The Office of Financial Sanctions Implementation (OFSI) has updated its 'enforcement and monetary penalties for breaches of financial sanctions' guidance, which was last updated in June 2022.

Strict liability

The new section relates to OFSI's approach to breaches that follow an incorrect assessment of the ownership and control test. The strict liability test for civil financial penalties means that a person could be liable, if when conducting due diligence on a transaction, they incorrectly conclude that a counterparty was not controlled by a designated person and make a payment to them.

A breach may result in an enquiry by OFSI, a civil penalty and a public regulatory outcome. For a company in the UK financial services sector the Financial Conduct Authority (FCA) is likely to make further regulatory enquiries of the corporate and its management regarding the corporate's anti-financial crime systems and controls. In cases deemed sufficiently serious, OFSI may make refer the case to the UK's National Crime Agency (NCA) for criminal enforcement.

Revised approach

OFSI has previously emphasized the fact that it will take a fair and proportionate approach to breaches, however the new guidance provides a useful insight into OFSI's revised approach to these types of breaches, and particularly into its expectations around due diligence.
The guidance confirms that OFSI will take a pragmatic approach, and consider the degree and quality of due diligence conducted, and consider whether the steps taken were "appropriate and reasonable".

Record keeping

According, it is critical for companies to record their sanctions due diligence assessments. OFSI will expect to see evidence of the decision-making process, taking into account the sanctions risk and an appropriate level of due diligence, usually with reference to an internal framework or policy. For consideration of due diligence as a mitigating factor, the legal onus is on the company to demonstrate that it has undertaken appropriate due diligence

The guidance provides a non-exhaustive list of factors that companies should consider when conducting due diligence. OFSI will consider the following factors as potentially mitigating when considering breaches:

  • Examination of formal ownership and control mechanisms, including:
    • composition and distribution of shares;
    • recent changes to ownership or shareholdings or divestments and the reason for the change;
    • consideration of corporate documents;
    • agreements between shareholders or between shareholders and the company.
  • Examination of the actual or potential influence or de facto control over an entity by a designated person, including:
    • indications of continued influence by a designated person through financial or personal relationships, or proxies or trusts;
    • the nature of the relationship between the recipient of divested shares and the designated person;
    • information relating to the board and management of the company;
    • consideration of board meetings and governance processes, including relevant meeting minutes;
    • ongoing financial liabilities or benefits conferred to the designated person;
    • any other agreements between the entity and the designated person.
  • Open source research relating to the entity, and persons who own or control the entity
  • Direct contact with the entity to probe the above issues, including obtaining attestations.
  • Regular checks and ongoing monitoring of the above. The guidance warns that "ownership and control is not static".

Suggested actions

In light of the new guidance, companies should review their existing sanctions compliance frameworks and policies, and ensure that they are consistent with the principles set out in the guidance, and staff are trained and competent in assessing the ownership and control, as well as record keeping.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.