., FCA, HMRC, etc.) may also take enforcement action, depending on the nature of breach involved.

OFSI Action

OFSI’s options for responding to a potential breach of financial sanctions include:

• Issue a warning.
• Refer regulated professionals or bodies to their relevant professional body or regulator in order to improve their compliance with financial sanctions.
• Impose a monetary penalty.
• Refer the case to law enforcement agencies for criminal investigation and potential prosecution.

OFSI’s guidance indicates it may undertake several of these actions in any particular case.

OFSI publishes details of action it has taken as part of financial sanctions enforcement, including the size of financial penalties imposed – Click ’here’ for more information. Examples include:

• 2019 - R. Raphael & Sons plc trading as Raphaels Bank (Raphaels Bank) fined £5,000 for dealing with funds belonging to a Designated Person, the transaction value involved was £200. For more details – Click ’here’.
• 2021 - Standard Chartered Bank fined £20.5m for financial sanctions breaches. For more details – Click ’here’.

OTSI Action

OTSI has the power to investigate suspected breaches and take enforcement action in relation to trade sanctions, linked to:

• Providing or procuring sanctioned services.
• Moving, making available, or acquiring sanctioned goods outside the UK.
• Transferring, making available or acquiring sanctioned technology outside the UK.
• Providing ancillary services to the movement, making available or acquisition of sanctioned goods outside the UK.
• Providing ancillary services to the transfer, making available or acquisition of sanctioned technology outside the UK.

UK Regulatory Action

The FCA is not responsible for enforcing asset freezes or sanctions, but expects firms to maintain adequate and effective systems and controls to mitigate the risk of financial crime, which includes meeting financial sanctions obligations:

• Arrangements may differ from those in place for anti-money laundering purposes (e.g., screening funds-flow against lists of designated persons, entities, etc.).
• A firm’s compliance requires consideration of whom payments are made to, whether the funds involved are linked to (or for the benefit of) sanctioned persons, etc.
• Amongst examples of poor practice identified by the FCA (in FCTR 8.3) is: ”No senior management involvement or understanding regarding the firm’s obligations under the UK financial sanctions regime, or its systems and controls to comply with it.”
• Previous FCA enforcement has included fines for breaching the Money Laundering Regulations, including by failing to have adequate systems and controls in place to prevent breaches of UK financial sanctions (e.g. failing to adequately screen customers, and payments made and received, against the sanctions list).

Note: Examples of FCA Enforcement are outlined on our ‘Enforcement’ page.

Extra-territoriality risk

It is also worth considering non-UK risk where action taken under another country’s legal or regulatory requirements could have a bearing. One of the more notable cases is the large fine linked to sanctions placed on BNP Paribas in June 2014. For background see BNP Paribas’ and its $8.9 Billion penalty for illegally processing financial transactions for countries subject to U.S. Economic Sanctions’.

The Financial Sanctions risk profile of your business is influenced by how and where your business operates, the type of service(s) you provide and who you do business with (e.g. suppliers, customers and other parties). However, if your firm/business is covered by The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, Regulation 18 requires you to carry out a written risk assessment to identify and assess the risk of money laundering and terrorist financing that your firm faces.

Our FAQ on ”What are the main AML risks facing my business” identifies some risk factors to cover in an anti-money laundering (‘AML’) risk assessment. They include:

• your customers (e.g. what they do/sell, who they do business with, how they are owned/controlled, etc.)
• the countries or geographic areas where your firm operates (e.g. has a physical presence or does business remotely, such as, via agents/intermediaries, on-line, or other country exposure)
• your products and services (e.g. advisory or transactional, where applicable)

The Regulations require consideration of, inter-alia, geographical risk factors, including countries’ subject to sanctions, embargos or similar measures issued by, for example, the European Union or the United Nations.

In addition to UK, EU and UN financial sanctions, which apply to individuals (i.e., natural persons), corporate, unincorporated and other bodies, a firm may also have to consider the potential for risk associated with entities subject to capital market restrictions, or Sectoral Sanctions issued under U.S. law (i.e. imposed on specified persons operating in sectors of the Russian economy under Ukraine-/Russia-related Sanctions issued by OFAC).

As noted in an earlier FAQ ’Where can I obtain copies of the relevant lists?’ lists are available of people, companies and other entities, subject to sanction, some of which are regime/country specific. However, which lists are relevant to your business is something to assess, possibly as part of an enterprise-wide AML and sanctions risk-assessment; taking account of where your main suppliers, customers and other business counterparties are located, operate from or where you transact through.

