Alert

Recommended Alerts

Sign Up For Alerts


Corporate Criminal Liability for Corruption in Malaysia – Taking Action

Key message: Companies engaged in the Malaysian market – particularly those that participate in government contracts and tenders – should assess their potential risk exposure and review whether their compliance programs satisfy the “adequate procedures” defense.

Read More

Evolution of UK Enforcement Strategies in OFSI Updated Monetary Penalty Guidance for Financial Sanctions Breaches


Time to Read: 8 minutes Practices: Anti-Corruption / International Risk, Economic Sanctions & Export Control

Printer-Friendly Version

Giles Thomson (The Office of Financial Sanctions Implementation (OFSI), Director) wrote in the OFSI blog in February 2021 that “OFSI will continue to robustly but fairly and proportionately use the compliance tools available to [it], including monetary penalties, to effectively enforce financial sanctions in the United Kingdom, ensuring they meet the UK’s strategic objectives and maintaining our reputation as a world leader in this area”.1 In perhaps a first step towards achieving this goal, OFSI issued changes to key guidance, analysed below.

Background

OFSI was established in 2016 as part of HM Treasury to oversee the implementation and enforcement of domestic and international financial sanctions in the United Kingdom. OFSI holds statutory powers to enforce against persons in breach of UK sanctions, including powers to impose monetary penalties.

On March 10, 2021, OFSI published an updated version of its Monetary Penalties for Breaches of Financial Sanctions Guidance (“the Guidance”). The updated Guidance (see here), which came into force on April 1, 2021, will be used by OFSI to assess any potential breaches occurring after that date. The new Guidance builds on the 2018 version (see here), which remains applicable for any breaches occurring before April 1, 2021 (even where the breach is discovered after that date). The structure of the Guidance remains substantially the same, although more substantive changes have been made to the case assessment and penalty calculation process, streamlining the Guidance and clarifying OFSI’s enforcement strategy.

We believe these changes indicate a more nuanced and holistic approach to enforcement by OFSI, and provide important clarifications. This alert analyses some of the key changes to the Guidance and possible implications for future OFSI investigations, followed by a summary of some of the substantive changes to the language set out by topic.

The New Guidance for Monetary Penalties

The new Guidance aims to clarify OFSI’s position on a number of issues such as self-reporting, penalties, and jurisdiction, taking into account the cases it has pursued since OFSI’s inception in 2016. The new Guidance incorporates lessons from several monetary penalties imposed by OFSI, including its £20.47m penalty on Standard Chartered Bank in February 2020.2

The new Guidance does not introduce any new powers, but it does seek to more clearly set out the full extent and scope of OFSI’s existing powers, and by extension its willingness and intention to exercise them. Much of the commentary on the new Guidance has focused on whether the Guidance foreshadows a more aggressive enforcement stance. This may be true for certain discrete aspects. For example, the Guidance has been amended to remove the following statement: “OFSI will not normally impose a penalty on a person who has already been prosecuted”, signaling a willingness to impose a monetary penalty even in cases with parallel criminal proceedings. Whilst OFSI was never legally barred from imposing a penalty in such cases, the removal of this statement demonstrates that OFSI will consider each case on its facts, regardless of any criminal prosecution.

Revisions to Assessment of Aggravating and Mitigating Factors

The most significant updates to the Guidance have arguably been made to the chapter on “Case Assessment”, providing some developments to how OFSI will assess potential breaches of financial sanctions.

OFSI has removed previous guidance to “treat a case that directly and openly involves a designated person more seriously”, indicating that involvement of a designated person will no longer be considered a specific aggravating factor. This language has presumably been updated to reflect the fact that OFSI’s most significant enforcement case to date, against Standard Chartered Bank in 2020, did not involve funds being made available directly to a designated person, but rather an entity majority owned by a designated person. Nevertheless, OFSI treated that case as ‘most serious’ when imposing its substantial penalty.

In the new Guidance, OFSI has refined its consideration of a violator’s risk exposure and the strength of its compliance program. The updated wording indicates that, where assessing a case, OFSI’s focus will be on an organisation’s risk exposure, rather than its size or sophistication per se. Similarly, where assessing the role of individuals, it will consider a person’s role and exposure to financial sanctions risk when assessing their actual or expected knowledge with respect to a breach. All of this suggests that OFSI expects firms to ensure that their compliance program is appropriate and adequately tailored to address their specific risk profile. As such, even small organisations which have significant exposure to sanctions risk should ensure they implement risk-based controls.

Additionally, the 2021 Guidance removes reference to discretion not to impose a penalty in certain circumstances, namely where a penalty would have no meaningful effect, would be perverse, or would not be in the public interest. Whilst presumably OFSI would retain discretion not to impose a penalty, this deletion may make it more difficult for organisations to dispute a penalty for enumerated reasons such as public interest.

