Financial Crime Risk Management

FCRM Logo

Financial Sanctions - FAQ

May not cover factors relevant to a particular situation or circumstance.


W3.CSS

Frequently Asked Questions

Click Questions to see example responses, some of which include embedded links to reference sources.

Financial sanctions are imposed by the UK and other governments. They are also issued by the European Union. UK sanctions might arise from action initiated via the United Nations, at European or UK domestic level, linked to government concern about human rights abuses or other violations of international norms of behaviour, or to minimise the risk of terrorism within the UK.

Financial sanctions may apply to individuals, entities and governments, who may be resident in the UK or abroad. Certain financial sanctions may also prohibit providing or performing financial services to designated individuals or governments.

Sanctions issued by the United Nations Security Council (‘UNSC’) take different forms. Measures have ranged from comprehensive economic and trade sanctions to more targeted measures such as arms embargoes, travel bans, and financial or commodity restrictions. The Security Council has applied sanctions to support peaceful transitions, deter non-constitutional changes, constrain terrorism, protect human rights and promote non-proliferation. For more information on UNSC actions, see: UNSC.

When transacting in U.S. Dollar, or if your business has a U.S. nexus, you also need to be aware of economic sanctions administered by the U.S. Office of Foreign Assets Control (‘OFAC’), which administers and enforces economic sanctions programs - primarily against countries and groups of individuals, such as terrorists and narcotics traffickers, but these can also apply to certain aircraft and vessels – with an extra-territorial impact, such as:

  • U.S. persons must comply with OFAC regulations, including all U.S. citizens and permanent resident aliens regardless of where they are located, all persons and entities within the United States, all U.S. incorporated entities and their foreign branches.
  • For certain OFAC programs, foreign subsidiaries owned or controlled by U.S. companies must also comply.
  • Certain OFAC programs also apply to foreign persons in possession of U.S.-origin goods.

For more information on OFAC, see: OFAC.

Who must comply with Financial Sanctions?

In summary:

  • EU financial sanctions apply within the EU and to all EU persons, wherever they are in the world
  • UK financial sanctions apply within the UK and to all UK persons, wherever they are in the world
  • All individuals and legal entities who are within or undertake activity within UK territory must comply with the EU and UK financial sanctions that are in force
  • All UK nationals and UK legal entities established under UK law, including any of their branches, must comply with UK financial sanctions that are in force, irrespective of where their activity takes place
  • All EU nationals and legal entities established under EU law must comply with EU financial sanctions that are in force, irrespective of where their activity takes place

Financial sanctions apply to all transactions, with no de minimis financial limit.

The consolidated list of UK financial sanctions targets maintained by the OFSI comprises a list of people, businesses, organisations and financial institutions which are subject to restrictions, many of which you are not allowed to deal with under UK law. Some businesses and organisations may not be included on the consolidated list, but will nevertheless, also be subject to financial sanctions restrictions, where they are:

  • More than 50% owned by a person or organisation on the consolidated list
  • Controlled by a person or organisation on the consolidated list

A separate list is maintained by the OFSI of entities subject to specific capital market restrictions. These are not contained on the consolidated list.

Extra territoriality in ‘other country’ sanctions restrictions

A European Union Blocking Statute is meant to protect EU operators, whether individuals or companies, from extra-territorial application of third country laws, such as, contained in US sanctions applied to Iran. See Guidance.

Multiple country sources are available, with each country hosting its own lists. Some examples are listed below.

United Kingdom

The Office of Financial Sanctions Implementation (‘OFSI’) is the lead authority with responsibility for ensuring UK financial sanctions are properly understood, implemented and enforced.

OFSI publishes lists and guidance linked to financial sanctions imposed by the UK. Financial sanctions which relate to a specific country or terrorist group are known as ‘regimes’. UK specific regulations and designated persons lists’ for each regime are accessible via the UK Government website. See: Financial sanctions targets by regime

There's also a web-based search function which can be used to identify financial sanctions targets.

OFSI provide a Consolidated list of UK financial sanctions targets in various downloadable formats:

OFSI also provide a list of targets subject to restrictions on financial markets and services:

Financial sanctions are also in place for persons, entities or bodies involved with cyber-attacks threatening the European Union or its Member States. See: Cyber.

