A Week of Sanctions: how should firms respond?

Share this post

It has been a fast-moving week for the world and the main pillar of the international response in relation to the Ukraine Russian crisis has been the imposition of strict sanctions against Russian and Russian-linked businesses and individuals by jurisdictions around the world. The UK Government has been particularly active in this respect. All of this means that financial services companies must, as a priority, screen customers and third parties to ensure their sanctions compliance is up to date.


What are sanctions?

Let’s start with the UK’s Sanctions List. It is the source which prescribes which people, entities and ships are designated or specified under regulations made under the Sanctions and Anti-Money Laundering Act 2018 – and why. It is updated regularly and maintained on the government’s website.

In the UK, HM Treasury implements and enforces financial sanctions through the Office of Financial Sanctions Implementation (OFSI). OFSI maintains two lists of those subject to financial sanctions:

  • The Consolidated List of Asset Freeze Targets. This lists all asset freeze targets listed under UK autonomous financial sanctions legislations and UN sanctions; and
  • The list of persons named in relation to financial and investment restrictions, which is a separate list of those subject to specific capital market restrictions.


There are different sanctions regimes at different levels of government. The United Nations (UN) puts in place sanctions that its member states are required to implement into their own country lists. The US sanctions regime has also been changed dramatically in response to the Russian government’s invasion of Ukraine. The US administers its sanctions programmes through the Office of Foreign Assets Control (OFAC).


Why are shifting sanctions a challenge for financial firms?

Regulators expect companies to screen their clients and third parties against sanctions lists, and firms face punishments if they are found to be in breach. But there are two challenges to firms’ efforts to comply with sanctions requirements:

  1. The frequency of changes
    Sanctions listings are under constant review with new names of individuals and entities being uploaded regularly – just look at the changes in the last week alone. So, when sanctions screening is being undertaken, it must be done against the backdrop of the most up-to-date listing. If you are using the UK’s list from just one week ago, it’s already out of date!
  2. The need for Beneficial Ownership and KYC information
    If a person or entity is designated to be sanctioned, their name will be recorded on the Consolidated List. An asset freeze and some financial services restrictions will apply to entities that are owned or controlled, directly or indirectly, by a designated person. Those entities may not be designated in their own right, so their names may not appear on the Consolidated List. Yet those entities are similarly subject to financial sanctions. This emphasises the importance of holding up-to-date and accurate beneficial ownership records along with appropriately detailed Know-Your-Customer information, in order that this particular risk can be evaluated.


What should companies do to avoid a sanctions breach?

If your screening uncovers an individual or entity matching all the information on the Consolidated List, you should immediately notify OFSI. Your next steps depend on the specific sanctions that have been applied.

While sanctions regimes and obligations are complicated and vary between situations, we have identified eight steps which should help companies to address and mitigate the risks:

  • Ensure sanctions listings used for screening are up-to-date. There is always a possibility that an entity, individual or bank may have been added to a sanctions listing in the last few days.
  • Consider using several sources to screen for sanctioned parties – not just one list – for maximum coverage and more effective screening.
  • Understand transactions thoroughly, which will help you to identify and screen potential touchpoints that typically involve sanctioned entities.
  • Sign up to the mailing lists of government departments who issue regular e-alerts with updates like new sanctions announcements. For example, OFSI notifies its subscribers by email whenever a new notice is published – you can sign up here.
  • Ensure you understand the specifics and impacts of any given sanction which appears to be in place against a party in your screening, performing detailed analysis on its provisions if necessary.
  • Be extra vigilant about the risk of persons or entities impacted by sanctions trying to circumvent the restriction by routing payments through other parent or subsidiary entities.
  • Increase your sanctions monitoring during times of high alert, like we are experiencing now. While some firms would normally screen for sanctions on a weekly basis, these checks should be executed daily.
  • If you do come across suspicious activity, don’t forget your ongoing reporting obligations to the UK’s Financial Intelligence Unit, the National Crime Agency. This should be the case even at moments when the sanctions landscape is shifting rapidly.


Even when a normalisation of global relations returns, companies should not relax their focus on the risk of sanctions as this typically leads to many entities and individuals being removed from sanctions lists. If you would like more information on sanctions and would like to speak with me or one of the financial crime team, please get in touch.

Article by fscom

More To Explore


Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.


Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?