For those of you unable to join our March 2026 Coffee Conversation with Simon Harbord, our Head of Consulting and Audit, and Ray Blake of the Dark Money Files, here is a recap of the most important current issues relating to sanctions compliance. There’s quite a lot!
UK government’s strategic approach to sanctions enforcement
Firstly, the government published its Strategic Approach to Sanctions Enforcement on 10 March 2026 UK Government’s strategic approach to sanctions enforcement – GOV.UK setting out which body is responsible for sanctions compliance for each type of sanction: financial, trade, transport, etc.
It also provides a useful reminder as to what acts can result in a sanctions breach: for example, it’s not just making funds or services available to a designated person, it also includes circumvention, such as facilitating a prohibited transaction, which is broader than you may realise – but more on that later!
SRA sanctions guidance and regulatory expectations
Previously, the SRA had issued updated Sanctions Guidance SRA | Complying with the UK Sanctions Regime | Solicitors Regulation Authority which makes it clear that the SRA expects you to take note of it, and put in place processes to assess, manage and report sanctions risks as appropriate. In fact, the SRA is referring in correspondence with firms to the requirements of the Code of Conduct for Firms:
2.1 – You have effective governance structures, arrangements, systems and controls in place that ensure:
(a) you comply with all the SRA’s regulatory arrangements as well as with other regulatory and legislative requirements, which apply to you.
Sanctions compliance applies to all law firms
The SRA wants to ensure firms are taking measures to comply with sanctions legislation and government guidance, which is unsurprising as they don’t want to see the legal profession breaking the law. The issue is that this is a requirement even for those firms that think ‘it will never happen to us’. More on that later too!
Changes to sanctions screening requirements
One of these measures is typically sanctions screening, as it is standard practice when onboarding a new client. However, there have been some changes you may not be aware of, so ensure your screening platform has acted upon this.
Make sure you are not looking at old lists which are no longer being updated, or if you’re doing a manual check, ensure you know where to look.
The UK Sanctions List and new identification requirements
Since 28 January 2026, the UK Sanctions List has been the only source for all UK sanctions designations, so this is where you check and where your screening provider should refer to in order to use the UK Sanctions List’s new ‘Unique ID’ reference and not the old ‘OFSI Group ID’.
Digital identity verification and compliance
The government recently published a guide to using digital ID Using digital identities with the Money Laundering Regulations – GOV.UK which details the way a provider’s product can be assessed against certain criteria to be regarded as ‘trustworthy’. The guide states:
‘Independent certification against the trust framework and presence on the DVS (digital verification services) register provides confidence that the service is a reliable source and is providing information that is independent of the person whose identity is being verified. It also helps to provide assurance that the person claiming a particular identity is in fact that person’.
So, have you checked that your provider is registered?
Case study: Dimitry Ovsyannikov and the Bank of Scotland fine
Consider this: the risks are so low, you don’t see the need to screen at all; or, you have done your screening and nothing of concern is identified. Nothing to worry about? Think again!
Take the case of Dimitry Ovsyannikov and the £160,000 fine imposed on the Bank of Scotland.
The Halifax (part of the BoS Group) opened an account for him after accepting him as a client – he had a UK Passport and no sanctions hits. The Group accepted his funds and made twenty payments out of his account, before realising he was actually a designated (sanctioned) person: Sanctions compliance in practice: lessons from OFSI’s £160,000 Bank of Scotland penalty – Office of Financial Sanctions Implementation.
Lessons learned: risks of receiving funds from sanctioned individuals
You may think that surely a bank wouldn’t send you funds from a designated person? Clearly, they might – and here it happened twenty times. What if some of those funds, say search fees, went to a firm in advance of undertaking their own CDD, or they didn’t screen at all as it’s a UK client with a UK passport and an account with the Halifax? What could possibly go wrong?Â
In fact, in this case the firm has committed a sanctions breach as it has received funds from a sanctioned person – a strict liability criminal offence! The approach for AML purposes is that often it’s OK after onboarding a client – establishing a business relationship – to do the CDD, as long as it’s before accepting transactional monies. However, with sanctions it is an immediate offence: receive any monies = offence committed, unless you have the requisite licence.
The importance of name matching and screening accuracy
The question is, is there any Russian nexus at all? Ovsyannikov had a UK passport, but was born in Omsk, which is in Russia. Do you rely on electronic screening as the Halifax did, only to find out he goes by the name Dimitry and Dmitrii Ovsyannikov. Halifax seems to have searched on one but didn’t consider variations or use fuzzy matching (does your software provider do this?).
Enhanced due diligence for Russian nexus and high-risk clients
If there is any Russia involvement, you should consider additional screening. Do a second check using the UK Sanctions list as well as electronically just in case – it’s free. Use Google too. For corporate clients, you should:
- Undertake identification of direct and indirect ‘stakeholders’, including end user
- Scrutinise changes in stakeholder ownership structures following sanctions
- Focus on transit routes as well as destination (for goods, assets, payments)
- Ask if the complexity of the financial scheme matches the business rationale and purpose?
- Have enhanced vigilance around the use of correspondent accounts (and other intermediary arrangements)
- Observe any ‘circumvention hubs’ and any involvement of new or highly complex entity structures therein
- Check sub-50% ownership situations where significant control may nevertheless be exercised by someone. As AML Regulations specify more than 25%, it would make sense to stick to that for simplicity’s sake. Also, bear in mind a corporate is subject to US sanctions if minority shareholders who are themselves sanctioned between them own 50%!
- Exercise caution where communications are difficult or conducted under Power of Attorney
Sanctions compliance checklist for law firms
Finally, make sure that your firm has:
- A sanctions risk assessment (like AML and Proliferation Financing)
- A policy/procedure so staff know how to screen appropriately. Also, have they had sanctions training?
- A policy/procedure for who you screen and how
- A process for raising sanctions queries. What happens if a sanctioned person or entity crops up?
Get in touch
At Teal, we’re here to support your journey towards compliance that works.
We understand that compliance can be a daunting word, but it’s also the key to unlocking your firm’s full potential.
Our experts at Teal Compliance are here to help. Get in touch today to explore tailored solutions and ensure your firm stays ahead of regulatory requirements.
