On 1 December, it was announced that the UK Office of Financial Sanctions Implementation (“OFSI”) and the UK Financial Conduct Authority (“FCA”) had entered into a memorandum of understanding (“MOU“) on 21 November 2023 which outlines the agencies’ agreement to co-operate and share information relating to suspected or actual sanctions breaches with each other. This MOU replaces a previous MOU that had been in place since April 2019.
In summary, under the MOU it has been agreed that:
- the FCA will send information concerning suspected breaches of financial or maritime services sanctions to OFSI;
- OFSI will share with the FCA information about potential weaknesses in regulated companies’ systems and controls for preventing sanctions breaches; and
- both agencies will share information about suspected sanctions breaches “where there is reason to believe that joint investigations would benefit enforcement of those sanctions”.
The non-exhaustive list of categories of information that may be shared between the parties includes “asset freeze notifications submitted to OFSI and designated persons reports submitted to OFSI in each case which relate to or were submitted by an FCA-supervised firm”.
OFSI and the FCA can share information with one another “proactively or on request”. The MOU states that, when sharing such information, the parties “will agree the frequency and mechanism for doing so”. The MOU also states that the parties “intend to share information pursuant to this MoU with each other on a regular basis”.
The MOU states that (i) the FCA can use information obtained via the MOU “in discharge of functions concerning the authorisation, supervision and market oversight of FCA-supervised firms (and individuals connected to such firms) and for enforcement purposes (including conducting investigations or taking enforcement action)”, and (ii) OFSI can use the information obtained under the MOU “for any civil investigation undertaken by OFSI and for any criminal investigations undertaken by other law enforcement agencies”, as well as to facilitate compliance with relevant sanctions legislation or for any other purpose agreed between the parties.
Notwithstanding the commencement of the information sharing agreement under this MOU, regulated firms should remain mindful of their existing, separate reporting obligations to the FCA and OFSI and should not assume that they can discharge their reporting obligations to both authorities by notifying only one or the other on account of this MOU being in place.
The MOU between the FCA and OFSI follows various statements made by the FCA around its expectations to be informed about communications between regulated financial institutions and OFSI. We recently published an alert on the FCA’s increasing focus on financial sanctions compliance and the steps that the FCA has taken to ensure that financial institutions are complying effectively with financial and trade sanctions. You can read a copy of this alert here.
The FCA has also recently published a report on sanctions systems and controls in financial services firms in response to increased sanctions due to Russia’s invasion of Ukraine. The FCA’s review involved assessment of the sanctions compliance systems and controls for over 90 firms across a range of sectors, and following this assessment the FCA published guidance outlining examples of good practice and areas of improvement to maximise firms’ compliance with sanctions.
Good practices the FCA has identified include:
- proactive approaches by firms to identify sanctions exposure to Russia;
- effective screening systems that are being continually developed to identify sanctions evasion; and
- well-calibrated screening tools that are appropriate for the sanctions risks the firm is exposed to.
Meanwhile, areas the FCA has identified as needing improvement include:
- senior management oversight of sanctions risk, including “instances where senior management were not given sufficient MI [Management Information] to enable them to discharge their responsibilities appropriately”;
- global sanctions policies that are not aligned with the UK sanctions regime, and instances of poor communication between global and regional sanctions teams;
- an over-reliance on third party sanction screening tools;
- poor contingency planning for potential future events;
- inadequate internal expertise and resourcing to ensure effective timely screening, which had meant that many firms had “significant backlogs in the assessment, escalation, and reporting of alerts from the screening of names and payments”;
- improperly calibrated sanctions screening tools; and
- low quality Customer Due Diligence and Know Your Customer assessments.
The current regulatory focus on sanctions compliance and communications can be highlighted by OFSI’s recent approach to assessing financial sanctions breaches. The authority has considered inadequate or inappropriate systems and controls an aggravating factor in establishing liability for sanctions violations, even where the monetary value of the breach has been low. Meanwhile, voluntary disclosure to the authority by offending parties has been considered a mitigating factor in determining penalties.