Cross-border overview: sanctions enforcement

This is an Insight article, written by a selected partner as part of GIR's co-published content. Read more on Insight

The use of trade and financial sanctions by the EU and, by extension, the UK has increased markedly over the last decade. Between 2010 and 2011, the number of EU sanctions decisions trebled, jumping from 22 to 69.1 Many of the new decisions related to a small group of countries that included Libya, Syria and Iran.2 Nevertheless, the dramatic increase in use of sanctions by the EU indicates a foreign policy shift that has not reversed itself. Given this shift, it is important for businesses based or operating in the UK and Europe to understand the increasingly complex web of applicable sanctions regimes. These include the UN, EU and UK regimes, as well as the US regime, which has broad extraterritorial reach.

The significant recent changes to sanctions regimes for Iran, Russia, Cuba and Burma demonstrate the need for continuous vigilance on current sanctions and the targets of UK, EU and US restrictions. Likewise, the UK government’s commitment to enhance its approach to sanctions enforcement through the newly created Office of Financial Sanctions Implementation (OFSI) and the proposals contained in the Draft Policing and Crime Bill further increases the risk of enforcement in this area.

In this chapter we provide an overview of these various sanction regimes as well as the types of sanctions imposed. We describe the mechanics of sanctions enforcement as well as some recent illustrative cases. Finally, we discuss practical steps that businesses should consider in order to ensure compliance with applicable sanctions regimes.

Types of sanctions

Sanctions, also referred to as restrictive measures, are used to combat terrorism and to discourage regimes or individuals from acting in ways condemned by the international community or individual nations. Sanctions seek to prevent particular governments, non-state entities or individuals from purchasing arms, accessing financial support or services, or trading in specified goods or services, and are backed by civil and criminal penalties. Compliance is not always straightforward, particularly where different sanctions regimes overlap or impose conflicting obligations.

For the purposes of this discussion, we focus on financial and trade sanctions. Financial sanctions limit access to funds and/or financial services by sanctioned individuals or entities and can include measures such as the seizing of bank accounts, freezing of assets, prohibitions on capital movement and provision of investment services, loans and insurance services.3 Trade sanctions generally prohibit trade in a specific good or commodity (eg, oil, timber, diamonds), or service (eg, technical services).4 They can also include arms embargoes and export controls on ‘dual-use’ items (ie, goods, software and technologies that are normally used for civilian purposes, but may also have military applications or contribute to the proliferation of weapons of mass destruction) and strict defence-related products.

Sanction regimes

United Nations

The United Nations Security Council is the body responsible for adopting measures which are binding on all UN member states. However, it should be borne in mind that sanctions approved by the UN are binding on member states, but are not binding on individuals or companies unless they are implemented at the EU or national level. This can be important when considering a corporate ‘group-wide’ approach to sanctions or when taking assurance from a third party’s own obligations to comply with sanctions.

European Union

The EU acts on UN measures by adopting a common position. The EU also independently adopts sanctions in accordance with the specific objectives of the EU Common Foreign and Security Policy (CFSP).5

A large number of the EU sanction regimes are ‘targeted’, meaning the restriction is focused on individuals or organisations. However, some EU sanction regimes target all individuals and/or entities in a particular country, such as the now lifted sanctions targeting Iran.6

United Kingdom

HM Treasury is responsible for administering and enforcing financial sanctions in the UK. This work has historically been carried out by its Financial Sanctions Unit (FSU), which was replaced in April 2016 by the Office of Financial Sanctions Implementation (OFSI). EU sanctions have direct effect in the UK and impose obligations on UK persons to freeze the assets of designated persons, refrain from making funds and economic resources available to them and any other financial prohibitions or restrictions. The UK may then enact statutory instruments that make it a criminal offence in the UK to breach a particular EU Regulation.7 Typically, a new statutory instrument is passed in relation to each new group of sanctions targets.8

The OFSI maintains a consolidated list of sanctions targets that includes the names of individuals and entities that have been listed by the UN, the EU and/or the UK under specific financial sanctions legislation.9 The OFSI updates the consolidated list whenever the UK financial sanctions regime is updated.

