Practical steps to ensure compliance with the UK financial sanctions – There is no positive obligation under UK sanctions legislation to check whether a customer or a third party is a sanctions target (in contrast to anti-money laundering rules and the US sanctions regime).

A financial institution that does not carry out checks and never deals with sanctions targets will not commit an offence – although the FSA is likely to take a dim view of this approach in relation to firms it regulates, particularly following the publication of its thematic review on sanctions compliance in April 2009 (see FSA’s guidance on compliance with its financial sanctions requirements).

All FSA-regulated firms should pay close attention to the findings in the review (especially the examples of good and bad practice) because it is likely to serve as a marker for future enforcement action and a benchmark against which a firm’s compliance will be judged.

The basis of any enforcement activity by the FSA in this area will be Principle 3 and SYSC 3.2.6R which requires firms to have effective systems and controls to counter the risk that the firm might be used for the purposes of financial crime.

Doing nothing and hoping for the best is not a prudent strategy where the criminal law is concerned either. Although there is no explicit obligation to screen customers or transactions, it is obvious from the notices issued by HM Treasury announcing new sanctions and changes to the list of targets that financial institutions are expected to carry out such checks. The guidance from the Joint Money Laundering Steering Group (JMLSG) (in its latest 2007 Guidance) (Guidance) is that institutions should:

1. Have an appropriate means of monitoring payment instructions to ensure that payments are not made to targets or their agents.
2. Carry out checks at the customer due diligence stage.

In practice, there is a clear public interest in enforcing sanctions and it is in a financial institution’s own interest to carry out checks. This is because:

1. The liability for the offences listed above (see What the UK financial sanctions prohibit) is strict under some of the statutory instruments.
2. The potential reputational consequences of dealing with a target are obvious.

Deliberate or continuing failure to screen customers and payment transfers could result in regulatory action and might, in an extreme case, lead to the loss of a financial institution’s permission to carry on business in the UK.

Where liability is not strict, the defence to an allegation of breaching the sanctions regime is generally that the person charged did not know and had no reasonable cause to suspect that he was dealing with the funds of a target or making funds available to one.

It is doubtful whether a financial institution that took no steps to check whether customers and/or third parties were targets could avail itself of such a defence, particularly given HM Treasury’s notices, the JMLSG Guidance and, now, the FSA’s thematic review. There may be a balance to be struck somewhere based on the costs and practicalities of screening versus the potential risk that a particular customer is, or a particular transaction may involve, a sanctions target, but doing nothing is not a viable option. Importantly, there is no de minimis level below which financial institutions are not required to carry out checks. This was one of the common misconceptions identified by the FSA thematic review.

To comply with UK sanctions:

1. New customers should be screened against the sanctions list. A target, or agent of one, cannot be accepted as a customer because this will almost inevitably involve dealing with the target’s funds.
2. Existing customers should be checked against the sanctions list. However, the population of sanctions targets is not fixed and so customers need to be screened each time the list is updated. If an existing customer becomes a sanctions target, their funds should be frozen.
3. Payment instructions should be screened against the current sanctions list so that the institution does not process payments to or from targets, or for the benefit of targets.

The JMLSG Guidance suggests that resources should be focused on the areas of business where there is a greater likelihood of involvement with targets, such as direct customer relationships. But it is important that firms think about the risks associated with sanctions separately from the risks associated with money laundering. They are not the same thing. The belief that they were is another common misconception identified by the FSA thematic review