Commercial option

Commercial service providers incorporate aggregated / multiple source-list data into a single data file, which could be incorporated into your in-house risk assessment tool, or accessed via a web-based GUI, or other means. The following might be of interest if this is your preferred way forward (NB: These are provided as examples only and not a SYSC326 endorsement or recommendation of their functionality above other providers in the market):

• Dow Jones R&C – A provider of research tools and outsourced services for on-boarding, vetting and investigation to help companies comply with anti-money laundering, anti-bribery, corruption and economic sanctions regulation in mitigating third party risk.
• Refinitiv - Screening Resolution Service – Described as a service which highlights positive and possible matches for any customer identification program, detecting heightened risk individuals and entities, screened against World-Check Risk Intelligence.
• Comply Advantage – Described as a provider of comprehensive sanctions data, monitored in real-time.

Regulatory consideration

UK regulated firms/businesses must, as a minimum take account of the following:

• Reg. 33(1)(b) of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 requires you to apply enhanced due diligence (‘EDD’) measures, in any business relationship with a person established in a high-risk third country or in relation to any relevant transaction where either of the parties to the transaction is established in a high-risk third country; (i.e., a country included in ’Schedule 3ZA’ of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.

Dual-use items are goods, software, technology, documents and diagrams which can be used for both civil and military applications. They can range from raw materials to components and complete systems, such as aluminium alloys, bearings, or lasers. They could also be items used in the production or development of military goods, such as machine tools, chemical manufacturing equipment and computers. Dual-use goods are subject to legislative control.

The UK’s Department for International Trade and The Export Control Joint Unit issued ’Guidance’ on arms embargoes, trade control restrictions, defence export policies and restrictions on terrorist organisations. Guides are also available with details of EU or Organization for Security and Co-operation in Europe (‘OSCE’) embargoes and stricter trade controls for particular countries.

In overview:

• Arms embargo - A prohibition or sanction against the export of weaponry and dual-use items - goods which have both a civil and military use.
• Licensing requirements and restrictions for trade apply to the export of controlled military goods, software and technology. For further information see Export controls: military goods, software and technology .
• Licensing procedure and other restrictions apply to the export of controlled dual-use items, software and technology, goods for torture and radioactive sources. For further information see Export controls: dual-use items, software and technology, goods for torture and radioactive sources.

Financial sanction framework arrangements should include:

• Governance - Senior management risk-appetite, risk ownership and accountability (e.g. by Board member or other individual with authority, expertise and resource), with supporting activity endorsed by the Board or equivalent senior management body:
• An informed awareness – Document an assessment of whether (or how) your business is exposed to the risk of facilitating supply, movement, negotiation and/or funds flow linked to persons who are targets of U.K. financial sanctions, an SDN (or owned/controlled by an SDN), or transactions linked to sectoral sanctions (SSI), or an embargoed activity (e.g. involving dual use goods).
• Group or firm-wide Policy - With due consideration of legal and regulatory risk in the operating environment, including the countries in and through which business is done (e.g. the UK, EU or other territories including, where applicable, if transacting via the U.S. or using U.S. Dollars, taking account of U.S. sanctions enforced by OFAC)
• Risk-based control environment - Design and implement a suitable control framework, reflecting assessed risk and appropriately resourced to promote compliance with policy and supporting procedure(s)
• Transaction screening process - Designed to stop for review and assessment of alerts generated on the monitoring of transaction flows, where alerts may be linked to a financial sanction, embargo or capital market/investment restriction, etc.
• Asset freeze / Transaction blocking process - Relevant to name matches on transactions (e.g., where the name of an individual or entity you are dealing with matches one or more entries on the Consolidated List)
• OFSI liaison process - For seeking guidance on transactions or arrangements of concern, when submitting sanctions reports or license applications. Also relevant to dealing with other bodies conducting a similar-role to that of OFSI, when located in another jurisdiction.
• List maintenance process – To ensure timely sourcing and implementation of the OFSI Consolidated list and other relevant lists (e.g., E.U., U.S. OFAC, etc.), including updates and amendments to such lists.
• Training and awareness - Develop appropriate training content and ensure coverage of key risk in the operating environment. Content should, as a minimum cover:
1. Key legal requirements, regulatory expectations and penalties for non-compliance.
2. Internal policy, procedure and supporting guidance.
3. Risk-based training of appropriate employees (i.e. generic for all staff, with additional focused content for staff in higher-risk roles’).
4. Internal reporting/escalation process linked to financial sanctions and embargoes, with key contact information for appropriate guidance.
• Compliance monitoring - Controls testing and assurance must be included, to provide assurance or insight for senior management on compliance with policy and procedure
• Reporting - An internal mechanism accessible to all staff, so as to be able to report any concern identified to an appropriate person (e.g. a senior manager or a designated point of contact, possibly the Nominated Officer or Money laundering Reporting Officer – where applicable).