ARTICLE
21 May 2025

Financial Regulation - In The Know: Financial Crime - May 2025

AG
Addleshaw Goddard

Contributor

Addleshaw Goddard logo

Addleshaw Goddard is an international law firm, almost 250 years in the making. We're trusted by over 5000 organisations, including 50 FTSE 100 companies, to solve problems, deliver deals, defend rights, comply with regulations and mitigate risk. Our work spans more than 50 areas of business law for clients across multiple industries in over 100 countries worldwide. And while the challenges our clients bring us may vary, we approach and solve them with the same, single-minded focus: finding the smartest way to achieve the biggest impact.

Explore Firm Details
In this edition we highlight the recently published Office of Financial Sanctions Implementation (OFSI) Threat Assessment Reports and the valuable sector-specific...
Worldwide Finance and Banking
David Pygott,Harriet Territt, and Gilly Bradbury

In this edition we highlight the recently published Office of Financial Sanctions Implementation (OFSI) Threat Assessment Reports and the valuable sector-specific insights they provide for regulated businesses. We look at the financial crime aspects of the FCA's newly launched 5-year strategy for 2025-2030 and a recent FCA speech on its approach to combating market abuse. We also consider the Court of Appeal's judgment in Markou v FCA and the UK Government's revised Modern Slavery Guidance, released to mark the ten-year anniversary of the Modern Slavery Act 2015 (MSA).

1627384a.jpg

OFSI publishes its first three sector-specific Threat Assessment Reports

The reports are designed to support regulated businesses with their sanction evasion or circumvention risk assessments, and help them to develop proportionate, risk-based mitigation frameworks. The key judgments and recommendations across all three threat assessments are tailored to the specific risks and compliance needs of each sector. For instance, the financial services sector faces several unique challenges in terms of financial sanctions compliance. This includes the complexity of some financial transactions, involving multiple layers and entities, making it difficult to trace and identify designated persons (DPs). In addition, the sheer volume of transactions processed daily increases the risk of overlooking potential breaches and complicates monitoring efforts.

Importantly, the assessments also contain key insights on specific breach and enforcement risks that regulated businesses face in the UK. The single biggest threat across all sectors (property, financial services, and legal services) is the efforts Russian DPs are taking to circumvent sanctions, compounded by complex ownership structures, underreporting and professional and non-professional enablers assisting evasion efforts.

Click here to read more about the key themes in the threat assessments, particularly with respect to the FS sector, and mitigating strategies

OFSI signalled some time ago that it was considering how to provide more sector specific guidance to assist the UK regulated sector with sanctions compliance, given the more onerous obligations and enhanced risk profile for certain types of regulated business. The Financial Services Threat Assessment Report was the first of the three to be published - on 13 February 2025. The Legal Services Threat Assessment Report followed on 3 April 2025 and, finally, the Property and Related Services Threat Assessment was published on 10 April 2025. All three reports stress the importance of due diligence and reporting requirements and highlight the role of enablers in helping DPs circumvent sanctions. All emphasise the need for enhanced compliance measures and greater awareness within their respective sectors. While none of the Threat Assessments mandate particular action by firms within a covered sector, failure to comply with recommendations or to identify an increased risk from a particular type of transaction which is covered, is likely to be a factor in OFSI's enforcement decision making process.

Focusing on the Financial Services Threat Assessment, the key points are:

