Financial sanctions practical guidance
- Issued:01 January 2011
- Effective from:01 January 2011
- Last revised:19 July 2019
In general terms, local sanctions measures apply to all natural and legal persons:
- located in Jersey
- operating in or from within Jersey
- incorporated or constituted under Jersey Law.
This guidance has been produced in an effort to assist institutions in producing policies and procedures to address their legal obligations under sanctions legislation.
Institutions should aim to have proportionate systems and controls in place to reduce the risk of a financial sanctions breach occurring. How those systems and controls are formulated will depend on the business model, profile and customer base of each institution. Institutions should focus their resources and systems and controls on assessing where and how their particular business is most likely to breach sanctions.
From the outset, it is important that the proportionate systems and controls put in place are not based on the common misconceptions about financial sanctions highlighted in the general information document.
Below is an overview of how to comply with sanctions, summarising the key messages outlined in this guidance:
|Implementing policies and procedures regarding sanctions||How to screen customers sanctions breaches||Systems for investigating a name match|
Senior management involvement in devising and approving policies and procedures
Readily accessible and clear
Covers timing, frequency and scope of screening
Incorporates escalation procedures
Takes into account local requirements of jurisdictions in which operating
At take-on against UK Consolidated List
Periodically in accordance with changes to UK Consolidated List
When data changes
Of appropriate and sufficient data (including directors, beneficial owners, trustees and third party payees)
By skilled staff
Takes into account variables
Make further enquiries to confirm or eliminate name match
Referral to compliance staff of name match
Escalation to senior management where cannot determine if name match an actual match
If after further investigation and escalation cannot confirm a name match then notify MER
|Providing staff training in sanctions matters||How to ensure automated customer screening is effective||Action required on discovering a target match|
Targeted to roles
Capabilities and limits of any automated system understood
Matching criteria relevant and appropriate to nature and size of business
Prominent flagging of matches
Use of fuzzy matching
Block provision of financial services
Report to MER
Only file a SAR if there is particular suspicion of criminal activity, drug trafficking or terrorism beyond the fact the individual or entity in question is the target of sanctions
|Risk assessing sanctions vulnerabilities||Information a reporter may be required to provide|
Appropriate and sufficient
Understands and identifies risks – how and when is the firm most likely to breach sanctions
Mitigates risk identified
Formally documented with clear rationale for approach
Informed by a good understanding of the different regimes
Considers risks posed by particular clients, transactions, services, products and jurisdictions
Information or other matters on which knowledge or belief of a designated person is based
Any identifying information held about the designated person The nature, amount or quantity of any funds or economic resources held by, or for, the designated person
Obtaining a licence
Be familiar with sanctions legislation in every country in which the firm operates
Pay particular attention to OFAC sanctions which have wide reaching extra-territorial effect outside of the USA
If you wish to carry out an action contrary to financial sanctions you must first apply for a licence
Application for a licence to be made in writing to the Minister for External Relations
Policies and procedures to remain up to date and fit for purpose
Independent audit of policies and procedures
Ensure staff knowledge stays current
Maintain audit trail of screening, target matches and decision and actions taken
Keep client information up to date
Check screening requirements of intermediaries
Keep calibration and automated systems under review
Implementing policies and procedures regarding sanctions
Institutions should have written policies and procedures in place to deal with sanctions screening. Regular reviews and updates of sanctions policies and procedures should take place to ensure they remain fit for purpose and are enforced. The information in the following sections is an outline of areas that should be taken into account in formulating sanctions policies and procedures.
Senior management should be sufficiently aware of the institution’s obligations regarding financial sanctions to enable them to discharge their corporate governance functions effectively.
Guidance is provided by UK and EU Authorities with the examples of good and poor practice of sanctions compliance.
|Good practice||Poor practice|
|An individual of sufficient authority is responsible for overseeing the institution’s adherence to the sanctions regime||The institution believes payments to sanctioned individuals and entities are permitted when the sums are small. (Without a licence from the Minister of External Relations, this is a criminal offence)|
|It is clear at what stage customers are screened in different situations (e.g. when customers are passed from agents or other companies in the group)||No internal audit resource is allocated to monitoring sanctions compliance|
|There is appropriate escalation of actual target matches and breaches of sanctions||Some business units in a large institution think they are exempt|
|Notifications are timely|
|Has your institution clearly allocated responsibility for adherence to the sanctions regime? To whom?|
|How does the institution monitor performance? (For example, statistical or narrative reports on matches or breaches.)|
|Recommended self-assessment questions:|
Providing staff training in sanctions matters
Staff should be trained on an ongoing basis in respect of sanctions matters. As the sanctions arena is constantly evolving it is important for staff knowledge to be kept current. Training can be carried out separately or alongside anti-money laundering training so long as it is:
- appropriate, accessible and routinely provided
- targeted to specific roles. Detailed training may be given to those involved in customer take-on and monitoring, with more general training to other members of staff.
