Guidance

How suspected breaches of trade sanctions are assessed by the Office of Trade Sanctions Implementation (OTSI)

OTSI’s enforcement powers as set out in The Trade, Aircraft and Shipping Sanctions (Civil Enforcement) Regulations 2024.

This guidance relates to the Office of Trade Sanctions Implementation (OTSI). OTSI’s enforcement powers are set out in The Trade, Aircraft and Shipping Sanctions (Civil Enforcement) Regulations 2024 (the Regulations). The Regulations entered into force on 10 October 2024.

1. Which breaches OTSI can investigate and enforce

OTSI, which is part of the Department for Business and Trade (DBT), has powers to enforce certain trade sanctions.

They have the power to investigate suspected breaches of trade sanctions and take enforcement action in relation to:

  • providing or procuring sanctioned services
  • moving, making available, or acquiring sanctioned goods outside the UK
  • transferring, making available or acquiring sanctioned technology outside the UK
  • providing ancillary services to the movement, making available or acquisition of sanctioned goods outside the UK
  • providing ancillary services to the transfer, making available or acquisition of sanctioned technology outside the UK

OTSI also has powers to investigate and enforce breaches related to the trade sanctions measures set out above, regarding:

  • circumvention, such as intentionally facilitating the contravention of sanctions
  • exceptions, such as failing to comply with the notification requirement of an exception
  • information requests, such as intentionally obstructing an information request from OTSI
  • licensing, such as failing to comply with the conditions of a licence
  • recordkeeping, such as failing to comply with recordkeeping requirements of a general licence
  • reporting obligations, such as a relevant person failing to comply with their obligations to report suspected breaches

There are other types of trade sanctions which are implemented and enforced by HMRC, HM Treasury or Ofcom: these are therefore not subject to OTSI’s powers. 

2. Who OTSI can investigate

Trade sanctions apply to: 

  • all individuals or businesses within the territory and territorial sea of the UK
  • all UK nationals or UK businesses established under UK law, wherever they are in the world

This means OTSI can investigate suspected breaches committed by: 

  • individuals and legal entities who are within, or undertake activities within, the UK’s territory
  • UK individuals and legal entities established under UK law, regardless of where in the world the breach takes place

In the case of a corporate breach, OTSI can hold officers of the corporation personally liable and impose a monetary penalty on them as well as the corporate body if the breach is either: 

  • committed with the officer’s consent or involvement
  • attributable to the officer’s neglect

This also applies to: 

  • partners in a partnership
  • members of unincorporated bodies that are managed by members
  • members of governing bodies

This means OTSI can impose separate monetary penalties on the legal entity and the officers who run it.

3. Establishing whether a breach has occurred

When OTSI assesses a suspected breach of trade sanctions, they will first seek to establish whether there has been a breach of a prohibition, or a failure to comply with an obligation.

If there has not been a breach of a prohibition or a failure to comply with an obligation, OTSI will close the case.

If OTSI believe that a suspected breach sits outside of its enforcement powers, or if a case involves breaches across multiple types of sanctions, they will disclose the suspected breach to the relevant organisation responsible for enforcement.

4. Determining the severity of the breach

Once OTSI is satisfied that there has been a breach, they will then determine the severity of the breach. A breach may be determined as being of Lesser Severity, Medium Severity, or High Severity. OTSI draws this distinction to ensure that the enforcement outcome is proportionate to the severity of the breach. Where non-compliance has been identified, the aim of the enforcement outcome is to change behaviour and to improve future compliance.

Indicators of a lesser severity breach may include but are not limited to: 

  • low or no culpability
  • lower harm to the purposes of the sanctions regime
  • lower financial value, where there are no other relevant indicators

Indicators of a medium severity breach may include but are not limited to: 

  • failure to prevent a breach through behaviours such as negligence or recklessness
  • significant or moderate harm to the purposes of the sanctions regime
  • moderate financial value, where there are no other relevant indicators

Indicators of a high severity breach may include but are not limited to: 

  • a significant level of culpability, which could include intentional actions or significant negligence
  • extensive or sophisticated planning, such as efforts being taken to conceal the breach
  • serious harm to the purposes of the sanctions regime
  • high financial value, where there are no other relevant indicators

This is not an exhaustive list and OTSI will consider indicators in totality when assessing the severity of a given breach.

OTSI will consider the public interest when determining what action should be taken.

Determining whether the breach was intentional

Most breaches of trade sanctions will be treated as strict liability breaches. Regulation 6 of the Trade, Aircraft and Shipping Sanctions (Civil Enforcement) Regulations 2024 requires OTSI to ignore any defence that a person did not know and had no reasonable cause to suspect that an offence had been committed under trade sanctions regulations. This means that OTSI does not need to be satisfied that you acted knowingly or with intent to breach sanctions to impose a monetary penalty.

Some trade sanctions measures require you to have knowledge or intent for an offence to have taken place. This means that OTSI will need to be satisfied that you acted knowingly or with intent before imposing a monetary penalty.

5. Enforcement outcomes 

Once OTSI has determined the severity of the breach, there are one or more potential outcomes.

Warning letter

OTSI may issue a warning letter. This may include requiring you to comply with a continuing obligation to keep us informed about certain information as circumstances change, such as the improvement of due diligence processes. 

Referral to your regulator

If you are a regulated professional or your business is in the regulated sector, OTSI may refer the case to your regulator.

Referral to other organisations

If a UK registered company is involved in the breach, or if you are the director of a UK registered company, OTSI may refer the case to Companies House or the Insolvency Service.