United States

The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) administers and enforces most US economic sanctions, which implement UN measures and/or address US national security concerns, foreign policy goals and economic interests. The US Commerce Department’s Bureau of Industry and Security (BIS), the New York District Attorney and the Federal Reserve also enforce some aspects of US sanctions. US sanctions generally restrict activities that take place in the United States or involve a ‘US person’. OFAC regulations define ‘US person’ very widely to include US citizens, permanent residents, persons present in the United States, as well as companies organised under the laws of the United States and the non-US branches of US companies.10 The foreign subsidiaries of US companies are also restricted in certain cases, such as with respect to the sanctions imposed against Cuba and Iran. Moreover, non-US persons and companies can face penalties under US sanctions law for ‘causing’ a violation by a US person.11 Non-US persons also could face sanctions of their own, and be cut off from the US market for engaging in certain activity involving Iran or Hezbollah under so-called ‘secondary sanctions’.

UK sanctions enforcement

Neither the OFSI nor HM Treasury is responsible for prosecution of sanctions breaches, although proposed changes in the draft Policing and Crime Bill would give OFSI a new power to impose civil monetary penalties in certain cases.12 In the past, prosecutions have been brought by the UK Serious Fraud Office (SFO) and HM Revenue and Customs (or its precursors). With respect to the financial services sector, the Financial Conduct Authority (FCA) has regulatory oversight of the systems and controls that regulated firms must have in place to reduce the risk that a breach might occur. Thus, the FCA may bring enforcement actions against firms that have committed breaches of UK financial sanctions under Principle 3 of its Principles for Businesses (PRIN) and rules 3.2.6 and 6.1.1 of the Senior Management Arrangements, Systems and Controls sourcebook (SYSC), which require firms to have effective systems and controls to counter the risk that the firm might be used for the purposes of financial crime. The Crown Prosecution Service may also prosecute for breaches of trade sanctions under the Customs and Excise Management Act 1979.13

Who must comply?

The UK sanctions regime applies to any person or entity within the UK and any person elsewhere who is a UK national (as defined in the relevant legislation) or an entity incorporated or constituted under UK law.14 The extraterritorial effect of the UK financial sanctions regime may well give rise to problems in other jurisdictions. For example, if a branch of a UK financial institution or local office of a company takes an action required under UK law but not required under the law of the jurisdiction in which it operates, such as freezing the assets of an individual sanctioned by the EU where the assets are located in Singapore (ie, outside the EU), it may be liable to its customer if the contract is governed by local law. Contractual provisions can be used to guard against this risk by permitting the institution to refuse to comply with a customer’s instructions if compliance could cause the institution to breach laws applicable to it.

Although foreign subsidiaries of UK companies do not have to comply with the UK financial sanctions regime, there may nevertheless be practical and legal reasons to require compliance by foreign subsidiaries. First, UK nationals employed by subsidiaries remain subject to the UK and EU financial sanctions regimes and could inadvertently commit a criminal offence if they take steps for the foreign subsidiary that are prohibited by the EU/UK sanctions. Their personal risk may be greater if they have not received adequate training on the latest changes to the UK or EU financial sanctions regimes. Even if UK nationals are removed from any involvement in the transaction, this may not be sufficient in all cases. For example, if a UK national employee is a line manager, he or she may also be exposed to potential criminal offences under the UK Serious Crime Act 2007 for failing to stop transactions for which he or she would otherwise be responsible.

Second, transactions that originate overseas nevertheless may cause accounting entries to be made in London where the revenue is then received. If a UK company is profiting from the overseas conduct of its foreign subsidiary, which would be a breach of EU or UK sanctions if the UK company carried out the conduct, it could become liable under the UK anti-money laundering legislation, the Proceeds of Crime Act 2002 (POCA). In light of recent court decisions which state that POCA has extraterritorial effect, the foreign subsidiary might even be exposed to liability under POCA. Furthermore, if the UK parent is financing or in any other way assisting the conduct of its foreign subsidiary, it could also commit offences under the Serious Crime Act, which effectively makes it an offence to assist someone in doing something which you yourself could not do.

