FCA Finds Stronger Sanctions Controls but the Same Old Weaknesses Behind Breaches

Key Takeaways

• Progress Since 2022: The FCA says firms have strengthened sanctions controls significantly since February 2022, with approximately £37 billion in assets frozen in the UK as of last year.
• Operational Weaknesses Remain: The most common causes of reported sanctions breaches continue to be weaknesses in due diligence, alert management, transaction and name screening, frozen asset management, and compliance with sanctions licences.
• Trade Sanctions Present Unique Challenges: Firms continue to struggle with detecting and preventing certain trade sanctions breaches, despite often employing a broader range of controls than they use for financial sanctions compliance.
• Russia Still Dominates Reporting: Most sanctions-related reports continue to involve the Russian sanctions regime, though the FCA is also seeing reports linked to Libya and an increasing number involving Iran and North Korea.

Deep Dive

The UK's Financial Conduct Authority (FCA) said this week that firms have made meaningful progress in strengthening sanctions controls since February 2022, when Russia's invasion of Ukraine triggered an unprecedented expansion of sanctions requirements and compliance expectations across the financial sector.

Since then, the FCA has proactively assessed the sanctions systems and controls of more than 150 firms operating across different areas of financial services. What it found will sound familiar to anyone who has spent time in financial crime compliance.

There were repeated examples of firms identifying potential sanctions breaches before they occurred. Controls worked. Risks were detected. Issues were escalated before becoming violations.

Yet many of the reported breaches that still reached regulators stemmed from a surprisingly consistent set of problems. Weaknesses in due diligence. Failures in alert management. Gaps in transaction and name screening. Mistakes involving frozen assets. Missteps in complying with sanctions licenses. The technology involved may be sophisticated. The root causes often were not.

The FCA's review suggests that many sanctions failures continue to emerge from the less glamorous parts of compliance operations. The challenge is not always identifying risk. It is ensuring that processes remain effective when alerts pile up, customer relationships become more complex, and sanctions regimes grow larger and more intricate.

That challenge appears particularly acute when trade sanctions enter the picture. Unlike financial sanctions, which generally focus on restricting funds and financial services, trade sanctions concern prohibitions on the export and import of certain goods, technologies, and services. Detecting those risks frequently requires a different set of controls and a different understanding of how transactions move through an organization.

The FCA found that firms often employ a wider range of controls for trade sanctions compliance than they do for financial sanctions. Even so, firms continue to face difficulties detecting and preventing specific breaches. In other words, more controls do not necessarily translate into better outcomes.

The review also offers a snapshot of where sanctions-related concerns are currently surfacing. Reports submitted by firms continue to relate primarily to Russia, reflecting the scale and complexity of the sanctions imposed since 2022. The FCA said it has also seen reports involving Libya and an increasing number relating to Iran and North Korea.

Alongside the review, the FCA announced a new Memorandum of Understanding with the Office of Trade Sanctions Implementation. The agreement establishes arrangements for cooperation and intelligence sharing between the two organizations.

The move mirrors an existing Memorandum of Understanding between the FCA and the Office of Financial Sanctions Implementation, which oversees financial sanctions enforcement.

On one level, the announcement is administrative. On another, it reflects something broader that has been taking shape across the UK's sanctions framework. Trade sanctions, financial sanctions, export controls, intelligence gathering, and regulatory supervision increasingly overlap in practice, even when they sit with different authorities.

For firms, that reality creates a difficult compliance challenge. The FCA's review does not suggest widespread failures. In fact, quite the opposite. Much of the regulator's message is that firms have improved, sometimes substantially. What stands out, however, is how often breaches continue to trace back to ordinary operational weaknesses rather than exotic attempts to evade sanctions.

Compliance professionals sometimes imagine sanctions risk as a problem of identifying hidden bad actors. The FCA's findings point to something less dramatic and, perhaps, more difficult. The controls usually exist. The policies usually exist. The challenge is making sure they continue to work consistently when the pressure shifts from designing a framework to operating one.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.