Public disclosure

Where OTSI decides that it would be in the public interest to share information about a breach, for example, to assist the work of compliance officers, they may publicise details about a breach.

Monetary penalty

Some breaches may result in OTSI imposing a monetary penalty to the value of 50% of the estimated value of the breach, or £1 million, whichever is greater. 

Referral to HMRC

OTSI may refer your case to HMRC where they determine that the breach merits criminal enforcement. HMRC, as a criminal enforcement authority, can refer a matter to the Crown Prosecution Service to consider a prosecution.

OTSI will determine what enforcement action is appropriate and proportionate on a case-by-case basis. Once OTSI has decided what enforcement outcomes to take, they will inform you.

6. Mitigating and aggravating factors 

Once OTSI has established that there has been a breach and determined the severity of the case, they will consider a range of case factors in determining the enforcement outcome.

Where a monetary penalty is being considered, the presence of mitigating factors may lead us to reduce the monetary penalty or not impose a monetary penalty altogether. The presence of aggravating factors may lead OTSI to increase the monetary penalty.

Mitigating factors may include but are not limited to: 

  • timely voluntary disclosure of the suspected breach by the individual or business responsible. This could lead to a reduction of up to 50% of a monetary penalty imposed for the breach

  • compliance with requests for information you receive from OTSI during the investigation

  • no record of previously having breached UK sanctions

  • good standards of customer due diligence and other relevant compliance systems proportionate to the size, exposure to sanctions and resources of the business

  • demonstration of steps taken to address causes of the breach

Aggravating factors may include but are not limited to: 

  • failure to respond to previous warning letters
  • poor compliance with the investigation
  • withholding or obstructing access to information during an investigation, such as attempting to conceal or destroy evidence
  • failure to comply with other sanctions requirements relevant to the breach, such as recordkeeping and licensing conditions
  • previous breaches by the same individual or business, having regard to the time that has elapsed since they occurred
  • inadequate standards of due diligence
  • attempts to wrongly blame others

Mitigating and aggravating factors will be considered in totality by OTSI and reflected in the final enforcement outcome.

Voluntary disclosure

OTSI values and encourages voluntary disclosure. OTSI expects suspected breaches to be disclosed as soon as reasonably practicable after you know or suspect a person has breached trade sanctions.

If multiple parties are involved in a breach, and want to make a disclosure, we expect voluntary disclosure from each party.

Where a monetary penalty is being considered, for low and medium severity cases, OTSI will make up to a 50% reduction to the final monetary penalty if you have made a prompt and comprehensive voluntary disclosure of the breach.

For high severity cases, OTSI will make up to a 30% reduction to the final monetary penalty if you have made a prompt and comprehensive voluntary disclosure of the breach.

7. Totality

If a monetary penalty is being imposed for more than one breach of trade sanctions, OTSI may determine a penalty for each individual breach based on the severity and circumstances. They will then, in consideration of totality, assess if the final monetary penalty is just and proportionate.

8. Instances when OTSI cannot issue a monetary penalty

OTSI cannot issue you with a monetary penalty if:

  • criminal proceedings are ongoing, or have taken place, against a business or person for the same breach
  • the business or person has already been convicted for an offence in respect of that breach

9. What OTSI must tell you before they can impose a monetary penalty

Before OTSI can impose a civil monetary penalty on you, they must tell you: 

  • that they intend to impose a monetary penalty
  • the reasons why
  • the amount of the monetary penalty
  • that you are entitled to make representations
  • the date by which you must make any representations

10. Monetary penalties: making representations

OTSI will consider representations made and review both the reasons for the decision to impose a monetary penalty, and its amount. Potential outcomes include reaffirming the decision to impose the monetary penalty, changing the amount of the monetary penalty or cancelling the decision to impose the monetary penalty.

OTSI will not normally accept late representations.

OTSI will then communicate their final decision, considering any representations made. If OTSI’s decision is still to impose a monetary penalty, they will inform you:

  • what their decision is
  • that you’re entitled to seek a review of the decision
  • the date by which you must tell OTSI you want a review of the decision

11. Paying a monetary penalty

Once a monetary penalty becomes payable, OTSI will tell you how to pay.

All monetary penalties are paid into the Consolidated Fund and are recoverable as a civil debt.

12. Publication of breaches

OTSI may publish reports about breaches.

Publishing details about breaches helps increase awareness of sanctions and deters non-compliance.

Reports may name the individual or business who has committed the breach and provide facts about the breach. This may include information about specific risks and broader trends to assist other individuals and businesses to comply with sanctions.

If a designated person was involved in the breach, OTSI may disclose their identity unless there are strong reasons not to. This will include consideration of any relevant obligations under data protection laws, and those concerned with confidentiality.

OTSI will not publish a report about a breach where a monetary penalty has been imposed until after you have had the opportunity to exercise your right to request a review of a decision to impose a monetary penalty.

13. Report a suspected breach of trade sanctions 

If you suspect that you, or someone else, has breached trade sanctions, you should report it as soon as possible using the online service: Report a suspected breach of trade sanctions.

Get help

Contact OTSI using the enquiry form.

If you are unclear whether action you are considering, or have already taken, could breach the regulations, you should consider seeking independent legal advice.

Updates to this page

Published 12 September 2024
Last updated 10 October 2024 + show all updates
  1. This page was updated to include full details of case assessments. The former "civil monetary penalties for breaches of trade sanctions" guidance page was retired and consolidated into this guidance.

  2. This guidance is now in force, so the banner saying it is not yet in force has been removed. A link has been added to the online service to report a suspected breach of trade sanctions.

  3. First published.

Sign up for emails or print this page