What’s in the new Sanctions & Anti-Money Laundering Act 2018?

Sanctions list
The new allows for the UK to add or remove people, entities and organisations from targeted sanctions list if there are reasonable grounds to suspect involvement in activities that can trigger sanctions

The UK parliament recently enacted a new piece of sanctions and money laundering legislation designed to Brexit-proof the UK’s ability to implement international and European sanctions. To help organisations comply, VinciWorks has released a brand new scenario based training course Sanctions: Know Your Transaction. Following the success of our anti-bribery and anti-money laundering training, this course drops users into a set of immersive scenarios to test their knowledge, understanding and ability to comply with the new sanctions law.

What does the Sanctions and Anti-Money Laundering Act 2018 cover?

The breadth of businesses legally required to implement UK sanctions law has vastly expanded in recent years to cover a great deal more than financial services or law firms. Under The European Union (Amendments of Information Provisions) Regulations 2017, it is a criminal offence for businesses in the following industries to fail to report a suspicion of a sanctions breach:

  • Auditors
  • External accountants
  • Law firms and sole practitioners
  • Tax advisers
  • Trust or company service providers
  • Casinos
  • Dealers in precious metals and stones
  • Estate agents

If there is reasonable cause to suspect someone is subject to an asset freeze or has committed a sanctions offence and that knowledge or suspicion is not reported to the Office of Financial Sanctions Implementation, staff could face imprisonment of up to 12 months and / or a £5,000 fine.

The new law also allows for:

The UK to make, suspend and revoke sanctions regimes which can include broad measures including shipping, trade and even airspace restrictions, in addition to financial sanctions and travel bans.

The UK to add or remove people, entities and organisations from the targeted sanctions list, known as designations, if there are reasonable grounds to suspect involvement in activities that can trigger sanctions. There is also the power to list a person or entity through a description if it isn’t possible to actually name them.

New ‘Magnitsky’ powers to freeze and seize assets due to gross human rights violations.

Automatic reviews of sanctions designations every three years as opposed to annually, and increased requirements for notifying designated people and entities. Certain sanctions will also be subject to judicial review.

New OFAC (US Office of Foreign Assets Control) style licensing powers for the OFSI to grant much wider exemptions to sanctions than previously allowed for under EU or UN regimes.

The Terrorist Asset Freezing Act 2010 has been repealed as the new legislation brings together terrorist asset freezing powers and sanctions powers. The Act also lowers the burden of proof to freeze terrorist assets to ‘reasonable grounds to suspect’ as opposed to the previous ‘reasonable belief’ and ‘necessity’ threshold.

Increased powers to require the sharing of information relating to search, seizure and entry, as well as a requirement for the government to provide increased sanctions guidance.

An amendment was also inserted into the Act to introduce public ownership registers in the British Overseas Territories which has also precipitated a political push to bring them into the Crown Dependencies as well.

Find out more about the new sanctions course

If you would like to preview the upcoming course, or learn more about our sanctions training, contact us using the form below.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.