Additionally, as regards financial institutions, the FCA expects them to have systems and controls in place to mitigate the risk that the firm will be used in furtherance of financial crime.15 The FCA may argue that a firm’s systems and controls are inadequate where overseas subsidiaries are undertaking transactions that the UK financial institution could not itself undertake, especially if revenues from those transactions are flowing into the UK institution either directly or indirectly through dividends or global treasury operations.

What is prohibited?

There are essentially three offences under the UK financial sanctions regime:

  • making funds16 or economic resources17 available, directly or indirectly, knowing or having reasonable cause to suspect that the funds are being made available to or for the benefit of a target (the term ‘listed person’ or ‘designated person’ is commonly used to describe sanctions targets);18
  • dealing with funds or economic resources, which includes other assets owned, held or controlled, directly or indirectly, by a target, or a person acting on behalf of a target, knowing or having reasonable cause to suspect that the funds are owned, held or controlled by a target;19 and
  • participating, knowingly and intentionally, in activities the object or effect of which is:
  • to directly or indirectly circumvent the prohibitions on making funds available and dealing with funds; or
  • to enable or facilitate the commission of the offences listed above.20

Moreover, under the UK regime, there is a different statutory instrument for each group of targets which governs the nature of the restriction, the circumstances in which a licence could be granted and the relevant reporting requirements. While similar, these statutory instruments are not identical. Therefore, once a ‘hit’ on the consolidated list is identified, regard must be had to the specific restrictions and conditions included in the corresponding statutory instrument.

With regard to trade sanctions, it is an offence to export goods ‘when the exportation or shipment is or would be contrary to any prohibition or restriction for the time being in force’.21 Export companies or their agents are strictly liable for breaches of trade sanctions.22 Individuals or entities that assist in the export of an item that breaches a trade sanction need to have done so knowingly to be guilty of a criminal offence.23

The export control regime regarding dual-use items prohibits the export of specific dual-use items from the EU customs territory without an export authorisation, transit of such items through the EU, as well as the provision of brokering services with respect to such items.24 EU dual-use regulations are binding and directly applicable in the UK.25 In addition, the UK may require similar authorisation for the export of items that have not been identified by the EU as dual-use items whenever there is reason to believe that such items are intended for use in connection with a biological, chemical, nuclear weapon or ballistic missile weapon programme, for a use that is in violation of an arms embargo, or for reasons relating to public security or the protection of human rights. In the UK, investigation of possible breaches of trade sanctions is undertaken by Her Majesty’s Customs and Excise and prosecuted by the Crown Prosecution Service. Most offences will fall under section 68(1) or (2) of the Customs and Excise Management Act 1979, which makes it an offence to export an item that is prohibited or restricted ‘by virtue of any enactment’.


With respect to financial sanctions, HM Treasury has a certain amount of discretion under the relevant regulations to grant licences to allow particular activities, transactions or types of transactions that might otherwise be prohibited under the sanctions regime. The relevant EU Regulation sets out the circumstances in which licences can be issued and the conditions that need to be satisfied in order for HM Treasury to issue a licence.26 Licences allowing for the export of dual-use items are issued by the UK Export Control Organisation (ECO). Licences may be general and apply to all people or transactions designated under a particular regime or regimes, or they may be individual and specific and grant exemptions to specific parties or in respect of specific transactions.27 Even where a licence is issued, the restrictions placed on that licence must be strictly adhered to, as there are separate criminal offences for breaching the conditions of a licence, and/or knowingly or recklessly providing false information in obtaining a licence.

Penalties for non-compliance

The current maximum penalty in the UK for a financial sanctions criminal offence is imprisonment for two years and an unlimited fine, although offences under the Terrorist Asset-Freezing Act 2010 carry a term of imprisonment of seven years. Where the offence has been committed by a company and is shown to have been committed with the consent or connivance, or because of the neglect, of a director, manager, secretary or similar officer, that person is also guilty of an offence and can be imprisoned or fined.

