New Penalties for UK Financial Sanctions Violations
On the 01 April 2017, the UK’s sanctions enforcement landscape was changed when Part 8 of the Policing and Crime Act 2017 entered into force (The Act). As a consequence, the UK’s Office of Financial Sanctions Implementation (OFSI) – part of the UK’s Treasury Department, has been granted powers to impose civil penalties for (financial) sanctions violations.
- OFSI Financial Sanctions Guidance April 2017 and
- OFSI Guidance on Monetary Penalties for breaches of Financial Sanctions April 2017.
Some have seen this move as part of the UK’s preparation to develop an EU-independent sanctions policy in a post-Brexit era. Well, possibly, although the UK is not the only EU member state to have adopted enforcement measures capable of imposing civil penalties – e.g. the Netherlands Sanctiewet 1977. However, given the recent statements of UK’s Foreign Secretary Boris Johnson in parliament, it looks like the UK will continue to coordinate its sanctions policy with its EU partners. However, the key-question is how the UK will apply the enforcement of its sanctions violations to implement its national security and foreign policy goals. Another question will be whether OFSI will adopt a robust enforcement policy (similar to OFAC).
Compared to U.S. OFAC sanctions, one cannot ignore the common Anglo-Saxon alignment, especially the links to DPA’s and the ridiculous notion that jurisdiction is triggered if a UK financial institution merely clears a transaction of a designated UK party – although there are some significant differences, e.g.:
- OFSI will only enforce financial sanctions violations and not trade related violations (a distinction that OFAC does not make) that would seem incredibly artificial
- the State of Mind criterion to establish civil liability (OFAC applies strict liability)
- the magnitude of sanctions penalties (OFAC penalties are lower)
New Powers of the OFSI
Since 01 April 2017, OFSI is now empowered to impose monetary penalties for breaches of financial sanctions:
- £1 million or 50% of the value of the transaction;
- Financial sanctions have been added to the list of offences for which a Deferred Prosecution Agreements (DPA) or Serious Crime Prevention Orders (SCPO) can be made;
- The maximum custodial sentence for breaches of financial sanctions under the Anti-Terrorism,Crime and Security Act 2001 and the Counter Terrorism Act 2008 has increased to seven years;
- HM Treasury has gained the power to increase the maximum custodial sentence for breaches of financial sanctions for all other EU regimes to a maximum of seven years.
Civil liability penalties can now be imposed by OFSI on a more relaxed standard of proof – instead of proving guilt beyond a reasonable doubt, namely on “the balance of probabilities.” The OFSI states that the balance of probabilities is now based on the objective test regarding “reasonable cause to suspect,” that a prohibition was being breached. In this context, OFSI will seek to establish whether there is a breach of a prohibition or a failure to comply
with an obligation.
Company Officers also Liable now
Section 148(1) The Act also makes it possible that the OFSI impose a penalty on an “officer,” of an organization, [jargon of The Act: the body] if, on the basis of the balance of probabilities, a breach or failure to prevent a violation:
- took place with the consent or connivance of the officer, or
- was attributable to any neglect on the part of the officer.
Section 148(2) sets out who may be considered an ‘officer’ in this context. An ‘officer of a body’ means—
- in relation to a body corporate, a director, manager, secretary or other similar officer of the body or a person purporting to act in any such capacity;
- in relation to a partnership, a partner or a person purporting to act as a partner;
- in relation to an unincorporated body other than a partnership, a person who is concerned in the management or control of the body or purports to act in the capacity of a person so concerned.
Determining a UK Nexus
OFSI enforcement action, a breach does not have to occur within the territory of the UK. A “UK Nexus,” i.e. a connection to the UK has to be established. OFSI states that UK nexus might be created by (not exhaustive):
- a UK company working overseas,
- transactions using clearing services in the UK,
- actions by a local subsidiary of a UK company (depending on the governance),
- action taking place overseas but directed from within the UK, or
- financial products or insurance bought on UK markets but held or used overseas.
The third bullet, actions by a local subsidiary of a UK company is note worthy. This extends UK jurisdiction to non-UK persons/entities – which is a radical departure of the standard EU sanctions which are generally not imposed on non-EU persons or non-EU companies. It will be interesting to see how the UK intends to enforce this. Note that U.S. sanctions, except for Cuba/Iran, are not generally geared towards non-U.S. persons. However, OFSI probably means that triggering an enforcement action would entail that the UK Parent or persons subject to UK jurisdiction approved or were involved in sanctions violations.
Similar to the OFAC Enforcement Guidelines, OFSI has also published how it will determine, i.e. set penalties.
Broadly, the more aggravating factors OFSI determines, the greater the likelihood that a monetary penalty will be imposed.
The more serious the breach, and the worse the conduct of the individuals, the higher any penalty is likely to be. Mitigating factors may reduce a penalty or result that no enforcement action is taken – although some breaches we will always lead to the imposition of a penalty or refer the matter for criminal investigation. The OFSI aggravating or mitigating factors include:
- Direct provision of funds or economic resources to a designated person
- Circumvention of sanctions
• to circumvent any of the prohibitions, or
• to enable or facilitate the contravention of any such prohibition or requirement
- Value of the breach
- Harm or risk of harm to the sanction regime’s objectives
- Knowledge of sanctions and compliance systems
- Although OFSI states that ignorance of the law is no defense, it does realize that some businesses have more in-depth knowledge of sanctions and better developed compliance systems and processes. than others, because of the kind of work they do. Businesses should make their own assessment of what is reasonable and necessary for their particular circumstances. OFSI will take the level of actual or expected knowledge and the extent of compliance into account.
- Regulated professionals should meet regulatory and professional standards. OFSI may consider their failure to do so an aggravating factor.
- OFSI encourages strong compliance cultures. If a person or entity simply falls below a high standard, OFSI will consider whether or not it is proportionate to impose a penalty if that is the only distinguishing factor in a case. This is particularly true when the company has acted
swiftly to remedy the cause of the breach.
OFSI distinguishes different types of behavior which causes a breach:
- deliberate acts or intention to violate sanctions;
- evidence of neglect or a failure to take reasonable care;
- whether there has been a systems and control failure or an incorrect legal interpretation;
- whether the person seems unaware of their responsibilities; or
- whether there has simply been a mistake.
Without the knowledge that the action would be a breach or any reasonable cause to suspect this, the matter would not meet the legal standard for a penalty.
- Failure to apply for a licence; breach of licence terms
- Professional facilitation
- Repeated, persistent or extended breaches
- Reporting of breaches to OFSI
Similar to OFAC, OFSI also expounds its Voluntary disclosures policy – which must be a materially complete disclosure, factual, timely and be made in good faith.
- Public interest