Examples of good and poor practice include:
|Good practice||Poor practice|
|Regularly updated training and awareness programmes that are relevant and appropriate for employees’ particular roles||No training on financial sanctions|
|Testing to ensure that employees have a good understanding of financial sanctions risks and procedures||Relevant staff unaware of the institution’s policies and procedures to comply with financial sanctions regime|
|Ongoing monitoring of employees’ work to ensure they understand the financial sanctions procedures and are adhering to them||Changes to the financial sanctions policies, procedures, systems and controls are not communicated to relevant staff|
|Training provided to each business unit covering both the group-wide and business unit-specific policies on financial sanctions|
Risk assessing sanctions vulnerabilities
Breaching financial sanctions is an absolute offence so the decision to take a risk-based approach is in itself a risk-based decision. If formulated properly, however, it is appropriate to take a risk-based approach to sanctions screening. If a risk-based approach is taken, an institution should be satisfied that its approach is appropriate and sufficient. With that in mind, it would be wise for an institution to have a formally documented risk assessment covering sanctions with a clear rationale for the approach taken.
In order to conduct a comprehensive risk assessment, a business needs to have a good understanding of the financial sanctions regime and the risks posed by particular customers, transactions, services, products and jurisdictions.
A proper risk assessment should consider how an institution may become involved in breaching sanctions. Relevant factors an institution may take into account in formulating its risk assessment are:
- customer, product and activity profiles
- distribution channels
- complexity and volume of transactions (recognising that one prohibited transaction alone would be a breach)
- processes and systems
- operating environment
- screening processes of intermediaries
- geographic risk of where it does business
- whether trustees, settlors, beneficiaries, directors and beneficial owners of legal persons and third party payees are screened to ascertain whether there is a risk of indirect benefit to a sanctioned person.
Where, as part of a risk assessment, an institution identifies a particular vulnerability the institution should consider looking to ascertain the following information in order to better identify sanctions targets:
- for individuals: place of residence, country of birth, country of origin, citizenship, source of wealth, occupation and countries to or from which transactions are made, known associates
- for entities: location of business, country in which incorporated, nature of business, beneficial owners of the business, directors, countries from which transactions are made and entities with which transactions are effected.
Examples of good and poor practice include:
|Good practice||Poor practice|
|An institution with international operations, or that deals in currencies other than sterling, understands the requirements of relevant local financial sanctions regimes||There is no process for updating the risk assessment|
|A small institution is aware of the sanctions regime and where it is more vulnerable, even if risk assessment is only informal.||The institution assumes financial sanctions only apply to money transfers and so has not assessed its risks properly.|
|Recommended self-assessment questions:|
Does your institution have a clear view on where within the institution breaches are most likely to occur? (This may cover different business lines, sales channels, customer types, geographical locations, etc.)
How to screen customers to prevent sanctions breaches
Sanctions screening is a control employed by institutions to detect, prevent and manage sanctions risk. Screening should be undertaken as part of an effective Financial Crime Compliance programme, to assist with the identification of sanctioned individuals and organisations, as well as the illegal activity to which the institutions may be exposed. It helps identify areas of potential sanctions concern and assists in making appropriately compliant risk decisions.
When screening customers attach significance to:
- screening new customers at take-on against personal identifying information on the UK Consolidated List. The UK Consolidated List can be accessed here: UK Consolidated List
- periodically screening existing customers, within a reasonable time of notified changes to the UK Consolidated List, in accordance with an institution’s risk profile
- including all customers in search parameters, including those that are Jersey or United Kingdom based
- screening for full name, date of birth, address and aliases
- screening existing customers when data changes e.g. change of director
- ensuring payments are not [directly or] indirectly made to, or for the benefit of, a target person. Thus regular screening of directors, beneficial owners, trustees, settlors, beneficiaries and third party payees against the UK Consolidated List is important
- considering the nature of the business generally and any potential sanctions pitfalls as a result. In considering the nature of the business, non-financial sanctions such as those relating to the import and export of goods may be relevant depending on the business in question
- maintaining an audit trail of screening.
