Skip to content

New monetary penalty regime for breach of financial sanctions

Related people
Townsend Matthew
Matthew Townsend



View profile →

Edwards Amy
Amy Edwards

Senior PSL - Litigation


View profile →

12 April 2017

A new regime in the UK for punishing individuals or businesses that breach financial sanctions came into force on 1 April 2017.

In March 2016 the Office of Financial Sanctions Implementation (OFSI) was formed, as part of HM Treasury (HMT), to oversee the implementation and enforcement of domestic and international financial sanctions in the UK. The Policing and Crime Act 2017 (the Act), which received Royal Assent on 31 January 2017, provides HMT with enforcement powers to punish breaches of financial sanctions, including the power to impose a monetary penalty. OFSI has published guidance on the new regime for monetary penalties. The guidance provides an early insight into OFSI’s proposed priorities and methods.

OFSI can impose a financial penalty on a “person” (including a legal entity) if it is satisfied on the balance of probabilities that a person has breached a financial sanction and that they knew or had reasonable cause to suspect that they were committing a breach. Where a legal entity has breached a financial sanction, a monetary penalty may also be imposed on an officer of the entity if the officer consented or connived with the breach, or the breach was attributable to the negligence of the officer.

Financial sanctions come in many forms and apply to a range of individuals, companies and entities. The most common include targeted asset freezes, directions to cease all business of a specified type and restrictions on a wide variety of financial markets and services. OFSI maintains a consolidated list of financial sanctions targets.

What makes a breach serious enough for a monetary penalty?

The guidance indicates that OFSI intends to adopt a fact‑specific approach to assessing whether a breach warrants the imposition of a penalty. It will look at a broad range of factors to determine the seriousness of the breach including the value of the breach, knowledge of sanctions and compliance systems, the number of breaches, whether the breaches have been self-reported and harm or risk of harm to the sanction regime’s objectives. OFSI will also consider the conduct of individuals involved. The guidance suggests that the “penalty threshold” will be reached where:

  • the breach involves direct provision of funds to a designated person; 
  • arrangements have been made to deliberately circumvent the law;
  • a person has not complied with an information request made by OFSI; or
  • a monetary penalty is deemed to be appropriate and proportionate.

How much?

The “permitted maximum” penalty is GBP 1,000,000 or 50% of the estimated value of the funds or economic resources, whichever is greater. This cap is not fixed; HMT has the power to change it. OFSI intends to publish details of all monetary penalties in order to deter future non-compliance and promote increased awareness of good practice except where it is not appropriate or not in the public interest. OFSI has discretion not to impose a penalty including where it is not in the public interest or where “the offence arose from improper coercion”.

The guidance suggests there will be incentives for a party in breach of sanctions to self-report to OFSI. In “serious” cases this could result in a reduction of 50% of the baseline penalty. In the “most serious” cases the reduction could be 30%. This is in line with a legislative policy of encouraging companies to self-report (eg as with s7 Bribery Act 2010).

Information breach

OFSI may also in certain circumstances impose a penalty for information breaches – eg a failure to provide information which has been specifically requested by OFSI, where a person has not complied with the requirements of an OFSI license or where there has been non-disclosure by a “relevant institution” (as defined under English law) which amounts to a criminal offence.

Challenging a penalty

The subject of a penalty can make written representations (or, in rare cases, oral representations) within 28 days from the date of an OFSI letter giving notice of the penalty. There is a right of appeal to the Economic Secretary to the Treasury, and a final right of appeal to the Upper Tribunal.

UK and non-UK companies in the frame

Breaches with a “UK nexus” would fall within OFSI’s enforcement regime, so both UK and non-UK companies may be caught. The guidance provides some examples of what would amount to a UK nexus: a UK company working overseas, transactions using clearing services in the UK, action by a local subsidiary of a UK company (depending on governance), action taking place overseas but directed from within the UK or financial products or insurance bought on UK markets but held or used overseas.


The creation of OFSI (within HMT), and the new powers in the Act, suggest that the historically low level of financial sanctions enforcement in the UK is likely to change. The government has stated that OFSI will “work closely with law enforcement to help ensure that financial sanctions are properly understood, implemented and enforced”.

The OFSI regime will apply as an alternative to criminal prosecution. The Act also increases the maximum penalty for breaches of financial sanctions from two to seven years’ imprisonment and includes breaches of financial sanctions in the list of offences to which Deferred Prosecution Agreements and Serious Crime Prevention Orders apply.

Pressure is growing on companies to monitor ever more carefully who they do business with, and who does business on their behalf. The UK Criminal Finances Bill (which contains a new corporate criminal liability offence of failing to prevent the facilitation of tax evasion) and the UK Government’s recent call for evidence on a new general corporate criminal offence of failing to prevent economic crime illustrate the trend towards the increasing regulation and criminalisation of business conduct.

To avoid problems arising, companies need to have risk-based policies and procedures in place, which are properly implemented and reviewed. If a problem does arise, the effect can sometimes be mitigated by early investigation (taking privilege issues into account), engagement with the authorities and remediation.