Skip to content

FCA reviews UK firms’ sanctions systems and controls


The FCA has set out findings from its assessments of sanctions systems and controls in financial services firms, including examples of good practice and of areas for improvement.

The regulator wants to help regulated firms deliver ‘even greater compliance with sanctions’ and effectively prevent financial crimes like money laundering and sanctions evasion. The unprecedented size, scale, and complexity of sanctions since Russia invaded Ukraine, makes firms’ sanctions systems and controls an even higher priority for the FCA. 

The FCA has reviewed the systems and controls relating to sanctions compliance for over 90 firms across a range of sectors, with a proactive assessments of firms’ controls, using a new analytics-based tool, as well as specific intelligence gathering and reporting. The regulator identified examples of good and less good practice under five key themes: 

  • Governance and oversight: Firms that had undertaken advanced planning for possible sanctions before February 2022 were better placed to implement UK sanctions at speed. Crucial factors are the ability to use MI to monitor and review the effectiveness of sanctions implementation and ensuring sanctions reporting is calibrated to the UK regime
  • Skills and resources: Sanctions teams need to be properly resourced to avoid backlogs in dealing with sanctions alerts and react quickly to sanctions risks. Some firms still lack adequate screening resources. Backlogs create risks around non-compliance
  • Screening capabilities: Sanctions screening tools must be adequately calibrated. The FCA found that, while some firms’ sanctions screening tools were properly calibrated, others had poorly calibrated or poorly tailored tools. Some firms were also too reliant on third party providers over whom they had ineffective oversight
  • Customer Due Diligence (CDD) and Know Your Customer (KYC): Effective CDD and KYC are cornerstones of effective compliance with sanctions requirements.The FCA found evidence of low-quality CDD and KYC assessments and of backlogs, for example: failure to identify connected parties or sanctioned corporate structures
  • Reporting breaches to the FCA: The FCA expects firms to make timely and accurate reporting to it on potential sanctions breaches. It found that timeliness in reporting potential breaches and other relevant sanctions information was inconsistent across firms.