OFSI updates monetary penalty guidance
OFSI updates monetary penalty guidance
OFSI has published an updated version of its monetary penalty guidance.
This guidance will come into force on 1 April 2021. Any breaches reported to OFSI on or after that date will be assessed using the new guidance.
This is the first update to the monetary penalty guidance since May 2018. It incorporates some of the lessons learned through our monetary penalty cases as well as clarifying OFSI’s position where needed.
Old guidance says:
3.2 OFSI can respond to a breach of financial sanctions in several ways, depending on the case. The steps we could take in response to a breach include:
• issuing correspondence requiring details of how a party proposes to improve their compliance practices
• referring regulated professionals or bodies to their relevant professional body or regulator in order to improve their compliance with financial sanctions
• imposing a monetary penalty
• referring the case to law enforcement agencies for criminal investigation and potential prosecutionNew guidance replaces the first one with a warning. And while they will close out a case if there was no breach or failure to comply with an obligation, there is no apparent equivalent of a “no action” letter being issued – you would assume there has to be something that notifies the investigated party.
Also, the “close the case” wording in the new guidance removes the following language:
We see a few cases where there is no breach, often where individuals have taken a cautious approach to their responsibilities or might have been confusing their sanctions obligations with responsibilities under different national sanctions regimes.Instead, they say “if we conclude that the person did not know and did not have reasonable cause to suspect they were in breach, we will not impose a monetary penalty. In such circumstances, more proportionate remedial action may be applied.” So, you could be held harmless if there was no reason to know there was a breach, but misinterpreting one’s obligations is not an excuse anymore (at least, that’s how I read the removal of that first section).
The assessment factor surrounding direct provision to a designated person has also been removed in the new guidance, which means that one should not conclude that indirect provision, through intermediaries, is OK or even less severe.
In general, the entire Case assessment section has been tightened up. One thing that hasn’t, however, is in the next section “The penalty process” – determination of the base penalty amount is still a matter of reasonableness and proportionality (based on the Case Factors, which are the equivalent of OFAC’s General Factors), and then the penalty moves up and down based on its seriousness and whether or not there was voluntary disclosure. Contrast this to the US model, where the maximum penalty is statutory (e.g. in the body of laws like IEEPA), and then the base penalty is calculated based on egregiousness and disclosure, and then adjusted based on General Factors. So, same basic mechanism, but done in a different order.
Personally, I prefer the OFAC model – you can easily determine the base penalty based on which laws were broken, the egregiousness and disclosure, and then you can see the adjustment based on behavior. In all honesty, if you look at OFSI’s penalty matrix, you see the discounts available are not fixed in some cases. For example , “most serious” voluntarily disclosed penalties get a discount of “up to 30%”m and non-disclosed ones just say there is no discount and “penalty likely to be higher than ‘serious’ cases”. The UK model is less transparent in that regard – where did the reductions come from, behavior or a capricious decision as to how much to adjust “most serious” breaches?
This will take a bit longer to fully digest, but I appreciate the updates…