Financial sanctions enforcement: A risk to re-consider?
The recent increase of powers given to HM Treasury, by the Policing and Crime Act 2017, might launch a new era of financial sanctions enforcement within the UK. Comparisons with the US financial enforcement system, implemented by the US Office of Foreign Assets Control (OFAC), have already been made. The new law expands the ability to the government to implement fines and penalties and companies would be wise to examine this controls and processes.
Definition of UK financial sanctions
UK financial sanctions are restrictions, which limit dealings and, particularly, economic interactions with a targeted individual, entity or government in any part of the world. They will, for example, take the form of a prohibition to transfer funds and assets, directly or indirectly, to a sanctioned individual or entity. They can also freeze assets of a named individual, entity or government or simply order an end to all business with them. Financial sanctions are put in place by the UK governmental itself or, at a more international level, by the UN security Council or the European Union to achieve a specific foreign policy or national security objective. For example, sanctions have been imposed on targets in Ukraine and Russia as signal of disapproval over territorial disputes and military actions in the region.
Lists of entities and individuals subjected to financial sanctions can be found on the HM Treasury website. They include approximatively 9,000 individuals and entities.
Criticism of previous laws
It is a criminal offence not to comply with a financial sanction. However, historically, there has been little enforcement of financial sanctions legislations in the UK.
The Financial Conduct Agency (FCA) has fined banks for failing to have adequate systems and controls in place to prevent breaches of UK financial sanctions. However, the last fine was in August 2010 when the FCA fined the Royal Bank of Scotland Group £5.6 million (US$7 million). The threshold for establishing liability for financial sanctions breaches was very high and difficult to reach so there was little enforcement action.
Formerly, the HM Treasury had no power to settle cases and had to rely on prosecutions as its only enforcement tool. In the US, however, the US OFAC has more power to oversee compliance with the law as well as impose civil penalties and settlements.
It has been argued that financial sanctions regulations in the UK were complex with no clear definition and very little guidance. To add to the possibility of confusion, EU financial sanctions had to be published in 24 different languages, which could lead to different interpretations of the law.
History of the law and creation of the OFSI
The Policing and Crime Act 2017 was enacted following the HM Treasury’s intention to “take into account lessons from structures in other countries, including the US OFAC” and “to increase the penalties for non-compliance with financial sanctions” (Treasury Summer Budget 2015). The Act set up a new office for financial sanction enforcement within the UK. The Office of Financial Sanctions Implementation (OFSI), established on the 31 March 2016 as part of the HM Treasury, will administer the new regime and ensure that financial sanctions are “properly understood, implemented and enforced.”
The new guidance and establishment of an enforcement agency is largely being seen as a step by the UK regulators to catch up to the sanctions enforcement efforts in the US where enforcement is common and there are large numbers of sanctions in place already. In 2017, US regulators have already handed out over US$1 billion in fines for violations of imposed sanctions in Iran and North Korea. In the UK, the laws in place were hard to understand, seldom enforced and didn’t have a great deal of clout with those that needed to follow them. That all seems to be changing under the new law
Changes and impact
Understanding the new law is the first step to compliance. Failure to comply with the new law can result in large fines or devastating restrictions against companies to do business with certain countries.
The UK has seen a recent increase in enforcements actions with large fines in 2017 already for violations of the UK Bribery Act. This trend of enforcement of bribery controls as well as the new sanctions laws could signal an appetite for increased fines and penalties. Although sanctions and bribery are separate issues, there is still a mood of increased enforcement in the UK these days.
Here are the major changes in financial sanctions laws in the UK under The Policing and Crime Act 2017:
- A broader scope: A breach does not necessarily have to happen within the UK borders or be made by a UK entity or individual. Financial regulation enforcement will apply to:
- Any person, company or entity in the UK.
- Any foreign nationals, company or entity dealing with UK persons, companies or entities.
- Any situation where there is a “UK nexus” (which includes funds cleared or transferred through the UK).
For example, a breach could be made by an Italian entity if it deals with a UK individual but also if some of its funds are cleared or transferred through the UK.
There is a new set of enforcement measures which are thought to be more flexible and effective:
- New monetary penalties: The newly created OFSI will now be able to impose civil penalties for breaches of financial sanctions of up to £1 million or 50 percent of the estimated value of the breach. There is no longer a need to rely on criminal prosecution to impose penalty. The OFSI will also take different factors into account to determine whether a monetary penalty is suitable or whether another measure would be more appropriate.
