SRA’s Sectoral Risk Assessment: Sanctions
There are four emerging risks that the SRA has identified in the Sectoral Risk Assessment which was published in July 2023. One of these emerging risks is sanctions. Here, we explain the SRA’s update on sanctions, the associated risks and advice on what actions you should take.
What does the SRA say about sanctions?
We know that sanctions is a completely separate regime to anti money laundering (AML), but the SRA has stated: “Firms cannot assume that sanctions are not relevant to them. There are a significant number of British nationals subject to sanctions.”
The problem with sanctions is the strict liability. If you’ve acted in breach of the sanctions, then you’re liable. It’s possible that you might get some relief from sanctions as a result of what you’ve done to try and prevent it, but that would be determined as part of the disciplinary process.
Sanctions doesn’t work like bribery and tax evasion, for example, the failure to prevent bribery or the failure to prevent corporate facilitation of tax evasion. Both of those have a statutory defence regime that says, if you follow the guidance issued by Government to try and prevent sanctions, then you’ll have a defence if it actually happens. There’s no equivalent in sanctions.
So, if you do have a sanctions breach, then you’re at the will of the adjudication process as to how your process will be looked at, and whether or not you’ll be disciplined. Doing sanctions training, having a sanctions policy and doing sanctions screening is not an automatic ‘get out of jail free’ card.
What is the SRA doing regarding sanctions?
The SRA is really ramping up on sanctions. If you’re from a larger firm, this may not be news to you. You’ve probably known about sanctions for a long time, have a sanctions policy in place, may have done sanctions training, and probably always do sanctions screening as part of a wider ID&V process.
However, for the rest of the sector, the SRA is expecting to see sections in your AML PCPs or in a separate policy about sanctions. They’re probably looking for you to have incorporated it into training, or at least communicated the policy in relation to sanctions. This includes how they happen, what to look out for, and what CDD you should be considering.
At the recent Law Society Conference, the SRA confirmed that they’re doing some thematic work on sanctions and inspecting firms. If we look at the potential changes in the forthcoming Economic Crime and Corporate Transparency Bill, the SRA’s remit, as in what they’re responsible to detect and prevent, is potentially going to be extended. We believe it’s highly likely that this will be extended to include economic crime as well as money laundering and terrorist financing.
Economic crime obviously carries sanctions with it. So, whilst at the moment we’re talking about sanctions in the context of your AML risk assessment, if it’s not already on your to-do-list, you should be looking into this. In the meantime, make sure that you’re recording sanctions in your Practice Wide Risk Assessment, demonstrating that you’ve thought about it. If it’s in a separate document, make sure you reference it.
Is there an overlap between sanctions and AML?
As we’ve already said, sanctions is a separate regime to AML. However, there is an overlap. Some of the things you need to consider for AML will also be relevant for sanctions, such as:
1. Jurisdictions
This is where you look at countries where there’s corruption. If you’re using commercially available CDD searching tools, they’re likely to have sanctions checks within them. However, there is a huge list of countries that you should be aware of.
When looking at AML and CDD processes and procedures, think about when are you going to get a sanctions match. Do you do it after you’ve taken instructions, later on, or does it depend on what you find out? Always think about the timing of these things. If there’s some distance in your processes, make sure your lawyers have a good awareness of these high risk jurisdictions. That way, they’ll be able to identify them, not just because a search told them, but because they’ve thought about it.
2. Politically exposed people
Politically exposed people can get vast sums of monies from a country and then disappear with it. They then suddenly become sanctioned.
3. Complex corporate structures
The SRA makes the point that a person who becomes sanctioned may suddenly want to offload all of their assets to other people that they have control over. This is so the assets are being owned by those people, and move through banking systems in the name of these other people rather than themselves. So, your CDD, especially in relation to corporate structures, should involve considering:
- Whether it makes sense for that person, or is this an attempt to evade sanctions?
- Is it really under the ownership or control of the sanctioned person?
When considering complex corporate structures, don’t scrimp on CDD.
5. Sectors
Of course, there are lots of different sectors which are exposed to sanctions. However, if you have practice areas in the following, these are definitely areas where you should be carrying out a sanctions risk assessment and considering what you think the chances are of being targeted:
- International trade
- Shipping
- Aviation
- Immigration
Most high street firms don’t practice in these areas. They’re mainly found in larger law firms, and most larger firms have no doubt already got mature programmes in place for sanctions.
However, with immigration in particular, you need to recognise that it does appear in the SRA Sectoral Risk Assessment and that you should think about whether that’s something you’re likely to encounter.
What actions should you take for sanctions?
If you do get exposed to sanctions, you’ll no doubt have already done this work. However, for everyone who believes it’s unlikely to affect them, you do have to be cognisant of the SRA’s quote that “Firms cannot assume that sanctions are not relevant to them….”
If you don’t think that sanctions are relevant to you, make a risk assessment that states that they’re not and record that you’ve done that risk assessment. When you look at the sanctions guidance, it states you ‘should’ conduct CDD on counterparties. We believe you need to consider whether you should be doing this as part of a risk assessment first, before you implement a process.
Of course, your processes always depend on what your risk appetite is. If you’re a particularly risk averse kind of person, and you definitely want to sleep at night knowing that no sanctions could creep in at all, then you’re going to want to do sanctions screening for everybody.
Consider what action you already take. The SRA suggests that there’s a theme of people doing sanctions screening at the file opening stage, and then looping back around as part of ongoing monitoring. Of course, the issue with sanctions is usually about making economic advantages available to someone. It’s usually much later down the line than file opening. So, think about whether your screening has ongoing monitoring or whether you should rescreen if it’s a one off thing.
Consider if you’ve ever actually encountered sanctions. You may decide that you don’t have sanctions exposure, then you find out you do later on because, for example, there was a problem with processing a payment at your bank, or a problem had flagged up. If so, you might wonder whether your processes are adequate. If not, it might be that you don’t think you need to do much about sanctions. However, don’t say nothing about it! The SRA want you to demonstrate that you have thought about it.
Get in touch
At Teal Compliance, we’re here to support your journey towards regulatory and AML compliance.
If you’re looking to ensure that you, your firm and your clients are safe, simply contact our experts today.
SRA’s Sectoral Risk Assessment: Sanctions Read More »