UK courts also have the power to confiscate assets obtained as a result of criminal conduct.28 In the case of financial institutions, this would be the fees and other funds received from a sanctioned entity. In the case of a company, it may be anything up to the full value of the contracts obtained as a result of the criminal conduct. In addition to this, a firm that breaches UK financial sanctions is also at risk of FCA enforcement action, through which additional penalties may be assessed.

Proposals included in the draft Policing and Crime Bill aim to broaden the enforcement options available to UK authorities including by: increasing the maximum penalty for a financial sanctions breach from two to seven years; amending existing law to allow for deferred prosecution agreements and serious crime prevention orders in financial sanctions cases; and allowing the OFSI to impose financial penalties for financial sanctions breaches in cases where it may be difficult to prove a breach to a criminal standard.29 At the time of writing the Bill was still being debated in the Houses of Parliament and, therefore, may be subject to further amendments.

Reporting obligations

Financial institutions also need to be aware of their reporting obligations under the financial sanctions regulations. If a financial institution identifies an individual or entity as a target on the consolidated list or freezes funds because it suspects that an individual or entity is acting on behalf of a target on the consolidated list, it must report this promptly to the OFSI. Secondly, if a financial institution knows or suspects that an offence has been committed under the UK financial sanctions regime, or that a customer or person it has dealt with has breached the regime, it must report to the OFSI as soon as possible. This reporting regime, therefore, can require the institution to report its own breaches of sanctions. The reporting response of a financial institution, on obtaining a match for a target, would be considered by a prosecutor when deciding whether to charge a company or individual with a breach of the sanctions regime.30

Regulated firms must also consider their obligation to report to the FCA under Principle 11. The Joint Money Laundering Steering Group (JMLSG) guidance states that the FCA has indicated that it would be appropriate for firms to report breaches of financial sanctions (but not target matches) to the FCA.31 In addition, where a financial institution suspects that a customer or putative customer is on the proscribed list because of links to terrorism and it has information which relates to the whereabouts of the assets of that customer, then the financial institution will need to consider whether one of the offences under the Terrorism Act 2000 is applicable. If so, the financial institution may need to make a report under the Terrorism Act 2000. That report will be made to the National Crime Agency (NCA) as a ‘Suspicious Activity Report’ with the ‘Terrorism Act’ box ticked on the relevant form. Similarly, the financial institution should consider its obligations to make an anti-money laundering (AML) report under POCA. There is no clear hierarchy between the financial sanctions and the AML regimes, but making a disclosure that may prejudice an investigation into terrorism or money laundering is an offence (‘tipping off’). As a result, it may be prudent in sensitive cases to report first to the NCA, confirming an additional intention to report to the OFSI.

In addition to reporting suspicions of substantive offences either under the Terrorism Act 2000 or POCA, institutions will also need to consider any reporting obligations under the relevant statutory scheme which may have led to the person becoming designated. For example, the Terrorist Asset-Freezing Act 2010 makes provisions for imposing financial restrictions on, and in relation to, certain persons believed or suspected to be or to have been involved in terrorist activities. Under section 19 of that Act, a relevant institution must inform the Treasury as soon as practicable if it knows or has reasonable cause to suspect that a person is a designated person or any person has committed any offence under any provision of chapter 2 of that Act. The reporting obligation only applies if the information or other matter on which the knowledge or suspicion is based came to it in the course of carrying on its business.

Recent enforcement actions

UK enforcement

Despite the significant increase in the application of sanctions by the EU and the UK over the past decade, enforcement actions have not kept pace. Nevertheless, there have been a number of significant fines handed out to institutions and prison sentences handed to individuals by the UK authorities that may indicate increased enforcement activity to come. Likewise, the proposed amendments to the law in this area discussed above could lead to an increase risk of enforcement in the future.

