FCA encourages reporting on financial sanctions
Published on 25th May 2022
FCA seeks further reporting about suspected sanctions evasion or weak sanction controls
Since the invasion of Ukraine, financial sanctions have moved firmly into the spotlight. The UK, EU, US, and others have brought in a raft of additional measures – often at short notice and with far-reaching consequences. These sanctions affect those doing business not just with designated persons and entities (and those who own or control them) but, in some cases, with "persons connected with Russia".
The breadth of these measures means that oversight and enforcement of sanctions compliance in the UK is falling on two separate regulators.
The dual-roles of OFSI and the FCA
Responsibility for enforcing compliance with the financial sanctions regime rests with the Office of Financial Sanctions Implementation (OFSI). However, where a firm is regulated by the Financial Conduct Authority (FCA), it will expect that firm to counter the risk that it might be used to further financial crime and this includes compliance with sanctions.
OFSI can impose monetary penalties (and other sanctions including criminal prosecution) for breaches, whereas the FCA can impose restrictions and/or take enforcement action where it identifies failings in the financial crime systems and controls which firms have in place to minimise the risk of such breaches.
A financial services firm must notify a known or suspected breach of the financial sanctions regime to OFSI, but it should also be notifying the FCA.
FCA's call for further reporting
However, because the obligation to report (to OFSI and/or the FCA) only applies to certain firms and because many relevant transactions will take place between private companies and individuals, the FCA is concerned that it is not able to quickly identify any failings in practice.
The FCA has therefore recently called for employees, authorised firms, and other firms or professionals to report sanctions evasion or weaknesses in sanction controls to the FCA directly.
Who should be reported?
Any firm on the Financial Services Register or any other FCA register, or companies with UK listed securities.
What can be reported?
The FCA would like to hear about:
- Any suggestion that firms have poor sanctions controls.
- Suspected breaches of the sanctions regime.
- Actual breaches of the sanctions regime.
- Any method the reporter believes is used by firms or individuals to breach the sanctions regime.
There is no territorial restriction in the guidance: it is not just breaches of UK sanctions law but also breaches of international sanctions law that can be reported, if they apply to the firm in question.
How can a report be made?
Employees can speak to the FCA's Whistleblowing team and professionals or other third parties can fill in a specific form. They will not be informed of the action (if any) which the FCA takes against the authorised firm.
If an authorised firm wishes to self-report, details of how to do so can be found in SUP 15.The authorised firm is still required to fulfil any statutory reporting duties under the Proceeds of Crime Act 2002 or the Sanctions and Anti-Money Laundering Act 2018.
What other steps is the UK government taking to ensure compliance with sanctions?
The UK, together with others including the US, the EU, Australia, Canada and Japan launched a global Russian Elites, Proxies and Oligarchs Task Force in March 2022 to find, freeze or, in appropriate cases, confiscate assets owned by sanctioned individuals.
OFSI already works with the FCA and other supervisory bodies and regulators to consider cases reported to it, and the authorities share information between themselves.
Osborne Clarke comment
The FCA is making it easier to report information or suspicions about lax financial sanctions systems controls at authorised firms.
This action by the FCA suggests that they are going to have an increased focus on financial crime compliance and are taking steps to ensure they are fully informed about potentially systematic or industry-wide issues.
It is crucial that firms can demonstrate that they have adequate processes and policies in place (much as they would to ensure that any other financial crime risks such as anti-money laundering, bribery, and corruption risks are mitigated) though an appropriate risk-assessment, a well-documented policy, and appropriate implementation throughout the business lead by an identified member of the senior management.
The precise level of compliance required will depend on the risk profile of the particular authorised firm but firms should ensure, for example, that they have implemented appropriate due diligence processes for accepting new business and managing existing relationships, particularly when it comes to establishing the ownership and control structures of counterparties to check for sanctioned entities.
If firms have any doubts about the adequacy of their processes and procedures, or how and when to self-report any suspicions, they should take expert legal advice as soon as possible.