Threats to financial sanctions compliance in the UK financial services industry

The UK's Office of Financial Sanctions Implementation ("OFSI") has just published a sector-specific threat assessment in relation to financial services. This addresses threats posed to UK financial sanctions compliance by those operating in the financial services industry. It provides information on suspected sanctions breaches and is intended to assist stakeholders with prioritisation as part of a risk-based approach to compliance.

This assessment focuses on threats to compliance relating to transactions handled by UK financial or credit institutions, including banks (both retail and wholesale) and non-bank payment service providers ("NBPSPs"). The assessment covers UK financial sanctions only and does not cover UK trade sanctions.

Since February 2022, UK financial services firms have reported over 65% of all the suspected breaches received by OFSI.

The key judgements/threats which OFSI identifies are:-

1. It is likely that some UK financial services firms, including NBPSPs, have not self-disclosed all suspected breaches to OFSI. The timely identification and reporting of suspected breaches varies across the sector and across different UK sanctions regimes. OFSI identified some substantial delays both in identifying and reporting suspected breaches.

2. It is highly likely that most non-compliance by UK financial services firms has occurred due to several common issues, including the improper maintenance of frozen assets and licence conditions breaches. These issues are relevant to compliance with all UK sanctions regimes. OFSI has identified debits being made both deliberately and inadvertently from accounts held by Russian Designated Persons "DPs" at UK banks and NBPSPs. Often these transactions stem from existing insurance policies or other contracts, particularly those relating to UK residential properties. Breaches of specific and general OFSI licence conditions fell largely into three categories: transactions occurring after licence expiry, bank accounts being used other than those specified in specific OFSI licences and failures to adhere to licence reporting requirements. Other failings included Inaccurate ownership assessments, where OFSI observed failures to identify entities which fall under the direct ownership of Russian DPs. Inaccurate UK nexus assessments were observed. A breach does not have to occur within UK borders for OFSl’s authority to be engaged. There simply has to be a connection/nexus to the UK. OFSI observed across different types of transactions, particularly those involving multiple jurisdictions, failures to identify the involvement of UK nationals or entities in transaction chains

3. It is almost certain that Russian designated persons (DPs) have turned to new professional and non-professional enablers in their attempts to breach UK financial sanctions prohibitions. OFSI has observed significantly increased enabler activity since 2023. This falls generally into three categories:

• Making payments to maintain DPs’ lifestyles and assets;
• Fronting on behalf of DPs to claim ownership or control of frozen assets; and
• Other money laundering to provide DPs with liquidity, including by using alternative payment methods such as crypto assets.

Professional enabler activity in the financial services sector has traditionally been associated with wealth management and other kinds of financial advisory services, particularly those based in intermediary jurisdictions offering greater secrecy through their financial and legal systems. OFSI has also observed increased activity by non-professional enablers linked to Russian DPs, such as their family members, ex-spouses, associates, or other proxies.

4. It is highly likely that enablers have made payments through NBPSPs relating to the maintenance of Russian DPs’ lifestyles and assets, including superyachts and UK residential properties. Russian DPs have relied on both professional and non-professional enablers to make payments to maintain their lifestyles and assets. Such payments could include those relating to superyachts; concierge and personal security services; other property management services; school fees; and high-value goods. Suspected breaches under the Russia sanctions regime relating to superyachts have been persistently reported to OFSI since February 2022. OFSI has identified payments being made through the UK financial services sector to staff on superyachts linked to Russian DPs following their designation. Since February 2022, OFSI has also received a significant number of suspected breach reports relating to UK residential property. Most of these suspected breaches were linked to a small number of Russian DPs with a historical UK nexus. Activities relating to UK property included the provision of property maintenance services; the provision of concierge or security services; property letting services; and the collection of rent from a frozen property asset.

Red flags include:-

• A new individual or entity making payments to meet an obligation previously met by a Russian DP;
• Individuals associated with Russian DPs, including family members and professional enablers, receiving funds of significant value without adequate explanation;
• Frequent payments between companies owned or controlled by a DP;
• Attempts to deposit large sums of cash without adequate explanation;
• Crypto asset to fiat transactions (or vice versa) involving a Russian DP’s family members or associates; and
• A family member of a DP is an additional cardholder on a purchasing card and regularly uses the card for personal expenses and overseas travel.

5. It is likely a small number of enablers have attempted to front for Russian DPs and claim ownership of frozen assets. OFSI has identified professional enablers attempting to front on behalf of Russian DPs and claim ownership of frozen assets. OFSI observed this particularly where the ownership or control of frozen assets by a Russian DP is unclear, including as a result of insolvency, complex corporate structures, and where significant liquidity is involved. In these scenarios, an enabler presenting themselves as a legitimate businessperson unconnected to a Russian DP could come forward and claim to be the owner of frozen assets.

Red flags include:-

• Individuals with limited profiles in the public domain, including those with little relevant professional experience;
• Inconsistencies in name spellings or transliterations, particularly those stemming from Cyrillic spellings;
• Recently acquired non-Russian citizenships, including from countries which offer golden visa schemes; and
• Frequent or unexplained changes of name or declared location of operation.

6. Enablers have almost certainly used alternative payment methods, in particular crypto assets, to breach UK financial sanctions prohibitions on Russia.

Suspected breaches of UK financial sanctions prohibitions by Russian DPs often involve intermediary jurisdictions. Individual Russian DPs have traditionally structured their interests, including the ownership and control of assets, through a small number of favoured intermediary jurisdictions. Since February 2022, just over 25% of suspected breach reports received by OFSI from UK financial services firms have made reference to intermediary jurisdictions. The following jurisdictions feature most often: British Virgin Islands (BVI); the Republic of Cyprus; Switzerland; United Arab Emirates (UAE); Guernsey; Luxembourg; Austria; and Türkiye.

By way of examples:-

The Republic of Cyprus

• Ownership or transfers of assets;
• Enabler activity; and
• Use of complex corporate structures such as trust arrangements or complex corporate structures involving offshore companies.

UAE

• Ownership or transfers of assets;
• Enabler activity;
• Networks used to process the funds of UK sanctioned individuals;
• The setting up of new companies which appear to be copies of the companies that have been closed down in other jurisdictions; and
• Transactions involving crypto assets.

Our thoughts

This threat assessment certainly provides some food for thought, and not only for banks and other payment services firms. The examples described should serve as a useful guide as to the types of conduct and fact patterns firms need to be alive to. OFSI is clearly concerned that financial services firms are frequently failing to report suspected sanctions breaches. At the same time, its track record in relation to enforcement of sanctions has so far been quite limited.

In parallel with the OFSI reporting obligations, as sanctions breaches or circumvention of the regulations constitute criminal offences, the onward transfer of funds or assets would likely become proceeds of crime and recoverable property under the Proceeds of Crime Act 2002 ("POCA"). This may trigger Suspicious Activity Report ("SAR") obligations to the National Crime Agency under POCA.

The FCA may also expect to be notified under the FCA Handbook SUP 15 reporting obligations:-

"Firms should also consider whether they should report sanctions breaches to the FCA. SUP 15.3 contains general notification requirements. Firms are required to tell us, for example, about significant rule breaches (see SUP 15.3.11R(1)). Firms should therefore consider whether a sanctions breach is the result of any matter within the scope of SUP 15.3 – for example, a significant failure in their financial crime systems and controls". (FCG 7.1.5A).