https://worldmoneylaunderingreport.com/publications/web/news/uk-sanctions-regulator-issues-gbp160000-penalty-over-russian-sanctions-transaction
The Office of Financial Sanctions Implementation (OFSI) has imposed a £160,000 monetary penalty on Bank of Scotland Plc (part of Lloyds Banking Group), for breaching the Russia financial sanctions regime.
OFSI as taken the action as a result of a series of transactions involving an individual named in the Russian Sanctions. Between 8 and 24 February 2023, the bank processed 24 payments totalling GBP77,383.39 to and from a personal current account held by a UK‑designated person. OFSI concluded that the bank breached prohibitions on dealing with, and making funds available to, a designated person.
Yes, you read that right: the total in issue was less than GBP78,000 and the penalty is more than twice the total amount in issue. The amount in issue is not, of course, the amount that the bank earned by performing the transactions.
Worse, according to OFSI, "A 50% discount was applied in this case for *prompt, voluntary disclosure*."
It is clear, then, that the penalties which might be imposed for more serious breaches are likely to be very substantial indeed.
OFSI says "The case highlights several important lessons for businesses to:
* *Ensure that sanctions screening tools are sufficiently enriched with relevant information *to optimise their capabilities. Businesses with greater sanctions risk exposure may benefit from commercial packages, such as commercial sanctions lists to enrich their sanctions screening.
* *Address the inherent risks of automated screening* with robust contingency procedures and clear escalation routes, particularly in higher‑risk areas such as those involving Politically Exposed Persons.
* *Keep sanctions training under regular review*, so that its content accurately reflects relevant regulatory and geopolitical developments.
* *Consider prompt, voluntary disclosure* of potential breaches. OFSI seeks to reward prompt and complete voluntary disclosures through penalty discounts. "
This case is important because the decision is reached "on the balance of probabilities" not on the criminal standard of "beyond reasonable doubt."
The case also draws attention to the long standing problem of transliteration and, perhaps even more worryingly, what appears to be a requirement for the bank to go behind the verification of identity undertaken by the British Government. The individual concerned opened the account in 2023 using a valid British Passport. The name in the passport was a variation of the name in the sanctions list.
This, directly from OFSI's report, vindicates what Nigel Morris-Cotterill has been saying for three decades:
However, an automatic sanctions alert was not triggered against the Account at the account-opening stage, nor at any stage between 6 and 24 February 2023, during which time access to the Account was unrestricted. OFSI considers that two key issues contributed to the screening system being unable to identify a potential match:
a. the screening system did not reconcile the character changes between the
spelling variations; and
b. secondly, the sanctions screening system lacked sufficient enhancement,
from either commercial third parties or the bank itself, to reconcile the
spelling variations.
OFSI considers that the inability of the automatic sanctions screening system to identify
the designated person may have been prevented by resolving either of these two issues.
Morris-Cotterill commented "it's not new but no doubt there will be those that shout that it's a new risk. No, it was a known risk in the 1980s in relation to the movement of terrorists and it was at the forefront of what I was telling banks etc about in relation to KYC in the mid 1990s. Within the next week, all manner of consultancies and software companies are probably going to add this to their marketing and say how they can address it. So here's the truth: they've had 30 years to do it, ever since I first told them about it, and they haven't fixed it. Worse, they have said that they have tech designed to identify such issues. I have never had faith in the tech as a final arbiter and this shows I'm right. HalifaxRBS has spent a vast amount on tech they are told will protect them and it hasn't. But the biggest issue here is that HBos accepted a British government issued passport; it strikes me as hypocritical that the British Government on the one hand fails to identify the person (who is not named so that's singularly unhelpful for those that want to improve patterns and models) and on the other hand issues a penalty to a company that did not notice what HMG did not notice."