Several of the sanctions-related enforcement actions during recent years related to Iraq and the ‘oil-for-food’ UN sanctions regime. Two corporate entities – Mabey & Johnson Ltd and the Weir Group Plc – pleaded guilty in 2009 and 2010 respectively, to breaching UN sanctions as they applied to the Iraq oil-for-food programme.32 Mabey & Johnson Ltd was fined £2 million. Two former directors of Mabey & Johnson Ltd were also prosecuted and found guilty of breaching UN sanctions.33 They received prison sentences of 21 months and eight months respectively. The Weir Group Plc was fined £3 million. In addition, the Weir Group Plc paid £13.9 million under an order confiscating profits gained through its illegal conduct.34 In 2011, two other individuals pleaded guilty to breaching UN sanctions as they related to Iraq and prison sentences of 24 weeks and 10 weeks, respectively, were imposed by the court.35

In addition, in 2010, the then Financial Services Authority took action and fined members of a UK banking group £5.6 million for failing to have adequate systems and controls in place to prevent breaches of UK financial sanctions. UK financial institutions are prohibited from providing financial services to persons on the HM Treasury sanctions list. The Money Laundering Regulations 2007 require that firms maintain appropriate policies and procedures in order to ‘prevent activities related to money laundering and terrorist financing’.36 Members of the banking group were found to have failed to adequately screen both their customers, and the payments they made and received, against the sanctions list.

US enforcement

US enforcement authorities have a history of vigorous enforcement, frequently with broad extraterritorial reach. This has resulted in friction between the US and the EU in the past. In 1996, the European Council adopted Council Regulation (EC) 2271/96, often referred to as the ‘blocking regulation’, which made it illegal to comply with a listed US sanction (currently relating only to Cuba and Iran) unless non-compliance would seriously damage the interests of the persons involved.37 Therefore, any EU-incorporated entity and any US person operating in the EU may be committing an offence in the EU by complying with US sanctions laws relating to Cuba. Whether an offence is in fact committed depends on how the EU regulation has been implemented under local law. Some countries, including Belgium and France, have not enacted enforcement legislation. The UK enacted an offence of complying with US legislation, but no prosecutions have ever been brought.38 As a practical matter, EU authorities would have difficulty demonstrating that an EU company refrained from business in Iran or Cuba solely because of US sanctions. The only reported case of an EU-US sanction conflict arose out of the purchase of an Austrian bank by a US private equity firm.39 The Austrian government initiated enforcement proceedings under the blocking regulation after the bank closed the accounts of Cuban nationals, citing compliance with US law. The conflict was resolved when the private equity firm obtained a licence from the US authorities to allow the accounts to be reinstated.40 Despite the paucity of enforcement with regard to the blocking statute, it is important to carefully consider and address (if possible) any potential conflicts between the US and EU/UK sanctions regimes.

Recent US sanctions enforcement efforts have continued to demonstrate the broad extraterritorial reach of the US sanctions regime. For example, between 2009 and 2016, enforcement actions were concluded against a number of European banks for breaching US sanctions laws by removing or omitting references to sanctioned persons or entities from payment messages sent to US financial institutions. While US sanctions did not prohibit those banks from dealing with the sanctioned countries, the US government accused them of ‘causing’ violations by passing transactions involving those countries through US banks, which were prohibited from processing those transactions. The fines and penalties paid in these cases have been substantial, up to $8.9 billion, for sanctions and related regulatory violations. In addition, many of these enforcement actions have involved both federal and state regulators and enforcement authorities. For example, at least one bank paid fines or penalties (including criminal forfeiture) to the US Department of Justice, OFAC, the Board of Governors of the Federal Reserve System, and the New York State Department of Financial Services. Most of the banks resolved the US proceedings through deferred prosecution agreements with the US authorities. However, one bank pled guilty and was the first financial institution to be criminally convicted for violations of US economic sanctions, paying the highest financial penalty ever imposed in a criminal case. The remarks of Deputy Attorney General Cole at the press conference announcing the resolution of that case indicated that the size of the fine was significantly impacted by the bank’s failure to fully and completely cooperate with law enforcement during the investigation.

