Sanctions tracker – OFSI publishes assessment of threats to UK sanctions compliance in financial services sector

The UK's Office of Financial Sanctions Implementation ("OFSI") has published the first in a series of sector-specific assessments of threats to financial sanctions compliance. This first assessment (the "Threat Assessment") is focused on the financial services sector. In this post we provide a summary of the key elements of the Threat Assessment, along with a round-up of recent UK sanctions designations.

The Threat Assessment

The Threat Assessment focuses in particular on threats to compliance relating to transactions handled by UK credit or financial institutions, including banks and non-bank payment service providers ("NBPSPs") (defined for these purposes to include neo or challenger banks). It summarises data from suspected breach reports and other sources between February 2022 and March 2024.

Financial services firms as a whole have reported over 65% of all suspected financial sanctions breaches reported to OFSI since February 2022, with 80% of those reports coming from banks and NBPSPs. OFSI notes that this "places these firms at the forefront of efforts to ensure compliance with UK financial sanctions".

Thematic risk areas

The Threat Assessment identifies six key threats relevant to UK financial sanctions, as summarised further below.

Threat 1: It is likely that some firms have not self-disclosed all suspected breaches to OFSI.

Whilst reporting from the financial sector is "typically timely", OFSI has identified some substantial delays in identifying and reporting suspected breaches, as well as suspected breaches which do not lead to reports from all firms involved.

Threat 2: It is highly likely that most non-compliance by UK firms has occurred due to several common issues including the improper maintenance of frozen assets and licence condition breaches.

OFSI has observed breach reports in the areas below, and recommends action as follows:

Finally, OFSI reminds firms providing correspondent banking services to remain alert to compliance with regulation 17A of the Russia (Sanctions) (EU Exit) Regulations 2019, and in particular "encourages" firms to "consider exposure" to institutions who have joined the System for Transfer of Financial Messages ("SPFS"), given its potential for use in circumventing UK financial sanctions prohibitions. OFSI encourages UK banks to assess their exposure to banks that have joined SPFS and to report any related suspected sanctions breaches.

Threat 3: It is almost certain that Russian designated persons ("DPs") have turned to new professional and non-professional enablers in their attempts to breach UK financial sanctions prohibitions.

OFSI has recently observed increased activity by new groups of professional enablers, as well as increased activity by non-professional enablers with close personal ties to DPs.

Threat 4: It is highly likely that enablers have made payments through NBPSPs relating to the maintenance of Russian DPs' lifestyles and assets.

OFSI has found that DPs are relying on enablers to make payments including those relating to superyachts, concierge and personal security services, property management, school fees, and high value goods.

A number of red flags are identified in this area:

• A new individual or entity making payments to meet an obligation previously met by a Russian DP
• Individuals associated with Russian DPs, including family members and professional enablers, receiving funds of significant value without adequate explanation
• Frequent payments between companies owned or controlled by a DP
• Attempts to deposit large sums of cash without adequate explanation
• Cryptoasset to fiat transactions (or vice versa) involving a Russian DP’s family members or associates
• A family member of a DP is an additional cardholder on a purchasing card and regularly uses the card for personal expenses and overseas travel

Threat 5: It is likely that a small number of enablers have attempted to front for Russian DPs and claim ownership of frozen assets.

OFSI has observed this particular typology in cases where the ownership or control of assets by a Russian DP is unclear, and where significant liquidity is involved. In such situations, an enabler presenting themselves as a legitimate business-person unconnected to the DP may come forward and claim to be the owner of frozen assets.

Red flags identified in this area are:

• Individuals with limited profiles in the public domain, including those with little relevant professional experience
• Inconsistencies in name spellings or transliterations, particularly those stemming from Cyrillic spellings
• Recently acquired non-Russian citizenships, including from countries which offer golden visa schemes
• Frequent or unexplained changes of name or declared location of operation

Threat 6: Enablers have almost certainly used alternative payment methods, in particular cryptoassets, to breach UK financial sanctions prohibitions on Russia.

Professional enablers forming part of established criminal networks have been linked to financial sanctions breaches (see our post on Operation Destabilise here). The Threat Assessment encourages firms to remain alert to attempts at money laundering by or on behalf of Russian DPs, including any indications of high value transfers between cryptoassets and cash.

Country risks

In addition to the six threats outlined above, the Threat Assessment also provides information on suspected breaches involving intermediary countries, and the particular types of activity that it has identified in the most commonly identified intermediary jurisdictions.

Since February 2022, just over 25% of suspected breach reports received by OFSI from UK financial services firms have made reference to intermediary jurisdictions. The following jurisdictions feature most often: the British Virgin Islands (BVI); the Republic of Cyprus; Switzerland; United Arab Emirates (UAE); Guernsey; Luxembourg; Austria; and Türkiye.

Interestingly, the third countries referenced in suspected breach reports have shifted over time. OFSI speculates that this has likely been driven by several factors, including Russian capital flight to jurisdictions which do not have sanctions on Russia.

Whilst the intelligence included in the Threat Assessment relates only to reported breaches – and therefore does not tell us anything about the involvement of intermediary countries where breaches are not identified – it is potentially useful in the assessment of red flags and in the focussing of diligence/monitoring efforts.

In particular, OFSI has also identified specific activities observed in breach reports relating to particular countries – albeit noting that the activities do not necessarily dignify a breach. These are as follows:

Conclusion

It is encouraging to see OFSI leveraging the data available to it to provide insights to the financial services sector. Whilst aspects of the Threat Assessment cover prior ground, and it is not always clear what learnings OFSI intends firms to take from the "case studies", generally this is a helpful publication. The greater granularity in typologies associated with specific jurisdictions is of particular interest.

Financial services sector firms should carefully review the Threat Assessment, having particular regard to the red flags that it lists in relation to particular typologies.

Firms should consider whether their current sanctions controls adequately address the identified risks and typologies, or whether there is scope for enhancement.

If any breaches are identified as a result of the intelligence in the Threat Assessment, OFSI has indicated that it would assist if firms reference "OFSI – Financial Services Threat Assessment – 0125" in any report to OFSI, and "OFSI – Financial Services Threat Assessment – 0225" in any SAR.

New UK designations

The UK has continued to add new individuals and entities to its asset freeze list. The most recent additions comprise:

• three individuals working in the Russian government or supporting Russian state-owned business, and two entities (both subsidiaries of Rosatom), details of which are provided in this press release; and
• under the UK's Cyber sanctions regime, eight individuals and entities associated with the Russian cyber entity ZSERVERS (for further details see here).