20 Februar 2025 Jane Larner BusinessCrimeLinks

OFSI reports on sanctions threats and evasion risks in the UK financial services sector

OFSI has published a Threat Assessment Report (the Assessment) focussing on threats to compliance relating to transactions handled by UK financial or credit institutions, including banks (both retail and wholesale) and non-bank payment service providers (NBPSPs). The Assessment identifies key evasion threats and red flags that firms in the financial sectors should be aware of and makes recommendations on how to mitigate the identified risks. The over-arching message to firms in this sector is to know your clients and understand what they are doing. Where suspicions of sanctions breaches arise, you should report to OFSI.

The Assessment’s findings 

This is the first in a series of sector-specific assessments to be produced by OFSI. It deals with suspected sanctions breaches but is “not necessarily a direct reflection of ongoing OFSI investigations or enforcement activity”. Although not specifically about the Russia sanctions regime, that regime features heavily in the Assessment, perhaps not surprisingly, with 87% of suspected breaches reported to or identified by OFSI since February 2022 involving Russian sanctions. Other recent threats to compliance relate particularly to Libya, Belarus, Iran and the Democratic People's Republic of Korea.

The Assessment notes that the complex nature of UK financial sanctions means that most suspected breaches involve UK financial services firms in some capacity. UK financial services firms have reported over 65% of all the suspected breaches received by OFSI since February 2022. 

The Assessment makes six key judgements, with the chance of each occurring being assessed using the Probability Yardstick developed by HMG’s Professional Head of Intelligence Assessment .

1. It is likely [55-75% chance] that some UK financial services firms, including NBPSPs, have not self-disclosed all suspected breaches to OFSI. The timely identification and reporting of suspected breaches varies across the sector and across different UK sanctions regimes. 

While reporting by UK financial services firms is typically timely, OFSI identified some substantial delays both in identifying and reporting suspected breaches. Banks and NBPSPs were the worst performers in this regard. OFSI also noted that where breaches were self-reported by financial firms, not all the firms involved in the suspected breach made a self-report.

2. It is highly likely [80-90% chance] that most non-compliance by UK financial services firms has occurred due to several common issues, including the improper maintenance of frozen assets and licence conditions breaches. These issues are relevant to compliance with all UK sanctions regimes. 

The Assessment noted that breaches of asset freezes commonly involved payments being made from accounts held by Russian designated persons (DPs) for insurance or other policies relating to UK residential properties which automatically renewed if not managed correctly. Breaches of specific and general licences conditions largely fall into three categories: transactions after licence expiry; bank accounts being used for purposes other than those specified in the relevant licences; and failures to adhere to licence reporting requirements. In all cases OFSI advises firms to ensure accounts are managed appropriately and in accordance with licence conditions.

OFSI also reported failures to identify entities, particularly subsidiaries, which are owned or controlled by a DP. Similarly, there were failures to identify the involvement of UK nationals or entities in transaction chains, particularly in transactions involving multiple jurisdictions. Inaccurate assessments of how UK sanctions are engaged can result in suspicious transactions not being properly scrutinised.

The Assessment highlights the need for UK firms engaged in correspondent banking to assess their exposure to banks transacting through the System for Transfer of Financial Messages (SPFS) (designed by the Central Bank of Russia as an alternative to SWIFT) and to report any related suspected sanctions breaches, in order to remain compliant with Regulation 17A of the Russia (Sanctions) (EU Exit) Regulations 2019. 

3. It is almost certain that Russian DPs have turned to new professional and non-professional enablers in their attempts to breach UK financial sanctions prohibitions. OFSI has observed significantly increased enabler activity since 2023. 

Enabler activity generally falls into three categories: making payments to maintain DPs’ lifestyles and assets; “fronting” on behalf of DPs to claim ownership or control of frozen assets; and other money laundering activities to provide DPs with liquidity, including using alternative payment methods, such as cryptoassets. Although UK financial services firms have significantly reduced their exposure to Russia more broadly, OFSI has observed increased activity by new groups of professional enablers, including non-professional enablers linked to Russian DPs, such as family members and others with close personal ties.

4. It is highly likely [80-90% chance] that enablers have made payments through NBPSPs relating to the maintenance of Russian DPs’ lifestyles and assets, including superyachts and UK residential properties. 

Such payments can include concierge and property management services, personal security, school fees and the purchase of high-value goods, with payments typically being made through small companies providing services related to ultra-high-net-worth lifestyles, which often have an existing relationship with the DP. The Assessment notes that enabler activity of this kind often involves leveraging multiple methods of payment, including cash, cryptoassets and traditional banking, and lists red flags for firms to look out for.

Superyachts are specifically highlighted, as such high value assets are often owned through opaque ownership and control structures. UK financial services firms are encouraged to report to OFSI if they identify any suspicious payments relating to Russian DPs and superyachts, including those which are owned through complex corporate structures.

5. It is likely [55-75% chance] a small number of enablers have attempted to front for Russian DPs and claim ownership of frozen assets. 

OFSI has observed this particularly where the ownership or control of frozen assets by a Russian DP is unclear. Such enablers are likely to have established links to Russian DPs or Russia more broadly which they might seek to conceal.

6. Enablers have almost certainly [95-100% chance] used alternative payment methods, in particular cryptoassets, to breach UK financial sanctions prohibitions on Russia.

Established criminal networks have also been linked to Russian financial sanctions breaches. OFSI therefore encourages UK financial services firms to remain alert to attempts to launder money by or on behalf of Russian DPs, such as conversions of large amounts of cash to cryptoassets (or vice versa).

Many of the same failings were raised in the Financial Conduct Authority’s review of the sanctions systems and controls of September 2023, which noted five key areas of concern, including poor quality Customer Due Diligence and Know Your Customer procedures, and a delay in reporting breaches to the FCA. (In fact, the FCA said that it expected to be notified of any sanctions breaches by regulated firms at the same time as they are reported to OFSI.) 

Intermediary jurisdictions

The Assessment notes that suspected breaches of UK financial sanctions by Russian DPs often involve intermediary jurisdictions, even where they do not offer secrecy. Since February 2022, just over a quarter of suspected breach reports have referred to intermediary jurisdictions, most commonly the British Virgin Islands (BVI); the Republic of Cyprus and Switzerland. The Isle of Man, Türkiye, the UAE, Luxembourg, the Cayman Islands and Guernsey have also featured recently. 

OFSI suspects that Western sanctions may have caused a capital flight to jurisdictions which have not imposed sanctions on Russia, such as the UAE and Türkiye, and notes that specific types of enabler activity occur in particular jurisdictions. For example, the BVI is often used to arrange complex corporate structures involving trusts of offshore companies while Türkiye features prominently as a jurisdiction for the maintenance and crewing of superyachts owned or controlled by Russian DPs.

OFSI advises firms to consider the involvement of intermediary jurisdictions alongside other red flags of sanctions breaches when assessing circumvention risk and report to OFSI when appropriate.

Comment
Although the Assessment focusses on financial services firms, many of its findings will translate across different sectors. Any business with the potential to encounter designated persons or their associates in its commercial activities would be well advised to review OFSI’s findings, which indicate where sanctions breaches may occur and the red flags to consider. OFSI’s emphasis on reporting suspicions and concerns, which includes (where relevant and proportionate) looking back over previous activities to identify past suspected breaches, should also be noted. In addition, the Assessment reminds firms in the regulated sector of their obligations to make suspicious activity reports to the National Crime Agency where appropriate.