A couple of recent sanctions developments bring UK enforcement in this area in the spotlight.
1. OFSI established; new guidance issued
On 31 March 2016 the Office of Financial Sanctions Implementation ("OFSI") was officially established as part of the HM Treasury's efforts to increase enforcement of EU and UK sanctions. OFSI stated that it "will support the UK’s foreign policy and national security goals and work to help maintain the integrity of and confidence in the UK financial services sector", by, inter alia, increasing awareness of and compliance with financial sanctions and ensuring that sanctions breaches are rapidly detected and effectively addressed.
Only a few days after it was officially established, on 5 April 2016 OFSI issued its Guidance on Financial Sanctions, providing a guide to the approach which OFSI intends to take when issuing licenses and considering compliance with EU and UK sanctions. The new Guidance largely follows the approach HMT took in its previous Frequently Asked Questions document, with a few notable additions.
At the outset we note that this Guidance applies to all individuals or entities which would normally fall within the scope of UK's implementation of EU sanctions (i.e., to any UK nationals (wherever located) or UK incorporated companies (including overseas branches), any business done in the UK or any individuals in the UK (irrespective of nationality)).
The Guidance is divided into two parts:
- An overview of the financial sanctions framework (Part A), and
- Practical examples of how OFSI will approach licencing and compliance questions (Part B).
Under Part A, the Guidance explains and consolidates the scope of financial sanctions, the prohibitions and any exemptions/licencing grounds, and mechanism for possible of challenges of designations. It also includes references to specific templates for licencing applications and disclosures of breaches of EU/UK sanctions laws. In addition, regarding enforcement:
- OFSI notes that "while the decision to prosecute in respect of a breach of financial sanctions ultimately lies with the CPS and the Attorney General, when initially considering the course of action to take in response to a breach, appropriate regard will be had to whether the breach was self-disclosed fully and promptly, the level of cooperation with any investigation and actions being taken to improve future compliance".
- OFSI takes the view that "if the asset freeze is imposed by an EU regulation, all persons, including financial institutions, must generally provide OFSI with information which would facilitate compliance with the asset freeze, including information about the funds and economic resources which have been frozen". We note that the extent of this provision is yet unclear, especially given that under HMT's previous "general position" this applied only "relevant institutions" (i.e., broadly speaking institutions carrying our regulated activities under the Financial Services and Markets Act 2000, other similar EEA institutions or certain exchange offices).
- In the case of a failure to comply with a requirement to provide information, a request for information from OFSI may include criminal prosecution. In this context it is worth noting that OFSI has the power to request information including in relation of funds/economic resources of a DP. In our view there is at least a question as to how the obligation to respond to such a request fits with the principles of protection against self-incrimination as implied into Article 6 of the ECHR, if failure to respond may lead to criminal prosecution.
Part B provides a number of practical examples of complying with EU/UK sanctions. Section 9 of the Guidance deals with compliance for businesses and provides information regarding, inter alia:
- OFSI's expectations: "…businesses, particularly those operating in an international context, ... will not be able to avoid liability simply by failing to consider their sanctions risks…OFSI expects all businesses who engage in activities where financial sanctions apply to stay up to date with the sanctions regimes in force, to consider the likely exposure of their business to sanctions, and to take appropriate steps to mitigate those risks …".
- Screening software: Whilst OFSI makes it clear that there is no obligation on companies to purchase particular software, it does address the limitations of simply checking names on the OFSI consolidated list and, equally, raises issues a business needs to consider to understand a software's capabilities and limits.
- The provision of funds or economic resources to/from DPs, including set-offs, write-offs, use of vouchers and non-completion of contracts on the basis of compliance with sanctions. In respect of the provision of services, OFSI states that with the exception of certain financial services, the provision of services is not prohibited - although a licence is required for payment by a DP for services or when creating a debt.
- Joint ownership of businesses with DPs, including whether the entire JV business becomes subject to sanctions, whether the non-designated part or the entire business can be sold.
- The role of the Financial Conduct Authority, including specific guidance on closing, transferring, or crediting accounts of a designated person. OFSI also refers to the financial crime guide for firms illustrating examples of good practice.
- Reporting requirements: these are stated as applying to all parties subject to EU regulations, albeit on a voluntary basis.
- The provision of insurance services (i) in the context of asset freezes under the Terrorism Asset Freezing etc. Act 2010, (ii) to certain Syrian entities, and (iii) in relation to specific trade transactions.
Guidance for compliance by designated persons and their families, friends and members of the public is included in sections 7 and 8, respectively.
2. Policing and Crime Bill
Illustrating efforts to increase enforcement in this area, the UK Government has put forward the Policing and Crime Bill (the "Bill"), on the basis that "new legislation is required in order to bring consistency to penalties across all the financial sanctions regimes, ensure that penalties for breaches of financial sanctions have a sufficient deterrent effect, and provide the enforcement community with a broader and more flexible array of powers".
The Bill proposes the introduction of:
- An extended maximum penalty: in respect of financial sanctions, the Bill provides for a maximum penalty of seven years on conviction on indictment instead of the current two years on conviction on indictment (the six months' period for imprisonment on summary conviction remaining unchanged).
- New monetary penalties regime: monetary penalties will be used where it is not in the public interest to pursue a criminal prosecution, SCPO or DPA. The penalty will only be imposed in situations where OFSI is satisfied, on the balance of probabilities, that a breach had been committed and that the person involved knew or had reasonable cause to suspect that their actions were in breach of sanctions. At present, the maximum penalty considered is £1 million or 50% of the total value of the breach, whichever is the greater. To ensure that the penalties also act as a deterrent against poor compliance, the details of any penalties imposed will be published – this will be subject to a consultation that will outline HM Treasury’s proposed approach to such a publication.
In our experience use of monetary penalties to deal with certain breaches is not unique and indeed bears some similarities to the unlimited compound penalties that HMRC can impose on exporters who commit export control offences. Anonymised details of specific cases / penalties are published/updated by the ECO. An overview of HMRC's use of this enforcement tool is also summarised in the annual UK Strategic Export Controls Reports – the latest report (published in July 2015) stating that six compound penalties totalling £257,906 were imposed in 2014. Companies, it seems, prefer in some cases to accept HMRC's offer to pay a compound penalty, as an alternative to prosecution. As HMRC does not name the entities it imposes penalties on, this is often a helpful way for companies to deal with a inadvertent breach.
- Serious Crime Prevention Orders (SCPO) for breaches of financial sanctions: this does not levy financial penalties but may contain targeted prohibitions, restrictions or requirements that the court considers appropriate for restricting or disrupting further involvement in serious crime. Breach of a SCPO is a criminal offence subject to a maximum penalty of five years imprisonment. A breach can also lead to forfeiture of property and the closing down of a company.
- Deferred Prosecution Agreements (DPAs) for breaches of financial sanctions: once a business is charged with a criminal offence, proceedings are automatically suspended subject to certain conditions e.g. paying a financial penalty, disgorging any profits made from the alleged offence, cooperation with investigations related to the alleged offence, or implementing a compliance programme (all of which is recorded under court-approved agreements). Breach of these conditions may lead the prosecution resuming their proceedings.
- New UK legislation to be adopted on a temporary basis (up to 60 days) to bridge the time gap between the adoption of UN sanctions and their "implementation" by the EU which currently increases the risk of asset flight.
The Bill enters the report stage today (26 April 2016), and if approved it will then proceed to the House of Lords for consideration and amendments.