FCA Publishes Findings on Sanctions Systems and Controls in Financial Firms

On 28 May 2026, the Financial Conduct Authority (FCA) published a report outlining its findings from a review of sanctions systems and controls across FCA-supervised firms. The report, aimed particularly at Money Laundering Reporting Officers (MLROs), nominated officers, and compliance professionals, highlights examples of both effective and ineffective practices, alongside areas where firms may need to improve. The findings are intended to help all FCA-authorised or registered firms strengthen their compliance with UK sanctions legislation.
 

Emerging UK Sanctions Landscape
 

Given ongoing geo-political issues, the UK sanctions regime has become increasingly complex in recent years, expanding in scope, breadth and speed, creating additional compliance challenges for firms operating in the financial sector.

In light of the broader prohibitions on financial services, infrastructure access and activity-based financial support that have been introduced, as well as an expansion of the UK’s trade sanctions framework, there is currently a reported increase in financial sanctions. For example, and with respect to the expansion of the UK’s trade sanctions framework, the FCA has identified an increase in the total value of assets in the UK reported as frozen, from £24.4 billion in 2023-24 to £37 billion in 2024-25.

Despite fewer reports of suspected sanctions breaches from FCA-supervised firms between 2023-25 – which is surprising -  the FCA has determined that most of the reported breaches related to financial sanctions, as opposed to trade sanctions.

Findings
 

While the FCA report identifies twelve key areas of improvement to support better compliance with sanctions rules, the report draws on the following four most common themes within their findings:

1. Weaknesses in due diligence;
2. Alert management;
3. Transaction and name screening; and
4. The management of frozen assets and compliance with specific and general licences.

Weaknesses in due diligence

The report found that due diligence and ongoing monitoring processes remain important controls in identifying sanctions risks. Most notably, it observed that some firms struggled to comprehend complex ownership structures and indirect links to designated persons. By contrast, stronger practices included Enhanced Due Diligence (EDD) processes that examined direct and indirect sanctions exposure.

Alert management

Following a review of suspected sanctions breaches, the FCA concluded that the most common causes of such breaches by firms are deficiencies in sanctions screening and alert management. In particular, the report observed the significant role of weak screening frameworks, including outdated lists or gaps in ownership and control screening in reported sanctions breaches. Further to this, the report also confirmed that poor alert management may lead to accidental movement of frozen assets and gave a clear recommendation that firms ensure they are able to identify sanctions risks promptly through a robust list management process.

Transaction and name screening

Between 2024-25, the FCA found that 70% of firms making REP-CRIM returns used automated screening and 81% were performing repeat customer screening. While these findings show that automated screening is a common practice amongst firms, the report draws more closely on the incompleteness of the data that was used in the screening, noting that some firms excluded some categories of sanctions data without the appropriate approval from senior managers.

Considering these findings, the report recommends that firms maintain a formal governance process to approve and review screening exclusions and employ mitigating controls where data is excluded from automated screening.

Management of frozen assets and compliance with specific and general licences

The report identifies firms’ failure to properly freeze assets as a major cause of suspected sanctions breaches. For example, the FCA addressed instances of firms failing to properly maintain frozen assets by failing to prevent internal transactions. As a result, there was a key focus on the integral role of clear processes to identify, implement and maintain the requirements set out in sanctions licences. This recommended practice allows firms to ensure effective management of licence permissions as well as being able to avoid the common failures of some firms in properly freezing assets.

As an example of good practice, the FCA also recommends that firms have clear policies to ensure compliance with sanctions licences and well-documented policies that define appropriate restrictions on accounts and the process of applying these restrictions.

Conclusion
 

It is clear that regulated firms need to ensure that their systems and controls and financial crime frameworks are properly calibrated and sufficiently robust to allow them to manage their sanctions risks. It is equally important that senior management take ownership of this issue and ensure that current systems are carefully monitored and reviewed and, where necessary, enhancements are made. Firms that fail to meet the FCA’s expectations may face the disruption and cost of supervisory and/or enforcement action by the regulator.

About the authors

James is a Partner in the firm’s Financial Services Group. He advises clients on the full spectrum of financial services and FCA-related matters, including on authorisation and approval applications, perimeter and supervisory issues, internal and enforcement investigations as well as cases before the Regulatory Decisions Committee and Upper Tribunal.

Sacha is a Trainee Solicitor currently in her fourth seat with the Criminal Litigation team. Sacha joined Kingsley Napley in September 2024.