European Sustainability Reporting Standards (ESRS) / ESG regulation / The Sarbanes-Oxley Act

Keeping Up With Sanctions Compliance – The UK’s Evolving Approach

Bernadine Reese, Managing Director Risk and Compliance – London

A few weeks ago, Protiviti hosted a breakfast briefing in London, focusing on the topic of the rapidly evolving financial sanctions regime in the UK. David McLean, Joint Deputy Head of the Office of Financial Sanctions Implementation (OFSI) and Head of Enforcement and Engagement, discussed the overall framework and recent developments. Tasnoova Zaki, a manager with Protiviti’s Risk and Compliance practice in the UK, outlined how organizations could be impacted by deferred prosecution agreements (DPAs), a new supervisory tool; and I discussed some of the challenges I’m seeing at firms seeking to bring themselves into alignment with sanctions requirements. Below is a brief synopsis of our discussion.

The UK currently imposes financial sanctions on over 2,000 individuals and entities across 26 financial sanctions regimes, said Mr. McLean. In 2017, £1.4 billion in sanctions breaches were reported to OFSI, up from just £117 million in the year before.

The UK has significantly stepped up its enforcement focus around sanctions breaches over the past two years – first with the founding of OFSI, and more recently with new financial penalties. Since April 2017 – when the Policing and Crime Act came into force – an organization could be fined up to £1 million or 50 percent of the breach, whichever is higher. A sanctions breach also constitutes a criminal offence, so individuals could go to prison for up to seven years.

Organizations also can get into hot water for a failure to report a breach. Reporting a breach is a duty under EU law, a fact that many do not realize, Mr. McLean said. For financial services firms and other organizations that fall under EU anti-money laundering (AML) regulations, failure to report can also result in criminal prosecution. Mr. McLean added that organizations which disclose a breach could potentially benefit from a voluntary disclosure discount for any resulting penalty.

Ms. Zaki then addressed the audience, saying that UK firms that are in violation of sanctions regulations can now also find themselves subject to a DPA, which can often lead to a monitorship. This follows the Policing and Crime Act of 2017, which includes a sanctions violation as one of the criminal offences for which a DPA can now be entered. While DPAs have been used in the U.S. for decades, the UK’s first DPA was between Standard Bank PLC and the Serious Fraud Office (SFO) in November 2015, for bribery offences. The agreement requires the bank to be subject to an independent review of its anti-bribery and corruption controls, policies and procedures by an independent third party. Organizations found to be in significant breach of sanctions requirements could find themselves subject to similar enforcement proceedings, said Ms. Zaki.

Communicating About Sanctions

Mr. McLean said much of OFSI’s activity focuses on helping firms understand how to comply with sanctions rules. For example, OFSI is in the process of drafting and publishing guidance to help organizations in specific sectors better appreciate their financial sanctions obligations. The agency published a document aimed at charities in October 2017, and further guidance for import/export companies and the legal sector will be published over the coming months. Other guidance documents for specific industries will follow.

Mr. McLean encouraged organizations to take a bespoke approach based on risk exposure when considering how to comply with financial sanctions rules. Companies should focus on three key areas:

  • Consider the company’s exposure – Who are the clients? To where is the company exporting? What currencies are being used?
  • Make reasonable enquiries – Is the enhanced due diligence appropriate to the customer base? Are vendors and other third parties being reviewed?
  • Stay updated with regimes and compliance policies – “There is a lot going on in sanctions,” says McLean. Organizations need to be sure their processes, controls and sanctions lists are up-to-date.

Facing Implementation Issues

Many firms continue to struggle with sanctions compliance. The challenges of sanctions compliance are far reaching – there is increasing complexity, and the pace of change as well as the number of new sanctions are accelerating. Organizations across industries and sizes face many of the same challenges. Key issues include:

  • A combination of highly automated and manual sanctions processing – The sanctions screening process is both highly automated, with sophisticated modeling, and also requires significant manual input to evaluate alerts. Both manual and automated processes bring risks.
  • Poor understanding of processes and controls – UK sanctions legislation asks firms not to engage in prohibited behaviour but does not specify risk mitigating controls or processes that firms should be using. Quite often, firms are left with trying to detect and prevent a handful of transactions out of millions.
  • Difficulty keeping up with the criminals – Those who are seeking to avoid sanctions are becoming increasingly sophisticated in structuring their activities.

Finally, the culture around sanctions compliance within firms isn’t always as strong as it could be due to a lack of training, awareness and understanding of responsibilities. Having the right culture to bring together an organization’s approach to sanctions compliance is very important. For regulated financial services firms, the new Senior Managers and Certification Regime puts additional emphasis on the importance of culture when complying with regulatory frameworks such as the UK’s sanctions regime.

Brexit and Sanctions Compliance

According to Mr. McLean, OFSI expects to continue its current direction of travel post-Brexit. He explained that the UK is in the process of finalizing the Sanctions and Anti-Money Laundering Bill, which will create the powers for the UK to make its own sanctions policies, so that these are in place when the country leaves the EU.

Created in 2016, OFSI is the first entity of its kind in Europe. “We have always seen the UK as a leader in financial sanctions and sanctions generally, and it’s always been an area where we have had something to offer Europe,” Mr. McLean said in closing. “We want to continue that international leadership position going forward. It’s a developing area of international policy that we want to be at the forefront of.”

Add comment