As a current member of the European Union (‘EU’), the UK imposes all financial sanctions created by the EU. EU financial sanctions include action against those undermining or threatening the sovereignty and territorial integrity of Ukraine. See: Ukraine .

NOTE: If the UK leaves the EU without a deal some rules may change. See: New Rules.

United Nations Security Council Consolidated List

The UK is a member of the United Nations Security Council, so automatically imposes all financial sanctions created by the UN. The current version of the UN’s Consolidated List is provided in .xml, .html and .pdf formats. Member States are obliged to implement the measures specific to each listed name as specified on the websites of the related sanctions committee.

List in alphabetical order
List by Permanent Reference Number
European Commission

For information on the EU sanctions map, which provides a visual overview of sanctions adopted by the Council, with links to the respective country lists – See: EU measures.

For the Consolidated list of persons, groups and entities subject to EU financial sanctions – See: EU measures.

Other country (examples)
  • The U.S. Office of Foreign Assets Control (OFAC) publishes a list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. The list also covers individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively known as ‘Specially Designated Nationals’ or ‘SDNs’, their assets are blocked and U.S. persons are generally prohibited from dealing with them. For more information see: SDN.
  • U.S. OFAC also maintains a Sectoral Sanctions Identifications (‘SSI’) List, imposed on specified persons operating in sectors of the Russian economy (e.g. Ukraine-/Russia-related Sanctions). The SSI List identifies entities subject to one or more U.S. Directives. (Note: The SSI List is not part of the SDN List. However, individuals and companies on the SSI List may also appear on the SDN List).
  • U.S. Bureau of Industry & Security. See: EAR measures.
  • Hong Kong Monetary Authority. See: HKMA.
  • Monetary Authority of Singapore. See: MAS.
  • Other…

HM Gov website

Guidance published on the U.K. Government website, includes:

  • Financial sanctions: guidance, FAQs and information on monetary penalties. See: Guidance
  • Information on UK sanctions currently in place and how to apply for a licence. See: Guidance
  • Financial sanctions targets by regime – Details of all financial sanctions imposed in the UK by country, administration or terrorist group. See: Financial sanctions targets by regime
  • Current arms embargoes and other restrictions – Details of arms embargoes, trade control restrictions, defence export policies and restrictions on terrorist organisations. See: Arms embargoes
  • Current list of designated persons, terrorism and terrorist financing – Provides current list of those who are currently subject to financial sanctions for believed involvement in terrorist activity; and information regarding relevant legislation. See: Designated persons terrorism and terrorist financing.
FCA Guidance

Guidance published by the FCA, includes examples of good and poor practice on firms management of financial sanctions risk - See also FCTR 8.3, including:

  • Senior management responsibility - FCTR 8.3.1G
  • Risk assessment - FCTR 8.3.2G
  • Policies and procedures - FCTR 8.3.3G
  • Staff training and awareness - FCTR 8.3.4G
Industry guidance

Guidance published by the Joint Money Laundering Steering Group - JMLSG Guidance.

Guidance is guidance – not a prescriptive set of rules or procedures. A key principle of the UK regulatory regime is the ability, generally, to implement a ‘risk-based approach’ to systems and controls, when mitigating money laundering and terrorist financing risk. But, it is important to note any transaction completed in breach of a sanction could lead to proceedings being taken against the transgressing firm and the person(s) (i.e. a firm and/or its employees) involved.

OFSI can impose a financial penalty on a person if it is satisfied, on the balance of probabilities, that a person breached a financial sanction and that they knew or had reasonable cause to suspect that they were committing a breach. Where a legal entity breaches a financial sanction, a monetary penalty can also be imposed on an officer of the entity if the officer consented or connived with the breach, or the breach was attributable to negligence of the officer.

From a regulatory systems and controls perspective, the FCA might consider whether a transgressing firm followed OFSI guidance, relevant provisions of JMLSG Guidance and/or other regulatory guidance.