  • OFSI has identified delays and failures around identifying and reporting suspected breaches by UK financial services firms, including bank and non-bank payment service providers (NBPSPs).
  • Most of these can be put down to:
    • improper maintenance of frozen assets - OFSI has identified debits being made both deliberately and inadvertently from accounts held by Russian DPs at UK banks and NBPSPs, for example, for existing, auto-renewing insurance policies or other contracts;
    • licence conditions breaches - these largely fall into three categories: transactions occurring after licence expiry, bank accounts being used other than those specified in specific OFSI licences and failures to adhere to licence reporting requirements;
    • inaccurate ownership assessments - OFSI has observed failures to identify entities which fall under the direct ownership of Russian DPs, such as, subsidiaries owned by Russian conglomerates which are either designated themselves or majority owned by an individual Russian DP. It is unclear how many of these relate to an initial diligence failure, or are as a result of changes in ownership which have not been picked up by ongoing monitoring;
    • inaccurate UK nexus assessments - OFSI has observed failures to identify the involvement of UK nationals or entities in transaction chains across different types of transactions, particularly those involving multiple jurisdictions, and, in some cases, the incorrect identification of differences between UK, EU and US sanctions regimes; and
    • professional and 'non-professional enablers' (e.g. individuals with close personal ties to DPs) are increasingly assisting DPs in circumventing sanctions. Enablers may be complicit, wilfully blind and even unwittingly involved, which will make it more challenging to spot. Enabler activity often involves leveraging multiple methods of payment as well as traditional banking payments or, increasingly, using alternative payment methods, in particular use of cryptoassets to circumvent sanctions;
  • OFSI has observed a shift in the third countries (intermediary jurisdictions) referenced in suspected breach reports over time. While links to BVI, the Republic of Cyprus, and Switzerland remained prevalent, there has been an increase in reports involving the Isle of Man, Türkiye, the UAE, and Guernsey. In the first quarter of 2024, cases referencing the UAE made up the largest section of suspected breaches reported to OFSI, followed by Luxembourg, the Cayman Islands and the Republic of Cyprus. This is likely to be as a result of both changes in trading patterns but also increased scrutiny of transactions connected to particular jurisdictions leading to breach reports, noting that regulated firms are subject to broad reporting obligations where they identify UK sanctions breaches by other parties;
  • OFSI has identified payments being made through the UK financial services sector specifically for superyachts, concierge and personal security services linked to Russian DPs. The superyachts are often owned through opaque ownership and control structures and payments may relate to services such as crewing and maintenance. Although these assets or service providers are often situated in various locations globally, where there is a UK nexus and no OFSI licence applies, this will still be a breach of UK sanctions (with strict liability enforcement risk for anyone involved). While this may seem like a niche risk issue, the nature of the services being provided (allowing Russian DPs to continue to receive the benefit of a luxury lifestyle outside Russia) means this is likely to be a high enforcement priority for OFSI. It is notable that payments in this category are often made using professional enablers;
  • Finally, of particular concern, OFSI has identified professional enablers coming forward and claiming to be the owner of frozen assets - attempting to front on behalf of Russian DPs. They are presenting themselves as legitimate business people unconnected to the Russian DP. This has been the case particularly where the ownership or control of frozen assets by a Russian DP is unclear, including as a result of insolvency, complex corporate structures, and where significant liquidity is involved. Professional enablers engaging in this kind of activity have typically been small companies providing services related to ultra-high-net-worth lifestyles and whose relationship with a DP likely predates designation (such as wealth managers and financial advisors). These can be relatively easy to identify, although much harder to prove that they are acting on behalf of a DP. However, OFSI has also observed increased activity by new groups of professional enablers to provide DPs with liquidity, including by using alternative payment methods such as cryptoassets. This group of enablers may be harder for regulated firms to identify as well as to show a relevant connection to a DP, creating both criminal enforcement risk and civil litigation risk for firms who are asked to deal with such persons.

In OFSI's view, firms should be taking the following mitigation measures:

