Sanctions may be imposed on individuals, terrorist groups (such as ISIS), business sectors and countries. There are currently over 27 UN, EU and domestic financial sanctions covering 1,900 individuals, groups and countries.
Under powers introduced by the UK Policing and Crime Act, the Office of Financial Sanctions Implementation in the UK (OFSI) can impose civil penalties of up to £1 million for breaches relating to monetary funds, or 50% of the estimated value of those funds (whichever is highest).
Financial sanctions fines vs settlements
Fines for sanctions violations keep returning. Are the fines actually working? Even though the fines can run into billions of dollars, they don't seem to deter the behaviour. However, the more significant penalty imposed on those breaching sanctions is the settlement agreed rather than the fine.
BNP - $140m fine / $8.8bn settlement
Usually, the headlines are dominated by US-imposed fines concerning breach of OFAC Sanctions, with the most famous headline BNP being fined nearly $9bn in 2014 for sanctions breaches relating to Cuba, Sudan and Iran. However, this is not actually true. BNP agreed to a settlement to forfeit $8.83bn of revenues and put on a 5-year probation. The fine imposed was US$140m.
HSBC - $600m fine / $6bn settlement
The HSBC 'fine' in 2012 also wasn't US$1.9bn, although the bank paid some US$600m in penalties. The rest was a settlement to forfeit revenues. This was a mix of AML and Sanctions violations relating to dealings with a Mexican drugs cartel. HSBC was fined by both the US and the UK regulators. Estimates at HSBC are that the total cost of the 2012 scandal hovers around US$6bn by now.
Other notable settlements
JPMorgan settled allegations of sanctions breaches with a US$5.3m payment for breaches with a combined value of just over US$46K. Standard Chartered was ordered to pay the US some US$947m in respect of sanctions violations totalling US$438K. The UK regulator also fined them an additional £102m, but that mainly had an AML focus.
Hot on the heels of StanChart was Unicredit, who was fined US$450m for sanctions violations and agreed to an additional settlement of over US$800m to clean up past wrongdoing.
Office of Financial Sanctions Implementation (OFSI)
In early 2019 the UK's OFSI came into play with imposing its first monetary penalty for a breach of financial sanctions using its civil enforcement powers. And the financial crime industry laughed. A £5,000 fine for breaching a sanction imposed on an Egyptian entity was surely worth more than £5,000?
Raphael's Bank was fined £5,000 after handling funds belonging to an Egyptian financial sanctions target. Is £5,000 a joke, or does it warrant compliance professionals to sit up? It is important to look behind the fine. The funds in question mounted to £200, so the fine represents 2,500% of the value of the funds in question. And the bank will have the FCA's undivided attention for some time to come.
Based on this calculation, an appropriate fine for HSBC would have been US$20bn, and the fine for BNP would have been US$220bn.
How to avoid financial sanctions fines
It is important to note that fines and settlements are different things, but equally important is to draw lessons from smaller fines such as the one imposed by OFSI. And just when we thought that OFSI would impose significant fines based on the value of a breach, they reduced the sanction breach's fine by Telia to £146,000 upon review even though the value of the breach was estimated at £234k.
The size of the fine is really not that important. It brings headlines and reputational pain, but the real penalty relates to the work that needs to be done after a fine. This will undoubtedly involve intrusive regulatory scrutiny on a daily basis and expensive temporary resources, consultants and monitors crawling all over the firm for a long time, followed by lots of remedial activity.
The key lesson is that whatever the size of the fine, it will hurt big time, so make sure your tools and controls are up to scratch, that everyone is adequately trained, and that you foster a culture where compliance is a good thing.
1. Provide information and training
Your staff need to be clear about the rules and know what they must do to comply. The best way to do this is via compulsory training for your employees, for example, a mandatory sanctions e-learning course.
2. Conduct adequate due diligence
Check your supply chain and customer list to ensure that you are not doing business with designated persons (i.e. individuals or entities subject to sanctions). Don't conduct business that you know or suspect will breach sanctions
4. Check the specific restrictions
Sanctions don't just apply to financial transactions and the freezing of assets. There may also be restrictions on the supply of services (such as giving advice) and trade (such as the supply of arms, diamonds, etc.).
5. Don't evade sanctions controls or help others to
Make sure all payment processing is transparent. UNDER NO CIRCUMSTANCES should you remove material information from payment instructions (wire stripping) or arrange payment or supply through third parties.
6. Report mistakes or suspected breaches promptly
Even if you think they may be false positives, don't take any risks. By doing so, you can mitigate the penalty your company receives, as other credit may be given for voluntary disclosures.
7. Don't be complacent
Ignorance of the law is no excuse! And remember that the OFSI will publicly name fined companies, meaning a blow to reputation.
Want to learn more about Financial Crime?
If you'd like to stay up to date with financial crime best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech and RegTech news, subscribe to the Skillcast Compliance Bulletin.
To help you navigate the compliance landscape, we have collated searchable glossaries of key terms and definitions across complex topics, including GDPR, Equality, Financial Crime and SMCR. We also regularly report key learnings from recent FCA fines.
You can follow our ongoing YouGov research into compliance issues, attitudes and risk perceptions in the UK workplace through our Compliance Insights blogs.
And if you're looking for a compliance training solution, why not visit our Compliance Essentials Course Library?
Last but not least, we have 70+ free compliance training aids, including assessments, best practice guides, checklists, desk-aids, eBooks, games, handouts, posters, training presentations and even e-learning modules!
If you've any questions or concerns about compliance or e-learning, please get in touch.
We are happy to help!