Potential Expansive Approach to Jurisdiction

The updated Guidance removes a caveat contained in the earlier version that OFSI would “not artificially bring something within UK authority that does not naturally come under it”. This may indicate that OFSI will adopt a more liberal interpretation of circumstances in which something falls within the remit of the UK’s authority. However, it remains to be seen whether OFSI will adopt a broader approach to jurisdiction going forward. It seems unlikely, however, that OFSI would seek to expand jurisdiction to a level matching that exerted by the U.S. Department of Treasury Office of Foreign Assets Control (OFAC).

Clarification on Completeness of Self-Reporting

Self-reporting may be considered a mitigating factor by OFSI when assessing cases. The new Guidance signals at least a slight change with respect to OFSI’s self-disclosure expectations. The Guidance states that OFSI “expect[s] breaches to be disclosed as soon as reasonably practicable after discovery of the breach”. The previous guidance stated that voluntary disclosures should be “materially complete on all relevant factors”. This left many in the industry concerned that they would not be able to demonstrate “materially complete” self-reporting where investigations were still ongoing. The new Guidance revises this, stating that such disclosures should “include all evidence relating to all the facts of the breach” (emphasis added). Although it is still unclear how OFSI will interpret the term “all evidence”, the removal of the phrase “materially complete” may help demonstrate that self-reporting will still be credited where all then-available evidence is provided. Organisations must nonetheless ensure that disclosures are made in good faith.

The Guidance also states, “[w]here full disclosure is not possible, a person could make an early disclosure with partial information on the basis that it is still working out the facts and will make a further disclosure as soon as possible”. However, the 2021 Guidance now adds: “a voluntary disclosure reduction will usually be applied when a person notifies OFSI of a suspected breach. However, this may not be given if, amongst other things, it transpires that they have not made a complete disclosure”. Reduction in penalty may also be unavailable when the subject of the penalty refuses to provide information on request, or OFSI believes the subject is only self-disclosing as it believes OFSI is already aware of the breach or potential breach. This language was absent from the 2018 Guidance and reflects an emphasis on full and frank self-reporting, in good faith, and ensuring that new facts and information are disclosed to OFSI as investigations continue.

As an interesting comparison, in July 2020 the UK’s Serious Fraud Office (SFO) published comprehensive guidance setting out the factors that would be considered in assessing the adequacy of voluntary disclosures. Although the SFO Guidance sets out a holistic approach and states “all cases will turn on [their] facts”, it does not require “all evidence” to be disclosed, and lists “information overloads” as inconsistent with genuine co-operation. This perhaps contrasts to OFSI’s emphasis on completeness; OFSI states that it “takes very seriously any evidence that a disclosure did not include relevant information”. However, OFSI does acknowledge that there will be facts that are not known in the early stages of an investigation, and provides that “[w]here full disclosure is not possible, a person could make an early disclosure with partial information on the basis that it is still working out the facts and will make a further disclosure as soon as possible”. In such circumstances, it is likely that OFSI will expect firms to demonstrate that they are being proactive, explain what further steps are being taken, and provide updates promptly. OFSI will still expect a full and frank disclosure, based on the information available at that time.

Penalties

OFSI adopts a three-part penalty-decision process, which includes the (i) penalty threshold; (ii) baseline penalty matrix; and (iii) penalty recommendation. The updated Guidance introduces several changes to the baseline penalty matrix element of the decision-making process.

These changes include an adjustment to the criteria for assessing baseline penalties, which will now focus on a more ‘holistic assessment’ of the facts of the case, ensuring that the penalty is proportionate and fair, rather than focusing primarily on the value of the breach. The maximum penalty that may be imposed is 50% of the value of the breach or GBP £1 million – whichever is greater. The 2021 Guidance also includes a new explanation that if there is no transaction value on which to base a penalty calculation, the penalty will be “reasonable and proportionate to the facts of the case”, but still capped at GBP £1 million.

Whilst flexibility is arguably welcome and a positive step towards ensuring more equitable outcomes, a case-specific approach incorporating a ‘holistic assessment of all the other factors present’ will inevitably lack certainty. How OFSI will approach penalties where no monetary value is available remains to be seen, particularly in cases of information penalties. This lack of certainty on how penalties will be calculated may weigh against a company’s decision to self-disclose.

Conclusion

The Guidance provides welcome clarifications around self-reporting and case assessment, and signifies a shift in approach towards holistic case assessment. More importantly, the updated Guidance signifies the evolution and maturing of a relatively new agency, and an indication that it will continue to learn and evolve.

Click here for a summary of some of the substantive changes.
  1. Giles Thomson, An introduction from new OFSI director Giles Thomson (February 4, 2021), available at https://ofsi.blog.gov.uk/2021/02/04/an-introduction-from-new-ofsi-director-giles-thomson/.
  2. OFSI, HMRC, Imposition of Monetary Penalty – Standard Chartered Bank (31 March 2020), available at https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/876971/200331_-_SCB_Penalty_Report.pdf.
  3. back to top

Printer-Friendly Version

Cookie Settings