ECSH33370 - Targets of UK sanctions regimes

All businesses carrying on business in the UK must comply with UK sanctions that are in force.

What are sanctions?

Sanctions are restrictive measures that can be put in place to fulfil a range of purposes. In the UK, these include complying with United Nations (UN) and other international obligations, supporting foreign policy and national security objectives, as well as maintaining international peace and security, and preventing terrorism.

You should be aware that there are different types of sanctions such as:

  • Financial sanctions
  • Trade sanctions
  • Arms embargoes
  • Travel bans

Some sanctions measures (such as asset freezes and travel bans) apply only to individuals, entities or ships which have been designated or specified by the UK Government, whereas other sanctions measures could apply to individual countries, jurisdictions or organisations such as government bodies, banks, and gas/oil producers.

Financial sanctions

The UK financial sanctions general guidance sets out the lists of those subject to financial sanctions maintained by the Office of Financial Sanctions Implementation (OFSI), which you will need to check when testing customer due diligence (CDD) measures. It also details what a business must do if it knows, or has reasonable grounds to suspect, that it is in possession or control of, or is otherwise dealing with, the funds or economic resources of a designated person which should form part of your background reading.

Financial sanctions which relate to a specific country or terrorist group are known as ‘regimes’. You can find financial sanctions imposed in the UK on a specific regime on GOV.UK.

You should be aware that if a business routes its financing through countries outside of the UK, or carries out transactions in other currencies, it may need to also comply with sanctions imposed by other countries, and you may see references to this in the business’s policies, controls, and procedures (PCPs). For example, a money service business (MSB) money transmitter routing its transaction through the USA will be required to comply with sanctions applicable to the USA, as governed by the Office of Foreign Assets Control (OFAC). Whilst this may be necessary, it is important to establish whether the business complies with the relevant sanctions implemented by the UK.

Trade sanctions

Businesses must comply with trade sanctions, arms embargoes, and other trade restrictions. Trade sanctions are maintained by the Office of Trade Sanctions Implementation (OTSI), within the Department for Business and Trade.

If you are conducting a check to a business dealing in goods (such as high value dealers (HVDs) or art market participants (AMPs)), or who have customers who deal in goods, you must check whether any goods are subject to restrictions, and whether the business has taken this into account when carrying out its risk assessment. A business may have considered a customer operating in certain commodities as an “at risk industry”. If so, you will need to establish what additional measures the business has taken to mitigate this risk, such as enhanced due diligence.

Similarly, you should consider if the destination country for goods and services breach sanctions, by reviewing the list of countries shown on GOV.UK in the link above.

You should establish whether the business has risk assessed the possibility of its customers dealing in items listed under trade prohibitions, such as luxury goods and dual use goods. See GOV.UK for more guidance on this. You should conduct open-source checks to have an awareness of any emerging risks in media coverage.

You should also determine whether the business has considered the risks of trading with customers based in countries neighbouring sanctioned jurisdictions being used to circumvent trade restrictions. For example, you are assessing the compliance of a trust or company service provider who states it has a client who supplies electronic components and deals with China. You should establish whether the business has assessed the risks of proliferation financing and whether the components could end up in neighbouring North Korea in its risk assessment, as required by regulation 18A. For more guidance on this, see the ”relevant requirements” for regulation 18A MLR 2017.

You should note that this could also be relevant for MSB money transmitters who carry out third party payments as part of the money transmission process.

Case study 1: An MSB money transmitter makes payments to a third party as requested by the MSB’s customer, a payout partner in another country. This is sometimes referred to as an offset payment. The MSB may be settling invoices for goods which are being imported and exported from one country to another. You should check that the MSB has assessed the risks of money laundering, terrorist and proliferation financing when making third party payments and has implemented PCPs to mitigate the risks. In this scenario, you should consider:

  • Who are the third parties involved which receive payment from the MSB?
  • Whether the countries or jurisdictions involved are considered high risk or subject to any sanctions?
  • Do they neighbour/border any high-risk countries or jurisdictions?
  • What types of goods, if any, are being imported/exported? Are they subject to sanctions or trade restrictions?

Testing compliance

When conducting a check to a supervised business, you must confirm that the business has considered risk factors including potential customers and transactions involving individuals, entities, goods, and countries subject to sanctions, embargoes or similar measures. You should ask the business what information it uses when assessing these risks, for example has it subscribed to receive e-alerts from OFSI and OTSI whenever a new notice is published. If it is not documented in the business’s risk assessment or the business has failed to consider this risk, you must discuss the requirements with the business and direct it to relevant guidance (see links above) so that it can identify and assess risks within the factors at regulation 18(2)(b) MLR 2017.

You must check customers selected for testing against the appropriate sanctions lists, to ensure you can challenge the business regarding its risk assessment and/or CDD procedures.

Find out which people, entities and ships are designated or specified under regulations made under The Sanctions and Anti-Money Laundering Act 2018 (SAMLA), and why, on GOV.UK.

Record your action of performing this check on Caseflow, using a narrative. You should note that there may be additional sanctions lists you may need to check depending on the circumstances of your case.

You should establish if the business has reported, or is aware that it must report, to OFSI/OTSI as soon as practicable if it knows or has reasonable cause to suspect that a person subject to sanctions has used, or has tried to use, its services, thus committing an offence.

You should ask the business how it has mitigated the risks of trading with designated persons, such as performing its own checks to sanctions lists or whether such checks are included in electronic verification. It is important that you ask the business if it understands which lists are checked. You should see evidence or records of these checks being carried out and establish whether they are sufficient, matched to the results of your own checks.

You should also consider:

  • What action did the business take when it received EC-S’ email about the situation in Eastern Europe? (Copies of all external communications to businesses are held in the Knowledge Library).
  • Is there evidence the business reviewed its risk assessment and PCPs? If not, why not?
  • If the business uses a third-party ID provider, does the business understand which lists are checked?

False positives

Whilst conducting records testing, you may see that the business has found that the name of an individual or entity it is dealing with matches one or more entries on the sanctions list. This is known as a name match. However, it does not necessarily mean that the individual or entity it is dealing with is the same one as is on the list.

If the individual or entity it is dealing with matches all the information on the sanctions lists, this is likely to be a target match. If the business has satisfied itself that the person or entity is not the same as the one on the list, it does not need to take further action. This should be recorded, and you should see evidence of how it has satisfied itself, including any further controls in place, for example obtaining senior manager approval. These should be set out in the business’s PCPs, and you should check that these controls are working. If not, you need to discuss this with the business to establish what has gone wrong and why/how procedures have been bypassed.

Ongoing monitoring

You should establish whether the checks are done as a one-off when establishing a business relationship with the customer or carrying out an occasional transaction, or whether it forms part of the business’s ongoing monitoring.

Sanctions breach

If during your checks you find a business has breached a sanction, you will need to inform the business to contact OFSI/OTSI immediately.

(This content has been withheld because of exemptions in the Freedom of Information Act 2000)