A week after we saw the first Russia trade sanctions breach enforcement from the UK’s HM Revenue & Customs, OFSI has used new powers to report on a financial sanctions breach, while levying no monetary penalty.

OFSI announced that Wise Payments Limited, a regulated financial services business, had breached Russian financial sanctions by allowing an ATM withdrawal from an account in the name of a company controlled by a designated person.

What happened?

Wise’s sanctions screening systems appear to have correctly identified that the company account was subject to an asset freeze and suspended the account in the early hours of 30 June.  They did not stop debit card activity, though.  Wise had previously had problems when blocking card activity on potential sanctions name matches, because most subsequently turned out to be false positives. 

A full block on the account and cards was not applied until Monday 4 July, however an employee of the customer had already withdrawn £250 through an ATM on the morning of 30 June, which OFSI held was a breach, because Wise had made funds available to a Designated Person. 

OFSI found that Wise’s policy of not blocking debit cards upon a suspected name match was “inappropriate”.  It also highlighted the delay in verifying the name match was exacerbated because there was no weekend cover in the compliance team.  Ultimately, the lack of weekend cover did not appear to cause or worsen the sanctions breach – the damage had already been done by the previous Thursday.

What powers did OFSI use?

OFSI did not consider the matter so serious that it would fine Wise, but it elect to publicise the matter in its first use of new disclosure powers.

These powers were given to it by the Economic Crime (Transparency and Enforcement) Act 2022, allowing it to publicise breaches of sanctions where no financial penalty is paid.  OFSI’s updated enforcement guidelines state that they will use these powers “where there are valuable lessons to be learnt for industry”.

What lessons can we learn?

Institutions trying to balance good customer service and responsible sanctions compliance have to tread a difficult path.  Customers and staff know just how disruptive it can be to block accounts due to name screening false positives, but making funds available to a Designated Person is likely to get you named & shamed, fined or prosecuted.  Reducing false positives without diluting your ability to find true name matches is a difficult exercise and should be undertaken with care.  There are some promising new technologies that may help in this.  In the meantime it is vital that all firms exposed to high sanctions risk activity adequately resource their compliance teams so that any sanctions name matching alert can be investigated and dealt with promptly.

If you would like to discuss approaches to sanctions name screening, customer due diligence or any issues raised here, please contact us.