Sanctions regimes: what law firms need to know

Home Insights Blogs Criminal Law Blog Sanctions regimes: what law firms need to know

During this year’s London International Disputes Week (LIDW), Kingsley Napley and Collas Crill hosted a panel session exploring how sanctions regimes are affecting the UK and offshore landscape.

Drawing on insights from Richard Clayman, who chaired the panel, Michael Adkins of Collas Crill on the comparative offshore perspective, Alun Milford on the evolving sanctions framework in England & Wales, and Colette Best on SRA expectations of firms, the discussion highlighted key developments.

This article sets out those developments and, importantly, what they mean in practice for law firms seeking to remain compliant.

Recent developments in the UK Sanctions framework

The Office of Financial Sanctions Implementation (OFSI)’s policy paper on the review of sanctions implementation and enforcement set out a number of intended reforms and operational improvements. These included:

1. The creation of a single, consolidated UK Sanctions List

2. Measures to simplify the reporting of suspected breaches

3. Expanded whistleblower protections to protect workers who disclose certain prescribed information

4. A commitment to provide greater clarity on the ownership and control obligations

5. The development of an enforcement strategy and a revised penalty settlement system.

The panel considered two of these developments in particular.

Enforcement: Changes to the penalty framework

The revised sanctions enforcement and monetary penalties guidance, introduced on 9 February 2026, represents a significant shift in how financial penalties are structured and discounted.

Key features of the new discount framework are:

A new case assessment framework, reducing the maximum discount for self-disclosure and cooperation from 50% to 30%.
An “early account scheme” for corporates, offering up to an additional 20% discount where an internal investigation is conducted in line with OFSI’s expectations. This is designed for complex or novel cases which would be difficult or resource-intensive for OFSI to investigate.
A settlement mechanism providing a further 20% discount where agreement is reached within 30 business days and the person concerned waives their right to seek either a ministerial or judicial review.

In addition, OFSI has introduced a separate fixed penalty route for certain types of breaches, including failures relating to information requests, reporting obligations and licence conditions (in non-repeat cases). These penalties typically fall within the £5,000 to £10,000 range and are intended to be issued within a three-week timeframe. Alternative outcomes, such as taking no further action, issuing warnings, or public notices, remain available.

Firms should prioritise early internal investigation and a structured approach for engagement with OFSI. Reduced discounts and tighter settlement timelines mean that acting quickly is increasingly important.

Ownership and control: ongoing uncertainty

The concepts of ownership and control are currently under consideration as part of the government’s consultation on sanctions compliance.

While often referred to together, ownership and control are distinct legal tests:

Ownership is generally established where a person holds more than 50% of the shares or voting rights in an entity, or has the right to appoint or remove a majority of the board of directors.
Control, by contrast, is a broader concept. It is met where it is reasonable to expect that a designated person could, if they chose to do so, direct the affairs of an entity so that they are conducted in accordance with their wishes - whether in most cases or in significant respects. This assessment requires a fact-specific analysis.

The government has signalled that it is considering whether to align with the EU and US sanctions framework by moving to a “50% or more” test for ownership, rather than the current “more than 50%” test. It is also considering moving to an aggregation model for calculating whether the ownership threshold is met.

On control, the government is clearly alive to the difficulties of implementing the control test, which is why the review is being carried out. However, it does still view the control test as a critical anti-circumvention measure, and we should not expect significant drafting changes to this element. It has also indicated that the difficulty with compliance may have led to de-risking, where industry actors seek to avoid the potential risk of being found to have violated sanctions. If this is correct, and designated people are no longer receiving services from the regulated private sector, then this will deprive the government of an important information stream (i.e. reports made by the private sector as a result of the reporting obligations).

Firms will need to adopt a cautious and well-documented approach to ownership and control assessments, particularly if reforms introduce aggregation or alignment with EU and US approaches.

Enforcement trends

On the civil enforcement side, there has been a significant increase in enforcement investigations, particularly since the war in Ukraine began in 2022. As of April 2025, OFSI had 240 active cases under investigation, up from 172 in April 2023. However, there have been relatively few associated penalties. OFSI are trying to bring their caseload down by prioritising cases which have the greatest deterrent or compliance impact. It remains to be seen what impact the consultation will have here.