In another recent case, an oilfield services company agreed to plead guilty and pay more than $232 million in fines and penalties for violations of US sanctions laws. The court filings in that case indicate that the non-US company provided services to customers in Iran and Sudan through non-US subsidiaries. It did not export goods to either sanctioned country and had in place policies and procedures designed to prevent violations of US sanctions. Nevertheless, its employees located in Houston, Texas, in violation of those policies, facilitated operations in the sanctioned countries by approving capital expenditure requests, making and implementing business decisions, and providing technical services and expertise. While there is frequent discussion of the US exercising extraterritorial jurisdiction too broadly, companies should also be aware that if the facts were changed such that the facilitating conduct took place in London, England, not Houston, Texas, an offence under the UK Serious Crime Act could have been committed.

A federal trial court recently upheld OFAC’s application on restrictions of US exports to Iran via a third country. The Iranian Sanctions and Transactions Regulations prohibit the re-export of goods, technology or services from the United States to a third country undertaken with knowledge or reason to know that the re-exportation is intended specifically for Iran.41 The US District Court for the District of Columbia upheld a $4 million penalty against a US company that had shipped stereo components to a distributor in Dubai.42 The company claimed that it should benefit from OFAC’s ‘inventory rule’, under which non-US companies may generally stock their inventories from the United States and may use those goods to fulfil future orders from Iran, so long as there was no knowledge or reason to know at the time of export from the United States that those goods were destined for Iran. The court held that photos on the distributor’s website of equipment in Iran provided reason to know that the equipment was headed there.

Practical steps to enhance compliance

There are a number of sources of practical guidance available regarding compliance with financial sanctions in the UK. These include chapter 7 (‘Sanctions and asset freezes’) of the FCA’s Financial Crime Guide (April 2015), the JMLSG guidance on compliance with the UK financial sanctions regime (updated November 2013), and HM Treasury’s ‘Financial Sanctions: Guidance’ (April 2016). Further, the newly established OFSI has committed to working with the private sector and providing clear guidance to assist compliance with financial sanctions.

OFAC also provides a number of resources, including FAQs, on US sanctions on its website.43

Although there is no positive obligation under UK financial sanctions legislation to check whether a customer or a third party is a sanctions target, HM Treasury and the FCA make clear that all UK financial institutions are expected to have an appropriate means of monitoring payment instructions and carrying out customer due diligence. As in the 2010 enforcement action referred to above, any failure to enact such measures could lead to regulatory action by the FCA for failing to have adequate systems and controls in place to prevent breaches of UK financial sanctions. Although there may be a balance to be struck between the costs and practicalities of such measures versus the potential risks that a particular customer is, or a particular transaction may involve, a sanctions target, doing nothing is simply not a viable option.

To comply with sanctions regulations, we would recommend that:

  • senior management be aware of and involved in sanctions compliance and an individual of sufficient authority take responsibility for adherence to the sanctions regime;44
  • resources be focused on the areas of business where there is a greater likelihood of involvement with targets. However, firms should not ignore lower risk or less easily monitored areas of risk, such as possible indirect payments made to related parties of a sanctions target;45
  • firms think about the risks associated with financial sanctions separately from the risks associated with anti-money laundering. While there is overlap between the two, the risks are different as sanctions issues may arise even if the source of the funds is legitimate;
  • a screening approach be adopted for customer and payment screening that is tailored to the firm’s size and risk profile and might include the ability to identify non-exact or ‘fuzzy’ matches;46
  • customer screening: new customers should be screened against the OFSI’s consolidated list, as well as other relevant lists such as the US List of Specially Designated Nationals and Blocked Persons (SDN) List and the US Department of Commerce Entity List, before they are onboarded and existing customers should be screened each time the list is updated or there is a change in customer details. Where a customer is a corporate, both directors and beneficial owners should be screened. If a match is identified, it should be referred to appropriately trained staff for review and, if confirmed, any funds held for that customer should be frozen and a report should be made to the OFSI or OFAC as relevant; and
  • payment screening: payment instructions should be screened against the relevant lists. If a match is identified, the instruction should not be executed and a report should be made to the OFSI or OFAC as relevant;
  • appropriate manual due diligence be carried out on customers so that risks arising from the nature of a customer’s business can be identified. For example, a bank that provides an overdraft facility to a company involved in the export of sanctioned goods to Iran may breach the sanctions regime. If the customer is a UK company, has no other obvious connections to Iran and is not on any sanctions list, the only way to identify this risk may be to understand the customer’s business model; and
  • training of staff be tailored to the firm’s risk profile and the level of involvement of particular types of staff, and be conducted periodically.47

