The UK government has published a significant cross-government review of sanctions enforcement. This marks a decisive shift in how sanctions will be implemented, enforced, and supported in the years ahead. For compliance officers, the message is clear: expect broader enforcement powers, stronger penalties, clearer guidance, and increased scrutiny.

Key reforms include a consolidated sanctions list to simplify screening, expanded enforcement powers across trade and transport, new civil penalty and settlement mechanisms, and improved whistleblower protections. The review also commits to clearer guidance, greater outreach to under-supported sectors, and a stronger focus on publicising enforcement to drive deterrence. For businesses — and particularly legal advisers — this is a warning shot: sanctions compliance must now be embedded as a core legal risk, not a peripheral concern.

Certain sectors like legal will feel the compliance brunt of this cross-government review. The OFSI recently imposed a penalty of nearly half a million pounds on leading law firm Herbert Smith Freehills Moscow office for financial sanctions breaches. Other actions against charities and the prosecution of a Russian politician show the UK is getting serious about sanctions. The OFSI has also issued a specific threat assessment for the legal sector, highlighting how many law firms are still falling short. Coupled with the SRA’s 2025 crackdown on sanctions compliance and increasing spot checks, law firms cannot fall asleep at the wheel when it comes to sanctions. 

The cross-government review: A turning point for UK sanctions enforcement

Since the passage of the Sanctions and Anti-Money Laundering Act 2018 (SAMLA), the UK has steadily built the scaffolding of a fully autonomous sanctions regime independent from EU structures. While this was initially cautious in its application, that caution is firmly gone.

The geopolitical shock of Russia’s invasion of Ukraine catalysed a dramatic expansion in the scope, complexity and volume of UK sanctions. In response, the government has not only intensified designations but also equipped itself with the enforcement muscle to make those sanctions count. The cross-government review published in May 2025 signals a new era: one in which sanctions compliance is no longer a matter of best efforts or informal guidance but a matter of legal accountability, and regulators are ready to act.

The Office of Financial Sanctions Implementation (OFSI) recently imposed a £465,000 monetary penalty on a UK law firm for facilitating payments to a designated Russian politician. In parallel, the National Crime Agency secured the UK’s first criminal conviction under Russia sanctions legislation against a Russian politician, and HMRC concluded six compound penalty agreements for trade sanctions breaches totalling over £1.3 million, including a £1 million penalty against a UK exporter in August 2023. These are not procedural exercises; they are warnings writ large.

This change carries real implications for law firms. Clients across a wide range of sectors but particularly financial services, trade, logistics, and professional services, are now operating under heightened scrutiny. Many will require legal advice on navigating not just who is sanctioned, but what constitutes indirect exposure, facilitation, or breach. The boundaries of “ownership and control,” the availability of licences, and the scope of reporting obligations are no longer abstract legal questions; they are compliance tripwires.

Firms themselves must treat sanctions compliance as a business-critical risk. Legal services are squarely in the frame when it comes to sanctions evasion. From providing trust and company formation advice to facilitating transactions and holding client money, law firms may be used — wittingly or not — as conduits in attempts to circumvent restrictions. With the government increasingly focused on ‘professional enablers’ and exploring further obligations on those who shield designated individuals, the stakes are rising.

The strategic foundations of the UK sanctions regime

The government has outlined five guiding principles that shape how sanctions are used and implemented. These reflect how businesses should approach compliance from a governance and strategic risk perspective.

First, UK sanctions are not arbitrary. Every designation, restriction or penalty is intended to serve a defined foreign or national security objective. That may be to disrupt weapons procurement, signal disapproval of a regime’s actions, or prevent money from reaching a sanctioned network. In each case, sanctions are meant to change behaviour, and the onus is on companies to understand what the UK government is trying to achieve and why.

Second, sanctions don’t exist in a vacuum. They work best when integrated with wider tools such as diplomatic action, criminal prosecutions, trade restrictions. Compliance teams should recognise that sanctions will increasingly form part of broader enforcement actions. A single violation could now trigger interest from multiple regulators, domestically and internationally.

Third, the UK insists its sanctions are rigorous but proportionate. They are not designed to cause collateral damage, but they are designed to bite. Businesses should not expect regulatory sympathy simply because a designation causes inconvenience or cost. What matters is that companies have the processes in place to respond in a fair and timely manner.

Fourth, coordination with international partners remains a cornerstone of the UK’s approach. But the review makes clear that the UK will act alone when needed. Businesses should not rely on EU or US sanctions lists as proxies for UK compliance. Divergence is increasingly likely, and that means screening tools, risk assessments and due diligence procedures must be configured for UK-specific obligations.

Finally, there is a growing awareness of the unintended consequences sanctions can cause, including to humanitarian aid, global financial stability, and legitimate trade. The UK has committed to minimising such consequences, but again, that depends on private sector cooperation. Firms must be proactive in identifying when activity might be licensable or exempt and engage with regulators early.