If a person or organisation is identified on the consolidated list, it means their assets have been frozen:

  • Failing to comply with a financial sanction can lead to a criminal offence, unless you have an appropriate licence or authorisation to provide the transaction or goods to (or for the benefit of) the sanctioned party.
  • The penalties for breaching UK financial sanctions are set out in Statutory Instruments where, upon conviction, a person guilty of an offence may be liable to imprisonment and/or a fine.
  • The Office of Financial Sanctions Implementation (‘OFSI’) publishes details of action taken as part of its enforcement of financial sanctions – see OFSI Enforcement.
UK Regulatory Action (examples)
  • Royal Bank of Scotland Group - Fined £5.6 million in 2010. The Royal Bank of Scotland Plc (‘RBS’), National Westminster Bank Plc (‘NatWest’), Ulster Bank Limited (‘Ulster Bank’) and Coutts & Company (‘Coutts & Co’) are members of The Royal Bank of Scotland Group (‘RBSG’). In August 2010, RBSG was fined for breaching the Money Laundering Regulations (between 15 December 2007 and 31 December 2008), by failing to have adequate systems and controls in place to prevent breaches of UK financial sanctions (e.g. failing to adequately screen customers, and payments made and received, against the sanctions list).
  • HSBC Group - The Financial Services Authority (‘FSA’), as lead regulator for the HSBC Group globally, took action in relation to issues in respect of HSBC’s compliance with anti-money laundering rules and US sanctions requirements.
  • Guaranty Trust Bank (UK) Ltd - Fined £525,000 in 2013 for failings in its AML controls for high risk customers between May 2008 and June 2010 (including failure to screen prospective customers against sanction lists or databases of PEPs).
  • Sonali Bank (UK) Limited - Fined £3.25m in 2016 and a restriction imposed, preventing it from accepting deposits from new customers for 168 days. It also fined the bank’s former money laundering reporting officer (MLRO) and prohibited him from performing the MLRO or compliance oversight functions at regulated firms. The FCA found serious and systemic weaknesses affected almost all levels of its AML control and governance structure, including its senior management team, its money laundering reporting function, the oversight of its branches and its AML policies and procedures.
  • Deutsche Bank AG - Fined £163m in 2017 for failing to maintain an adequate AML control framework during the period between 1 January 2012 and 31 December 2015. The largest financial penalty for AML controls failings imposed by the FCA, or its predecessor the Financial Services Authority (‘FSA’).
  • Canara Bank - Fined £896,100 in 2018 and a restriction imposed, preventing it from accepting deposits from new customers for 147 days. Having failed to maintain adequate AML systems and failed to take sufficient steps to remedy identified weaknesses, despite having been notified of shortcomings in its AML systems and controls.
  • Standard Chartered Bank - Fined £102m in 2019 for AML breaches in two higher risk areas of its business. The second largest financial penalty for AML controls failings ever imposed by the FCA.
Extra-territoriality risk

It’s also worth considering non-UK risk where enforcement action by another country’s legal or regulatory requirements could have a bearing. Perhaps one of the most recognised large scale fines linked to sanctions is that placed on BNP Paribas in June 2014. For background see BNP Paribas’ and its $8.9 Billion penalty for illegally processing financial transactions for countries subject to U.S. Economic Sanctions’.

The Financial Sanctions risk profile of your business is influenced by how and where your business operates, the type of service(s) you provide and who you do business with (e.g. suppliers, customers and other parties). However, if your firm/business is covered by The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, Regulation 18 requires you to carry out a written risk assessment to identify and assess the risk of money laundering and terrorist financing that your firm faces.

Our FAQ on ”What are the main AML risks facing my business” identifies some risk factors to cover in an anti-money laundering (‘AML’) risk assessment. They include:

  • your customers (e.g. what they do/sell, who they do business with, how they are owned/controlled, etc.)
  • the countries or geographic areas where your firm operates (e.g. has a physical presence or does business remotely, such as, via agents/intermediaries, on-line, or other country exposure)
  • your products and services (e.g. advisory or transactional, where applicable)

The Regulations require consideration of, inter-alia, geographical risk factors, including countries’ subject to sanctions, embargos or similar measures issued by, for example, the European Union or the United Nations.

