Print Article

Financial Sanctions—Ten Key Due Diligence Principles


OFSI’s amendment to the Penalties Guidance has provided some helpful clarification in this regard and presents an excellent opportunity to stand back and extract some principles.

Against the above, set out below are ten fundamental principles for due diligence based on the guidance that has been issued.

  1.  A risk assessment is an essential starting point for all financial crime compliance programmes.
    • In the FCA’s Financial Crime Thematic Reviews (or “FCTR”) part of the FCA Handbook, the FCA recommend as good practice “Conducting a comprehensive risk assessment, based on a good understanding of the financial sanctions regime, covering the risks that may be posed by clients, transactions, services, products and jurisdictions” (FCTR at 8.3.2G).
    • As mentioned above, due diligence must be considered at different stages of the client and transactional relationship. A risk assessment will assist in identifying trigger points for performing diligence.
  2. Effective and up-to-date screening measures that are appropriate to the nature, size, and risk of the business must be used.
    • Several examples of good practice are provided in FCG 7.2.3G and paragraphs 4.62 – 4.85 of the JMLSG Guidance. It is clear from guidance feedback provided by regulators and law enforcement that a broad approach needs to be taken to screening. For example, merely screening shareholders of a client will not be sufficient for sanctions compliance, given concerns around circumvention and use of proxies by designated persons.
  3. There needs to be more than screening alone. Nor is it permissible to rely on assurances from others that a person is not a designated person or owned or controlled by a designated person.
  4. Due diligence measures developed to identify persons and monitor transactions under the MLR can assist with compliance. Still, firms will need to implement additional sanctions-specific controls as appropriate.
    • [See, e.g., the Joint Statement, p.2.] There are important differences between the two regimes. For example, the test for whether a person exercises control over an entity for the purposes of the sanctions regime differs from the test for whether a person is a beneficial owner for the purposes of the MLR.
  5. There are two overarching questions which are common across both regimes: “am I sure all parties are who they say they are?” and “does the matter make sense?”[ These overarching questions are helpfully identified in the SRA’s guidance on Complying with the U.K. Sanctions Regime.]
  6. A record should be kept of the decision-making process. The Penalties Guidance identifies (in paragraph 3.25): “OFSI would expect to see evidence of a decision-making process that took account of the sanctions risk and considered what would be an appropriate level of due diligence in light of the risk”.
  7. Particular care must be taken with corporate entities.[ See, e.g., Recommendation 3 in the NCA’s Red Alert.] Due diligence on non-natural persons is inherently more difficult.
    • The Penalties Guidance confirms (at paragraph 3.25) that “OFSI expects careful scrutiny of information obtained as part of any ownership and control assessments” and (at paragraph 3.26) that “[d]epending on the circumstances, OFSI may consider demonstration of any and/or all of following efforts as potentially mitigating”:
      • An examination of the formal ownership and control mechanisms of an entity. Paragraph 3.29 of the Penalties Guidance lists some specific areas of enquiry (although OFSI emphasises that the list is not exhaustive and “each case will depend on its individual circumstances”), including examination of:
        • Percentage of shares and/or voting power of shareholders.
        • Ownership and distribution of other shares in a company;
        • Whether ownership/shareholding has recently been altered or divested;
        • Composition and split of shares;
        • Whether changes to ownership and/or control were part of a pre-planned or wider business or financial strategy;
        • Commercial justification for complex ownership and control structures; and
        • Constitutional documents and shareholder agreements.
      • An examination of the actual (or the potential for) influence or control over an entity by a designated person. Again, paragraph 3.29 of the Penalties Guidance lists some specific (non-exhaustive) areas of enquiry, including examination of:
        • Indications of continued influence (e.g., through personal connections and financial relationships);
        • Involvement of proxies and trusts associated with a designated person;
        • If shares or ownership interests of a designated person have been divested, the nature of any relationships and prior involvement of the person benefitting;
        • Funding and valuation of any recent share transfers; operational steps taken to ensure that the designated person cannot exercise control or benefit from assets;
        • Information relating to the circumstances of board and/or management appointments and the running of board meetings and governance processes;
        • Ongoing financial liabilities directly related to a designated person (e.g., personal loans, loan guarantees, property holdings);
        • Any shareholding or voting agreements, put or call options, or other coordination agreements with a designated person; and
        • Any benefits conferred to the designated person by the entity or transactions between the entity and the designated person.
    • Open-source research on the entity and “any persons with ownership of, or the ability to exercise control over” the entity, together with an examination of whether such persons are, or have links to, designated persons.
    • Direct contact with the entity and/or other relevant entities to “probe” into indirect or de facto control (including, where appropriate, seeking commitments by U.K. persons as to the role of any designated person or person with links to a designated person).
  8. Reference should be made to common typologies of sanctions evasion, including the list of “indicators” in the Red Alert and the “red flags” in the Joint Statement.
    • The Penalties Guidance emphasises (at paragraph 3.25) that particular care must be taken where “efforts appear to have been made by designated persons to avoid relevant thresholds”.
  9. Where relationships or activities are ongoing, due diligence must be reviewed at appropriate times.
    • As emphasised at paragraph 3.30 of the Penalties Guidance, “[o]wnership and control is not static” and OFSI will consider the regularity of checks and/or monitoring.
  1. Whilst due diligence must be carried out carefully and thoroughly, it has been judicially emphasised that
    • “It is not the intent for complex investigations to have to be made or evidence gathered—because the list should generally set out the persons targeted”
    • PJSC National Bank Trust v Mints [2023] EWHC 118 (Comm) at [244].

Click here for a PDF of the full-text



The Team

Meet the team of industry experts behind Comsure

Find out more

Latest News

Keep up to date with the very latest news from Comsure

Find out more


View our latest imagery from our news and work

Find out more


Think we can help you and your business? Chat to us today

Get In Touch

News Disclaimer

As well as owning and publishing Comsure's copyrighted works, Comsure wishes to use the copyright-protected works of others. To do so, Comsure is applying for exemptions in the UK copyright law. There are certain very specific situations where Comsure is permitted to do so without seeking permission from the owner. These exemptions are in the copyright sections of the Copyright, Designs and Patents Act 1988 (as amended)[]. Many situations allow for Comsure to apply for exemptions. These include 1] Non-commercial research and private study, 2] Criticism, review and reporting of current events, 3] the copying of works in any medium as long as the use is to illustrate a point. 4] no posting is for commercial purposes [payment]. (for a full list of exemptions, please read here]. Concerning the exceptions, Comsure will acknowledge the work of the source author by providing a link to the source material. Comsure claims no ownership of non-Comsure content. The non-Comsure articles posted on the Comsure website are deemed important, relevant, and newsworthy to a Comsure audience (e.g. regulated financial services and professional firms [DNFSBs]). Comsure does not wish to take any credit for the publication, and the publication can be read in full in its original form if you click the articles link that always accompanies the news item. Also, Comsure does not seek any payment for highlighting these important articles. If you want any article removed, Comsure will automatically do so on a reasonable request if you email