A looser test criteria and potentially more naming and shaming: The OFSI updates its enforcement guidance

Share this post

The Office of Financial Services Implementation (OFSI) has published an updated version of its enforcement and monetary penalty guidance which comes into force today, 15th June 2022. These updates are following measures taken by the UK government in the Economic Crime bill (the Economic Crime (Transparency and Enforcement) Act 2022 enacted as part of the United Kingdom’s response to Russia’s invasion of Ukraine) and may potentially mean more monetary penalties and more naming of those who have breached the rules. This article covers details of the changes and what they might possibly mean for firms or individuals that breach financial sanctions.

Changes to make it easier to impose penalties

The new changes grant The OFSI the power to impose strict civil monetary penalties for breaches of financial sanctions, occurring from 15th June 2022. What this basically means is, that in cases of a breach, the requirement for The OFSI to prove that a person had knowledge or reasonable cause to suspect that they were in breach of financial sanctions, will be removed. It is now easier for The OFSI to impose monetary penalties, as it only has to prove that a person has breached a prohibition, or failed to comply with an obligation, imposed by or under financial sanctions, as opposed to knowingly breaking it/them. It is worth noting however, that this amendment applies only to consideration of civil liability and that there is no equivalent change for criminal cases. The OFSI, in its assessment of whether a criminal offence has been committed under sanctions regulations, must continue to demonstrate that a person had knowledge or reasonable cause to suspect that they were in breach.

In line with previous guidance, The OFSI will continue to assess how severe the overall breach is, as well as the conduct of the persons involved. The new factor to take into account is that any type of breach could bring firms within scope of enforcement action, since the amendment allows The OFSI to disregard expected knowledge of the person committing the breach. However, The OFSI continues to emphasise the importance of self-disclosure as a potential mitigating factor and stated that it will continue to take into account efforts to prevent sanctions breaches when deciding on any enforcement action.

The publication of breaches

In addition to changes around monetary penalties, The OFSI now has the ability to publish details of financial sanctions breaches committed after 15th June 2022, where a monetary penalty has not been imposed. Previously, they were only able to do so where a monetary penalty had been imposed. Such OFSI publications will include:

  • the person, company or entity the penalty has been imposed upon;
  • the summary facts of the case, including breach type; sanctions regime; the regulation broken; and whether there was voluntary disclosure;
  • the aggregated GBP value of the transactions which are in breach of the regulations (where this can be identified);
  • Compliance lessons The OFSI wishes to highlight in this case, to help others avoid committing a similar breach; and
  • other information required to give a true understanding of the case and OFSI’s consideration of it.

This new OFSI power greatly increases the reputational risk for firms found to have breached sanctions with further potential implications vis a vis regulators, partner, banks, clients and other third parties.

Changes to the review of monetary penalties

In addition to the changes detailed above, the reviews of monetary penalties requested after 15th June 2022 can now be conducted by an individual other than a government minister. The OFSI believes this will allow HM Treasury to manage the resourcing implications of this work more effectively.

This change does not in any way change firms’ ability to subsequently appeal The OFSI’s monetary penalties before the courts.

Takeaway for firms

The clear takeaway for firms is that the issue of suspicion and knowledge will no longer be relevant in avoiding a monetary penalty or publication of details of breaches. Since the test is less stringent in order for civil penalties to be imposed, it is now, more than ever, essential that firms assess how best to comply with the financial sanctions legislation within the context of their business activities and profile, and ensure that appropriate efforts are made to understand the areas of their business that carry a greater likelihood of involvement with sanctions targets.

Article by Compliancy Services

More To Explore


Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.


Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?