In addition to UK, EU and UN sanctions, which apply to individuals (i.e. natural persons), corporate, unincorporated and other bodies, you may have to consider the potential for risk associated with the Sectoral Sanctions Identifications (‘SSI’) List, issued under U.S. law (i.e. imposed on specified persons operating in sectors of the Russian economy under Ukraine-/Russia-related Sanctions issued by OFAC).

As noted in an earlier FAQ ’Where can I obtain a copy of the sanctions lists?’ lists are available of people, companies and other entities, subject to sanction, some of which are regime/country specific. However, which lists are relevant to your business is something to assess, possibly as part of an enterprise-wide AML and sanctions risk-assessment; taking account of where your main suppliers, customers and other business counterparties are located, operate from or through.

Commercial option

Commercial service providers incorporate aggregated / multiple source-list data into a single data file, which could be incorporated into your in-house risk assessment tool, or accessed via a web-based GUI, or other means. The following might be of interest if this is your preferred way forward (NB: These are provided as examples only and not an FCRM endorsement or recommendation of their functionality above other providers in the market):

  • Dow Jones R&C – A provider of research tools and outsourced services for on-boarding, vetting and investigation to help companies comply with anti-money laundering, anti-bribery, corruption and economic sanctions regulation in mitigating third party risk.
  • Refinitiv - Screening Resolution Service – Described as a service which highlights positive and possible matches for any customer identification program, detecting heightened risk individuals and entities, screened against World-Check Risk Intelligence.
  • Comply Advantage – Described as a provider of comprehensive sanctions data, monitored in real-time.
Regulatory consideration

UK regulated firms/businesses must, as a minimum take account of the following:

  • Reg. 33(1)(b) of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 requires you to apply enhanced due diligence (‘EDD’) measures, to mitigate the risks arising in ‘any’ business relationship or transaction with a person established in a high-risk third country identified by the European Commission. See: Commission Delegated Regulation (EU) 2016/1675 of 14 July 2016

Dual-use items are goods, software, technology, documents and diagrams which can be used for both civil and military applications. They can range from raw materials to components and complete systems, such as aluminium alloys, bearings, or lasers. They could also be items used in the production or development of military goods, such as machine tools, chemical manufacturing equipment and computers.

Dual-use goods are controlled through EU and UK legislation.

The UK’s Department for International Trade and The Export Control Joint Unit issued Guidance on arms embargoes, trade control restrictions, defence export policies and restrictions on terrorist organisations. Guides are also available with details of EU or Organization for Security and Co-operation in Europe (‘OSCE’) embargoes and stricter trade controls for particular countries.

In overview:

Financial sanction framework arrangements should include:

  • Governance - Senior management risk-appetite, risk ownership and accountability (e.g. by Board member or other individual with authority, expertise and resource), with supporting activity endorsed by the Board or equivalent senior management body:
  • An informed awareness – Document an assessment of whether (or how) your business is exposed to the risk of facilitating supply, movement, negotiation and/or funds flow linked to a sanctioned person (e.g. a party which is an SDN (or owned/controlled by an SDN), a transaction linked to sectoral sanctions (SSI)), or an embargoed activity (e.g. involving dual use goods).
  • Group or firm-wide Policy - With due consideration of legal and regulatory risk in the operating environment, including the countries in and through which business is done (e.g. the UK, EU or other territories including, where applicable, if transacting via the U.S. or using U.S. Dollars, taking account of U.S. sanctions enforced by OFAC)
  • Risk-based control environment - Design and implement a suitable control framework, reflecting assessed risk and appropriately resourced to promote compliance with policy and supporting procedure(s)
  • Training and Awareness - Develop appropriate training content and ensure coverage of key risk in the operating environment. Content should, as a minimum cover:
    1. Policy, procedure and supporting guidance
    2. Risk-based training of appropriate employees (i.e. generic for all staff, with additional focused content for staff in higher-risk roles’)
  • Compliance monitoring - Controls testing and assurance must be included, to provide assurance or insight for senior management on compliance with policy and procedure
  • Reporting - An internal mechanism accessible to all staff, so as to be able to report any concern identified to an appropriate person (e.g. a senior manager or a designated point of contact, possibly the Nominated Officer or Money laundering Reporting Officer).

For more on our Anti-Money Laundering and Financial Sanctions Services - See AML & FS Services