  • Firms must ensure their procedures for identifying and self-disclosing a suspected breach are fit for purpose and that staff receive regular tailored training on how to recognise and report suspicious activities.
  • Firms must ensure that all accounts and associated cards held by DPs, including those held by entities owned or controlled by DPs, are handled in accordance with asset freeze prohibitions and relevant OFSI licence permissions.
  • Firms must carefully review permissions when facilitating transactions which they believe are permissible under OFSI licences.
  • Firms should be alert to Russian DPs, including Russian banks, establishing new subsidiaries in intermediary countries. To mitigate the risk of inaccurate ownership assessments, firms should ensure due diligence software is updated regularly and that increased due diligence is conducted when red flags are identified. Specifically, they should assess their exposure to banks that have joined the System for Transfer of Financial Messages (SPFS) and to report any related suspected sanctions breaches related to correspondent banking.
  • Firms should undertake careful UK nexus assessment and jurisdictional analysis, noting the very limited nature of the activity which is required to take place in the UK to engage UK sanctions;
  • Firms must ensure that their systems are set up to enable them to report to OFSI if:
    • they identify any suspicious payments relating to Russian DPs and related assets, such as superyachts, including those which are owned through complex corporate structures;
    • they spot suspicious activity relating to UK residential property including but not limited to the provision of property maintenance services; the provision of concierge or security services; providing property letting services and the collection of rent from a frozen property asset.
  • Firms should remain alert to the threat posed by the increasingly sophisticated methods employed by DPs and their enablers to breach UK financial sanctions prohibitions. This means they must ensure that their systems and processes are robust and agile enough to enable them to identify and report enabler activity which could represent a sanctions breach and incorporating the red flags covered in the Threat Assessment i.e:
    • a new individual or entity making payments to meet an obligation previously met by a Russian DP;
    • individuals associated with Russian DPs, including family members and professional enablers, receiving funds of significant value without adequate explanation;
    • frequent payments between companies owned or controlled by a DP;
    • attempts to deposit large sums of cash without adequate explanation;
    • cryptoasset to fiat transactions (or vice versa) involving a Russian DP's family members or associates;
    • a family member of a DP is an additional cardholder on a purchasing card and regularly uses the card for personal expenses and overseas travel.
  • Firms should remain alert to the threat of enablers attempting to front for Russian DPs, again adapting their systems to spot red flags including:
    • individuals with limited profiles in the public domain, including those with little relevant professional experience;
    • inconsistencies in name spellings or transliterations, particularly those stemming from Cyrillic spellings;
    • recently acquired non-Russian citizenships, including from countries which offer golden visa schemes;
    • frequent or unexplained changes of name or declared location of operation.
  • Firms must deploy increased due diligence in respect of activities in intermediary jurisdictions listed in the Threat Assessment;

The legal services sector and property sector face several different challenges in terms of compliance and circumvention activities. Financial services firms provide banking and other financial services to businesses operating in these sectors and so it is worth reviewing all three Threat Assessment Reports in order to identify some of the other issues that might give rise to regulatory reporting obligations. Below, we have summarised some of the key points flagged for convenience.

  • Legal transactions often involve intricate structures and multiple parties, making it difficult to identify and assess the involvement of Designated Persons (DPs);
  • Legal professionals are bound by strict confidentiality agreements, which can complicate the reporting of suspected breaches and sharing of information with authorities;
  • Legal advisors and other professionals may inadvertently or deliberately assist DPs in circumventing sanctions, requiring heightened vigilance and ethical standards;
  • Implementing robust due diligence in legal services processes is challenging due to the diverse nature of the services and the need to balance thoroughness with efficiency;
  • Keeping up with evolving sanctions regulations and ensuring compliance across all legal services can be demanding, especially for smaller legal firms with limited resources;
  • Ensuring that all staff are adequately trained and aware of financial sanctions requirements is crucial but can be difficult to achieve consistently;
  • Property transactions often involve complex ownership structures, including trusts and offshore entities, making it difficult to identify where DPs are the ultimate beneficial owners;
  • The high value of property transactions increases the risk of significant financial sanctions breaches and makes the sector an attractive target for money laundering and sanctions evasion;
  • There is a tendency for underreporting of suspected breaches within the property sector, partly due to a lack of awareness or understanding of financial sanctions requirements;
  • Implementing thorough due diligence processes can be challenging in this sector too, due to the diverse nature of property transactions and the need to balance thoroughness with efficiency;
  • Real estate agents, legal advisors, and other intermediaries may inadvertently or deliberately assist DPs in circumventing sanctions, requiring heightened vigilance and ethical standards;
  • Keeping up with evolving sanctions regulations and ensuring compliance across all property transactions can be demanding, especially for smaller firms with limited resources.

AG regularly advises a wide range of businesses on sanctions compliance. If you would like to discuss any of these matters further, please reach out to Harriet Territt for more information.