Sanctioned parties are known to routinely use false personal information to try and evade detection. In addition, information held by an institution may not exactly correlate to information recorded on the UK Consolidated List.
The sanctions prohibitions apply to both indirect payments to and payments for the benefit of designated persons. Therefore, where practicable, screening should cover any other associated or related parties, for example, beneficial owners (including trustees, or company directors), that are identified as requiring verification under institution’s risk-based approach to customer due diligence. An institution’s judgement in these matters will need to be consistent with its approach for AML /CFT purposes, and whether or not full identity details are collected.
The table below gives examples of how the wording or format of a customer name held by an institution may be different from the wording used in the UK Consolidated List.
|Version in the Consolidated List||Version used by an institution|
|Revolutionary People’s Liberation Army||Revolutionary Peoples’ Liberation army/front|
|Pavlichenko, Dmitry Valeriyevich||Pavliuchenko, Dmitry Valeriyevich|
|Rockmans, Limited||Rockman Ltd|
|Salim, Ahmed Fuad||Amed Fuad Salim|
To maximise screening, seek to incorporate variables such as:
- different spellings of names (e.g. Abdul instead of Abdel)
- name reversal (first/middle names written as surnames and vice versa)
- shortened names (e.g. Bill instead of William)
- maiden names
- removing numbers from entities
- insertion/removal of full stops and spaces.
Examples of good and poor practice include:
|Good Practice||Poor Practice|
|The institution has considered what mixture of manual and automated screening is most appropriate||Institutions assume that an intermediary has screened a customer, but do not check this|
|There are quality control checks over manual screening||Where a business uses automated systems, it does not understand how to calibrate them and does not check whether the number of hits is unexpectedly high or low|
|Where a business uses automated systems these can make ‘fuzzy matches’ (e.g. able to identify similar or variant spellings of names, name reversal, digit rotation, character manipulation, etc.)||An insurance company only screens when claims are made on a policy|
|The institution screens customers’ directors and known beneficial owners on a risk-sensitive basis||Screening of customer data-bases is a one-off exercise|
|Where the institution maintains an account for a listed individual, the status of this account is clearly flagged to staff||Updating from the UK Consolidated List is haphazard. Some institutions use out-of-date lists|
|A business only places faith in other institutions’ screening (such as outsourcers or intermediaries) after taking steps to satisfy themselves this is appropriate.||The institution has no means of monitoring payment instructions.|
|Recommended self-assessment questions:|
|When are customers screened against lists, whether the UK Consolidated List, internal watch lists maintained by your institution, or lists from commercial providers? (Screening should take place at the time of customer take-on. Good reasons are needed to justify the risk posed by retrospective screening, such as the existence of general licences.)|
|If a customer was referred to your institution, how do you ensure the person is not listed? (Does your institution screen the customer against the list itself, or does it seek assurances from the referring party?)|
|How does your institution become aware of changes to designations/the UK Consolidated List? (Are there manual or automated systems? Are customer lists rescreened after each update is issued?)|
How to make customer screening more effective
To ensure customer screening is more effective, attach importance to:
- implementing a written screening policy to incorporate the frequency of screening and quality of screening
- ensuring that effective sanctions screening has taken place by an intermediary, if relying on an intermediary to carry out screening. Depending on when sanctions screening took place by an intermediary, it may be necessary to re-screen to ensure the position has not changed or obtain reassurance that an intermediary’s screening for sanctions is ongoing
- keeping customer information up to date. Complete and current customer information will improve the effectiveness of screening and reduce the amount of false positives.
If using automated screening, the following actions may assist to improve screening quality:
- understanding the capabilities and limits of the particular automated screening system
- ensuring the system is calibrated to the institution’s needs
- checking the matching criteria is relevant and appropriate for the nature and the size of business to ensure less false positives are produced
- ensuring screening rules are appropriately defined e.g. allow for the use of alternative identifiers
- the calibration of systems to include the use of fuzzy matching. Fuzzy matching searches for words or names likely to be relevant, even if words or spelling do not match exactly. It can assist to identify possible matches where data is misspelled, incomplete or missing
- ensuring prominent flagging of matches so that they are clearly identifiable
- keeping calibration and automated systems under regular review to ensure they are fit for purpose.
