The New Power

The UK recently took significant steps to strengthen penalties for breaches of financial sanctions. Financial sanctions take many guises and may apply to individuals, companies or other entities. They include, for example, targeted asset freezes, orders to cease business or activities of a specified type and restrictions on financial markets and services. Following the enactment of the Policing and Crime Act 2017 on 31 January 2017, the Office of Financial Sanctions Implementation (OFSI) has been given the power to impose monetary penalties of up to 50% of the value of the offending transaction or £1million, whichever is higher. OFSI will only need to be satisfied on a balance of probabilities that there was a breach.

Any company with a UK connection may be sanctioned under the Act and companies that do business abroad or with foreign nationals will be most at risk. OFSI has published draft Guidance setting out the processes it proposes to use to decide:

  • whether a monetary penalty is suitable;
  • the level of any penalty;
  • the process of imposing the penalty – including timescales and the rights of the penalised person / entity; and
  • the circumstances in which OFSI will publish details of the monetary penalties it imposes.

This alert examines how the Guidance informs the compliance and enforcement approach that OFSI looks set to adopt and how companies should consider reacting. The Guidance comes into force in April 2017.

Nature of the power

The power to impose a monetary penalty arises where OFSI is satisfied on the balance of probabilities that an individual or company has breached a sanctions prohibition and that the person or company knew, or had reasonable cause to suspect, that it / he was in breach of the prohibition. Where a breach has occurred, but the offending party had no knowledge of, or “reasonable cause to suspect” the breach, OFSI cannot issue a monetary penalty but may “take other action short of a penalty”. Monetary penalties are therefore limited to the more serious kind of breaches.

Who does this affect?

A penalty may be imposed on a company or on an officer (e.g., a director, manager or secretary of the company). Although banks have been subject to much regulatory scrutiny recently in relation to financial sanctions, with the strengthening of OFSI’s powers, it is likely that investment management firms and other providers of financial services will also begin to feel the heat of the regulator’s gaze. OFSI will have jurisdiction to investigate and to enforce any financial sanctions violation which has a UK “nexus”, which would capture, for example, UK companies – wherever they are operating, as well as any financial products bought or traded in the UK, wherever they are held.

What will OFSI consider when deciding to impose a penalty?

The Guidance does not alter or expand what conduct constitutes a breach of financial sanctions, as set forth in relevant EU Regulations and UK Orders. In addition to certain reporting obligations which apply to regulated entities, financial sanctions broadly prohibit conduct which involves dealing with funds belonging to, or making funds available to – whether indirectly or directly – a designated individual. They also encompass behaviour which circumvents the sanctions programme. The new power does, however, give OFSI additional and significant flexibility with respect to how it responds to breaches. OFSI will take into account a number of factors, including the severity of the breach, which will be assessed by reference to certain aggravating elements such as size, risk of harm and persistence of behaviour. Predictably, deliberate circumvention of financial sanctions is highly likely to attract a penalty. In assessing whether to impose a penalty, OFSI will also look at the strength of the compliance procedures which a company had in place. The Guidance confirms that OFSI “will not seek to punish companies that simply fall below a high standard if that is the only distinguishing factor”. This is a strong inducement to companies to implement robust and appropriate sanctions compliance procedures.

Will there be an increase in enforcement?

The Guidance emphasises that OFSI intends to adopt a “holistic approach” to ensuring sanctions compliance. This will incorporate a role in promoting compliance. However, the Guidance also emphasises the office’s enforcement responsibilities in responding effectively to non-compliance and in tackling breaches. To date, in some respects, the enforcement of sanctions breaches in the UK has been unremarkable. The ability of OFSI to impose substantial penalties on the civil standard of proof, i.e., a balance of probabilities, is a significant development and is likely to bring about an increase in the number of financial sanctions breaches which are penalised. This is consistent with the more aggressive approach adopted by all regulators, including the FCA, to enforcement. In January 2017, for example, Mark Steward, the FCA’s director of Enforcement and Market Oversight explained that the FCA intends to pursue an aggressive enforcement policy against authorised individuals.

Reputation management

As with many enforcement regimes, there is a strong incentive to co-operate with OFSI, and voluntarily to self-report any breach of the financial sanctions. The Guidance explains that voluntary disclosure may attract up to a potential 50% reduction from the “reasonable and proportionate” penalty. Companies should also consider the value in managing the risk to their reputations in the event of a breach. In any case where a penalty is imposed, OFSI has discretion to publish a report, which it may regard as consistent with its principles to “deter future non-compliance, and promote” awareness of best practice. This report will include a summary of the case, including the identity of the offending individual or company.

What can you do?

All companies should closely review their compliance procedures or, for those firms yet to address this issue, implement robust procedures urgently. Having in place appropriate compliance procedures will provide a triple safeguard: not only will companies be able to mitigate their risks of breaching sanctions but, in the event of a breach, they may reduce the risk of receiving a monetary penalty. In the worst case, where a report is published, reference to strong compliance will help to manage the potential for reputational damage.