A new model for compliance, deterrence and capability

The core aim of the sanctions review is threefold: improve business compliance, enhance deterrence, and equip the government with the tools needed to enforce the law effectively.

On the compliance side, the review acknowledges a disparity between sectors. Large financial institutions tend to have established sanctions functions. But many mid-sized firms particularly in manufacturing, technology or logistics lack in-house expertise. The government intends to address this with more tailored guidance, deeper outreach, and clearer online resources.

The decision to consolidate the UK Sanctions List with HM Treasury’s Consolidated List into a single, comprehensive list is one of the most significant changes. This will simplify screening, especially for companies that deal with both financial and non-financial designations. Compliance teams should prepare to update their systems and processes accordingly when the consolidated list goes live.

The government has also pledged to clarify the complex and often controversial issue of ownership and control which as been a critical challenge for companies trying to identify whether a counterparty is subject to sanctions. Businesses have long struggled with the legal grey zones in this area, particularly around control through influence or indirect holdings. The review commits to additional guidance, which may include negative determinations or even changes to the ownership model. Firms should start preparing for stricter obligations in this area now.

Strengthening deterrence: enforcement that sends a message

Perhaps the most striking theme of the review is deterrence. The government is keen to make examples fo companies, and not just punish violators. 

To that end, the review confirms plans to publish regular, detailed enforcement information. This will name companies and explain the violations and what remedial action was taken. The aim is to turn enforcement outcomes into “teachable moments” for industry. This could radically reshape how firms learn from others’ mistakes, while raising the reputational stakes of getting sanctions compliance wrong.

A full government-wide enforcement strategy is also on the cards, taking inspiration from OFAC’s detailed enforcement framework in the US. This would provide businesses with clearer insight into what types of breaches result in which penalties, helping firms calibrate their compliance investments accordingly.

New enforcement mechanisms are also being explored. These include an early settlement scheme for civil sanctions cases, enabling companies to resolve breaches quickly, and likely with reduced penalties. A fast-track civil penalty system is also proposed, particularly for lower-level reporting or licensing breaches. While designed to streamline enforcement, these changes also mean compliance teams will have less time to respond and will need clear internal escalation protocols in place. Tracking data will be key, and companies should strongly consider adopting automated sanctions compliance software that can spot and escalate possible breaches quickly and proactively. 

Expanding the toolkit: Reporting, intelligence and protections

The government has acknowledged that the current sanctions reporting landscape is fragmented. Multiple regulators, departments and reporting channels confuse businesses and may deter disclosures. A centralised reporting point is now being explored to make it easier for companies to report breaches or concerns.

Equally important is the planned update to whistleblower protections. At present, there is limited recourse for employees who flag sanctions breaches internally or to regulators. The review proposes expanding the list of “prescribed persons” under whistleblower legislation to include more departments involved in sanctions enforcement. This should encourage more high-quality disclosures and better internal reporting frameworks across business.

The review also signals a desire to better connect intelligence across government. A joint sanctions intelligence function may be on the horizon, enabling real-time sharing of information between agencies, and potentially with the private sector. For regulated firms, this could mean earlier warnings, more proactive engagement with enforcement bodies, and faster feedback on compliance issues.

Working with industry: The role of engagement and partnership

A particularly welcome element of the review is its focus on engagement. The government recognises that sanctions compliance cannot be achieved through top-down directives alone. The success of enforcement depends on meaningful collaboration with industry.

Throughout the review process, stakeholders repeatedly emphasised the value of direct engagement, especially for industries that lack in-house compliance expertise. There is strong support for increasing government visibility at industry events, particularly outside London, and for more practical, scenario-based guidance that reflects the realities of sanctions compliance on the ground.

Businesses also called for more clarity on the UK’s strategic objectives. A focus on the why of sanctions. Understanding the foreign policy purpose of a designation can help companies evaluate its risk more effectively and anticipate future actions. There is also appetite for more insight into when and why sanctions are lifted, to ensure that lists are constantly kept up to date.

Looking ahead: What compliance team should do now

With major reforms scheduled for the 2025–2026 financial year and others under longer-term review, compliance professionals should begin preparing immediately. This is a moment of transformation for sanctions policy in the UK. Those who move early will be best positioned to meet new expectations with confidence.

Start by reviewing and testing your sanctions screening tools, particularly in anticipation of the consolidated list. Evaluate how your business approaches ownership and control, and be ready to adapt to new thresholds or models. Ensure your internal policies and training are up to date, particularly around reporting routes, whistleblowing and escalation protocols.

Most importantly, engage. Attend briefings, seek out government guidance, and collaborate with trade associations. Sanctions compliance is becoming a shared endeavour between the state and industry. The review makes clear that those who work with government — not just to understand the rules, but to shape and refine them, will be in the strongest position to succeed.

Try our sanctions training courses now.