On 27 April 2009, the Financial Services Authority of the UK (“FSA”) published a report that reviewed financial services firms’ compliance with the FSA’s financial crime objectives relating to the UK Financial Sanctions Regime (“FSR”). The report found inadequacies in firms’ systems and controls to reduce the risk of a breach of UK financial sanctions in all-sized firms across all UK financial sectors.
Although the FSA’s report does not constitute formal guidance, it is clear that the FSA expects firms to use it in ensuring that their UK financial sanctions systems and controls are effective.
Compliance is not always straightforward, particularly for international companies, as different sanctions regimes may collide and impose conflicting obligations.
What is the UK Financial Sanctions Regime (“FSR ”)?
The FSR aims to prohibit and suppress the financing of terrorism and terrorist acts. The FSR applies to all individuals and entities subject to UK jurisdiction, and can have extra-territorial effect.
In general, firms should not provide funds or financial services to a target on the HMT list (see below) unless a license is granted by HM Treasury. The maximum sanction for non-compliance is seven years’ imprisonment and/or an unlimited fine.
Banks and other financial institutions are particularly exposed since providing funding and financial services is their main business activity.
HM Treasury, through its Asset Freezing Unit (AFU), is responsible for putting into effect, administering, and enforcing compliance with the FSR. The AFU maintains and updates a list (known as the HMT list) of individuals and entities, both from the UK and other jurisdictions, that are “targets” under the FSR. The list includes about 1,400 individuals and 500 entities, including those linked to Al-Qaeda, the Taliban, North Korea, and Iran, and people linked more generally to terrorist financing.
The FSA’s role is to ensure that FSA-regulated firms have sufficient systems and controls in place to prevent them from accepting blacklisted clients.
The FSA ’s Report
The FSA surveyed 228 financial services firms to review their compliance with the FSA’s financial crime requirements relating to financial sanctions. Its conclusions include:
- Firms need to improve their awareness and understanding of the FSR to ensure adequate systems and controls are implemented
- The FSA came across a number of misconceptions, e.g., the belief that sanctions applied only to foreign entities and individuals. In fact, the banned list contains 50 individuals and 12 entities based in the UK.
- When another FSA-authorised firm refers a client, firms should themselves screen those clients against the HMT list when taking them on as a client. The assumption and reliance on the referring firm having conducted the financial sanctions screening is a key weakness the FSA identified in major and medium-sized firms reviewed.
- Firms should ensure and regularly monitor that adequate IT systems are in place to flag targets to reduce their exposure to the FSR
- Client screening should include directors, beneficial owners of corporate customers. and any third-party payees of clients
The report provides examples of good and bad practice to assist firms in undertaking more effective risk assessments, and putting in place appropriate systems and controls.
Future enforcement action?
According to press reports, FSA-regulated firms do not face an immediate risk of enforcement action as a result of their sanctions-compliance failures, but the FSA is set to scrutinise firms’ systems and controls further in the coming months. Firms should be on their guard.