For the great majority of law firms the issue of potential liability for breaches of the sanctions controls now in place will be theoretical, but unfortunately for most firms the issue cannot be discounted completely. Furthermore, whereas not all firms will be subject to the anti-money laundering regime and will only be subject to the relatively new provisions relating to “proliferation finances” if they are a regulated firm for AML purposes, the risks of sanctions liability applies across the board to all who might find themselves dealing with a “designated person” under that regime.
It follows, therefore, that all law firms should have a clear statement in their practice manual or other governing documents acknowledging their responsibilities in this regard and setting out how they will monitor for potential breaches of the rules, and then respond to any such incident should they be unfortunate enough for it to arise. Those who are subscribers to the Infolegal InfoHub will find this dealt with in the draft Office Procedures Manuals for firms or sole principals.
The Office for Sanctions Implementation (“OFSI”) has issued some enforcement guidance (see OFSI – Financial Sanctions Guidance) whilst another useful source of information on this topic will be found on the SRA website with their guidance note “Complying with the Sanctions Regime” of the 22nd November 2022. There is also a Law Society Guide entitled “UK Sanctions Regime” which you may find useful. As a preliminary point the main responsibility for sanctions enforcement lies with OFSI but, as stated in their enforcement guidance note, their decision whether to impose a monetary penalty will be “informed by (their) overall approach to financial sanctions liability”.
If a law firm should be unfortunate enough to become involved in such an incident, the guidance suggests that OFSI will refer it to the SRA to deal with it instead. Likewise, although strict liability applies, OFSI lists referring any relevant case to law enforcement agencies as being just one of its potential responses to any such situation, rather than it being an automatic next step.
Sanctions risk assessment
For its part the SRA have advised that while due diligence is not a defence to a prosecution it will minimise the risks of an inadvertent breach and would also be taken into account by them in deciding if disciplinary action should then be taken. It is understandable some firms are questioning whether a sanctions risk assessment is required, especially in the light of the importance attached to such an exercise within the AML regime, and with the need for it to be retained for possible future inspection by the regulator, and for the firm’s policy to be demonstrably linked to its outcomes. The good news on this, however, is that it is not currently formally required by the sanctions provisions, although may be something that firms would like to consider.
In place, therefore, of a formal risk assessment, we would recommend that a short policy on this issue is prepared and added to any manual that the firm may already have in place. This can then, perhaps, be added to its AML policy as something of a linked consideration. Infolegal members have access to a short risk assessment format which could be helpful in enabling them to show that they have taken this topic seriously if questioned about it at some future stage. They also have access to guidance on responding to the SRA Sanctions Compliance Questionnaire.
So far as the related area of proliferation finances is concerned, where there is a requirement for a risk assessment to have been conducted, then this can be built into the firmwide risk assessment process. Again, those who are Infolegal subscribers have access to a template risk-assessment.
Reasonable precautions for clients and counter-parties
The next step is to address what should be regarded as the taking of reasonable precautions to detect when the firm might find itself being instructed by a sanctions designated person or “target”. If undertaking an e-verification search at the outset of new matters for new clients, and then refreshing any such searches by way of ongoing monitoring as also required by the MLR 2017, sanctions listing should be disclosed by any of the main providers for consideration by the firm. False alerts will usually be clear cut, but the firm will be free to discuss any lingering concerns with their client as there is no equivalent of the AML tipping-off offence in the sanctions regime. On the basis of recent SRA inspections, a central note should be kept of all such enquiries and their outcomes.
The more difficult issue is whether to include counter-parties to matters in these compliance checks. On this point the SRA have stated that “you cannot rely on other parties to assure you that they are not designated persons”, and this would appear to apply to their professional advisers as well. Furthermore, the SRA advise that designated persons might hide or misrepresent their true identity in order to circumvent the sanctions regime. At this point reality has to set in: it would be impossible to check on all of the other parties to an action, whether using their actual names or fictitious identities, and if falling foul of the strict liability offence in this way, the firm would have to hope that the view would be taken that the imposition of a penalty in such circumstances, whether by OFSI or the SRA, would be unfair.
So, in summary, what measures should a firm reasonably take in relation to potential sanctions breaches? We would advise that an e-verification check should always be conducted where the risk of dealing with a client who turns out to be a designated person exists. Even where the MLR 2017 do not apply, the SRA Code of Conduct for Solicitors requires at para 8.1 that some form of identity checking should be conducted on all clients, and even if this is not undertaken in an electronic format at present there is a free to use check on all such listings on the OFSI website at https://sanctionssearchapp.ofsi.hmtreasury.gov.uk/.
This web searching tool might also be used to address the firm’s potential exposure to liability for dealings with counter-parties. On this point we would suggest checking counter-parties in this way should be a sensible and realistic approach when a risk is felt to arise, but unfortunately this precautionary procedure cannot guarantee that the firm will escape censure from the SRA in the unlikely circumstances that it finds itself dealing with a designated person on the other side.
The SRA sanctions questionnaire
And finally, if you are one of the firms that has been required by the SRA to complete a questionnaire on your current degree of compliance with the anti-sanctions regime, and you are not an Infolegal subscriber, the please contact us for information about how we can assist.
 See also the Legal Sector Affinity Group AML Guidance Note 2023 at para 6.21