Risk Advisory Insights: Sanctions Systems and Controls

We understand clients need more than legal advice – they need holistic solutions to navigate the complexities of conducting businesses globally, to help reduce risk and promote business performance and success. The Ashurst Risk Advisory team can support you to implement legal and regulatory requirements within your organisation across an end-to-end sanctions compliance framework. In a world where challenges are increasingly complex, the "what does it mean for us?" element is key to any legal guidance, and the "how-to" element is a key component of maintaining a compliance program that is proportionate, sustainable, and defensible.

Below we outline the Risk Advisory team's operational insights into best practices for sanctions compliance programs.

Risk Screening & Tools

• Enhanced risk assessments and scenario planning allows firms to cope with an increase in sanctions regulatory complexity.
• Firms should have processes in place to periodically assess their sanctions screening components with respect to data inputs, screening, and alerts.
• Sanctions screening tools should be calibrated to maintain false positives volumes to a minimum with ongoing control mechanisms to measure the efficiency and effectiveness.
• At any point in time, are you in a position to measure how effective and efficient your system is? Are you able to test "what-if?" scenarios and are you quick to confidently adjust to any emerging legislation?

Management Information, Policy, and Governance

• Senior management should be provided with sufficient information about sanctions issues to discharge their responsibilities. Such information should include designation changes, impacts on the business portfolio, and elements of horizon scanning.
• UK firm policies, including Customer Due Diligence procedures, should be up-to-date and aligned to UK sanctions, to ensure the legislation is fully captured.
• Can you stand by your management information, policy, and governance? Are they thorough enough so you can comfortably respond to the fast pacing sanctions landscape, accurately and timely respond to regulator enquires, have minimal backlogs and be agile in this space?

Regulatory Engagement

• A proactive approach will require continuing to engage with the FCA's testing of regulated firms' sanctions screening systems and controls.
• Where a breach has resulted from a significant systems and controls failure, the FCA or OFSI should be notified, where appropriate. Firms should have a breach reporting process in place, with a clear process of internal escalation for relevant staff.
• Following any FCA or OFSI adverse findings in respect of systems and controls, firms must evaluate existing processes and consider engaging independent, expert support.
• Do you have a complete view of the regulatory expectations around your systems, controls and reporting obligations? Are your teams trained to rapidly and accurately engage with them?

By combining market-leading legal, risk advisory and technology capabilities, Ashurst is uniquely positioned to support clients in navigating sanctions compliance challenges. Our team can supplement robust legal advice with proportionate operational insights. Please contact any of the individuals below to find out how Ashurst's unique legal-led Risk Advisory team can help you with your sanctions systems and controls.

To keep track of all the latest Russian sanctions legal developments, access Ashurst's Russia Sanctions Tracker here.