Lessons from the FCA’s Sanctions Review Report on the Backdrop of OFSI’s First Disclosure Power Use

The enforcement of financial sanctions is essential to safeguarding national security and promoting foreign policy objectives. Recently, these measures have intensified in response to geopolitical tensions, such as Russia's invasion of Ukraine, with implications across the world. Some of the most important updates in the sphere of sanctions in 2023 came from the United Kingdom, as we will outline in this blog. 

We will now explore the mechanism of financial sanctions enforcement in the UK, implemented by the Office of Financial Sanctions Implementation (OFSI), followed by studying the first OFSI Disclosure power use in the case of Wise Payments. With this context, we analyze the comprehensive report on Sanctions Programs by the Financial Control Authority (FCA) and understand what these updates mean for you and your organization.

Office of Financial Sanctions Implementation and Its Disclosure Power

The OFSI leads the UK's efforts to implement and enforce financial sanctions, operating under the HM Treasury. Its main role is to help businesses understand and apply these sanctions correctly to prevent illegal financial activities. These sanctions serve as indispensable instruments for the UK, aiming to uphold national security and financial integrity amidst global threats. 

The office emphasizes a collaborative approach with the private sector, deemed the first line of defense, to ensure the seamless integration of sanctions within the operational frameworks of businesses. This collaboration aims to find a middle ground between protecting the country and supporting economic activities.

The Disclosure Enforcement Power

A significant evolution in OFSI's enforcement toolkit was the introduction of the "Disclosure" enforcement power in August 2023, making their administrative methods more effective. This power, ratified by the Economic Crime (Transparency and Enforcement) Act of 2022, allows OFSI to publicly share information about financial sanctions violations. Instead of imposing financial penalties, which can be too harsh, OFSI can now make these breaches public. 

This power is used judiciously, mainly in cases that fall into a grey area - too serious for just a warning but not serious enough for a monetary fine. This approach demonstrates OFSI's strategy of using public disclosure not only to prevent future breaches but also to help companies understand and follow the rules better.

The Wise Case Study

In an unprecedented disclosure, OFSI shed light on a sanctions compliance lapse involving Wise Payments, a leading figure in the fintech arena. The incident revolved around an individual, previously designated under the UK's Russia sanctions regime, who managed to withdraw £250 ($316.63) from a business account through Wise. This has been attributed to Wise’s policy to not disable debit cards until sanctions alerts had been triaged, which meant that customers would retain access to their debit cards until the sanctions profile matches were resolved. This flaw was exacerbated by delays in confirming alerts, potentially due to a high volume of false positives.

Despite the small amount of money involved, the case indicated potential vulnerabilities in the financial sector's defense against sanctioned entities. Wise offered immediate and full cooperation with OFSI's investigation, coupled with proactive measures to rectify the highlighted compliance shortfall.

OFSI's Decision and Rationale: Despite the public disclosure, OFSI opted not to impose a monetary penalty on Wise. This decision was based on a detailed evaluation of the breach's severity and Wise's forthright engagement and remedial actions post-incident. Instead, the case was brought to public attention as a learning opportunity for the wider sector, because it showed the importance of swift and comprehensive sanctions screening and alert mechanisms. It also highlighted the challenge of balancing technological innovation and regulatory compliance within the fast-paced fintech domain.

Reflections and Implications: Wise's situation shows how tough it can be to follow sanctions rules in digital finance because fast and worldwide transactions make it harder to stick to these rules. This case also points towards a new way of using regulatory reports to fix and prevent problems, aiming to create a culture where the financial sector is more open and careful about following the rules.

Through such measures, OFSI seeks not just to penalize but to educate and guide. This underscores the collective responsibility of financial institutions in upholding sanctions regimes. Another important measure in this direction is the FCA report on sanctions later that year, which we will now discuss in detail.

