FIN.
Upwards photo of bank or finance building columns

FCA pleased with sanctions compliance progress but…

The FCA has been assessing firms’ sanctions systems and controls since early 2022. It latest review has found that firms have made several improvements over time, and now have controls that will often identify sanction breaches before they occur. However, they do struggle in detecting and preventing specific breaches of trade sanctions.

Key findings include:

  • Where there were sanctions breaches, this was most commonly because of issues in due diligence, alert management, transaction and name screening. Firms also saw breaches happen because of failings in management of frozen assets and licence compliance.
  • Breach reports primarily relate to the Russian sanctions regime, but there has been an increase in those relating to other geographies and the thematic regimes.
  • Payments, retail banking and wholesale firms tended to make the most sanctions reports – but the FCA would have expected more from other sectors, particularly insurance and digital assets.
  • Customers and counterparties of firms have engaged in a range of activities that could lead to breaches, including accessing services through complex chains or third parties, and routing funds through virtual or e-money wallets.
  • Strength of governance was mixed, with some firms relying heavily on group arrangements.
  • Some firms rely heavily on external providers, which can cause resilience issues if the external systems fail.
  • Many firms were using AI well to monitor customer exposures and to help understand trends, but some international firms were not monitoring their overseas operations well enough.
  • On risks assessments, some firms need to do better on ensuring these are complete, with conclusions justified after a sufficiently granular analysis.
  • The best firms regularly updated CDD policies, while the worst relied overly on third parties.
  • The best firms have formal governance processes for reviewing screening policies including exclusions.
  • Some third party vendor lists contained errors and omissions which firms were not spotting.
  • Some firms do not properly calibrate screening systems which means they will fail to detect certain matches.
  • Good practice includes staff training with clear typologies, and proactively testing systems against new typologies.

The FCA wants to support both OFSI and OTSI and has signed a MoU with OTSI to go alongside its existing one with OFSI.

Emma Radmore