The FCA's strategy for 2025 to 2030 and what that means for its approach to tackling market abuse

In March 2025, the FCA launched its new 5-year strategy for the period from 2025 to 2030, in which "fighting financial crime" forms one of the regulator's four key priorities. The strategy includes high level goals to disrupt criminal activities within the financial sector, as well as assisting regulated firms to prevent and detect financial crime, and working with domestic and international partners.

Key elements in the FCA's strategy for 2025-2030

The 5 year strategy document indicates that the FCA intends to take action in particular by:

  • focusing on policing the regulatory perimeter – an area which data and experience indicate is the subject of regular violation, not just by organised criminals and scammers but other actors as well (for example 'finfluencers' issuing unauthorised financial promotions);
  • continuing to use public warnings, formal requirements, civil actions, and criminal prosecutions;
  • targeting resources on those seeking to use FCA authorisation (and its associated contribution to a firm's credibility) as a cover for criminal activities;
  • working with those financial services firms that are committed to tackling financial crime to enhance their anti-crime systems;
  • using (and encouraging the use) of new technologies to improve crime prevention controls;
  • supporting firms in providing evidence for law enforcement actions;
  • strengthening relationships with UK law enforcement and regulatory bodies to share intelligence and coordinate actions;
  • engaging with international counterparts to combat cross-border financial crime; and
  • increasing public awareness of investment and authorised push payment (APP) fraud through alerts and educational initiatives.

Success for the regulator by 2030 will be determined by reference to:

  • Improvements in market cleanliness, and abnormal and anomalous trading statistics;
  • Slower growth in investment fraud victims and losses; and
  • Slower growth in APP fraud cases and losses.

As part of delivering this strategy, the regulator has already announced that it is establishing a presence in the United States (US) and Asia-Pacific (APAC) for the first time.

The FCA's approach to tackling market abuse as part of its strategy

On 29 April 2025, the FCA published the text of a speech by Joint Executive Director of Enforcement, Therese Chambers, delivered at a Market Abuse and Market Manipulation Summit. The speech sets out how the FCA plans to continue its strategic focus on financial crime and market abuse. In our view a number of comments made in the speech are significant, in particular the FCA's intention to:

  • streamline the FCA's communications to firms, for example with portfolio letters;
  • continue to use Market Watch and Primary Market Bulletins to highlight areas which present the greatest risk of harm, so firms can focus on them;
  • publish a consultation paper on transaction reporting later in 2025, following on from its November 2024 discussion paper, considering in particular how reporting could be made more proportionate and less duplicative for firms (whilst still providing the data the FCA needs for market abuse investigations);
  • take purposeful action against firms that 'persistently discharge their responsibilities poorly', for example by introducing new business restrictions on firms that do not have adequate systems and controls to identify and report market abuse;
  • work with broking firms to identify and terminate suspicious accounts;
  • focus enforcement on 'cases that bring the most impactful deterrence'; and
  • focus on the following priorities when tackling market abuse:
    • disrupting organised crime groups (OGCs) whose activities the FCA estimates account for around 25% of all suspicious transaction and order reports, including recruiting and rewarding information sources employed across the financial services sector. According to the regulator's estimate, OGCs have made profits of over half a billion pounds in profits from suspicious trading since 2022;
    • identifying and investigating deliberate leaks information of inside information to the press, in particular companies that appear to be making strategic leaks and unlawful disclosures about transactions to try to influence share prices in advance of a transaction. The FCA makes clear that it will continue to work alongside the Takeover Panel in this area;
    • coverage of Fixed Income, Currencies & Commodities (FICC) markets; and
    • strengthening the FCA's international engagement strategy, building close and cooperative relationships with domestic and international regulators and law enforcement.

For further information, please contact David Pygott.

The Court of Appeal finds for the FCA in an integrity case (Markou v FCA)

In a judgment overturning the Upper Tribunal's (UT) 2023 decision in Markou v Financial Conduct Authority [2023] UKUT 00101, the Court of Appeal (CA) confirmed the relevant legal tests for challenging the UT's decisions, for proving recklessness in relation to senior managers' regulatory responsibilities, and the relationship between recklessness and integrity in the regulatory regime created by the Financial Services and Markets Act 2000 (FSMA). The case also underscores the implications for a senior individual of recklessness towards regulatory compliance, and when providing information to the UT.

