Partner John Binns writes the third in his series on Sanctions. Read part one here, titled ‘Sanctions and Brexit: Changes Coming to UK Sanctions Laws – Deal or No Deal’.
It is a pernicious feature of sanctions laws that they affect far more people than they target. Traditionally, the imposition of sanctions was something the leaders of one state did against the leaders of another; the idea of targeting them at ‘designated persons’ was to avoid the effects that comprehensive sanctions had on the innocent populations of ‘enemy’ countries. Now, the principal effect of, say, an asset freeze on a Russian oligarch is to impose criminal penalties anyone who deals with his assets, or who provides economic resources to him or for his benefit. That creates a risk not just for financial institutions, but for literally anyone, individuals and businesses, operating or based in the UK.
The use of screening services
Many businesses deal with this risk by subscribing to a screening service, which runs customers’ names against a sanctions database alongside various anti-money laundering (AML) checks. The necessity for such services is undoubtedly increasing, as we move beyond a world where most sanctions targets are from easily identified ‘problem’ countries (Syria, North Korea and the like) to one where the grounds for targeting need not mention a country at all (such as involvement with chemical weapons, or cyber-attacks). The risk of failing to spot a sanctions target has never been greater.
‘Computer says no’
Running the name of a prospective customer against a database may not be the end of the story, of course. Depending on the nature of your business, you may need to know more about them, and about the work you are being asked to do, before you can rule out the prospect of becoming unwittingly involved in a sanctions breach. Conversely, an over-rigid, ‘computer says no’ approach, ignoring the risk of false positives or the existence of exceptions and licences in sanctions laws, might not serve your business well either.
When a breach occurs
Because both the lists and the facts are always subject to change, the risk of taking on business that then turns out to involve a sanctions target or breach can never be reduced to nil. When that risk becomes a reality, some businesses will have an obligation to report to the Office for Financial Sanctions Implementation (OFSI), while others will need to consider carefully, and take specialist legal advice about, how they should proceed. While prosecution is always possible, a monetary penalties regime provides an alternative for appropriate cases.
A proportionate approach
Importantly, at that stage of deciding how to deal with a breach, OFSI will take into account any preventative procedures a business or an individual has adopted; to have been ignorant of sanctions laws, or to have underestimated their seriousness, will not be a defence. That is not, however, to say that every business and individual must adopt an identical gold standard of compliance; the key is to assess your particular risks and take proportionate steps to try to meet them.
The need for advice
Specialist legal advice is essential at the stage of assessing whether a breach has occurred, deciding how to deal with it, and liaising with OFSI (either in a self-report, or because they have written to you about a potential breach). But it may also be beneficial at an earlier stage if, like the majority of individuals and businesses in the UK, you are not familiar with sanctions laws, and/or if you are not sure how they may affect you. The value of being well informed about this increasingly complex area of law should not be underestimated.