OFSI Updates Sanctions Guidance and Uses New Penalty
If your business or one of its subsidiaries falls under UK jurisdiction, you will want to know this: The sanctions regulatory goalposts just moved. To be clear - they haven't moved that much and no panic is necessary. But the recent updates from OFSI, the UK government department responsible for implementing financial sanctions, are noteworthy. This sanctions.io article reveals what changed and what sanctions compliance professionals in the UK need to know.
OFSI's August 2023 Update: Why It's Important
Many readers - from outside the UK, too - will know what the Office of Financial Sanctions Implementation (OFSI) does and why it's one of the major global sanctioning bodies. After all, most multinational companies (and smaller ones) operate in the UK market.
And OFSI, on August 31, 2023, did something ordinary for most organizations: They published a blog post.
But this wasn't a normal blog post.
Because inside, it contained information about updates made to its Enforcement and Monetary Penalty Guidance. On the same day, OFSI also revealed a penalty against a financial technology (FinTech) company - with the punishment falling under a new power being used for the first time.
The blog post packs quite a punch.
And the UK government knows this. That's why it's authored by OFSI's director and the UK's Head of Delegation to the Financial Action Task Force (FATF), Giles Thomson, who personally encourages those involved in sanctions compliance to read the updated guidance.
We can't comb through all the small print in this article, but we can highlight the major points. But first, let's examine the background.
Updated OFSI Guidance: The Background
Let's get to the point. The updated guidance deals explicitly with Chapter 10 of OFSI's Enforcement and Monetary Penalty Guidance.
And what is Chapter 10? It's titled Publication of breaches where no monetary penalty is imposed.
But to understand this, we need to rewind the clock. On June 15, 2022, OFSI's new enforcement powers came into force, giving it the legal ability to publicize details of financial sanctions breaches that did not involve monetary penalties.
Before this date, it could only publicize severe cases (that involved monetary penalties) as "it punishes those guilty of the worst breaches of sanctions, acts as a deterrent to them and others, and – through the associated publicity and compliance lessons OFSI produce – helps others understand how they can improve their compliance systems," OFSI stated in the blog post.
So, in a nutshell, this is the new situation: OFSI now has the power to publicly reveal who committed sanctions breaches, even for lighter offenses.
Expanding on this, if a company or organization is charged with a sanctions breach deemed less severe (not warranting a monetary civil penalty), OFSI can now issue a Disclosure Notice, publicly revealing the company and individuals who committed the breach.
Updated OFSI Guidance: What Just Changed?
Given that OFSI has had the new disclosure power for more than a year (but has never used it until last week), a valid question is, what just changed?
At the crux of the update is something very important: How OFSI categorizes breaches (as lesser severity, moderate severity, or serious enough to justify a civil monetary penalty) and how they can respond.
There is no need to go through all the details of what is a wordy regulatory document. All you need to know is this: Even for less serious sanctions breaches, OFSI can, if it chooses:
- Publicly name the firm that committed the breach
- Publicly name the individual who committed the breach
- Provide a public summary of the facts of the breach
The updated guidance makes all of the above crystal clear. However, it also alludes to a policy that OFSI won't necessarily pursue all these actions on each occasion - each respondent is dealt with on a case-by-case basis.
But to hammer the message home, the OFSI blog post from August 31, 2023, also revealed it had just published a Disclosure Notice (with the same date as the blog post), using all its new powers against a company involved in a less severe sanctions breach.
OFSI's Disclosure Notice: August 31, 2023
Let's now dig into OFSI's first-ever Disclosure Notice regarding a lesser sanctions breach. As mentioned earlier, in the same blog post, OFSI revealed that Wise, a UK-based foreign exchange financial technology company, breached UK financial sanctions.
You can read the Disclosure Notice in PDF format on the OFSI website.
And since the announcement, Wise has already been plastered all over the news, with negative articles appearing in national newspapers, CNBC, and more.
Within hours of OFSI dropping the news, Wise's share price had even dropped.
Wise's 2023 UK Sanctions Breach: More Details
But what was the sanctions breach of 'lesser severity? What did Wise do that didn't warrant a financial penalty but OFSI deemed appropriate for a public Disclosure Notice?
According to OFSI, Wise allowed a customer appearing on OFSI's consolidated list against Russia to withdraw £250 ($316) in cash. This withdrawal occurred the day after the Designated Person (Wise's customer) was placed on the list.
OFSI also revealed that Wise's policy, at the time, was not to suspend the use of a customer's debit card who had been flagged as appearing on a sanctions list.
To be clear, the flagged customer (the Designated Person) was prevented from sending or receiving any funds from or to the account as a form of suspension - but the customer retained the use of their debit card.
The error is that while Wise was investigating if the flagged customer (which its sanctions screening processes identified) was a true match, it didn't revoke all financial services to the customer.
OFSI also states that Wise's provided reason for this policy was high false-positive rates in the sanctions screening of its customers; therefore, a balance was struck between treating customers fairly while paying due regard to its regulatory obligations.
The following mitigating factors in favor of Wise (reducing the punishment) included:
- The low value of the breach
- The presence of voluntary disclosure
- Complete disclosures made to OFSI by Wise in response to requests for information
- A lack of evidence of deliberate sanctions evasion
- Remedial actions taken by Wise following the breach
In this article, we can't go into more details. But the full Disclosure Notice makes compelling reading - even with a timeline running through the night as events unfolded.
Remember, OFSI also said in its August 31 blog post that these disclosures are to provide valuable lessons and learning points for sanctions compliance professionals - something it certainly achieved by breaking down the Wise case.
Closing Thoughts and How We Help Reduce False Positives
In this article, we learned that a challenge for all sanctions compliance teams is identifying true matches and dealing with false positives.
You can read our guide to know more: Reducing False Positives in Sanctions Screening: Crucial Things to Know.
sanctions.io is a highly reliable, cost-effective solution for sanctions, PEP, and criminal watchlist screening. Name Matching is the real challenge in sanctions and AML compliance. Our smart matching technology reduces false positives while preventing false negatives.
To learn more: Book a free Discovery Call now.
7-Day Free Trial
We offer a free 7-day trial (no credit card is required) and will be delighted to walk you through our service.