FCA's Report and Review of Sanctions Programs

The Financial Conduct Authority (FCA) has increased its watch over how companies in financial services manage their sanctions systems and rules. This is due to the growing number of sanctions following Russia's invasion of Ukraine. The FCA UK sanctions review report details what it expects from these firms, what it has found, and the steps it has taken to make sure firms are not breaking UK sanctions rules. Let us cover the key aspects of the FCA report-

Why Focus on Financial Services Firms' Sanctions Systems and Controls?

The UK, in collaboration with its international allies, introduced a high volume of sanctions following the Russian invasion of Ukraine in February 2022. This scenario is a reminder of the necessity for financial services firms to have effective systems and controls to avoid breaches. The FCA, alongside the Office of Financial Sanctions Implementation (OFSI), explains that it has accordingly intensified its efforts to prevent sanctions evasion by focusing on the effectiveness of firms' sanctions systems and controls.

Understanding FCA's Approach

The FCA explains its proactive approach, which includes assessing sanctions controls, deploying screening tools, and acting on intelligence with feedback. Here are their three key actions-

• Assessment of sanction controls- The FCA assessed sanction controls across over 90 firms spanning various sectors such as retail and wholesale banking, wealth management, insurance, electronic money, and payments. This assessment aimed to verify that the financial sanctions systems and controls in place were adequate, effective, and swiftly adaptable to changes in UK sanctions regimes.
• Sanctions Screening Tool- A key part of this initiative involved deploying the Sanctions Screening Tool (SST), an analytics-based application designed by the FCA. The SST objectively evaluates how effectively firms can identify sanctioned individuals and entities, utilizing test data to measure the precision of firms' screening tools.
• Action on Intelligence- Another aspect of the FCA's approach involves acting on intelligence received from various sources, including self-reports from firms. The FCA provided feedback to firms where deficiencies were observed and, in certain cases, employed regulatory tools to address issues. This could encompass using independent skilled persons or imposing business restrictions and enforcement actions for serious misconduct.

Good Practices as per the FCA Report

Some firms were found to have implemented effective practices during FCA’s study, which were compiled in the report as follows:

• Proactive Risk Identification- Firms that conducted risk exposure assessments and scenario planning before Russia's invasion were better positioned to manage the sanctions' demands effectively.
• Effective Sanctions Screening Systems- Evidence showed that several firms had suitably adjusted their sanctions screening tools, applying controls for effectiveness measurements such as sample testing and tuning.
• Tool Calibration with Fuzzy Logic- Most reviewed firms had implemented fuzzy logic in their sanctions screening systems, aiding in the identification of name variations for sanctioned entities and individuals.

Areas Needing Improvement  Identified by The FCA

The FCA also identified weak points that need to be addressed. Three areas needing improvement as per the report include:

• Governance and Oversight- Some firms struggled with providing sufficient management information (MI) for senior management, critically affecting their ability to understand and oversee sanctions risks appropriately.
• Global Sanctions Policies Alignment- The FCA observed instances where global firms' policies were not fully aligned with the UK sanctions regime, particularly when these controls were managed from global or regional centers.
• Understanding Third-party Screening Tools- Several firms demonstrated a lack of understanding concerning the calibration of their sanctions screening tools and the timeliness of list updates.

The FCA's focused supervision of sanctions systems and controls reflects an urgent need for financial institutions to reassess and fortify their sanctions compliance frameworks. The report emphasizes the importance of being proactive, the necessity of effective and adaptable systems, and the important role of detailed oversight and governance.

Financial Crime Prevention and Sanctions Compliance with Lucinity

As sanctions landscapes evolve, so must the strategies and tools financial services firms employ to mitigate these risks. This is vital for ensuring compliance and contributing to the broader goal of preventing financial crimes, including sanctions evasion. In this context, along with the Wise case and OFC disclosure, it is apparent that Lucinity could bring substantial value to such situations. 

With its integral Case Manager solution, Lucinity unites disparate systems for end-to-end financial crime investigation. Lucinity combines AML, real-time fraud screening, and real-time sanctions screening together, enabling faster and more efficient decision-making.