Network Trace
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

09) Does your organisation have a documented set of policies and procedures to ensure compliance with financial and trade sanctions?

August 19, 2021
Financial Risk

Answer yes if your organisation has an established and documented set of policies and procedures for monitoring and maintaining compliance with financial and trade sanctions. Please upload your policy and process documents (as PDF files) as evidence. Please check our knowledgebase to review this control's applicability to your organisation.

It is illegal for any entities to conduct business with individuals or entities within countries that are currently under financial and trade sanctions. Furthermore, Firms which are subject to FCA regulations have a statutory and regulatory requirement to comply with the UK sanctions regime. This covers:

  • credit institutions;
  • financial institutions;
  • auditors, insolvency practitioners, external accountants and tax advisers;
  • independent legal professionals;
  • trust or company service providers;
  • estate agents;
  • high value dealers;
  • casinos.

For firms that exist outside of the above list it is still recommended that they complete a risk assessment to highlight where they are most exposed or at risk. Effective controls and processes should be implemented to mitigate this risk.

The UK sanctions regime was developed alongside other legislation, such as anti-money laundering. There is no single Act of Parliament that sets out the regime. It reflects the requirements of various UN Security Council resolutions and is implemented by way of EU Regulations and UK Statutory Instruments. There are also EU investment ban, financial and trade sanctions regimes that apply in the UK. Responsibility for the UK sanctions regime lies with three government departments:

  1. HM Treasury;
  2. The Foreign and Commonwealth Office (“FCO”); and
  3. The UK Department for Business Innovation and Skills (“BIS”).

Sanctions can take many different forms, with an overarching goal of creating restrictive or coercive measures against individuals or countries. They may involve the freezing of funds, the withdrawal of financial services, bans and restrictions on trade or travel and suspension from international organisations, where people or organisations or countries are no longer participants in dealing with those organisations worldwide. Generally, the most relevant types of sanctions are financial sanctions and trade. In other words, sanctions restrict the countries, organisations and individuals with whom you can do business.

Where a firm is active outside the UK, it may need to comply with the requirements of the sanction regimes in the other jurisdictions in which it trades. Some jurisdictions’ requirements may also apply without a firm having an actual presence in that jurisdiction. Firms will need to understand which sanctions regimes impact on which parts of their business and ensure they correctly comply with applicable sanctions, while not incorrectly applying regimes of other jurisdictions to UK business.

The key to avoiding breaching the UK sanctions regime is not about doing everything. A risk assessment will highlight where your firm is most exposed or at risk and allow you to focus on implementing effective processes and controls in those places.

How to implement the control

If your company falls in scope for trade and financial sanctions regulation it is best you seek professional external advice on how to comply with it. We'd recommend speaking to a lawyer or regulatory consultant.

If your company doesn't do business in geographies where sanctions exist, or doesn't conduct business activities that are considered high risk (such as financial services), then you may not need to implement any sanctions controls.

If you would like to contribute to this article or provide feedback, please email Contributors will be recognised on our contributors page.

Pattern Trapezoid Mesh

Defend against supply chain attacks with Defend-As-One.

No organisation is an island.