Further information on screening practices may be found in a report published by the JFSC in August 2014, following a thematic review.
The Wolfsberg Group Guidance on Sanctions Screening 2019 provides additional guidance on the effectiveness of sanctions screening for the customers and transactions.
Systems for investigating a match
An institution should implement internal procedures for investigating whether a match against the UK Consolidated List is an actual match or a false positive.
In formulating such policies consider incorporating the following actions:
- staff seeking sufficient information to enable them to confirm or eliminate a match
- if necessary, staff making further enquiries of an intermediary, counterparty bank or the customer, or all of the above
- the notification of potential target matches to senior management, particularly in cases where it cannot be determined if a potential target match is an actual target match
- a process by which the Minister for External Relations is notified of confirmed matches or potential target matches that cannot be confirmed after investigation and escalation
- provision for a clear audit trail of potential target matches and decisions/actions taken.
Action required on discovering a confirmed or potential target match
In the case of a confirmed match, or a potential target match where further investigations and escalation procedures have not confirmed the position either way:
- freeze assets
- block the provision of any financial service
- report the match to the Minister for External Relations. Where there is a requirement to make such a report, the relevant legislation will provide that such a disclosure is without prejudice to any duty of confidentiality or professional secrecy
- informing a customer that they are, or appear to be, subject to sanctions does not necessarily constitute tipping-off. The names of sanctioned individuals are publically available
- holding an account for a sanctioned party or processing a transaction involving a sanctioned party is not in itself grounds for filing a Suspicious Activity Report (SAR) with the Financial Intelligence Unit. With the exception of persons subject to terrorism related sanctions, only file a SAR if there is a particular suspicion of criminal activity beyond the fact the individual or entity in question is the target of sanctions
- if you file a SAR about a sanctioned individual, then disclosing that you have filed a SAR will in the majority of cases constitute tipping-off
- the filing of a SAR does not provide protection in respect of offences that may have been committed under sanctions legislation.
You must supply to the Minister for External Relations as soon as practicable any information that would ‘facilitate compliance’ with the relevant EU Regulation or EU Regulations implemented by a Jersey sanctions Order. This requirement applies to natural and legal persons, entities and bodies in Jersey or under Jersey jurisdiction and not just to credit or financial institutions or to individuals working for them. Examples of the kind of information that will facilitate compliance includes, but is not limited to, that found in Appendix A: Examples of information to be reported to the Ministry for External Relations.
Information you may be required to provide
Following a report made to the Minister for External Relations, the reporter may be asked to provide:
- information or other matters on which the knowledge or belief reported is based
- any information held about the designated person by which the person can be identified
- the nature and amount or quantity of any funds or economic resources held by, or for, the designated person
If the report relates to a suspected breach of a sanctions Order then the report should be made using the Suspected Breach Notification Form.
Obtaining a licence
A licence is written authorisation to allow an activity that would otherwise be prohibited by financial sanctions legislation, for example the release of funds to pay for legal representation. A licence may have conditions attached to it, such as reporting obligations. If an institution wishes to carry out an action contrary to a financial sanction, they should request, in writing, a licence from the Minister for External Relations before any action is taken.
The Minister for External Relations has published an Asset Freeze Licence Application Form which should be used by individuals or Jersey regulated entities seeking a licence from the Minister for External Relations to allow an activity or transaction to take place that would otherwise be prohibited under asset freezing (sanctions) measures.
For all queries in respect of its completion, institutions should contact the Ministry for External Relations at email@example.com
As each country’s sanctions measures tend to be applicable to nationals/citizens of that country and bodies constituted or incorporated under the law of that country, wherever those persons are situated, it is important to understand any obligations that follow from having links to another country. If an institution operates or is incorporated or constituted outside of Jersey, it should give consideration to sanctions obligations that may arise as a result. For example if you are a United States incorporated company with a branch in Jersey, the branch in Jersey should have regard to United States sanctions (see below). If you are a United States citizen employed in an institution in Jersey, again United States sanctions should be considered.
Depending on the provider, automated screening software used in respect of customer due diligence may also provide you with international sanctions information. To give an example, “World-Check” searches in relation to a customer should highlight any sanctions measures in place internationally in respect of a person.
