Firstly, the FCA draws a link between the conflict and market abuse, given the recent volatility in financial markets and the evolving nature of inside information – for example, advance knowledge of military manoeuvres.
Secondly, the regulator is now consulting on when it is acceptable to create 'side pockets' within funds for Russian assets frozen, or otherwise hit by sanctions, in order to protect investors.
Where to start on complying with the sanctions regimes can be overwhelming.Thirdly, the FCA has reminded the cryptoasset community of its obligations to mitigate the risk that its products are used to evade sanctions regimes. And lastly, there is a checklist of points to consider to ensure businesses’ operational and IT resilience, particularly in the context of potential hostile cyber attacks.
This is quite some list especially when you reflect that it omits probably the most onerous and rapidly-evolving impact of all, namely that of ensuring compliance with financial sanctions.
Financial sanctions
New financial sanctions against Russia and its perceived key collaborators were announced by the UK government on February 22. This was closely followed by a reminder from the FCA that there is an obligation to notify both the Office for Financial Sanctions Implementation (OFSI) and the UK regulator in the event of a breach (or suspected breach) of sanctions.
The overarching obligation upon regulated businesses is to implement and maintain appropriate systems and controls to counter the risk that they might be used to further financial crime, which, of course, includes compliance with financial sanctions obligations.
Depending on companies’ business models and activities, this may include sanctions imposed by jurisdictions outside the UK, for example, in Europe or the US.
What do businesses need to do?
Where to start on complying with the sanctions regimes and making sure all the requirements are being met can be overwhelming.
Nonetheless, this must be a high priority given the scrutiny and reputational damage in the event of sanctions failings. A good place to start is to familiarise yourself with the FCA’s expectations on financial sanctions compliance set out in FCG 7 of its financial crime guide. This includes examples of good and poor practice in relation to businesses’ governance, risk assessment and approaches to the screening of sanctions targets.
Establish a frequency of sanction screening and checks that is relevant to your business.The specific content on your sanctions to-do list will depend on the business's investment strategy, areas of geographical activity and investor profile, but we set out below a non-exhaustive list of action points that will in turn inform the risk faced and the actions needed to mitigate them:
- Conduct a risk assessment across your own company, and any relevant clients, to identify which areas of your business are most likely to provide services or resources to individuals or entities now under sanction. The assessment must take into account all business lines, sales channels, customer types and geographical locations.
- Establish the relevant sanctions lists with which your business needs to comply and verify with your anti-money-laundering/sanctions vendor, or know-your-client/customer due diligence provider, that these are being continuously updated to take account of the rapidly evolving international sanctions measures against Russia.
- Establish and verify the identities of your clients and any beneficial owners of your clients – knowing your client has never been so important.
- Screen your customers/clients against the relevant countries' sanctions list to meet new measures and screen against the OFSI list of asset-freeze targets for financial sanctions obligations, and those published by other relevant jurisdictions.
- For investors in public-listed securities, to the extent that assets within your strategy include Russian company-issued equity or debt, review these investments in light of sanction measures in the same way you are doing for clients/investors. Likewise, investors in private markets should assess the risks of exposure of their portfolio companies’ activities in Russia, Belarus and Russian-recognised territories in Ukraine.
- Establish a frequency of sanction screening and checks that is relevant to your business. Sanction monitoring should not be viewed as a one-off project to crash through in a few days and then file away.
- Invest in the appropriate technology and resources that are needed to enable the business to re-screen sanctions lists with the appropriate frequency. Technology platforms available today make continuous monitoring manageable.
- Put in place appropriate policies, procedures and controls, including internal escalation and external notification to OFSI and the FCA in the event of a breach. Measures adopted should also include controls to prevent exposure to any additional risk of breaches in the event that your business enters a new jurisdiction or introduces a new product.
The specific content on your sanctions to-do list will depend on the business's investment strategy, areas of geographical activity and investor profile.- Fund managers should stay in close touch with fund administrators of the products they sponsor to seek confirmation that they have themselves taken appropriate steps to implement the new measures, including escalation procedures in the event of red flags.
- Do not forget the importance of staff awareness, this will help eliminate the human errors that can allow breaches to occur. Some staff should be deemed higher risk based on their roles and responsibilities, including the need to be kept informed of the changing requirements. Consider making awareness training available for all staff to encourage a culture of team responsibility.
- Make sure accountability for compliance is clearly allocated to a senior member of staff who has the authority to take definitive action in the event that a breach is discovered or if a prospective client/investor is flagged during the on-boarding process.
Observers of the Ukraine conflict warn of a potentially protracted war with neither side able to secure their original objectives or an acceptable compromise settlement. Those looking to upgrade their compliance systems to tackle the sanctions risks posed by the conflict will want to prepare for a similar long-term campaign, not a one-off response.
Navigating the myriad sanctions regimes and associated regulations and guidance requires persistence and, most likely, professional guidance.
Adam Palmer is a partner at ACA Group