Moreover, additional scrutiny should be applied when clients or customers are, or are affiliated with, politically exposed persons (PEPs) (ie, individuals who hold or have held prominent public functions and their immediate family members or close associates). This might include enhanced screening and due diligence procedures along with annual reviews of the relationship.

While the above guidance is primarily intended for UK financial institutions, corporates should have regard to it when considering the steps they need to take to avoid breaching UK or EU sanctions. This may become even more important if, as has been mooted, the UK government enacts new legislation equivalent to that found in section 7 of the Bribery Act 2010, but applying to sanctions not bribery: namely, that a UK company would be strictly liable for any breach of sanctions by those acting on its behalf unless it can show it had an adequate compliance programme.

These or similar procedures also would assist a company in complying with US financial sanctions regimes. It is important that the policies and procedures and staff training covers the differences between the EU and US regimes and any limitations on the involvement of ‘US persons’ in particular transactions or business that involves interaction with sanctioned individuals or entities overseas. In addition, a firm that faces restrictions due to US sanctions may wish to communicate its OFAC obligations to its clients, affiliates and counterparties to ensure it does not unwittingly become involved in a prohibited transaction.48 This may even include obtaining affidavits or warranties from increased risk customers or counterparties agreeing that they will not engage in conduct involving the firm that might cause it to violate OFAC regulations.49


As sanctions regulation and enforcement increases both within and outside the EU, we would recommend that companies based in the UK or Europe ensure that they and their compliance staff are familiar with the changing regulatory landscape. They should also periodically reassess their risk profile with respect to sanctions and consider whether their compliance policies and procedures are adequate in light of those risks. Given the complexity of overlapping sanctions regulations and the size of fines, particularly in the US, these are risks that cannot be ignored.