The country profiles on websites such as www.knowyourcountry.com can also provide information on whether United Nations, European Union or United States sanctions are in place in respect of a particular country.
Although the aforementioned are useful information tools, further research would still be required to establish what implications sanctions measures have for any customer business of an institution. If searches were to reveal a customer on sanctions lists in the United States, Canada and Australia, for example, consideration should be given to any way in which the institution, by way of its structure or operation and the remit of legislative provisions in those countries, may be in breach of those sanctions. Establishing that a customer is on a sanctions list in one or more countries is likely to also raise the question of reputational risk to the business and the Island, if business with that person is to be commenced or continued.
Article 11(3)(e) of the Money Laundering (Jersey) Order 2008 includes policies and procedures to determine whether a business relationship or transaction, or proposed business relationship or transaction, is with a person connected with a country or territory that is subject to measures for purposes connected with the prevention and detection of money laundering, such measures being imposed by one or more countries or sanctioned by the European Union or the United Nations. The JFSC does not consider that this provision requires an institution’s policies and procedures to apply all sanctions measures imposed by one or more other countries to their business in Jersey. The reference to measures imposed by one or more countries is intended as a reference to FATF countermeasures as applied by one or more country. The only sanctions measures specifically referred to are those made by the European Union or the United Nations for purposes connected with the prevention and detection of money laundering (i.e. terrorism related sanctions). The JFSC does, however, consider it appropriate for institutions to have regard to the way in which their business model may result in: (i) breaches of local sanctions legislation beyond those sanctions concerned with terrorism; and (ii) sanctions legislation in other countries.
United States Sanctions
Sanctions are applied by a number of US government bodies the principal one of which is the Office of Foreign Assets Control of the US Department of Treasury (OFAC). OFAC maintains a list of designated individuals and entities which is available from Office of Foreign Assets Control.
United States financial sanctions are not automatically applicable in Jersey, but they do have far-reaching extra-territorial effect. This means that even if an institution is not operating, incorporated or constituted in the United States, OFAC sanctions may still be applicable. Institutions should be particularly mindful of OFAC sanctions if:
- they employ United States citizens or permanent aliens
- transact in US dollars
- enter into transactions involving United States operations or accounts
- have United States offices, subsidiaries, branches or agencies or a relationship with a United States institution.
Some OFAC sanctions measures, for example those in place in respect of Iran, also specifically apply in respect of foreign financial institutions.
Failure to comply with OFAC sanctions could expose an institution to criminal or civil liability in the United States.
Institutions may find the following OFAC search tool of assistance: https://sanctionssearch.ofac.treas.gov/
Appendix A: Examples of information to be reported to the Ministry for External Relations
|Reporting Area Example||Example|
|Person is a designated person||A customer or client is a designated person.
You must provide the Minister for External Relations with any information you hold about the designated person by which they can be identified.
Exact offences will depend on the particular legislation, but can include:
|Funds and economic resources||You must include details of any funds and economic resources that you have frozen.|
|Credits to frozen accounts||
You must inform the Minister for External Relations without delay whenever you credit a frozen account with:
Appendix B. Common Terms
This Appendix provides a list of common and useful terms related to financial sanctions. It also includes references to some key legal provisions of the Sanctions and Asset-Freezing (Jersey) Law 2019. It is for reference purposes and is not a list of ‘defined terms’. All Article references are to SAFL unless otherwise stated.
A person, group or entity that is a designated person for the purpose of asset freezes against designated persons (Part 3 of SAFL) by virtue of any one or more of the following:
|Financial Trading||Trading for own account or for account of customers, whether on an investment exchange, in an over-the-counter market or otherwise, in any of the following:
Financial assets and benefits of every kind, including any of the following:
|Economic resources||Assets of every kind, whether tangible or intangible, and movable or immovable, that are not funds but can be used to obtain funds, goods or services.|
|Owning a legal person, group or entity||Being in possession of 50% or more of the proprietary rights of a legal person, group or entity, or having a majority interest therein.|
|Controlling a legal person, group or entity||
This means any of the following:
|Indirect payment||Payment being made to someone acting on behalf of the designated person.|
|Payment for the benefit of a designated person||
|Relevant financial institution||
|Deal with (in relation to funds)||
This is to:
|Deal with (in relation to economic resources)||
This is to: