Managing your responsibilities in the ever-changing world of “Sanctions”.

Share this post

Sanctions against companies and individuals are constantly changing and the pace of change over the last 12 months has been unprecedented.

A major reason is Russia’s invasion of Ukraine, which led to the UK, US, EU and other countries imposing sanctions against certain entities and individuals in Russia. These lists continue to be updated and, as of March 2023, 1,550 Russian individuals and 180 entities were subject to UK sanctions.

This places an increased workload on financial services companies operating in the UK, who must screen customers and third parties against various sanctions lists on an ongoing basis. A sanctions breach could be costly, resulting in financial fines, reputational damages and up to seven years of jail for individual executives.

Fred McDowell, Associate Director in the financial crime team at fscom, recently led a webinar on the sanctions risks and how firms should respond. This blog summarises his advice for firms.


What are sanctions?

Economic sanctions are a coercive measure or action resulting from a failure to comply with a law or rule, or a threatened penalty for disobeying a law. Their aims include stopping an unlawful action, often by coercing a regime or individuals to change their behaviour, and signalling disapproval.

There are three main types of sanctions:

  • Targeted asset freezes, which aim to restrict a sanctioned target’s access to funds and economic resources.
  • Restrictions on a wide range of financial markets and services.
  • Direction to cease all business. This could apply to a sector as a whole, or a group of entities and individuals.


What sanctions should UK firms monitor?

Sanctions are often imposed by the United Nations and then implemented by member states. Countries also impose their own sanctions in addition to those raised by the UK/OFAC etc.

In the UK, the Sanctions and Anti-Money Laundering Act of 2018 empowers the Office for Financial Sanctions Implementation (OFSI) to enforce sanction breaches. Regulated firms should ensure their sanction screening systems have the mandatory listings uploaded and very often will support that with additional sanction listings which are recognised worldwide and reflect jurisdictions where they do business.


How should firms assess and detect sanction risk?

Firms are expected to screen their clients and third parties against sanctions lists. The screening process should alert the compliance team of an apparent match to a client or third party. Firms must then establish whether this is simply a “name match”, or a “target match” whose information matches that information on the OFSI listing. Indicators of a target match include the company’s address, its formation date, and its directors.

Firms should consider five areas to guide and improve their sanctions risk monitoring:

  • Ownership: Understanding clients’ and third parties’ control and ownership structures is important. It may be that a third party is not on a list, but is owned to a significant degree by another company who is sanctioned.
  • Document: It is imperative to record the steps taken when reviewing if a client or third party is sanctioned. The regulator will expect to see evidence of the steps followed to consider an apparent risk of a sanctions breach.
  • Check the reliability of sanctions screening systems: Firms occasionally outsource sanctions screening to external providers. Firms should check, at least annually that fuzzy logic calibration is set at the correct levels.
  • Risk-based: The frequency of sanctions screening should be adapted according to the level of risk that each firm’s operations model presents, this will reflect such consideration as industry sectors supported and jurisdictions dealt with.
  • Consult: Individuals involved in sanctions screening and decision-making should seek advice from their Money Laundering Reporting Officer, an external expert, or OFSI when appropriate.


What should firms do in case of a sanctions breach?

Sanctions alerts should be addressed instantly. Firms should follow five steps:

  • Understand the sanction and its requirements by reading about it on the OFSI website. If a payment to a firm isn’t related to an area for which an entity is sanctioned, there may not be a breach. A firm could also have a license for activity which would otherwise breach financial sanctions, such as delivering humanitarian aid – although these can be revoked at any time.
  • Inform OFSI that a client appears to be a target match as soon as possible using the form on the government website, and list the sanctioned entity’s identifier which can be found on the sanctions listing.
  • Provide OFSI with the information and knowledge upon which the firm has based your suspicion, and the information it holds on the client to identify them. Firms should disclose the nature and amount of their funds or economic resources that they hold.
  • Consider other reporting obligations under, for example, the Proceeds of Crime Act. It may be applicable to consider raising Suspicious Activity Report to the National Crime Agency.
  • If a sanctions target has been placed on OFSI’s frozen assets list and a firm holds resources for them, the company should not deal with those funds or make them available to the client but freeze them and report their existence to the regulator.


Meanwhile, sanctions continue to change rapidly. On 27 March, the UK government introduced new sanctions targeting those who supply the Myanmar regime with military equipment to bomb civilians. The following day, the UK and US imposed sanctions on individuals linked to trade which funds the Syrian regime.

Contact fscom today to discuss how to improve your sanctions monitoring: Get in touch.

Article by fscom

More To Explore


Merchant Community Membership

Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.


Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?