The increase in investigations indicates a more active enforcement environment, even if penalties remain limited. Firms should ensure their compliance frameworks are robust and capable of withstanding scrutiny.

SRA supervision: what firms should expect

The SRA’s proactive involvement in financial sanctions is a fairly recent development. Prior to 2022, the SRA’s focus was in providing information to firms. By way of background, following the invasion of Ukraine, the SRA came under increased political pressure to have an involvement in ensuring solicitors were upholding the financial sanctions regime. This political pressure latterly became enshrined in the Economic Crime and Corporate Transparency Act which gave the SRA a new regulatory objective of promoting the prevention and detection of economic crime. The oversight supervisor (the Legal Services Board) published guidance last year setting out their expectations for the SRA and other England and Wales legal services supervisors.

In the present day, the SRA has a three-fold approach to financial sanctions:

1. Providing information to firms

2. Risk assessment of firms, leading to targeted proactive supervision

3. Enforcement

The SRA has set out in guidance its expectations of firms in complying with the financial sanctions regime which they may take into account in any enforcement actions. The guidance sets out controls that would be appropriate for all firms and specific information for firms intending to advise designated persons.

In terms of a controls framework, the following will help your firm comply with the sanctions regimes:

1. A written sanctions risk assessment. This can be a standalone document, or many firms find it more helpful to incorporate sanctions risk into their AML firm-wide risk assessment. The SRA has published a template sanctions risk assessment and guidance on completing a risk assessment.

2. Written controls. These should include a policy on client screening, screening of counterparties and ongoing monitoring. Similarly, this may fit within your AML customer due diligence screening processes, where applicable, or you may need a separate process if this isn’t incorporated into your AML processes. The level, extent and frequency of screening is a tricky topic given the strict liability for any breaches, however in my view there has got to be an element of a risk-based approach here. This would mean that you undertake more comprehensive checks, take greater steps to fully understand whether the control test is met, and re-screen more frequently where the risk is higher.

3. Training. Ensuring relevant staff understand the legislation, the firm’s policies and their obligations is crucial in preventing sanctions breaches. Training doesn’t need to be formal or lengthy, but it does need to be relatively engaging and targeted to those who can play a part in preventing sanctions breaches. You will also need to do regular reminders.

4. Controls and decision-making when identifying a designated person. This should include documenting eliminating any false positive matches of designated persons, freezing any assets and placing a halt on taking payments from them. You will need to have a process in place, probably involving senior management sign off, in order to decide whether to act for any designated persons, and any controls you would put in place in these circumstances.

5. Reporting. You will need to have controls to ensure that any necessary reporting takes place. If you have identified a breach of the sanctions regime, you will need to establish whether any reporting is necessary, and then ensure that you make the appropriate reports to OFSI, the NCA and the SRA. You will also need to ensure that you comply with any reporting obligations if you are acting under a general licence.

Although the SRA is currently charged with supervising the profession for sanctions controls and breaches, the future of this is in doubt. With the transfer of responsibility for AML supervision to from the SRA to the FCA in the future, it is not clear what the SRA’s residual role will be in financial sanctions supervision. It is possible that this responsibility also moves to the FCA, but it is then unclear how firms not in scope of the money laundering regulations would be supervised. Any transition of powers and responsibilities is likely to be a lengthy process, and in the meantime, the SRA continues to undertake desk-based reviews and onsite inspections of firms’ sanctions controls. I would advise firms to make sure they are meeting the SRA’s expectations, and this is likely to stand them in good stead if the FCA does ultimately take over responsibility for supervision of this area.

Conclusion

The UK sanctions landscape continues to evolve, with increasing scrutiny and changing expectations for firms. A proactive, risk-based approach that is supported by clear policies, training and regular review are the key for maintaining compliance in this fast-moving area.

If you would like advice on how to protect your organisation and strengthen your approach to sanctions compliance, please get in touch with Alun Milford in our Criminal Litigation team and Colette Best in our Regulatory team.