Introduction
In June 2022, the UK government revised its enforcement approach for breaches of UK financial sanctions, purportedly to address concerns that the previous threshold for imposing civil penalties in response to a financial sanctions breach was too high. Whereas before, UK sanctions authorities could only levy civil or criminal penalties if an individual was found “to have known, suspected or believed” that they have breached financial sanctions legislation. Following legislative amendments, the UK’s sanctions regulator (the Office of Financial Sanctions Implementation (OFSI)), which sits within HM Treasury (the UK’s economic and finance ministry), can impose civil penalties on a strict liability basis.
Additionally, the Treasury gained new powers to report on breaches that did not result in monetary penalties, effectively allowing for public disclosure or ‘naming and shaming’ of entities that violate sanctions regulations. Consequently, anyone identified as having breached sanctions legislation in the UK, irrespective of their level of knowledge or intent, now risks substantial financial penalties (i.e. the greater sum of 50 per cent of the estimated value of funds or economic resources in question or £1 million), and, where no financial penalty is imposed, being publicly ‘named and shamed’ for breaching financial sanctions.
Further recent developments in the UK sanctions landscape
Following a relatively settled period for attributing corporate liability for sanctions breaches, there are three major changes that sanctions-focused compliance professionals will need to consider. These are:
(i) the prohibition on sanctioned persons acting as company directors;
(ii) the expansion of corporate criminal liability in the UK generally; and
(ii) the long-awaited introduction of the Office of Trade Sanctions Implementation (OTSI).
1. The prohibition on sanctioned persons acting as company directors
The Economic Crime and Corporate Transparency Act 2023 (ECCTA) introduced amendments to the provisions concerning the disqualification of directors, establishing directors disqualification sanctions and criminalising the act of serving as a company director, or engaging in the promotion, formation, or management of a company by individuals designated under sanctions regimes in the UK. There is a defence based on objectively reasonable ignorance of a person’s disqualification status as well provision for exemptions and exclusions e.g. under an OFSI licence but the penalties can be severe and include imprisonment for up to two years and/or fines for the implicated individual.
All individuals involved in the formation and management of UK companies are obliged to ensure that their directors are not disqualified under these provisions. This is backed up by the risk of committing criminal offences for making false statements or providing materially misleading, false, or deceptive documents to the Registrar of Companies. An aggravated version of this offence would be committed if an individual knowingly submitted, or caused to be submitted, such misleading, false, or deceptive documents or statements to the Registrar. Where liability occurs, it extends beyond the individual directly responsible to include all company officers who are considered ‘in default’ for authorising, permitting, participating in, or failing to prevent the offence. The basic form of the false statement offence may result in a fine, while more serious instances could lead to penalties including up to two years in prison and/or unlimited fines. Clearly this places additional sanctions due diligence obligations on company secretaries, other directors, corporate service providers and persons with significant control.
2. The expansion of corporate criminal liability in the UK generally
ECCTA 2023 also overhauled how corporates may be held liable in the UK for a subset of criminal activities, including sanctions breaches. It created a new statutory test for the attribution of corporates based on the acts and mindsets of their senior managers, should the latter commit economic crimes.
This statutory corporate criminal liability attribution model currently sits alongside the common law ‘identification doctrine’ which encompasses only a directing mind and will of a corporate. The common law test continues to apply to conduct outside of the economic crime sphere.
The new test is currently untested, but is intended to be far more expansive. ‘Senior manager’ is defined as, “an individual who plays a significant role in—
(a) the making of decisions about how the whole or a substantial part of the activities of the body corporate or (as the case may be) partnership are to be managed or organised, or
(b) the actual managing or organising of the whole or a substantial part of those activities.”
This is likely to apply to all those carrying out group functions (for example, group financial roles, or with group responsibility for, for example, risk, compliance, or cross-border procurement), as well as those in senior operational and management roles, and could also include regional sales managers in national organisations and the managers of different operational divisions involved in e.g. moving goods or that could be subject to trade controls.
Clearly, companies and compliance professionals must take into account the increased legal risks posed by the fact that, on a much broader basis, personnel risking breaching sanctions legislation can now render their companies, the group’s parent, or a specific subsidiary criminally liable. Depending on the breadth, complexity, and individual autonomy within an organisation, it is likely that considering enhanced controls, training, and audit exercises would be prudent. Importantly, because decisions about who qualifies as a senior manager will be organisation specific, based on factors such as organisation size, number of management tiers, and individual job descriptions, roles and areas of responsibility. There is no one-size-fits-all approach to this development.
3. The introduction of OTSI
The last important change that compliance professionals will need, in due course, to carefully consider is the long-anticipated introduction of OTSI in the UK, and an accompanying amendment to the way the UK approaches enforcement action following a breach of trade sanctions laws. We understand that, as part of the overall expansion and rationalisation of the UK’s enforcement approach, a similar amendment will be made to the trade sanctions framework as was made to the financial sanctions framework. The intent appears to be to enable the UK to impose civil penalties in response to a trade sanctions breach on a strict liability basis. It is currently unclear what those civil penalties might be, but the criminal penalties and approach to liability would, we understand, remain the same.
Clearly, if such a change takes place, this would be a significant escalation in legal risk posed by trade activity with a UK nexus. However, it remains to be seen if the new UK government has the appetite to make this change, and if it does, if the changes entirely mirror the approach adopted for financial sanctions breaches under the last government, or if a more nuanced approach is adopted. Either way, compliance professionals will need to react appropriately as and when any legislative changes are made.
The authors would like to thank Gilly Bradbury for her insight and support with this article. Her input was invaluable in drafting this piece.
GET TO KNOW THE AUTHORS: Harriet Territt & Matt Worby