OFSI Imposes Civil Monetary Penalty on FinTech Company Related to Violation of Russian Sanctions

August 24, 2021
2 minutes

The UK Office of Foreign Sanctions Implementation (“OFSI”) has imposed a monetary penalty of £50,000 on Fintech company TransferGo for making payments to accounts at the Russian National Commercial Bank (“RNCB”) – sanctioned since July 2014 for allegedly profiting from Russia’s annexation of Crimea – in breach of Regulation 4 of The Ukraine (European Union Financial Sanctions) (No. 2) Regulations 2014. This is the first penalty imposed by the Office of Financial Sanctions Implementation (“OFSI”) since its amended Monetary Penalties guidance (1 April 2021), which significantly revised OFSI’s case assessment factors, including expectations for self-disclosure. The Economic Secretary of the Treasury upheld OFSI’s monetary penalty of £50,000 – over six times the value of the breach.

This alert analyses some of OFSI’s key findings and takeaways, in particular, for regulated financial institutions.


According to OFSI, between March 2018 and December 2019,1 TransferGo made a total of 16 payments valued at £7,764 to accounts held at RNCB. RNCB was designated for its role in supporting the Russian government by providing significant banking services in Crimea following the annexation.

TransferGo is regulated by the UK Financial Conduct Authority (“FCA”) to provide payment services. TransferGo incorrectly assessed that the payments were permissible because the ultimate beneficiaries were not sanctioned, even though TransferGo was aware the payments were being made to accounts held by RNCB. OFSI asserts that the payments represented a breach because the accounts ultimately belong to the banks – and therefore TransferGo had in fact made funds available to designated person, RNCB.

Importance of Voluntary Disclosure

Under OFSI’s latest guidance, voluntary disclosure can count for a 50% penalty reduction. Moreover, although sanctions (and corresponding voluntary disclosure discounts) apply to all UK persons (not just regulated entities), regulated financial institutions like TransferGo are also required to inform OFSI of sanctions breaches as soon as practically possible. TransferGo did not inform OFSI under its reporting obligation, nor did it make a voluntary disclosure – two factors which feature prominently in OFSI’s penalty decision, and perhaps also weighed on the minister’s decision to uphold it.

Although TransferGo did cooperate with OFSI during the investigation, the penalty notice notes not only no voluntary disclosure was made, but some of the payments were disclosed only in response to OFSI’s information requests. By contrast, OFSI’s last monetary penalty, where a voluntary disclosure was made in addition to full cooperation with OFSI, was significantly reduced on ministerial review.

Expectations for Regulated Firms

OFSI noted both that TransferGo was regulated by the FCA as well as HMRC and that TransferGo had “knowledge of sanctions.” OFSI also highlighted the fact that as a “relevant institution” TransferGo had additional reporting obligations and expectations. Despite this, OFSI states, “[i]n respect of this and other factors, TransferGo demonstrated a poor understanding of financial sanctions throughout its engagement with OFSI.”

Financial institutions should be aware, if they were not already, that OFSI will consider transferring funds to accounts at designated banks a breach of the prohibition on making funds available to a designated person, even if the beneficiaries are not designated. Moreover, OFSI expects companies and individuals to “ensure they carry out due diligence on the banks and financial institutions involved in transactions, as well as all other parties in the transaction, to ensure they do not breach financial sanctions.”


UK companies and persons operating in the UK should ensure they review the latest UK sanctions regimes and OFSI monetary penalties guidance. See some of our previous alerts here and here and subscribe to regular updates here.

  1. Given the date of these breaches, they were breaches of the relevant EU Regulation. OFSI states that it will “continue to investigate, and impose monetary penalties, where appropriate, for breaches which occurred under the EU regulations prior to 31 December 2020.”