On 31 August 2023, the Office of Financial Sanctions Implementation (OFSI) used its new disclosure power for the first time and, shortly thereafter, updated its guidance on Enforcement and Monetary Penalties for Breaches of Financial Sanctions (the Monetary Penalties Guidance) to include details on how OFSI will apply this new enforcement tool going forward.
This disclosure power was conferred to OFSI under the Economic Crime (Transparency and Enforcement) Act 2022 and entitles OFSI to publish details of a financial sanctions breach - including naming the person/entity who committed the breach – where it determines that a civil monetary penalty would be disproportionately punitive (which OFSI refers to as a Disclosure).
Guidance on OFSI’s Disclosure power
Following the exercise of its first Disclosure, OFSI updated its Monetary Penalties Guidance. A new Section 10 was added to the guidance, providing details on how OFSI will apply this new enforcement tool going forward, which will apply to financial sanctions violations that have taken place on or after 15 June 2022. The new Section 10 states the following:
Circumstances in which OFSI may make a Disclosure
- OFSI categorises cases as being of lesser severity, moderate severity or serious enough to justify a civil monetary penalty. Cases which OFSI deems to be of moderate severity are likely to be dealt with via a Disclosure if OFSI considers a warning letter would be too lenient, but a monetary penalty would be disproportionately punitive.
- Such Disclosures will usually publicly name the firm or individual who has committed the breach and provide a summary of the facts of the breach. There are also other circumstances in which OFSI may deem a Disclosure to be a fair and proportionate outcome, including:
- where there are valuable lessons to be learnt for industry; and
- exceptionally, where it is not in the public interest to issue a monetary penalty.
- A Disclosure which highlights compliance lessons for industry may focus on an individual case or deal with several cases of a similar nature. This will allow OFSI to highlight specific risks as well as broader trends which may make it easier for industry actors to comply with financial sanctions.
- The bar for OFSI making a Disclosure in lieu of a monetary penalty (where the case is assessed as sufficiently serious for a monetary penalty) is high and this option is reserved for genuinely exceptional circumstances. For example, this might be appropriate in certain humanitarian cases where a breach is serious enough to justify a penalty but, on the particular facts, a monetary penalty would not be in the public interest.
Timing of publication where a Disclosure is made
- Where OFSI intends to make a Disclosure naming the person who committed the breach, OFSI will inform the person of OFSI’s intention to publish a case summary, prior to publication.
- OFSI will provide the person with 28 working days from this date in which to make any representations in relation to the finding of a breach and intended publication of the case summary. Persons or their representatives may ask us to extend this period and must provide evidence of the reasons for that request.
- Where OFSI intends to make a Disclosure but does not intend to name the person who committed the breach (for example, because the Disclosure is made solely for the purpose of highlighting compliance lessons for industry and the breach is considered to be of lesser severity), OFSI will inform the person of its intention to make a Disclosure but will not invite representations.
- Following consideration of any representations made, OFSI may:
- Decide to publish details of the case;
- Decide to publish details of the case, but details of what OFSI had intended to publish may be changed; or
- Decide not to publish details of the case.
- If, following representations, OFSI upholds its decision to publish details of the case, OFSI will share the written case summary in advance of publication for the purpose of ensuring factual accuracy.
Information included in a Disclosure
Disclosure may include the following information:
- Who performed the breach;
- The summary facts of the case, including breach type, sanctions regime, the regulation broken and whether the breach was self-reported;
- The aggregated GBP value of the transactions which are in breach of the regulations, where this can be identified, and why OFSI decided to publish a case summary;
- Compliance lessons OFSI wishes to highlight in this case, to help others avoid committing a similar breach; and/or
- Other information required to give a true understanding of the case and OFSI’s consideration of it.
- OFSI will identify the designated person to whom the breach relates as a fact in the case unless there are strong reasons not to. This will include consideration of data protection obligations, as appropriate.
- Where a Disclosure is made solely for the purpose of highlighting compliance lessons for industry and the breach is considered to be of lesser severity, OFSI will not usually identify who performed the breach.
- Disclosures will be published on OFSI’s GOV.UK webpage alongside publications related to civil monetary penalties. OFSI may refer to Disclosures in other publications it produces or in the course of its outreach activities to promote compliance lessons or raise awareness of financial sanctions risks.
Key takeaways for businesses
- The updated guidance provides helpful details for businesses concerning the circumstances in which OFSI may make a Disclosure rather than issue a civil monetary penalty. In a related blog post by OFSI on 31 August 2023 regarding this first Disclosure and the updated guidance, Giles Thomson (Director of OFSI) states: “Our intention is to use this power in response to moderately severe breaches, when an administrative warning letter would be too lenient on the facts of the case, but a civil monetary penalty would be disproportionately punitive. This is an important step in allowing OFSI to further tailor its enforcement action according to the different severities of breaches it sees.”
- OFSI’s Disclosures will also provide additional insight into OFSI’s expectations around risk-based due diligence procedures adopted by businesses and useful benchmarking information that businesses can use to help assess how breaches may be classified, and potential enforcement outcomes; as well as opportunities to consider whether there are any relevant compliance lessons that a business may be able to apply to improve their own policies and procedures. Indeed, Giles Thomson (Director of OFSI) notes that: “Through publishing details of breaches, this new enforcement tool will act as a form of censure and deterrent while also enabling compliance lessons to be available to other companies and individuals.”
Subscribe to Ropes & Gray Insights by topic here.