Why is the judgment important?

Background to litigation

Mr. Markou, was the CEO (SMF1 and SMF3) of a regulated financial services firm, responsible for establishing and maintaining the firm's systems and controls and for ensuring it complied with the regulatory system. These included supervising relevant staff and ensuring that an appropriate level of professional indemnity insurance (PII) cover was in place.

In 2021, the FCA issued a Decision Notice finding that Mr Markou had breached Statement of Principle 1 (integrity) by failing to implement his firm's policies to combat mortgage fraud, to supervise properly the two mortgage advisors who carried out the firm's day-to-day business, and to take sufficient steps to prevent the firm from transacting regulated mortgage business during a period in 2017 when he knew it had no PII cover in place. It withdrew his approval to carry on the SMF1 and SMF3 functions, made a prohibition order against him, also imposing a financial penalty of £25,000.

Mr. Markou successfully challenged the FCA's decision before the UT in 2023, among other things making a series of arguments about the state of his knowledge about PII cover. Although the UT found that it did not have jurisdiction to consider some of the matters referred to it, it found (in summary) that Mr Markou's conduct did not demonstrate a failure to act with integrity and that he did not act dishonestly or recklessly in any regard. It remitted the matter to the FCA to decide whether Mr Markou had failed to act with due skill, care and diligence, but otherwise determined that the appropriate action for the FCA to take was to impose no financial penalty and no disciplinary sanction.

The FCA appealed the UT's decision to the CA on a series of grounds, alleging in particular that the UT had reached an irrational conclusion that recklessness was not established, and that the UT had erred in fact and in law in a number of other areas.

Decision of the Court of Appeal

The CA allowed a considerable part, but not all, of the FCA's appeal.

First, in its earlier decision in the case, the UT had ruled that it lacked jurisdiction to consider allegations that Mr Markou had recklessly misled the FCA, and misled the UT in oral evidence, because these were not 'of the same nature and based on the same factual background as the allegations made to the RDC and contained in the Warning and Decision Notices'.

Applying its earlier decision in the case of Bluecrest, the CA disagreed, finding that the UT did have jurisdiction to consider these allegations because there was a sufficient relationship between the matter referred and the FCA decision which triggered the right to refer. In particular, there was a 'real and sufficient connection with the subject matter of the process, in the sense of its procedural or substantive content, which had culminated in the decision notice or supervisory notice'. The ground of the FCA's appeal therefore succeeded. The CA found, however, that that by itself that success was not sufficient to justify the CA interfering with the UT's decision.

Secondly, the CA found that the UT had correctly directed itself on the legal test for recklessness ("A person acts recklessly with respect to a result if he is aware of a risk that it will occur and it is unreasonable to take that risk having regard to the circumstances as he knows or believes them to be"), noting the subject and objective elements to that test. It further commented that in the regulatory (FSMA) context at hand, recklessness was 'capable of demonstrating a lack of integrity, though it may not amount to it'.

With respect, however, to whether Mr Markou had been reckless in his approach to his firm's compliance with the regulatory system, the CA went on to disagree fundamentally with some of the UT's findings on the evidence, in particular findings the UT had made about Mr Markou's knowledge regarding PII cover. Concluding the UT's findings were unsustainable on the evidence, it determined in short that not only did Mr Markou know there was no PII cover during the period in question, he also knew there was no prospect of obtaining cover either, and had allowed the firm's business to continue anyway.

The CA concluded that Mr Markou had acted recklessly and without integrity, finding that a senior manager of a regulated entity should not have run the risk of that entity carrying on regulated business without PII. In Mr Markou's case, that risk was real, imminent and not trivial.

The CA also found that Mr. Markou had been reckless as to the evidence that he gave before the UT and, both in his witness statement and in his oral evidence to the UT itself, concluding 'such behaviour on the part of a senior manager of a regulated business is self-evidently indicative of a lack of integrity'.