  1. Stefan Lehne, ‘The Role of Sanctions in EU Foreign Policy’, Carnegie Europe (14 December 2012) (available at
  2. Id.
  3. Department for Business, Innovation & Skills and Export Control Organisation, ‘Guidance: Sanctions, embargoes and restrictions’ (27 February 2015) (available at; Francesco Giumelli, ‘How EU sanctions work: A new narrative’, Chaillot Papers, European Union Institute for Security Services (No. 129, May 2013), p. 23.
  4. Department for Business, Innovation & Skills and Export Control Organisation, ‘Guidance: Sanctions, embargoes and restrictions’ (27 February 2015) (available at; Francesco Giumelli, ‘How EU sanctions work: A new narrative’, Chaillot Papers, European Union Institute for Security Services (No. 129, May 2013), p. 24.
  5. Consolidated Version of the Treaty on European Union, article 22.1 and article 25.
  6. See, eg, The Iran (European Union Financial Sanctions) Regulation 2012 (repealed).
  7. European Communities Act 1972, section 2(2).
  8. The draft Policing and Crime Bill proposes to allow for faster implementation of UN sanctions in the UK, essentially allowing them to be implemented on a temporary basis until applicable EU measures are enacted.
  9. HM Treasury, Financial sanctions: consolidated list of targets (available at
  10. 31 C.F.R. section 560.314.
  11. See, eg, 50 U.S.C. section 1705(a).
  12. Policing and Crime Bill: Financial Sanctions Policy Paper (February 2016). At the date of this article the Bill was at the Report Stage in the House of Commons.
  13. Customs and Excise Management Act 1979, section 68(1).
  14. See, eg, The Ukraine (European Union Financial Sanctions) Regulations 2014, (1).
  15. FCA, Rules 3.2.6 and 6.1.1 of the Senior Management Arrangements, Systems and Controls sourcebook (SYSC),
  16. ‘Funds’ include cash, all kinds of payment instruments, deposits, shares, derivatives, interest, guarantees, letters of credit and rights of set-off.
  17. ‘Economic resources’ generally means assets of every kind, tangible or intangible, moveable or immoveable, which may be used to obtain funds or services.
  18. See, eg, The Ukraine (European Union Financial Sanctions) Regulations 2014, (4)-(7).
  19. See, eg, The Ukraine (European Union Financial Sanctions) Regulations 2014, (3).
  20. See, eg, The Ukraine (European Union Financial Sanctions) Regulations 2014, (10).
  21. Customs and Excise Management Act 1979, section 68(1).
  22. Id.
  23. Customs and Excise Management Act 1979, section 68(2).
  24. Annex I to Regulation (EC) No. 428/2009.
  25. Regulation (EC) No. 428/2009.
  26. See, eg, Council Regulation (EU) No. 269/2014, article 5.
  27. HM Treasury, ‘Financial Sanctions: Guidance’ (April 2016), p. 11.
  28. POCA 2002, Part II.
  29. As currently drafted, the Crime and Policing Bill would allow OFSI to impose a fine if satisfied, on the balance of probabilities, that a breach has been committed and that the person involved knew or had reasonable cause to suspect that their actions would be in breach of sanctions. Current proposals suggest that a fine could be imposed of up to £1 million or 50-200 per cent of the estimated value of funds or resources involved in the breach.
  30. See the Code for Crown Prosecutors.
  31. See JMLSG Guidance, Part III, paragraph 4.77.
  32. Serious Fraud Office, Press Release, ‘Mabey & Johnson Ltd sentencing’ (25 September 2009) (available at; Judiciary of Scotland, Sentencing Statement, ‘HMA v. Weir Group Plc’ (
  33. Serious Fraud Office, Press Release, ‘Mabey & Johnson Ltd: Former executives jailed for helping finance Saddam Hussein’s government’ (23 February 2011) (available at’s-government.aspx).
  34. Judiciary of Scotland, Sentencing Statement, ‘HMA v. Weir Group Plc’, (available at
  35. Serious Fraud Office, Press Release, ‘United Nations sanctions breaker jailed’ (25 February 2011) (available at; Serious Fraud Office, Press Release, ‘United Nations sanctions breaker sentenced’ (25 February 2011) (available at
  36. Money Laundering Regulations 2007, Regulation 20(a), (d) and (f).
  37. EU Council Regulation (EC) 2271/96, article 5.
  38. Extraterritorial US legislation (Sanctions against Cuba, Iran and Libya) (Protection of Trading Interests) Order 1996.
  39. ‘BAWAG restores Cuban accounts after public uproar’, Reuters (4 May 2007) (available at
  40. Id.
  41. 31 C.F.R. section 560.205(a)(1).
  42. Epsilon Electronics, Inc v US Department of the Treasury, Office of Foreign Assets Control, Civ. Act. No. 14-2220, Memorandum on Motion for Summary Judgment (D.D.C. 7 March 2016).
  44. See FCA’s Financial Crime Guide (April 2015), chapter 7 (‘Sanctions and asset freezes’), Box 7.1.
  45. See JMLSG Guidance, Part III, paragraphs 4.19 and 4.33-4.35; FCA’s Financial Crime Guide (April 2015), chapter 7 (‘Sanctions and asset freezes’), Box 7.2.
  46. See JMLSG Guidance, Part III, paragraphs 4.32, 4.38, 4.42-4.44; FCA’s Financial Crime Guide (April 2015), chapter 7 (‘Sanctions and asset freezes’), Box 7.3.
  47. See JMLSG Guidance, Part III, paragraph 4.30.
  48. ‘OFAC compliance in the securities and investment sector’, Journal of Investment Compliance, Vol 13 Iss: 3 (2012), p.25.
  49. Id.

Unlock unlimited access to all Global Investigations Review content