Skip to main content

Clifford Chance

Clifford Chance
All
Regulatory Investigations and Financial Crime Insights<br />

Regulatory Investigations and Financial Crime Insights

An uptick in UK sanctions enforcement

On 29 August 2024, the Office of Financial Sanctions Implementation (OFSI) imposed a £15,000 penalty on Integral Concierge Services (ICSL) for contravening UK sanctions against Russia. A month later, on 27 September 2024, the Financial Conduct Authority (FCA) fined a UK retail bank approximately £29 million for failings in its financial crime systems and controls.

Meanwhile, on 11 October 2024, it was reported that OFSI is investigating 37 UK linked businesses for potentially breaching Russian oil sanctions.

These developments come at a time when the UK has just launched the Office of Trade Sanctions Implementation (OTSI), a new body with new civil enforcement powers in relation to certain UK trade sanctions.

These developments demonstrate that sanctions compliance is at the forefront of regulatory risk in the UK and the enforcement notices provide valuable lessons in relation to sanctions compliance expectations.

1. The OFSI Penalty

OFSI imposed a £15,000 civil monetary penalty on ICSL, a UK-registered property management and concierge company.

One of ICSL's clients was designated under the Russia (Sanctions) (EU Exit) Regulations 2019, yet ICSL continued to provide property management services and facilitated 26 payments on behalf of the Designated Person in relation to a residential property in the UK.

ICSL admitted that it had not understood it was prohibited to do this, and it did not believe it was necessary to seek guidance about the sanctions regime, despite the fact that its knowledge of sanctions was, by its own admission, extremely limited and it had a large number of Russian clients.

ICSL also had not disclosed that the Designated Person was its client during a client due diligence review by its banking provider.

OFSI found that some of the payments it was investigating were permitted by a General Licence but because no reporting had been undertaken as required, and this was considered an aggravating factor in the overall assessment of the case.

The cumulative value of the payments processed in breach was £15,487.30, which indicates that the penalty imposed by OFSI was close to 100% of the value of the breaches with no discount for voluntary disclosure (the investigation was not initiated by any voluntary disclosure by ICSL, albeit ICSL co-operated with OFSI and disclosed additional transactions to OFSI after it was first contacted).

2. The FCA's Penalty

The FCA imposed a £28,959,426 penalty on a UK challenger bank for, essentially, failing to ensure its sanctions compliance programme was commensurate with the exponential growth in the size of its business. The bank's customer base grew quickly from approx. 43,000 customers in 2017 to approx. 3.6 million in 2023. In 2021, the FCA identified concerns with the bank's anti-money laundering and financial sanctions framework as part of a review of challenger banks.

The bank voluntarily accepted a requirement from the FCA in September 2021 (the VREQ) not to open any new accounts for high or higher risk customers while it improved its anti-money laundering control framework. However, the bank subsequently contravened the VREQ by onboarding 49,183 high or higher risk customer, and later identified that its automated sanctions screening system had, since 2017, only been screening customers against a fraction of the full list of those subject to UK financial sanctions.

A subsequent internal review identified systemic issues in its financial sanctions framework which were reported to the DCA and which let to the penalty imposed by the FCA.

In assessing the amount of the penalty, the FCA considered an aggravating factor was that it had written to the bank in February 2022 alongside thousands of other regulated firms, to remind it of the importance of having robust systems and controls in place to ensure compliance with financial sanctions.

The FCA considered the following mitigating factors:

  1.  the bank had established programmes to remediate its breaches and to enhance its wider financial crime control framework, which included putting in place enhanced monitoring and compliance controls.
  2.  the bank had fully co-operated with the investigation, including admitting to failings and proactively presenting breaches to the FCA.

As the bank settled at Stage 1, it qualified for a 30% discount under Chapter 6 of DEPP.

3. Key Takeaways

These two cases were brought by different authorities, under different regimes. Yet both demonstrate the increasing focus on sanctions enforcement risk and the multiple areas of risk, highlighting the need for effective compliance frameworks, strong governance, and a proactive risk management culture.

Both enforcement actions underscore a fundamental requirement for a strong compliance culture within regulated entities. In its decision, OFSI highlighted ICSL's failure to establish adequate screening processes. Similarly, the FCA criticised systemic weaknesses in the bank's financial controls framework. The authorities in both decisions expressed concern that the subject firms failed not only in implementation but also in fostering an environment where compliance is prioritised and routinely monitored.

The decisions highlight therefore that systems and control failings are particularly acute risks, particular but not exclusively for regulated entities, and underscore the importance of having robust processes to address sanctions risks. In particular, firms serving higher risk customers should fully educate themselves on the risks and seek professional advice on their sanctions obligations.

  • Share on Twitter
  • Share on LinkedIn
  • Share via email
Back to top

Toolkits & Client Log-in