Having found that the FCA had established Mr Markou was reckless and that his recklessness demonstrated a lack of integrity, the CA did not remit the matter to the UT, but instead in effect reinstated the FCA's original decision to withdraw Mr. Markou's approval to perform the SMF1 and SMF3 functions and to issue a prohibition order against him. Noting however that not all the FCA's allegations had been proven, it reduced the financial penalty to £10,000.

At the time of writing, an application had been lodged with the Supreme Court for permission to appeal the Court of Appeal's judgment.

Should you require assistance in dealing with allegations from the FCA that there has been a breach of integrity principles, please contact David Pygott.

UK Government issued updated Modern Slavery Guidance

If you read our last (February 2025) "In the Know", you would have seen our commentary on the Government response to a critical House of Lords report saying that not enough was being done to tackle modern slavery in the UK. On 27 March 2025, the Government published an updated version of its Transparency in Supply Chains guidance to coincide with the MSA's ten-year anniversary. The updated revised guidance reflects a significant shift in tone, approach, and focus compared to the previous technical and compliance-driven guidance. It aims to provides practical advice to support businesses to undertake meaningful action to tackle modern slavery, incorporating the learnings from the past 10 years since the Act was introduced. It is much more prescriptive and detailed in the approach it takes and calls for a significant change in the way businesses approach modern slavery, generally, as well reporting including the approach to risk assessment, due diligence, stakeholder engagement and key performance indicators (KPIs). Our view is that this is likely to be the first in a series of steps by the UK government to update and enhance the effectiveness of the MSA.

Click here to understand how the guidance has been updated

The new guidance in PDF format runs to 124 pages – compared to the previous 46. The main body of the guidance is over 66 pages, (compared to the previous 49). In other words, the additions are substantial.

In summary, while the previous guidance was very technical and focussed primarily on facilitating strict compliance with MSA reporting requirements, the new guidance represents much more of a policy statement around the principles of anti-slavery and the importance of tackling modern slavery and its impact. It moves beyond strict legal compliance with section 54 of the MSA and instead encourages organisations to embrace the "spirit" of the law. This is a trend we have seen in many other areas, too – placing legal compliance within a wider context of social governance and responsible business conduct. It reframes anti-slavery efforts as both a moral obligation and a strategic advantage. It places a strong emphasis on transparency and year-on-year progress as well as the importance of protecting and supporting individuals impacted by modern slavery, engaging with others, sharing data, and participating in collective efforts to address systemic risks. Specifically, it contain:

  • a more detailed section on the six recommended categories of disclosures (noting that this remains recommended but not required) –which includes a much more prescriptive list of information to include and signposts to the relevant part(s) of the OECD Due Diligence Guidance and the relevant UN Guiding Principles. For each of the six categories, the revise guidance includes basic information to include (Level 1) and, for some subcategories of information, also more enhanced information (Level 2 disclosure suggestions). This has been relocated from the annex to the main body of the guidance;
  • a more considered approach to the scoping and application analysis section (who must report), with more illustrative examples of types of operations included;
  • information on modern slavery frameworks, stakeholder engagement and continuous improvement in relation to modern slavery disclosures;
  • suggested KPIs for evaluating progress in identifying, preventing and responding to modern slavery;
  • an annex dedicated to:
    • revised case studies and expanded definitions; and
    • stronger messaging around the importance of tackling modern slavery including continuous change and improvement, engaging with stakeholders (including those with lived experience) and responding to (as well as reporting) modern slavery.

While nothing in the guidance changes the legal position on mandatory reporting, firms would be well advised to review and take account of the updated guidance in their planning for MSA report in this year and next year. The guidance is not specific as to whether it applies to the current reporting cycle, but firms should at least acknowledge the updated guidance in this year's report (if not yet made) and reflect/confirm how they intend to address the recommendations in practice.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of David Pygott
David Pygott
Photo of Harriet Territt
Harriet Territt
Photo of Gilly Bradbury
Gilly Bradbury
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More