In a fast-changing environment, it can be challenging for financial institutions to figure out how to comply with sanctions and manage the risk of breaches. Regarding the new UK sanction regime relating to Russia, firms should immediately be re-screening customers to check whether any of their existing customers or entities they deal with are now captured in the scope of the new restrictions.
What are sanctions?
Sanctions are measures that the UK and international community put in place to fulfill a range of purposes. These include complying with UN and other international obligations, supporting foreign policy and national security objectives, as well as maintaining international peace and security, and preventing terrorism.
Who is in scope?
It is essential to understand the financial sanctions restrictions in force in the UK apply to all UK registered companies and UK nationals, wherever they are in the world. UK financial sanctions also apply to all persons within the territory and territorial sea of the UK. So, all individuals and entities (e.g., companies and non-government organizations 'NGOs’), not just financial institutions or FinTechs, must make sure they comply with the sanctions legislation.
All those in scope must not make funds or economic resources available directly or indirectly to any person or entity designated under the UK financial sanctions regime. In addition, anyone in scope who knows, or suspects that they are in possession of or control of, or are otherwise dealing with the funds or economic resources of a designated person, must not deal with them and inform the Office of Financial Sanctions Implementation (‘OFSI’), unless there is an exemption in the legislation that can be relied upon, or a licence from OFSI has been obtained. FCA-regulated firms should also notify the FCA as was specified in their latest statement on the subject.
How can firms manage sanctions?
For financial institutions, the implication is mainly twofold. From a client’s perspective, this means that a firm must have systems and controls in place to screen their clients at the time of account set-up and before any service is provided. From a transaction perspective, they must be able to screen transactions against sanctioned entities before executing them.
Financial institutions must have clients and transactions screening tools that enable them to detect potential sanction matches and manage their risks. This would include the ability to block transactions and/or freeze funds. Best practice would dictate that tools should enable firms to screen separate elements forming a transaction, including (but not limited to) payer identity, beneficiary identity, bank institution (e.g. BIC), statement narrative (e.g. client statement reference).
Firms should also regularly screen their existing clients against sanctions, the frequency of which will depend on their specific exposure. Therefore, firms must have a clear view of where breaches are most likely to occur within their business. For many firms, this could mean daily screening or relying on real-time screening solutions.
In respect of firms servicing financial institutions who have clients of their own, OFSI has made it very clear that firms cannot rely on checks made by their financial institution clients regarding sanctions. Firms must themselves ensure that they undertake their own due diligence and systems and controls checks to ensure they comply with financial sanctions restrictions.
Additional points to consider
For those using third-party solutions, ensuring providers’ data quality is a critical measure that firms must implement. Regular and ad-hoc checks must be performed to ensure that the databases being used are sufficient and up to date and the tool used is fit for purpose. Key elements firms should understand are whether fuzzy logic is adaptable, how fast databases are updated, and whether business continuity issues are considered (i.e. what happens if the screening solution fails?).
Lastly, firms should ensure that staff receive ongoing training regarding applicable sanctions legislation and the firm’s procedures. It is essential, in light of fast-changing sanctions requirements, that individuals dealing with potential sanctions matches are well equipped to discount “false positives” and can detect those matches that must be further escalated internally or externally. This should mean that escalation of actual target matches and potential breaches of UK sanctions is appropriate, and notifications are timely.
Any breaches which give rise to concerns about sanctions evasion or money laundering should also lead firms to consider their obligations to report suspicious activity to the National Crime Agency (NCA) under the Proceeds of Crime Act 2002.
At Cosegic, we are experienced in assisting firms (including those from the EEA) with their ongoing compliance obligations regarding financial crime, including but not limited to sanctions. If your firm needs support, please do get in contact; we would be happy to help.
Related resourcesAll resources
Payment Services Regulatory Compliance Forum 2023
Are you carrying out your new Consumer Duty obligations correctly?
Payments Newsletter - November 2023
A guide to effective fraud management – for Payment and E-money Firms