The Financial Conduct Authority recently released an assessment of the sanctions practices of 90 financial services firms and, in particular, their ability to respond to increased sanctions related to Russia’s invasion of Ukraine. The assessment included firms across a range of sectors, including retail banking, wholesale banking, wealth management, insurance, and electronic money and payments. The purpose of the assessment was to ensure that the firms’ sanctions systems and controls adequately and effectively addressed their sanctions risks, and that firms were able to appropriately and quickly respond to sanctions changes. The FCA shared its findings by providing examples of both good practices and areas for improvement that were identified under 5 key themes:
- Governance and oversight: The FCA found that firms that planned in advance for possible sanctions before February 2022 were better able to implement UK sanctions at speed. The FCA found that the most effective sanctions programs were able to ensure that senior management was adequately informed of the firm’s exposure to sanctions, their sanctions reporting protocols were calibrated to UK sanctions law and were not reliant on global sanctions policies that were not aligned with the UK sanctions regimes.
- Skills and resources: The FCA discovered that firms whose sanctions teams had proper skills and resources were better able to avoid backlogs when dealing with sanction alerts, and were able to react quickly to sanctions risks. The FCA found that firms with significant backlogs had a greater risk of non-compliance.
- Screening capabilities: The FCA indicated that sanctions screening tools were more effective when they were tailored to include the necessary requirements under the UK sanctions regime and were properly calibrated to the firm’s risk. The FCA also discovered that some firms were too reliant on third party screening tools and lacked the ability to effectively oversee these third party providers.
- Customer Due Diligence (“CDD”) and Know your Customer (“KYC”) procedures: The FCA reported that it considers effective CDD and KYC procedures to be the cornerstone of an effective sanctions compliance program. The FCA warned that low quality CDD and KYC assessments and backlogs can increase the risk of firms not identifying sanctioned individuals.
- Reporting breaches to the FCA: The FCA reiterated that firms are required to report potential sanctions breaches to the Office of Financial Sanctions (“OFSI”) and notify the FCA if the firm is dealing, directly or indirectly, with a designated person; holds frozen assets; and discovers or suspects a sanctions breach while conducting its business. While firms are expected to report possible breaches in a timely and accurate manner, the FCA found that the timeliness of reporting potential breaches was inconsistent across firms.