- Deferred Prosecution Agreement: Financial sanctions breaches are now on the list of offences that can be subjected to a Deferred Prosecution Agreement (DPA). If an individual or entity is charged with an offence, the individual or entity can avoid criminal conviction if they meet certain conditions set out in the agreement. The individual or entity can for example, accept to pay a smaller financial penalty, implement a compliance program and cooperate with investigations. The possibility of a DPA is at the discretion of prosecutors based on the individual merits of the case.
There has been a global trend to have a DPA be a possible resolution to misconduct as a way of encouraging companies to put in place effective controls, training, detection systems and other pro-active measures to curb misconduct. For an entity to be eligible for a DPA, it must make a self-disclosure to the government soon after misconduct is uncovered and cooperate with investigators.
- Serious Crime Prevention Order: A civil order may now be issued by a court against a person or company, which already committed a breach of financial sanction, to prevent them from further engagement in the breach or other serious crime. This order might contain targeted prohibitions, restrictions or requirements for a maximum time limit of 5 years.
- Change of the threshold to establish liability: The criminal standard of proof will be changed to a civil burden of proof which is much easier to satisfy. The actual breach of financial sanctions and the intention to commit it will only need to satisfy a “balance of probabilities” test and no longer “beyond reasonable doubt”. For a violation to have occurred under the new “balance of probabilities” standards:
- There has been a breach or a failure to comply with an obligation imposed by or under financial sanctions legislation.
- The person committing the breach knew or had reasonable cause to suspect that the person was committing a breach.
- Increase of criminal penalties: The maximum prison term for breaching a financial sanction will be raised from two years to seven years.
- Implementation of UN sanctions: HM Treasury will have authority to give immediate effect to UN financial sanctions and will no longer have to wait for a EU Regulation to enforce it. The gap of time which could result between a UN sanctions and its enforcement through a EU Regulation will no longer exist.
- The public disclosure of the penalty: The OFSI must publicly disclose details of the monetary penalty it imposes to deter future non-compliance. In a guidance document, the OFSI will release:
- The identity of the person, company or entity on whom the penalty has been imposed.
- A summary of the facts of the case.
- The value of the penalty and an explanation of why OFSI imposed a penalty.
- Compliance lessons that OFSI wants to highlights from the case.
The OFSI has the discretion to drawn attention to the imposition of the penalty through the media. This public disclosure of the penalty is part of an aggressive way to deter future non-compliance by naming and shaming the companies that have committed a breach of financial sanctions regulations.
Analysis and conclusions
The new law falls within the scope of a trend to improve financial sanctions enforcement within the UK. The recently created OFSI now has the powers to fulfil its mission of ending payments and movement of money to criminals via UK companies, individuals and financial systems. The creation of the OFSI will lead to more flexibility and awareness about financial sanctions enforcement, which is needed as previous laws were too weak. Time will tell whether the OFSI has enough resources to increase the enforcement of financial sanctions and the ability to be as prolific as the US OFAC.
The Act does not bring anything new about financial sanctions but strengthen the obligation to comply with them. Companies which already have strong systems in place to prevent financial sanctions breaches will not need to make sweeping changes to their process and controls. The new law focus a great deal on the process of enforcement if a violation is found. This does mean, however, that if a violation is found, the mechanisms to penalize companies are harsher, clearer and more robust.
For companies that do not yet financial sanctions controls in place, they must work to establish several key elements of their programme:
- Train – Employees that are working in roles that could be exposed to sanctions risks need to know about the red flags to watch out for and to properly vet transactions before they are made.
- Screen – Companies need to make sure they know who their customers, suppliers and distributors are. A screening list or due diligence on third parties is a cost-effective way to ensure that you are doing business with legitimate, law-abiding companies.
- Policies and controls – Beyond giving employees the training and tools they need, companies need to make sure that employees are doing the right things at all levels.
- Technology – Actions that would violate sanctions need to be prevented via technology that can monitor transactions, flag suspicious interactions and prevent violations before they occur.
The new guidelines on financial sanctions in the UK point towards an incoming increase enforcement actions and companies need to be sure they can react appropriately if they or government regulators find possible violations. Better still, companies need to look at how to prevent violations before they ever occur.