News and information from the world of
regulatory compliance and risk management

SRA issues sanctions regime guidance
28 November 2022

The SRA has today issued guidance on the financial sanctions regime and explained how it expects firms to address compliance with the fast-changing rules. The guidance places significant expectations on all firms, even those whose work falls outside the regulated sector for AML purposes.

Whilst the guidance says

“For firms with an AML compliance regime, a way of achieving a good standard of sanctions controls might be identifying and verifying all clients (whether in scope of AML or not) to the standard required by the money laundering regulations, and then checking against the sanctions list.”

It also says

“The following are features of an effective sanctions compliance regime:

  • An assessment of the sanctions risks to which the firm may be exposed, for example, which work areas or client groups are most likely to result in a sanctions breach and how can the firm mitigate these risks (with reference to our section on sanctions risk in this guidance) and what is the firm’s exposure to other jurisdictions.
  • A written and implemented set of policies, controls and procedures to identify all clients and counter parties, and to verify their identities using independent materials (for example, passports or other equivalent documentation). Where the client is not a natural person, this applies to ultimate beneficial owners of the client or individuals exerting ultimate control of the entity.
  • A record of your assessment of sanctions risk for each client and/or matter which identifies any indicators of higher sanctions risk. This should determine how much work will need to be done to assess and verify the background of the client including appropriate checks as to where they have derived their wealth and relevant jurisdictions.
  • A documented and implemented policy and procedure to monitor clients on an ongoing basis to ensure their sanctions status has not changed after they were originally screened for example after changes to the sanctions list, or after a significant period of time has passed such as a year.
  • Training on the sanctions regime and related internal compliance procedures for relevant staff including subscribing to the alerts OFSI issues on changes to the regime
  • Regular reports to senior management on the sanctions risks and performance of the controls in the firm including making sure they take decisions about work involving designated persons
  • A form of regular (for example annually) independent (whether internal or external) audit of the firm’s compliance regime. This should include reviews of the firm’s risk assessment, policies, controls, procedures and training with the results and recommendations reported to senior management and acted upon
  • Specific controls and protocols on what to do if you identify a designated person or likely designated person to make sure correct reporting to OFSI, freezing of any client assets held and placing a halt on taking any payment from them.”

This goes beyond just checking the client is not on the consolidated list (either electronically or manually, which will have to be done in any event in most if not all matters, based on the level of risk posed – see the bullets above). It envisages a parallel compliance framework to AML, linked or otherwise. It also envisages staff training on sanctions and an independent audit of firms’ sanctions PCPs and practical application.

To read the guidance in full, click here.

read more articles