Sanctions regulations – Frequently Asked Questions

Image of letters spelling "sanctions" in a game of scrabble

VinciWorks recently hosted a webinar on sanctions that gave guidance on the latest regulations, the affect Brexit will have on sanctions and more, the Iran deal and more. During the webinar, Director of Course Development took several questions on the topic and we have continued to answer the questions. Here are all the questions that have been asked on the topic, along with the answer. If you can’t find the answer to your question here, feel free to tweet us your question.

Frequently asked questions on sanctions regulations

To what extent is the humanitarian sector affected by the sanctions?

Sanctions reporting covers everyone, and under the new legislation dealing with someone under sanction can result in criminal penalties. If in doubt, you should contact the Office of Financial Sanctions Implementation for dealing with anyone under sanction.

Do you have any advice when dealing with a US Specially Designated National (SDN) when an entity isn’t sanctioned by an individual?

There could be an issue in paying an entity if the SDN is a beneficiary or beneficial owner. You should check the specific regulations of the OFAC sanctions on the individual and consider applying for a license if necessary.

Are there any corporate liabilities for breaches of sanctions akin to the corporate offence of bribery and failure to prevent the facilitation of tax evasion?

Yes, there is. Under the Policing and Crime Act 2017, the Treasury can find individuals and corporates liable for sanctions breaches based on a “balance of probabilities” test. The Treasury can then levy a financial penalty. More serious cases can be referred to the National Crime Agency for prosecution. Under the European Union (Amendments of Information Provisions) Regulations 2017, there is an increased application of businesses who must comply with sanctions, which has been extended to everyone under the Sanctions and Anti-Money Laundering Act 2018.

How do you keep up with changes in sanctions without constantly checking in with the course?

Because the list of who is under sanction is constantly updated, you don’t need to keep checking back in with the sanctions course. As long as those who are required to do the checking know how to do it, which the course educates them on, then whenever they are checking if someone is under sanction they will have the most up to date answer. The same goes for sanctions on certain countries. Consider the sanctions risks in your business, i.e. countries or clients you work with who are a high risk of being sanctioned, then put in place procedures to check once a quarter or even annually what the latest sanctions are on those high-risk areas. For example, if you never do any work or have any clients from Zimbabwe, you are unlikely to need to keep up to date with sanctions relating to Zimbabwe. But if you have a lot of clients from Russia, you might require a system to frequently check the latest Russia sanctions. Even if you don’t put in place procedures such as these, including a sanctions check as part of client onboarding will help with compliance.

What changes do money service businesses (MSB) in the UK need to consider when it comes to sanctions?

Consider the sanctions risks in your business, i.e. countries or clients you work with who are at high risk of being sanctioned, then put in place procedures to check once a quarter or even annually what the latest sanctions are on those high-risk areas. For example, if you never do any work or have any clients from Zimbabwe, you are unlikely to need to keep up to date with sanctions relating to Zimbabwe. But if you have a lot of clients from Russia, you might require a system to frequently check the latest Russia sanctions. Even if you don’t put in place procedures such as these, including a sanctions check as part of client onboarding will help with compliance.

How should a humanitarian Disaster management consultancy firm transfer money to countries like Yemen, Somalia and Syria?

You must be very careful when dealing with transfers of money to states such as Syria, Yemen and Somalia as these countries are under UK, US and EU sanctions. Ensure that you are complying with sanctions laws and you have all the appropriate licenses to carry out your work in these places.

Are there US, UK or EU sanctions on Syria?

Yes there are considerable UK, US, EU and UN sanctions on Syria. There are also many sanctions on individual Syrians, including various members of the government and other businesses. You can check whether individuals are under sanction by reviewing the UK consolidated list.

Do you anticipate that prescribed description requirements being brought in by the 2018 act will mirror/operate in a similar manner to the OFAC 50% rule?

The EU currently applies a 50 percent rule where transacting with the non-listed entity is viewed as an indirect transaction for the benefit of the listed individual and is therefore prohibited. The US rule goes further by stating that if one or more blocked persons or entities owns 50% or more in an aggregate of a non-listed entity this is also blocked. In practice, this means that for the purposes of calculating the 50% threshold, all ownership interests of sanctioned persons must be aggregated. This should be taken into account with UK sanctions, and therefore enhanced due diligence may be required in certain cases as simply checking against the list may not be adequate. Enhanced due diligence in regards to the 50% rule would likely be required in high-risk situations.

When will the Sanctions and Anti-Money Laundering Act come into force?

The Sanctions and AML Act is already law. However, as the UK is still a member of the EU, the UK is still required to implement EU sanctions. It will likely become operative once the UK ceases to be a member of the EU. However, ministers could decide to take unilateral sanctions action, and this would be reflected in the UK consolidated list.

How is legal professional privilege affected by sanctions?

You are not required to report privileged information, but you will need to clearly state whether the privilege applies and to what information it applies to. Broad or blanket statements of privilege might be subject to challenge, so be specific.

How much due diligence do I need to do to check whether someone is sanctioned?

You can apply a risk based approach to checking your clients against sanctions. The lists are public and easy to access, and our sanctions course gives you a real experience of checking these lists. Of course, new clients or people unknown to you will present a higher risk than someone you deal with all the time. But you also have to ascertain whether the beneficial owners of anyone you are dealing with are also subject to any sanctions.

What should I do if someone is under sanction?

Do not proceed without a license. And don’t do anything till you’ve got a license. If someone who is under sanction has send you a payment, don’t return it. Essentially freeze everything and make a report. You will also need to consider whether you may need to make a report to your MLRO or the National Crime Agency if there is any suspicion of money laundering or terrorist financing.

Is there a connection between money laundering and sanctions?

Yes there is. That’s why the legislation is named the Sanctions and Money Laundering Act, and why we’ve released sanctions and AML course, as well as bribery, in this new, cutting-edge style. Bribery is something almost all staff have to be trained on, and sanctions and even money laundering are moving towards that direction.

How are US sanctions enforced on non-US companies?

Violating US sanctions can have serious consequences even for non-US businesses. Recently, a Singaporean company was fined $12m by OFAC for violating US sanctions against Iran because it processed transactions in US dollars which were in violation of US law. Travel firms have also been fined for booking flights and hotels to sanctioned countries like Cuba and paying individuals in sanctioned countries. It’s a very tricky situation to avoid because the US can penalise anyone using US dollars or the US banking system.

To what extent will Sanctions and AML regulations be affected by Brexit, and does it depend on the deal/ no deal produced by Brexit?

It shouldn’t depend too much on a deal or no deal Brexit because the enabling legislation, the Sanctions and Anti-Money Laundering Act, has already been enacted. What people should be paying more attention to is the international climate and preparing for what a non-EU aligned foreign policy might look like. If the UK follows more of a US approach, we could see increased sanctions against Iran and its allies even as the EU sticks with the Iran deal. The best way businesses can prepare for this is to make sure key staff are trained and understand sanctions. How to check names, what to do if there’s a match, how to understand US sanctions and how to assess risk. Sanctions can change rapidly, even overnight, and the best way to comply is to be prepared.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.