An unidentified UK company has been fined £1m by HM Revenue & Customs in what may be considered a trail-blazing settlement:

• This appears to be the first enforcement of UK sanctions since Brexit – previously publicised cases related to breaches occurring before the UK’s exit from the European Union on 31 January 2020.
• It also represents HMRC’s first penalty for breach of trade sanctions since the landmark Sanctions and Anti-Money Laundering Act 2018 – previous penalties have been for export control breaches.

The joint statement by the Department for Business & Trade (“DBT”), the Foreign & Commonwealth Development Office (“FCDO”) and HM Revenue & Customs (“HMRC”) states simply

“In August 2023, a UK company was fined £1 million in relation to the unlicensed trade of goods in breach of The Russian (Sanctions) (EU Exit) Regulations 2019.”

DBT, FCDO, HMRC

The nature of this settlement, and the alphabet soup of state organisations involved, highlights one of the challenges of UK sanctions –the complex network of government departments and agencies involved in the development, implementation and enforcement of sanctions.

Who’s who?

Most readers will have heard of the Office of Financial Sanctions Implementation (“OFSI”), part of HM Treasury.  OFSI manages the implementation and enforcement of financial sanctions and of the Russian Oil Price Cap.

Less well-known is the DBT, which implements trade sanctions as well as export controls.  DBT has no enforcement powers – HMRC is responsible for the investigation and enforcement of trade sanctions.

Differences in breach settlements

One apparent difference between Financial Sanctions and Trade Sanctions is how breaches are investigated and publicised.  OFSI has wide-ranging powers to impose civil money penalties and to publicise its enforcement activities, even where no penalty is involved.  While HMRC also has its own powers to investigate and enforce, its civil enforcement powers are called “compound settlements” and these settlements are usually confidential and anonymous.

As an example, we know that Travelex UK Limited was fined £10,000 for processing a transaction amounting to £204 in respect of a person designated under the Egyptian sanctions regime.  Conversely, we have no idea who has just been fined £1m for breaching Russian sanctions, nor what the breach was.  This is a peculiar situation.

One could argue that the reputational risk of being ‘named and shamed’ in a sanctions breach case is as much a deterrent as a fine, so it seems contrary to best practice to allow anonymity for those committing serious sanctions breaches – and a £1m fine means this was serious.

What does this mean?

Aside from the public policy benefit of naming those involved in breaches, publishing proper details of breaches and settlements helps educate those working in industry.  The US authorities in particular are excellent at this.  Our advice is that all firms operating in higher risk sectors and geographies should review publicised sanctions enforcement activity to learn lessons and update their own enterprise-wide risk assessments.  Unfortunately, confidential settlements such as this do not help.  That said, we understand that a number of investigations are underway into Russian sanctions breaches, so there should be ample opportunity to update those risk assessments soon.

If you would like to discuss enterprise-wide risk assessments, sanctions reporting or licensing then please contact us.